feat: add openldap role

- add basic openldap role
- manage certificates for openldap

hieradata/roles/infra/auth/openldap.yaml

@@ -0,0 +1,7 @@
+---
+# additional altnames
+profiles::pki::vault::alt_names:
+  - ldap.main.unkin.net
+  - ldap.service.consul
+  - ldap.query.consul
+  - "ldap.service.%{facts.country}-%{facts.region}.consul"

site/roles/manifests/infra/auth/openldap.pp

@@ -0,0 +1,10 @@
+# a role to deploy an openldap master
+class roles::infra::auth::openldap {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}