--- /dev/null
+---
+
+- name: "Validate the LDAP server to perform an offline backup."
+ hosts: localhost
+ gather_facts: false
+ vars_prompt:
+ - name: ldap_server
+ prompt: "Wich LDAP server should be backed up offline"
+ private: false
+
+ tasks:
+
+ - name: "Setting fact ldapserver_to_backup."
+ ansible.builtin.set_fact:
+ ldapserver_to_backup: "{{ ldap_server }}"
+ cacheable: true
+
+ - name: "Print a message"
+ ansible.builtin.debug:
+ msg: "The server {{ ldapserver_to_backup | quote }} should be backed up."
+
+ - name: "Setting status variable"
+ ansible.builtin.set_fact:
+ found_ldapserver: false
+
+ - name: "Searching for LDAP server '{{ ldapserver_to_backup }}' ..."
+ ansible.builtin.set_fact:
+ found_ldapserver: true
+ when: "item == ldapserver_to_backup"
+ ignore_errors: true
+ with_inventory_hostnames:
+ - ldap_servers
+
+ - name: "Fail for non LDAP server."
+ ansible.builtin.fail:
+ msg: "The given host {{ ldapserver_to_backup | quote }} is not a valid LDAP server."
+ when: found_ldapserver == false
+
+- name: "Initial checks for the 389ds LDAP server."
+ hosts: ldap_servers
+ gather_facts: false
+
+ tasks:
+
+ - name: "Made basic checks for 389ds LDAP server."
+ include_role:
+ name: 389ds-check-initial
+
+- name: "Perform Offline backup on the given host."
+ hosts: ldap_servers
+ gather_facts: false
+
+ tasks:
+
+ - name: "Get the LDAP server to backup offline:"
+ ansible.builtin.set_fact:
+ ldapserver_to_backup: "{{ hostvars.localhost.ldapserver_to_backup }}"
+ cacheable: true
+
+ - name: "Doing all on the server to be backed up."
+ when: inventory_hostname == ldapserver_to_backup
+ block:
+
+ - name: "Setting timestamp variables."
+ include_role:
+ name: set-timestamp-vars
+
+ - name: "The LDAP server to backup offline:"
+ debug:
+ var: ldapserver_to_backup
+ verbosity: 0
+
+ - name: "Disabling Puppet agent."
+ ansible.builtin.shell: |
+ puppet agent --disable "[{{ cur_timestamp }}]: Disabled by Ansible playbook 'disable-ldap-server.yaml'."
+ args:
+ creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+
+ - name: "Disabling Wazuh service."
+ ansible.builtin.service:
+ name: wazuh-agent
+ state: stopped
+
+ - name: "Performing backup."
+ include_role:
+ name: 389ds-offline-backup
+ vars:
+ stop_instance: true
+
+ - name: "Enabling Wazuh service."
+ ansible.builtin.service:
+ name: wazuh-agent
+ state: started
+
+ - name: "Enabling Puppet agent."
+ ansible.builtin.shell: puppet agent --enable
+ args:
+ removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+- debug:
+ msg: "Performing an offline backup of the 389 backends and important file systems of a 389ds directory server."
+
+- name: "Define full_slapd_instance and slapd_is_running"
+ ansible.builtin.set_fact:
+ full_slapd_instance: "slapd-{{ slapd_instance }}"
+ slapd_is_running: true
+
+- name: "Get the status of the 389ds server instance."
+ ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} status"
+ check_mode: false
+ changed_when: false
+ register: get_slapd_status
+
+- name: "Show get_slapd_status"
+ debug:
+ var: get_slapd_status
+ verbosity: 2
+
+- name: "Getting running state of slapd instance."
+ ansible.builtin.set_fact:
+ slapd_is_running: false
+ when: ( get_slapd_status.stdout | regex_search('^Instance \".*\" is not running', ignorecase=True) ) is not empty
+
+- name: "Stopping instance, if running"
+ when: stop_instance == true and slapd_is_running == true
+ block:
+
+ - name: "Stopping LDAP server instance"
+ debug:
+ msg: "Stopping LDAP server instance {{ slapd_instance | quote }}, because it is still running"
+ verbosity: 0
+
+ - name: "Set fact ds389_instance_was_stopped."
+ ansible.builtin.set_fact:
+ ds389_instance_was_stopped: true
+
+ - name: "Stopping LDAP instance."
+ ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} stop"
+
+- name: "Complaining about running instance."
+ when: stop_instance == false and slapd_is_running == true
+ block:
+
+ - debug:
+ msg: "The LDAP server instance {{ slapd_instance | quote }} should not be running."
+ verbosity: 0
+
+ - name: "Fail, if instance is running"
+ ansible.builtin.fail:
+ msg: "Cannot perform offline backup, LDAP server instance {{ slapd_instance | quote }} is still running."
+ when: ansible_check_mode == false
+
+- name: "Start LDAP server instance, when it was stopped before."
+ when: ds389_instance_was_stopped == true
+ block:
+
+ - debug:
+ msg: "Starting LDAP server instance {{ slapd_instance | quote }}, because it was stopped before."
+
+ - name: "Starting LDAP server instance."
+ ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} start"
+
+
+# vim: filetype=yaml
projects / pixelpark / pp-admin-tools.git / commitdiff