Setting example database to readonly

diff --git a/roles/base/tasks/config_root_account.yaml b/roles/base/tasks/config_root_account.yaml
index 000ed4cff58ca4b0440d5a9015c33a00e75116b2..7048a0e8213790c568fe12d6513c7302d6d231d1 100644 (file)
--- a/roles/base/tasks/config_root_account.yaml
+++ b/roles/base/tasks/config_root_account.yaml
@@ -69,7 +69,7 @@
   - name: "Show content of managing RootDN for config database file."
     debug: msg={{ content_rootdn_config_file.stdout_lines }}
 
-  - name: "Applying  managing RootDN for config database file."
+  - name: "Applying managing RootDN for config database file."
     shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ rootdn_config_file.path }}'"
 
   rescue:

diff --git a/roles/base/tasks/example-database-ro.yaml b/roles/base/tasks/example-database-ro.yaml
new file mode 100644 (file)
index 0000000..b1e7d16
--- /dev/null
+++ b/roles/base/tasks/example-database-ro.yaml
@@ -0,0 +1,66 @@
+---
+
+################################################################
+# Setting example databae to readonly
+
+
+- name: "Detecting the readonly state of the example database."
+  shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ example_database.dn }}' -o ldif-wrap=no olcReadonly | grep -i '^olcReadonly:' | sed -e 's/^olcReadonly:[  ]*//i' | tr '[:upper:]' '[:lower:]'"
+  changed_when: False
+  ignore_errors: True
+  no_log: True
+  register: example_database_ro
+
+- name: "Setting readonly state of example database to readonly."
+  block:
+
+  - name: "Initializing LDIF file for setting readonly state."
+    tempfile:
+      state: 'file'
+      prefix: 'set-example-db-ro.'
+      suffix: '.ldif'
+    register: set_ro_file
+
+  - set_fact:
+      changetype: 'add'
+    when: example_database_ro.rc != 0
+
+  - set_fact:
+      changetype: 'replace'
+    when: example_database_ro.rc == 0
+
+  - name: "Get content of setting database to readonly"
+    template:
+      src: "templates/set-ro-example-db.ldif.j2"
+      dest: "{{ set_ro_file.path }}"
+      owner: root
+      group: root
+      mode: 0644
+
+  - name: "Get content of setting database to readonly file"
+    shell: "cat '{{ set_ro_file.path }}'"
+    register: content_set_ro_file
+    changed_when: False
+    no_log: True
+
+  - name: "Show content of setting database to readonly file."
+    debug: msg={{ content_set_ro_file.stdout_lines }}
+
+  - name: "Applying setting database to readonly file."
+    shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ set_ro_file.path }}'"
+
+  rescue:
+    - name: "Failing base installation of OpenLDAP server because of some errors."
+      fail:
+        msg: "I caught an error"
+
+  always:
+
+    - name: "Removing setting database to readonly file ..."
+      file:
+        path: "{{ set_ro_file.path }}"
+        state: absent
+
+  when: (example_database_ro.rc != 0) or (example_database_ro.stdout != 'true')
+
+

diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml
index 5d554978a65ecfa7c49ef9aeab5882dae6ee8009..a5341fe1462dec2d849ff79b876a05aebb972661 100644 (file)
--- a/roles/base/tasks/main.yaml
+++ b/roles/base/tasks/main.yaml
@@ -43,6 +43,9 @@
 
 - include: 'overlays0-memberof.yaml'
 
+- include: 'example-database-ro.yaml'
+  when: example_database_name != ''
+
 - include: 'config_root_account.yaml'
 
 - include: 'providers.yaml'

diff --git a/roles/base/templates/set-ro-example-db.ldif.j2 b/roles/base/templates/set-ro-example-db.ldif.j2
new file mode 100644 (file)
index 0000000..66631e1
--- /dev/null
+++ b/roles/base/templates/set-ro-example-db.ldif.j2
@@ -0,0 +1,6 @@
+dn: {{ example_database.dn }}
+changetype: modify
+{{ changetype }}: olcReadonly
+olcReadonly: TRUE
+
+# vim: filetype=ldif