From a3c3ae91d6b1cb603054fac00cb063e001ebd262 Mon Sep 17 00:00:00 2001 From: nazunalika Date: Sun, 17 Jan 2021 18:49:28 -0700 Subject: [PATCH] ipa changes --- ansible/playbooks/tasks/gitlab-reconfigure.yml | 1 + ansible/playbooks/vars/common.yml | 1 + ansible/playbooks/vars/gitlab.yml | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ansible/playbooks/tasks/gitlab-reconfigure.yml b/ansible/playbooks/tasks/gitlab-reconfigure.yml index 3520168..c5a4a96 100644 --- a/ansible/playbooks/tasks/gitlab-reconfigure.yml +++ b/ansible/playbooks/tasks/gitlab-reconfigure.yml @@ -58,6 +58,7 @@ loop: - httpd_can_network_connect - httpd_can_network_relay + - httpd_can_connect_ldap - httpd_read_user_content - name: Change fcontext to GitLab unix socket for nginx diff --git a/ansible/playbooks/vars/common.yml b/ansible/playbooks/vars/common.yml index b73c759..f51631c 100644 --- a/ansible/playbooks/vars/common.yml +++ b/ansible/playbooks/vars/common.yml @@ -5,5 +5,6 @@ rocky_ldap_group_basedn: "cn=groups,cn=accounts,dc=rockylinux,dc=org" rocky_ldap_account_basedn: "cn=accounts,dc=rockylinux,dc=org" # Requires jinja 2.9+ rocky_ipaserver_list: "{{ groups['ipaserver'] + groups['ipareplicas'] }}" +rocky_ipaserver_lb: "ipa-lb.rockylinux.org" # This will need to be vaulted rocky_ldap_bind_pw: "{{ ipa_binder_password }}" diff --git a/ansible/playbooks/vars/gitlab.yml b/ansible/playbooks/vars/gitlab.yml index 2529b2f..dc6e7c1 100644 --- a/ansible/playbooks/vars/gitlab.yml +++ b/ansible/playbooks/vars/gitlab.yml @@ -21,7 +21,7 @@ gitlab_ssl_key: "/etc/nginx/ssl/{{ gitlab_domain }}.key" # LDAP Configuration gitlab_ldap_enabled: "true" -gitlab_ldap_host: "{{ rocky_ipaserver_list[0] }}" +gitlab_ldap_host: "{{ rocky_ipaserver_lb }}" gitlab_ldap_port: "389" gitlab_ldap_uid: "uid" gitlab_ldap_method: "start_tls"