ipa changes

ansible/playbooks/tasks/gitlab-reconfigure.yml

@@ -58,6 +58,7 @@
   loop:
     - httpd_can_network_connect
     - httpd_can_network_relay
+    - httpd_can_connect_ldap
     - httpd_read_user_content
 
 - name: Change fcontext to GitLab unix socket for nginx

ansible/playbooks/vars/common.yml

@@ -5,5 +5,6 @@ rocky_ldap_group_basedn: "cn=groups,cn=accounts,dc=rockylinux,dc=org"
 rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org"
 # Requires jinja 2.9+
 rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}"
+rocky_ipaserver_lb: "ipa-lb.rockylinux.org"
 # This will need to be vaulted
 rocky_ldap_bind_pw: "{{ ipa_binder_password }}"

ansible/playbooks/vars/gitlab.yml

@@ -21,7 +21,7 @@ gitlab_ssl_key: "/etc/nginx/ssl/{{ gitlab_domain }}.key"
 
 # LDAP Configuration
 gitlab_ldap_enabled: "true"
-gitlab_ldap_host: "{{ rocky_ipaserver_list[0] }}"
+gitlab_ldap_host: "{{ rocky_ipaserver_lb }}"
 gitlab_ldap_port: "389"
 gitlab_ldap_uid: "uid"
 gitlab_ldap_method: "start_tls"