From: Frank Brehm Date: Tue, 3 Dec 2024 16:22:23 +0000 (+0100) Subject: Adding and using roles/389ds-config-plugins/tasks/attr-uniq.yaml X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=8602c31b8a0852ff104b71bb6ccfd5df6c155f72;p=pixelpark%2Fpp-admin-tools.git Adding and using roles/389ds-config-plugins/tasks/attr-uniq.yaml --- diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml index 4c8a95e..d63b43c 100644 --- a/inventory/dpx-ldap-dev1.yaml +++ b/inventory/dpx-ldap-dev1.yaml @@ -27,4 +27,34 @@ all: haproxy_backend_name: 'be-ldap-dev1' haproxy_user_socket: '/run/haproxy/user.sock' haproxy_admin_socket: '/run/haproxy/admin.sock' + # ds389_plugin_attr_uniq_purge: false + ds389_plugin_attr_uniq_attributes: + 'uid': + across_all_subtrees: false + subtrees: + - 'o=bmas,o=isp' + - 'o=bmf,o=isp' + - 'o=BMWA,o=isp' + - 'o=bmwi,o=isp' + - 'o=bmwi-unternehmergeist,o=isp' + - 'o=cosTemplates,o=isp' + - 'o=Internet,o=isp' + - 'o=mbvd,o=isp' + - 'o=pfizer,o=isp' + - 'o=Pixelpark,o=isp' + - 'o=publicis,o=isp' + - 'o=PuF,o=isp' + - 'o=Radeberger,o=isp' + - 'o=sirona,o=isp' + - 'o=tov,o=isp' + 'gidNumber': + subtrees: + - 'o=isp' + 'mail': + subtrees: + - 'o=isp' + 'uidNumber': + subtrees: + - 'o=isp' +# vim: filetype=yaml diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml index f371d78..13ac24c 100644 --- a/inventory/spk-ldap-stage.yaml +++ b/inventory/spk-ldap-stage.yaml @@ -24,5 +24,12 @@ all: haproxy_backend_name: 'be-stage-ldap' haproxy_user_socket: '/run/haproxy/user.sock' haproxy_admin_socket: '/run/haproxy/admin.sock' + ds389_plugin_attr_uniq_config: false + # ds389_plugin_attr_uniq_purge: false + ds389_plugin_attr_uniq_attributes: + 'uid': + across_all_subtrees: false + subtrees: + - 'dc=spk,dc=pixelpark,dc=net' # vim: filetype=yaml diff --git a/roles/389ds-config-logging/defaults/main.yaml b/roles/389ds-config-logging/defaults/main.yaml new file mode 100644 index 0000000..acdd7d7 --- /dev/null +++ b/roles/389ds-config-logging/defaults/main.yaml @@ -0,0 +1,21 @@ +--- +base_logdir: '/var/log/dirsrv' + +logging: + access: + logfile: access.log + enabled: true + audit: + logfile: audit.log + enabled: false + auditfail: + logfile: audit.log + enabled: true + error: + logfile: error.log + enabled: true + security: + logfile: security.log + enabled: true + +# vim: filetype=yaml diff --git a/roles/389ds-config-logging/vars/main.yaml b/roles/389ds-config-logging/vars/main.yaml deleted file mode 100644 index acdd7d7..0000000 --- a/roles/389ds-config-logging/vars/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -base_logdir: '/var/log/dirsrv' - -logging: - access: - logfile: access.log - enabled: true - audit: - logfile: audit.log - enabled: false - auditfail: - logfile: audit.log - enabled: true - error: - logfile: error.log - enabled: true - security: - logfile: security.log - enabled: true - -# vim: filetype=yaml diff --git a/roles/389ds-config-plugins/defaults/main.yaml b/roles/389ds-config-plugins/defaults/main.yaml new file mode 100644 index 0000000..32d5881 --- /dev/null +++ b/roles/389ds-config-plugins/defaults/main.yaml @@ -0,0 +1,71 @@ +--- + +############################### +# Plugin memberOf + +ds389_plugin_memberof_config: true +ds389_plugin_memberof_enabled: true +ds389_plugin_memberof_attr: 'memberOf' +ds389_plugin_memberof_groupattrs: + - 'member' + - 'uniqueMember' +ds389_plugin_memberof_allbackends: