include_role:
name: haproxy-check-initial
- - name: "Get the LDAP server to disable replication:"
+ - name: "Get the LDAP server to disable in HAProxy backend."
ansible.builtin.set_fact:
ldapserver_to_disable: "{{ hostvars.localhost.ldapserver_to_disable }}"
cacheable: true
- - name: "The LDAP server to disable replication:"
+ - name: "The LDAP server to disable in HAProxy backend:"
debug:
var: ldapserver_to_disable
verbosity: 0
var: target_replica_id
verbosity: 0
- - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}."
- ansible.builtin.shell: |
- puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'."
- args:
- creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
- when: ldapserver_to_disable == inventory_hostname
-
- - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}."
- ansible.builtin.service:
- enabled: false
- name: puppet
- state: stopped
- when: ldapserver_to_disable == inventory_hostname
-
- - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}."
- ansible.builtin.service:
- enabled: false
- name: wazuh-agent
- state: stopped
+ - name: "Disabling services."
when: ldapserver_to_disable == inventory_hostname
+ block:
+
+ - debug:
+ msg: "Disabling Puppet agent, Puppet service and Wazuh service."
+
+ - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.shell: |
+ puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disabled by Ansible playbook 'disable-ldap-server.yaml'."
+ args:
+ creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+
+ - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.service:
+ enabled: false
+ name: puppet
+ state: stopped
+
+ - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.service:
+ enabled: false
+ name: wazuh-agent
+ state: stopped
- name: "Retrieve all backends."
ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list"
vars:
target_host: "{{ ldapserver_to_enable }}"
+- name: "Enable the given host as a HAProxy backend server."
+ hosts: haproxy_servers
+ gather_facts: false
+
+ tasks:
+
+ - name: "Get the LDAP server to enable in HAProxy backend."
+ ansible.builtin.set_fact:
+ ldapserver_to_enable: "{{ hostvars.localhost.ldapserver_to_enable }}"
+
+ - name: "The LDAP server to enable in HAProxy backend:"
+ debug:
+ var: ldapserver_to_enable
+ verbosity: 0
+
+ - name: "Enabling HAProxy backend server ...."
+ include_role:
+ name: 'haproxy-enable-backend'
+ vars:
+ backend: "{{ haproxy_backend_name }}"
+ backend_server: "{{ ldapserver_to_enable }}"
+
+- name: "Enabling Puppet and Wazuh on all LDAP servers."
+ hosts: ldap_servers
+ gather_facts: false
+
+ tasks:
+
+ - name: "Enabling services."
+ when: ldapserver_to_disable == inventory_hostname
+ block:
+
+ - debug:
+ msg: "Enabling Wazuh service, Puppet service and Puppet agent."
+
+ - name: "Enabling Wazuh service on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.service:
+ enabled: true
+ name: wazuh-agent
+ state: started
+
+ - name: "Enabling Puppet service on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.service:
+ enabled: true
+ name: puppet
+ state: started
+
+ - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}."
+ ansible.builtin.shell: |
+ puppet agent --enable
+ args:
+ removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
# vim: filetype=yaml
var: ldapserver_to_backup
verbosity: 0
+ - name: "Get active status of Puppet lockfile."
+ ansible.builtin.stat:
+ path: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+ register: stat_puppet_lockfile
+
+ - name: "File stat of Puppet Puppet lockfile."
+ debug:
+ var: stat_puppet_lockfile
+ verbosity: 3
+
+ - name: "Predefine puppet_already_locked"
+ ansible.builtin.set_fact:
+ puppet_already_locked: false
+
+ - name: "Set puppet_already_locked"
+ ansible.builtin.set_fact:
+ puppet_already_locked: true
+ when: stat_puppet_lockfile.stat.exists == true
+
- name: "Disabling Puppet agent."
ansible.builtin.shell: |
puppet agent --disable "[{{ cur_timestamp }}]: Disabled by Ansible playbook 'disable-ldap-server.yaml'."
args:
creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+ - name: "Get status of Wazuh service."
+ ansible.builtin.systemd:
+ name: 'wazuh-agent'
+ register: wazuh_agent_status
+
+ - name: "Predefine wazuh_already_disabled."
+ ansible.builtin.set_fact:
+ wazuh_already_disabled: false
+
+ - name: "Status of Wazuh service."
+ debug:
+ var: wazuh_agent_status
+ verbosity: 3
+
+ - name: "Set wazuh_already_disabled to true."
+ ansible.builtin.set_fact:
+ wazuh_already_disabled: true
+ when: wazuh_agent_status.status.ActiveState != 'active'
+
- name: "Disabling Wazuh service."
ansible.builtin.service:
name: wazuh-agent
ansible.builtin.service:
name: wazuh-agent
state: started
+ when: wazuh_already_disabled != true
- name: "Enabling Puppet agent."
ansible.builtin.shell: puppet agent --enable
args:
removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+ when: puppet_already_locked != true
# vim: filetype=yaml
--bind-dn {{ replication_manager_dn | quote }} \
--bind-passwd-file {{ replication_manager_password_file | quote }} \
--bind-method {{ ds389_repl_agmt_bind_method | quote }} \
- --frac-list {{ used_frac_list | map('quote') | join(' ') }} \
- --frac-list-total {{ used_frac_list_total | map('quote') | join(' ') }}"
+ --frac-list {{ used_frac_list | join(' ') | quote }} \
+ --frac-list-total {{ used_frac_list_total | join(' ') | quote }}"
- name: "Add --strip-list to command for creating replication agreement."
set_fact:
- create_cmd: "{{ create_cmd }} --strip-list {{ ds389_repl_agmt_strip_list | map('quote') | join(' ') }}"
+ create_cmd: "{{ create_cmd }} --strip-list {{ ds389_repl_agmt_strip_list | join(' ') | quote }}"
when: ds389_repl_agmt_strip_list is not empty
- name: "Add --schedule to command for creating replication agreement."
- name: "Defining target archive file."
ansible.builtin.set_fact:
- archive_file: "{{ backup_directory }}/backup.{{ slapd_instance }}.{{ filesystem | regex_replace('^/*') | regex_replace('/+', '_') }}.{{ cur_timestamp }}.tar.bz2 }}"
+ archive_file: "{{ backup_directory }}/backup.{{ slapd_instance }}.{{ filesystem | regex_replace('^/*') | regex_replace('/+', '_') | regex_replace('[*?]') }}.{{ cur_timestamp }}.tar.bz2"
- debug:
msg: "Creating archive {{ archive_file }} from directory {{ filesystem | quote }}."
projects / pixelpark / pp-admin-tools.git / commitdiff