From: Frank Brehm Date: Fri, 16 Oct 2020 16:14:02 +0000 (+0200) Subject: Starting with applying consumers X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=938cdd4baca76c5c7fff62a7fe8926a491a6c13b;p=pixelpark%2Fldap-migration.git Starting with applying consumers --- diff --git a/inventory/dev-ds.yaml b/inventory/dev-ds.yaml index d30f7ae..90228b6 100644 --- a/inventory/dev-ds.yaml +++ b/inventory/dev-ds.yaml @@ -5,8 +5,11 @@ all: ldap_servers: hosts: dev-ds11.pixelpark.com: + rid_token: '1' dev-ds12.pixelpark.com: + rid_token: '2' dev-ds13.pixelpark.com: + rid_token: '3' providers: hosts: dev-ds11.pixelpark.com: @@ -24,3 +27,7 @@ all: lapd_suffix_re: 'o=isp' example_db_suffix: 'dc=my-domain,dc=com' example_db_suffix_re: 'dc=my-domain,\s*dc=com' + admin_bind_dn_prefix: 'cn=admin' + repl_retry: '5 +' + repl_timeout: '3' + diff --git a/roles/base/tasks/consumers.yaml b/roles/base/tasks/consumers.yaml new file mode 100644 index 0000000..76d5a52 --- /dev/null +++ b/roles/base/tasks/consumers.yaml @@ -0,0 +1,10 @@ +--- + +- name: "Acticvating SyncRepl consumers for databases ..." + include_tasks: "consumers_per_db.yaml" + loop: + - '{0}config' + - "{{ main_database_name }}" + loop_control: + loop_var: database_name + diff --git a/roles/base/tasks/consumers_per_db.yaml b/roles/base/tasks/consumers_per_db.yaml new file mode 100644 index 0000000..c7ed392 --- /dev/null +++ b/roles/base/tasks/consumers_per_db.yaml @@ -0,0 +1,21 @@ +--- + +- set_fact: + db_suffix: 'cn=config' + when: database_name == '{0}config' + +- set_fact: + db_suffix: "{{ ansible_local.openldap_dbs[database_name].suffix }}" + when: database_name != '{0}config' + +- set_fact: + bind_dn: "{{ admin_bind_dn_prefix }},{{ db_suffix }}" + +- set_fact: + db_dn: "{{ database_name }},cn=config" + +- name: "Acticvating SyncRepl consumers for database '{{ database_name }}' for providers ..." + include_tasks: "consumers_per_provider.yaml" + loop: "{{ groups['providers'] }}" + loop_control: + loop_var: provider_host diff --git a/roles/base/tasks/consumers_per_provider.yaml b/roles/base/tasks/consumers_per_provider.yaml new file mode 100644 index 0000000..f7bfa56 --- /dev/null +++ b/roles/base/tasks/consumers_per_provider.yaml @@ -0,0 +1,59 @@ +--- + +- name: "Acticvating SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..." + block: + + - set_fact: + db_id_token: "{{ database_name | regex_replace('\\{', '') | regex_replace('\\}.*', '') }}" + + - set_fact: + rid: "{{ hostvars[provider_host].rid_token }}{{ rid_token }}{{ db_id_token }}" + + - set_fact: + provider_uri: "ldaps://{{ hostvars[provider_host].ansible_fqdn }}" + + - name: "Applying SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..." + block: + + - name: "Initializing LDIF file for applying SyncRepl consumers" + tempfile: + state: 'file' + prefix: 'syncrepl.' + suffix: '.ldif' + register: syncrepl_file + + - name: "Get content of applying SyncRepl consumers" + template: + src: "templates/syncrepl-add.ldif.j2" + dest: "{{ syncrepl_file.path }}" + owner: root + group: root + mode: 0644 + + - name: "Get content of applying SyncRepl consumers file" + shell: "cat '{{ syncrepl_file.path }}'" + register: content_syncrepl_file + changed_when: False + no_log: True + + - name: "Show content of applying SyncRepl consumers file." + debug: msg={{ content_syncrepl_file.stdout_lines }} + + # TODO - Apply fehlt + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing applying SyncRepl consumers file ..." + file: + path: "{{ syncrepl_file.path }}" + state: absent + + # TODO - When Klausel für Apply block fehlt + + when: provider_host != ansible_fqdn + diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index a5341fe..413128c 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -51,3 +51,6 @@ - include: 'providers.yaml' when: "'providers' in group_names" +- include: 'consumers.yaml' + when: "'consumers' in group_names" + diff --git a/roles/base/templates/syncrepl-add.ldif.j2 b/roles/base/templates/syncrepl-add.ldif.j2 new file mode 100644 index 0000000..902784b --- /dev/null +++ b/roles/base/templates/syncrepl-add.ldif.j2 @@ -0,0 +1,14 @@ +dn: {{ db_dn }} +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid={{ rid }} + provider={{ provider_uri }} + binddn="{{ bind_dn }}" + bindmethod=simple + credentials="{{ admin_password }}" + searchbase="{{ db_suffix }}" + type=refreshAndPersist + retry="{{ repl_retry }}" + timeout={{ repl_timeout }} + +# vim: filetype=ldif diff --git a/vars/secrets-main.yaml b/vars/secrets-main.yaml new file mode 100644 index 0000000..1da1c68 --- /dev/null +++ b/vars/secrets-main.yaml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +34303038326262643563373065326338636430353835376234333765333262633632316437663061 +3766643036346335653461323439653930376537623435390a353739393439306638363138343261 +65643866303332616361613165313062366235313361393831643134616134653261306263346164 +6465666463633430660a323037303661386634666230613639636439626536396436313636353461 +36633336643035386433346330323361393633336636623965356266623735373139363763663566 +30353033653035303037626637663430643761373962623136396435353439386363623939373564 +396237663734616534623462336636303262