true +ds389_plugin_memberof_skipnested: false + +# Later do eval, how to maintain +ds389_plugin_memberof_scopes: [] +ds389_plugin_memberof_escapes: [] +ds389_plugin_memberof_auto_add_oc: ~ + +############################### +# Plugin referential-integrity + +ds389_plugin_referint_config: true +ds389_plugin_referint_enabled: true +ds389_plugin_referint_membership_attributes: + - 'member' + - 'uniqueMember' + - 'owner' + - 'seeAlso' +ds389_plugin_referint_logfile: 'referint.log' +ds389_plugin_referint_update_delay: 0 + +############################### +# Plugin attribute uniqueness + +ds389_plugin_attr_uniq_config: true +ds389_plugin_attr_uniq_purge: true +ds389_plugin_attr_uniq_attributes: {} +ds389_plugin_attr_uniq_attributes_default: + 'uid': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: ~ + 'gidNumber': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: 'posixGroup' + 'mail': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: 'inetLocalMailRecipient' + 'uidNumber': + ensure: present + enabled: true + subtrees: [] + across_all_subtrees: true + top_entry_oc: ~ + subtree_entries_oc: ~ + +base_logdir: '/var/log/dirsrv' + +# vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/attr-uniq.yaml b/roles/389ds-config-plugins/tasks/attr-uniq.yaml new file mode 100644 index 0000000..6903b8e --- /dev/null +++ b/roles/389ds-config-plugins/tasks/attr-uniq.yaml @@ -0,0 +1,59 @@ +--- + +- name: "Merge attributes configuration" + set_fact: + uniq_attributes: "{{ ds389_plugin_attr_uniq_attributes_default | ansible.builtin.combine(ds389_plugin_attr_uniq_attributes, list_merge='append_rp', recursive=true) }}" + +- name: 'Show merged uniq_attributes' + debug: + var: uniq_attributes + verbosity: 2 + +- name: 'Get the list of all attr-uniq entries.' + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq list" + register: get_all_attr_uniq_entries + changed_when: false + check_mode: false + +- name: 'Show get_all_attr_uniq_entries.' + debug: + var: get_all_attr_uniq_entries + verbosity: 3 + +- name: "Set cur_attr_uniq_entries." + set_fact: + cur_attr_uniq_entries: "{{ get_all_attr_uniq_entries.stdout_lines | map('regex_replace', '\\s*$', '') }}" + +- name: 'Show cur_attr_uniq_entries.' + debug: + var: cur_attr_uniq_entries + verbosity: 2 + +- name: 'Set exp_attr_uniq_entries_lc.' + set_fact: + exp_attr_uniq_entries_lc: [] + +- name: 'Fill exp_attr_uniq_entries_lc.' + set_fact: + exp_attr_uniq_entries_lc: "{{ exp_attr_uniq_entries_lc + [ (item.key | lower) + ' attribute uniqueness' ] }}" + loop: "{{ uniq_attributes | dict2items | list }}" + +- name: 'Show exp_attr_uniq_entries_lc.' + debug: + var: exp_attr_uniq_entries_lc + verbosity: 2 + +- name: 'Purge attr-uniq entries.' + when: (ds389_plugin_attr_uniq_purge | bool) == true + block: + + - name: 'Purge unnecessary attr-uniq entries.' + debug: + msg: "Deleting attr-uniq entry '{{ attr_uniq_entry }}'." + when: ( attr_uniq_entry | lower ) not in exp_attr_uniq_entries_lc + loop: "{{ cur_attr_uniq_entries }}" + loop_control: + loop_var: attr_uniq_entry + + +# vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml index 19d9fc5..cc9b468 100644 --- a/roles/389ds-config-plugins/tasks/main.yaml +++ b/roles/389ds-config-plugins/tasks/main.yaml @@ -8,4 +8,8 @@ include_tasks: 'referint.yaml' when: (ds389_plugin_referint_config | bool) == true +- name: "Configuring the 389ds