Using evaluated configuration in roles/389ds-config-plugins/tasks/referint.yaml

diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml
index d7967db389f740bd5b4e65e5f54f3e89bc746e15..3a9fac6a5a814a4877d6eb6023333a921a7e3328 100644 (file)
--- a/roles/389ds-config-plugins/tasks/main.yaml
+++ b/roles/389ds-config-plugins/tasks/main.yaml
@@ -32,9 +32,9 @@
     ds389_plugin_referint_config: true
   when: ds389_plugin_referint_config is undefined
 
-# - name: "Configuring the 389ds referential-integrity-Plugin."
-#   include_tasks: 'referint.yaml'
-#   when: (ds389_plugin_referint_config | bool) == true
+- name: "Configuring the 389ds referential-integrity-Plugin."
+  include_tasks: 'referint.yaml'
+  when: (ds389_plugin_referint_config | bool) == true
 
 - name: "Set default for ds389_plugin_attr_uniq_config."
   set_fact:

diff --git a/roles/389ds-config-plugins/tasks/memberof.yaml b/roles/389ds-config-plugins/tasks/memberof.yaml
index 30e06766c2fc06b73fe5104f51f589f58cd31bce..994d49756d9e155b28a3140a1316c6c533bfac3f 100644 (file)
--- a/roles/389ds-config-plugins/tasks/memberof.yaml
+++ b/roles/389ds-config-plugins/tasks/memberof.yaml
@@ -1,10 +1,5 @@
 ---
 
-- name: 'Show raw memberof attribute config.'
-  debug:
-    var: plugin_memberof
-    verbosity: 3
-
 - name: 'Predefine variable exec_set to false'
   set_fact:
     exec_set: false
@@ -37,6 +32,7 @@
 - name: "Has the memberOf-Plugin to be configured:"
   debug:
     var: exec_set
+    verbosity: 1
 
 - name: "Configure the memberof plugin, if necessary."
   when: exec_set == true

diff --git a/roles/389ds-config-plugins/tasks/referint.yaml b/roles/389ds-config-plugins/tasks/referint.yaml
index 52504821b835f23e64efd6db9a58013e7e86558a..d0bfc74a139316b667daa4d186a5006b45a6e6f2 100644 (file)
--- a/roles/389ds-config-plugins/tasks/referint.yaml
+++ b/roles/389ds-config-plugins/tasks/referint.yaml
@@ -1,28 +1,5 @@
 ---
 
-- name: 'Get the current configuration of the referential-integrity-Plugin.'
-  ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin referential-integrity show | \
-    grep -P -i '^(referint|nsslapd-pluginEnabled)' | \
-    sed -e 's/^referint-//i' -e 's/nsslapd-plugin//i' | tr '[:upper:]' '[:lower:]' | \
-    sort || true"
-  register: plugin_referint
-  changed_when: false
-  check_mode: false
-
-- name: 'Show raw referential-integrity attribute config.'
-  debug:
-    var: plugin_referint
-    verbosity: 3
-
-- name: "Set variable plugin_referint_config"
-  set_fact:
-    plugin_referint_config: "{{ plugin_referint.stdout_lines | cfg_389ds_to_dict }}"
-
-- name: "Show config hash:"
-  debug:
-    var: plugin_referint_config
-    verbosity: 2
-
 - name: 'Predefine variable exec_set to false'
   set_fact:
     exec_set: false
@@ -30,17 +7,28 @@
 - name: 'Check for membership-attr not set.'
   set_fact:
     exec_set: true
-  when: '"membership-attr" not in plugin_referint_config'
+  when: '"membership_attr" not in ds389_plugin_config.referint'
 
 - name: 'Check for membership-attr.'
-  set_fact:
-    exec_set: true
-  when: '"groupattr" in plugin_referint_config and (plugin_referint_config["membership-attr"] | compare_lc_list(ds389_plugin_referint_membership_attributes) != true)'
+  when: '"membership_attr" in ds389_plugin_config.referint and (ds389_plugin_config.referint["membership_attr"] | compare_lc_list(ds389_plugin_referint_membership_attributes) != true)'
+  block:
+
+    - debug:
+        var: 'ds389_plugin_config.referint["membership_attr"]'
+        verbosity: 0
+
+    - debug:
+        var: ds389_plugin_referint_membership_attributes
+        verbosity: 0
+
+    - name: 'Set exec_set to true because of membership-attr.'
+      set_fact:
+        exec_set: true
 
 - name: 'Check for update-delay.'
   set_fact:
     exec_set: true
-  when: '"update-delay" not in plugin_referint_config or plugin_referint_config["update-delay"] != ds389_plugin_referint_update_delay'
+  when: '"update_delay" not in ds389_plugin_config.referint or ds389_plugin_config.referint["update_delay"] != ds389_plugin_referint_update_delay'
 
 - name: 'Set expected logfile.'
   set_fact:
@@ -48,17 +36,18 @@
 
 - name: "Show referential-integrity-Plugin logfile stuff"
   debug:
-    msg: "Current logfile: '{{ plugin_referint_config['logfile'] }}', expected: '{{ referint_expected_logfile }}'."
-    verbosity: 0
+    msg: "Current logfile: '{{ ds389_plugin_config.referint['logfile'] }}', expected: '{{ referint_expected_logfile }}'."
+    verbosity: 1
 
-- name: 'Check for logfilelogfile.'
+- name: 'Check for logfile.'
   set_fact:
     exec_set: true
-  when: plugin_referint_config['logfile'] != referint_expected_logfile
+  when: ds389_plugin_config.referint['logfile'] != referint_expected_logfile
 
 - name: "Has the referential-integrity-Plugin to be configured:"
   debug:
     var: exec_set
+    verbosity: 1
 
 - name: "Configure the referential-integrity plugin, if necessary."
   when: exec_set == true
@@ -84,13 +73,13 @@
     - name: "Show the command to execute:"
       debug:
         var: plugin_referint_cmd
-        verbosity: 0
+        verbosity: 1
 
     - name: "Finally configure the referential-integrity plugin."
       ansible.builtin.shell: "{{ plugin_referint_cmd }}"
 
 - name: "Enabling referential-integrity plugin."
-  when: "plugin_referint_config['enabled'] == false and ds389_plugin_referint_enabled == true"
+  when: "ds389_plugin_config.referint['enabled'] == false and ds389_plugin_referint_enabled == true"
   block:
 
     - name: "Enabling referential-integrity plugin."
@@ -101,7 +90,7 @@
         restart_389ds: true
 
 - name: "Disabling referential-integrity plugin."
-  when: "plugin_referint_config['enabled'] == true and ds389_plugin_referint_enabled == false"
+  when: "ds389_plugin_config.referint['enabled'] == true and ds389_plugin_referint_enabled == false"
   block:
 
     - name: "Disabling referential-integrity plugin."