Starting with playbooks/configure-ldap-servers.yaml

diff --git a/ansible.cfg b/ansible.cfg
index 5a0352ebfde33609bf9e81ae52bbde064f21f157..c339bd3899ca43a1af56d29ee7f5da4b033487cb 100644 (file)
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -2,7 +2,7 @@
 host_key_checking = False
 # log_path = ./provision.log
 nocows = 1
-# inventory = inventory/pdns-test.yml
+display_skipped_hosts = no
 
 [ssh_connection]
 # control_path = /tmp/%%h

diff --git a/filter_plugins/cfg_389ds_to_dict.py b/filter_plugins/cfg_389ds_to_dict.py
new file mode 100644 (file)
index 0000000..71c7715
--- /dev/null
+++ b/filter_plugins/cfg_389ds_to_dict.py
@@ -0,0 +1,50 @@
+import re
+
+# =============================================================================
+class FilterModule(object):
+
+    re_key = re.compile(r'nsslapd-', re.IGNORECASE)
+    re_sep = re.compile(r':\s+')
+    re_int = re.compile('^[+-]?\d+$')
+    re_float = re.compile('^[+-]?\d+\.\d*$')
+
+    # ------------------
+    def filters(self):
+        return {'cfg_389ds_to_dict': self.cfg_389ds_to_dict }
+
+    # ------------------
+    def cfg_389ds_to_dict(self, the_list):
+        result = {}
+
+        for line in the_list:
+            (key, value) = self.re_sep.split(line, maxsplit=1)
+            key = self.re_key.sub('', key)
+            value = self.mangle_value(value)
+            if key in result:
+                old_val = result[key]
+                if isinstance(old_val, list):
+                    result[key].append(value)
+                else:
+                    result[key] = [old_val, value]
+            else:
+                result[key] = value
+
+        return result
+
+    # ------------------
+    def mangle_value(self, value):
+
+        if self.re_int.match(value):
+            return int(value)
+        if self.re_float.match(value):
+            return float(value)
+        if value.lower() == 'on':
+            return True
+        if value.lower() == 'off':
+            return False
+        return value
+
+
+# =============================================================================
+
+# vim: ts=4 et list

diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml
index affc831e6e81e81612725a62a5ae660d5004b194..f371d788eeb4a93282618e0353b0449a854645cd 100644 (file)
--- a/inventory/spk-ldap-stage.yaml
+++ b/inventory/spk-ldap-stage.yaml
@@ -25,3 +25,4 @@ all:
     haproxy_user_socket: '/run/haproxy/user.sock'
     haproxy_admin_socket: '/run/haproxy/admin.sock'
 
+# vim: filetype=yaml

diff --git a/playbooks/configure-ldap-servers.yaml b/playbooks/configure-ldap-servers.yaml
new file mode 100644 (file)
index 0000000..ce7df7a
--- /dev/null
+++ b/playbooks/configure-ldap-servers.yaml
@@ -0,0 +1,35 @@
+---
+
+- name: "Configuring 389ds LDAP servers."
+  hosts: ldap_servers
+  gather_facts: false
+
+  tasks:
+
+    - name: "Exec command for retrieving version of 389ds LDAP server."
+      ansible.builtin.shell: ns-slapd -v | grep -i '^389-Directory' | sed -e 's|.*/||' -e 's/[         ].*//'
+      register: get_389ds_version
+      check_mode: false
+      changed_when: false
+
+    - name: "Get the version of the 389ds LDAP server."
+      ansible.builtin.set_fact:
+        version_389ds: "{{ get_389ds_version.stdout }}"
+        cacheable: true
+
+    - name: "Show version of 389ds LDAP server."
+      debug:
+        var: version_389ds
+        verbosity: 0
+
+    - name: "Fail for non existing 389ds LDAP server."
+      ansible.builtin.fail:
+        msg: "No 389ds LDAP server found on host '{{ ansible_fqdn }}'."
+      when: version_389ds == ''
+
+    - name: "Configure logging for host '{{ inventory_hostname }}'."
+      include_role:
+        name: '389ds-config-logging'
+
+
+# vim: filetype=yaml