attr-uniq-Plugin." + include_tasks: 'attr-uniq.yaml' + when: (ds389_plugin_attr_uniq_config | bool) == true + # vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/referint.yaml b/roles/389ds-config-plugins/tasks/referint.yaml index f91dafa..192dbee 100644 --- a/roles/389ds-config-plugins/tasks/referint.yaml +++ b/roles/389ds-config-plugins/tasks/referint.yaml @@ -21,7 +21,7 @@ - name: "Show config hash:" debug: var: plugin_referint_config - verbosity: 0 + verbosity: 2 - name: 'Predefine variable exec_set to false' set_fact: @@ -84,7 +84,7 @@ - name: "Show the command to execute:" debug: var: plugin_referint_cmd - verbosity: 0 + verbosity: 1 - name: "Finally configure the referential-integrity plugin." ansible.builtin.shell: "{{ plugin_referint_cmd }}" diff --git a/roles/389ds-config-plugins/vars/main.yaml b/roles/389ds-config-plugins/vars/main.yaml deleted file mode 100644 index 780110c..0000000 --- a/roles/389ds-config-plugins/vars/main.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -############################### -# Plugin memberOf - -ds389_plugin_memberof_config: true -ds389_plugin_memberof_enabled: true -ds389_plugin_memberof_attr: 'memberOf' -ds389_plugin_memberof_groupattrs: - - 'member' - - 'uniqueMember' -ds389_plugin_memberof_allbackends: true -ds389_plugin_memberof_skipnested: false - -# Later do eval, how to maintain -ds389_plugin_memberof_scopes: [] -ds389_plugin_memberof_escapes: [] -ds389_plugin_memberof_auto_add_oc: ~ - -############################### -# Plugin referential-integrity - -ds389_plugin_referint_config: true -ds389_plugin_referint_enabled: true -ds389_plugin_referint_membership_attributes: - - 'member' - - 'uniqueMember' - - 'owner' - - 'seeAlso' -ds389_plugin_referint_logfile: 'referint.log' -ds389_plugin_referint_update_delay: 0 - -base_logdir: '/var/log/dirsrv' - -# vim: filetype=yaml diff --git a/roles/389ds-restart/defaults/main.yaml b/roles/389ds-restart/defaults/main.yaml new file mode 100644 index 0000000..201408b --- /dev/null +++ b/roles/389ds-restart/defaults/main.yaml @@ -0,0 +1,5 @@ +--- + +restart_389ds: false + +# vim: filetype=yaml diff --git a/roles/389ds-restart/vars/main.yaml b/roles/389ds-restart/vars/main.yaml deleted file mode 100644 index 201408b..0000000 --- a/roles/389ds-restart/vars/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -restart_389ds: false - -# vim: filetype=yaml diff --git a/roles/haproxy-disable-backend/defaults/main.yaml b/roles/haproxy-disable-backend/defaults/main.yaml new file mode 100644 index 0000000..cc0f36c --- /dev/null +++ b/roles/haproxy-disable-backend/defaults/main.yaml @@ -0,0 +1,11 @@ +--- + +haproxy_user_socket: '/run/haproxy/user.sock' +haproxy_admin_socket: '/run/haproxy/admin.sock' +haproxy_test_socket: '/etc/passwd' + +haproxy_wait_for_disable: true +haproxy_wait_interval: 2 +haproxy_wait_retries: 60 + +# vim: filetype=yaml diff --git a/roles/haproxy-disable-backend/vars/main.yaml b/roles/haproxy-disable-backend/vars/main.yaml deleted file mode 100644 index cc0f36c..0000000 --- a/roles/haproxy-disable-backend/vars/main.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- - -haproxy_user_socket: '/run/haproxy/user.sock' -haproxy_admin_socket: '/run/haproxy/admin.sock' -haproxy_test_socket: '/etc/passwd' - -haproxy_wait_for_disable: true -haproxy_wait_interval: 2 -haproxy_wait_retries: 60 - -# vim: filetype=yaml