... | ... | @@ -660,6 +660,34 @@ additional group has access to *all* host, defined as |
|
|
|
|
|
TODO: cleanup this section.
|
|
|
|
|
|
### Interactions with Puppet
|
|
|
|
|
|
The [Puppet server](puppet) is closely coupled with LDAP, from which
|
|
|
it gathers information about servers.
|
|
|
|
|
|
It specifically uses those fields:
|
|
|
|
|
|
| LDAP field | Puppet use |
|
|
|
|----------------|--------------------------------------------------------------------------------------|
|
|
|
| `hostname` | matches with the Puppet node host name, used to load records |
|
|
|
| `ipHostNumber` | Ferm firewall, Bind, Bacula, Jenkins, static sync access control, backends discovery |
|
|
|
| `purpose` | motd |
|
|
|
| `physicalHost` | motd: shows parent in VM, VM children in host |
|
|
|
|
|
|
The `ipHostnumber` field is also used to lookup the host in the
|
|
|
`hoster.yaml` database in order to figure out which hosting provider
|
|
|
hosts the parent metal. This is, in turn, used in Hiera to change
|
|
|
certain parameters, like Debian mirrors.
|
|
|
|
|
|
Note that the above fields are explicitely imported in the
|
|
|
`allnodeinfo` data structure, along with `sshRSAHostKey` and
|
|
|
`mXRecord`, but those are not used. Furthermore, the `nodeinfo`
|
|
|
datastructure imports all of the host's data, so there might be other
|
|
|
fields in use that I haven't found.
|
|
|
|
|
|
Puppet connects to the LDAP server directly over LDAPS (port 636) and
|
|
|
therefore requires the custom LDAP host CA.
|
|
|
|
|
|
### DNS zone file management
|
|
|
|
|
|
One of the configuration files `ud-generate` generates are,
|
... | ... | |