From: Frank Brehm Date: Fri, 29 Nov 2024 16:59:48 +0000 (+0100) Subject: Starting with playbooks/configure-ldap-servers.yaml X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=0b029f8e643967083a954a0452013f459927b985;p=pixelpark%2Fpp-admin-tools.git Starting with playbooks/configure-ldap-servers.yaml --- diff --git a/ansible.cfg b/ansible.cfg index 5a0352e..c339bd3 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -2,7 +2,7 @@ host_key_checking = False # log_path = ./provision.log nocows = 1 -# inventory = inventory/pdns-test.yml +display_skipped_hosts = no [ssh_connection] # control_path = /tmp/%%h diff --git a/filter_plugins/cfg_389ds_to_dict.py b/filter_plugins/cfg_389ds_to_dict.py new file mode 100644 index 0000000..71c7715 --- /dev/null +++ b/filter_plugins/cfg_389ds_to_dict.py @@ -0,0 +1,50 @@ +import re + +# ============================================================================= +class FilterModule(object): + + re_key = re.compile(r'nsslapd-', re.IGNORECASE) + re_sep = re.compile(r':\s+') + re_int = re.compile('^[+-]?\d+$') + re_float = re.compile('^[+-]?\d+\.\d*$') + + # ------------------ + def filters(self): + return {'cfg_389ds_to_dict': self.cfg_389ds_to_dict } + + # ------------------ + def cfg_389ds_to_dict(self, the_list): + result = {} + + for line in the_list: + (key, value) = self.re_sep.split(line, maxsplit=1) + key = self.re_key.sub('', key) + value = self.mangle_value(value) + if key in result: + old_val = result[key] + if isinstance(old_val, list): + result[key].append(value) + else: + result[key] = [old_val, value] + else: + result[key] = value + + return result + + # ------------------ + def mangle_value(self, value): + + if self.re_int.match(value): + return int(value) + if self.re_float.match(value): + return float(value) + if value.lower() == 'on': + return True + if value.lower() == 'off': + return False + return value + + +# ============================================================================= + +# vim: ts=4 et list diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml index affc831..f371d78 100644 --- a/inventory/spk-ldap-stage.yaml +++ b/inventory/spk-ldap-stage.yaml @@ -25,3 +25,4 @@ all: haproxy_user_socket: '/run/haproxy/user.sock' haproxy_admin_socket: '/run/haproxy/admin.sock' +# vim: filetype=yaml diff --git a/playbooks/configure-ldap-servers.yaml b/playbooks/configure-ldap-servers.yaml new file mode 100644 index 0000000..ce7df7a --- /dev/null +++ b/playbooks/configure-ldap-servers.yaml @@ -0,0 +1,35 @@ +--- + +- name: "Configuring 389ds LDAP servers." + hosts: ldap_servers + gather_facts: false + + tasks: + + - name: "Exec command for retrieving version of 389ds LDAP server." + ansible.builtin.shell: ns-slapd -v | grep -i '^389-Directory' | sed -e 's|.*/||' -e 's/[ ].*//' + register: get_389ds_version + check_mode: false + changed_when: false + + - name: "Get the version of the 389ds LDAP server." + ansible.builtin.set_fact: + version_389ds: "{{ get_389ds_version.stdout }}" + cacheable: true + + - name: "Show version of 389ds LDAP server." + debug: + var: version_389ds + verbosity: 0 + + - name: "Fail for non existing 389ds LDAP server." + ansible.builtin.fail: + msg: "No 389ds LDAP server found on host '{{ ansible_fqdn }}'." + when: version_389ds == '' + + - name: "Configure logging for host '{{ inventory_hostname }}'." + include_role: + name: '389ds-config-logging' + + +# vim: filetype=yaml diff --git a/playbooks/filter_plugins b/playbooks/filter_plugins new file mode 120000 index 0000000..c954752 --- /dev/null +++ b/playbooks/filter_plugins @@ -0,0 +1 @@ +../filter_plugins/ \ No newline at end of file diff --git a/playbooks/roles b/playbooks/roles new file mode 120000 index 0000000..d8c4472 --- /dev/null +++ b/playbooks/roles @@ -0,0 +1 @@ +../roles \ No newline at end of file diff --git a/roles/389ds-config-logging/tasks/config-facility.yaml b/roles/389ds-config-logging/tasks/config-facility.yaml new file mode 100644 index 0000000..e0ec9be --- /dev/null +++ b/roles/389ds-config-logging/tasks/config-facility.yaml @@ -0,0 +1,43 @@ +--- + +- name: "Get current configuration of config for log facility '{{ log_facility.key }}'." + ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true" + register: config_get + changed_when: false + check_mode: false + +- name: "Show current config_get" + debug: + var: config_get + verbosity: 3 + +- name: "Generate config hash." + when: config_get.stdout != "" + block: + + - name: "Set logging variables" + set_fact: + log_config: "{{ config_get.stdout_lines | cfg_389ds_to_dict }}" + + - name: "Show config hash:" + debug: + var: log_config + verbosity: 2 + + - name: "Set config key for '{{ log_facility.key }}' logfile." + set_fact: + exp_logfile: "{{ base_logdir }}/slapd-{{ slapd_instance }}/{{ log_facility.value.logfile }}" + dict_logfile_key: "{{ log_facility.key }}log" + config_logfile_key: "nsslapd-{{ log_facility.key }}log" + + - name: "Show logfile stuff" + debug: + msg: "Current logfile: '{{ log_config[dict_logfile_key] }}', expected: '{{ exp_logfile }}'." + verbosity: 1 + + - name: "Setting new value for {{ log_facility.key }} log to '{{ exp_logfile }}' ..." + ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config replace {{ config_logfile_key }}={{ exp_logfile }}" + when: log_config[dict_logfile_key] != exp_logfile + + +# vim: filetype=yaml diff --git a/roles/389ds-config-logging/tasks/main.yaml b/roles/389ds-config-logging/tasks/main.yaml new file mode 100644 index 0000000..34e4c96 --- /dev/null +++ b/roles/389ds-config-logging/tasks/main.yaml @@ -0,0 +1,11 @@ +--- + +# Configuring logging of a 389ds LDAP server + +- name: "Configuring logging facility '{{ log_facility.key }}'." + include_tasks: 'config-facility.yaml' + loop: "{{ logging | dict2items | list }}" + loop_control: + loop_var: log_facility + +# vim: filetype=yaml diff --git a/roles/389ds-config-logging/vars/main.yaml b/roles/389ds-config-logging/vars/main.yaml new file mode 100644 index 0000000..acdd7d7 --- /dev/null +++ b/roles/389ds-config-logging/vars/main.yaml @@ -0,0 +1,21 @@ +--- +base_logdir: '/var/log/dirsrv' + +logging: + access: + logfile: access.log + enabled: true + audit: + logfile: audit.log + enabled: false + auditfail: + logfile: audit.log + enabled: true + error: + logfile: error.log + enabled: true + security: + logfile: security.log + enabled: true + +# vim: filetype=yaml