include_role:
name: 389ds-config-plugins
+ - name: "Restarting the 389ds LDAP server."
+ include_role:
+ name: 389ds-restart
+
# vim: filetype=yaml
- name: "Fail for non LDAP server."
ansible.builtin.fail:
- msg: "The given host '{{ ldapserver_to_disable }}' is not a valid LDAP server."
+ msg: "The given host {{ ldapserver_to_disable | quote }} is not a valid LDAP server."
when: found_ldapserver == false
- name: "Disable the given host as a HAProxy backend server."
var: target_replica_id
verbosity: 0
- - name: "Disabling Puppet agent on '{{ ldapserver_to_disable }}'."
+ - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}."
ansible.builtin.shell: |
puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'."
args:
creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
when: ldapserver_to_disable == inventory_hostname
- - name: "Disabling Puppet service on '{{ ldapserver_to_disable }}'."
+ - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}."
ansible.builtin.service:
enabled: false
name: puppet
state: stopped
when: ldapserver_to_disable == inventory_hostname
- - name: "Disabling Wazuh service on '{{ ldapserver_to_disable }}'."
+ - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}."
ansible.builtin.service:
enabled: false
name: wazuh-agent
state: stopped
when: ldapserver_to_disable == inventory_hostname
- - name: "Retrieve all backends from '{{ ldapserver_to_disable }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
+ - name: "Retrieve all backends from {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list"
register: backend_suffix_list
changed_when: false
check_mode: false
---
- name: "Get current configuration of config for log facility '{{ log_facility.key }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true"
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true"
register: config_get
changed_when: false
check_mode: false
verbosity: 1
- name: "Setting new value for {{ log_facility.key }} log to '{{ exp_logfile }}' ..."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config replace {{ config_logfile_key }}={{ exp_logfile }}"
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} config replace {{ config_logfile_key }}={{ exp_logfile }}"
when: log_config[dict_logfile_key] != exp_logfile
when: exec_set == true
block:
- - name: "Init var plugin_memberof_cmd."
+ - name: "Init + set var plugin_memberof_cmd + restart_389ds."
set_fact:
plugin_memberof_cmd: "dsconf {{ slapd_instance | quote }} plugin memberof set"
+ restart_389ds: true
- name: "Add attr to plugin_memberof_cmd."
set_fact:
block:
- name: "Retrieve all backends"
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list"
register: get_backend_suffixes
changed_when: false
check_mode: false
set_fact:
agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
-- name: "Show replication agreement name for suffix '{{ suffix }}'."
+- name: "Show replication agreement name for suffix {{ suffix | quote }}."
debug:
var: agreement_name
verbosity: 0
-- name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
+- name: "Removing replication agreement '{{ agreement_name }}' for suffix {{ suffix | quote }}."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-agmt delete --suffix {{ suffix | quote }} '{{ agreement_name }}'"
ignore_errors: true
var: direction
verbosity: 0
-- name: "Removing replication agreements to '{{ target }}' on suffix '{{ suffix }}'."
+- name: "Removing replication agreements to '{{ target }}' on suffix {{ suffix | quote }}."
when: direction == 'from-disabled' and target != inventory_hostname
include_tasks: 'del-repl-agmt.yaml'
-- name: "Removing replication agreement to '{{ target }}' on suffix '{{ suffix }}'."
+- name: "Removing replication agreement to '{{ target }}' on suffix {{ suffix | quote }}."
when: direction == 'to-disabled' and target == ldapserver_to_disable
include_tasks: 'del-repl-agmt.yaml'
---
- name: "Get a list of all replicated Suffixes."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' replication list"
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} replication list"
check_mode: false
changed_when: false
register: list_of_replicated_suffixes
set_fact:
suffix_is_replicated: false
-- name: "Searching for suffix '{{ suffix }}' in the list of replicated suffixes."
+- name: "Searching for suffix {{ suffix | quote }} in the list of replicated suffixes."
set_fact:
suffix_is_replicated: true
when: ( this_line | regex_replace('^\\s*') | regex_replace('\\s*$') ) == suffix
set_fact:
list_of_replicated_suffixes: ~
-- name: "The suffix '{{ suffix }}' is replicated:"
+- name: "The suffix {{ suffix | quote }} is replicated:"
debug:
var: suffix_is_replicated
verbosity: 0
-- name: "Finally remove replication from suffix '{{ suffix }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' disable --suffix '{{ suffix }}'"
+- name: "Finally remove replication from suffix {{ suffix | quote }}."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} disable --suffix {{ suffix | quote }}"
when: suffix_is_replicated == true
# vim: filetype=yaml
---
-- name: "Clean all RUVs for Replication ID {{ target_replica_id }} on suffix '{{ suffix }}' ..."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-tasks cleanallruv --suffix '{{ suffix }}' --replica-id={{ target_replica_id }}"
+- name: "Clean all RUVs for Replication ID {{ target_replica_id }} on suffix {{ suffix | quote }} ..."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-tasks cleanallruv --suffix {{ suffix | quote }} --replica-id={{ target_replica_id }}"
ignore_errors: true
-- name: "Get the result of cleaning RUVs on suffix '{{ suffix }}' ..."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-tasks list-cleanruv-tasks --suffix '{{ suffix }}'"
+- name: "Get the result of cleaning RUVs on suffix {{ suffix | quote }} ..."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-tasks list-cleanruv-tasks --suffix {{ suffix | quote }}"
register: list_cleanruv_tasks_results
ignore_errors: true
check_mode: false
changed_when: false
-- name: "Show current list_cleanruv_tasks_results for suffix '{{ suffix }}'."
+- name: "Show current list_cleanruv_tasks_results for suffix {{ suffix | quote }}."
debug:
msg: "{{ list_cleanruv_tasks_results.stdout }}"
verbosity: 0
--- /dev/null
+---
+
+- name: "Should the 389ds LDAP server be restarted."
+ when: ( restart_389ds | bool ) == true
+ block:
+
+ - name: "The 389ds LDAP server must be restarted?"
+ debug:
+ msg: "Restarting instance {{ slapd_instance | quote }}: {{ restart_389ds }}"
+ verbosity: 0
+
+ - name: "Restarting the LDAP server instance."
+ ansible.builtin.service:
+ name: "dirsrv@{{ slapd_instance }}.service"
+ state: restarted
+
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+restart_389ds: false
+
+# vim: filetype=yaml
---
- name: "Get current Readonly status of Backend '{{ backend.value }}' ..."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix get '{{ backend.value }}' | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'"
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix get {{ backend.value | quote }} | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'"
check_mode: false
changed_when: false
register: backend_get_ro_status
verbosity: 2
- name: "Set fact backend_ro."
- no_log: true
set_fact:
backend_ro: "{{ backend_get_ro_status.stdout is falsy }}"
-- name: "The backend '{{ backend.key }}' ({{ backend.value }}) readonly status:"
+- name: "The backend {{ backend.key | quote }} ({{ backend.value }}) readonly status:"
debug:
var: backend_ro
-- name: "Setting backend '{{ backend.value }}' to readonly."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix set --enable-readonly '{{ backend.value }}'"
- when: backend_ro == false
+- name: "Setting backend {{ backend.value | quote }} to readonly."
+ ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix set --enable-readonly {{ backend.value | quote }}"
+ when: ( backend_ro | bool ) == false
- name: "Set fact backend_get_ro_status."
- no_log: true
set_fact:
backend_get_ro_status: ~
projects / pixelpark / pp-admin-tools.git / commitdiff