diff --git a/playbooks/filter_plugins b/playbooks/filter_plugins
new file mode 120000 (symlink)
index 0000000..c954752
--- /dev/null
+++ b/playbooks/filter_plugins
@@ -0,0 +1 @@
+../filter_plugins/
\ No newline at end of file

diff --git a/playbooks/roles b/playbooks/roles
new file mode 120000 (symlink)
index 0000000..d8c4472
--- /dev/null
+++ b/playbooks/roles
@@ -0,0 +1 @@
+../roles
\ No newline at end of file

diff --git a/roles/389ds-config-logging/tasks/config-facility.yaml b/roles/389ds-config-logging/tasks/config-facility.yaml
new file mode 100644 (file)
index 0000000..e0ec9be
--- /dev/null
+++ b/roles/389ds-config-logging/tasks/config-facility.yaml
@@ -0,0 +1,43 @@
+---
+
+- name: "Get current configuration of config for log facility '{{ log_facility.key }}'."
+  ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true"
+  register: config_get
+  changed_when: false
+  check_mode: false
+
+- name: "Show current config_get"
+  debug:
+    var: config_get
+    verbosity: 3
+
+- name: "Generate config hash."
+  when: config_get.stdout != ""
+  block:
+
+    - name: "Set logging variables"
+      set_fact:
+        log_config: "{{ config_get.stdout_lines | cfg_389ds_to_dict }}"
+
+    - name: "Show config hash:"
+      debug:
+        var: log_config
+        verbosity: 2
+
+    - name: "Set config key for '{{ log_facility.key }}' logfile."
+      set_fact:
+        exp_logfile: "{{ base_logdir }}/slapd-{{ slapd_instance }}/{{ log_facility.value.logfile }}"
+        dict_logfile_key: "{{ log_facility.key }}log"
+        config_logfile_key: "nsslapd-{{ log_facility.key }}log"
+
+    - name: "Show logfile stuff"
+      debug:
+        msg: "Current logfile: '{{ log_config[dict_logfile_key] }}', expected: '{{ exp_logfile }}'."
+        verbosity: 1
+
+    - name: "Setting new value for {{ log_facility.key }} log to '{{ exp_logfile }}' ..."
+      ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config replace {{ config_logfile_key }}={{ exp_logfile }}"
+      when: log_config[dict_logfile_key] != exp_logfile
+
+
+# vim: filetype=yaml

diff --git a/roles/389ds-config-logging/tasks/main.yaml b/roles/389ds-config-logging/tasks/main.yaml
new file mode 100644 (file)
index 0000000..34e4c96
--- /dev/null
+++ b/roles/389ds-config-logging/tasks/main.yaml
@@ -0,0 +1,11 @@
+---
+
+# Configuring logging of a 389ds LDAP server
+
+- name: "Configuring logging facility '{{ log_facility.key }}'."
+  include_tasks: 'config-facility.yaml'
+  loop: "{{ logging | dict2items | list }}"
+  loop_control:
+    loop_var: log_facility
+
+# vim: filetype=yaml

diff --git a/roles/389ds-config-logging/vars/main.yaml b/roles/389ds-config-logging/vars/main.yaml
new file mode 100644 (file)
index 0000000..acdd7d7
--- /dev/null
+++ b/roles/389ds-config-logging/vars/main.yaml
@@ -0,0 +1,21 @@
+---
+base_logdir: '/var/log/dirsrv'
+
+logging:
+  access:
+    logfile: access.log
+    enabled: true
+  audit:
+    logfile: audit.log
+    enabled: false
+  auditfail:
+    logfile: audit.log
+    enabled: true
+  error:
+    logfile: error.log
+    enabled: true
+  security:
+    logfile: security.log
+    enabled: true
+
+# vim: filetype=yaml