I have just moved all tools nodes to the new read-only ldap service. This change was made via the tools project puppet panel in horizon.
Everything looks fine so far, but I'm going to be AFK for much of the weekend. So, if things go pear-shaped over the weekend, here's how to revert:
1) In Horizon, go to the 'Project Puppet' tab in the 'tools' project
2) Scroll all the way to the bottom, to the 'Hiera Config' section
3) Remove these lines:
labsldapconfig: hostname: ldap-ro.eqiad.wikimedia.org secondary_hostname: ldap-ro.eqiad.wikimedia.org
4) Force puppet runs as needed, or just wait a bit.
Assuming things go well, eventually I'll remove the project-specific hiera hacks and just make this change cloud-wide
-A
cloud-admin@lists.wikimedia.org