From 117df19ec81c1b4a98efa0fc1bc599f2527bac65 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Mon, 19 Oct 2020 18:56:36 +0200 Subject: [PATCH] Current state of replication --- install-openldap-cluster.yaml | 1 + inventory/dev-ds.yaml | 22 ++++++- roles/base/tasks/consumers_per_db.yaml | 67 ++++++++++++++++++-- roles/base/tasks/consumers_per_provider.yaml | 17 +++-- roles/base/tasks/main.yaml | 2 + roles/base/tasks/server_id_per_host.yaml | 55 ++++++++++++++++ roles/base/tasks/server_ids.yaml | 8 +++ roles/base/templates/server-ids.ldif | 6 ++ roles/base/templates/set-serverid.ldif.j2 | 6 ++ roles/base/templates/syncrepl.ldif.j2 | 28 ++++++++ roles/rsyslog/handlers/main.yaml | 7 ++ roles/rsyslog/tasks/main.yaml | 38 +++++++++++ roles/rsyslog/templates/logrotate.conf.j2 | 16 +++++ roles/rsyslog/templates/rsyslog.conf.j2 | 4 ++ 14 files changed, 263 insertions(+), 14 deletions(-) create mode 100644 roles/base/tasks/server_id_per_host.yaml create mode 100644 roles/base/tasks/server_ids.yaml create mode 100644 roles/base/templates/server-ids.ldif create mode 100644 roles/base/templates/set-serverid.ldif.j2 create mode 100644 roles/base/templates/syncrepl.ldif.j2 create mode 100644 roles/rsyslog/handlers/main.yaml create mode 100644 roles/rsyslog/tasks/main.yaml create mode 100644 roles/rsyslog/templates/logrotate.conf.j2 create mode 100644 roles/rsyslog/templates/rsyslog.conf.j2 diff --git a/install-openldap-cluster.yaml b/install-openldap-cluster.yaml index 01bed15..d53ae5b 100644 --- a/install-openldap-cluster.yaml +++ b/install-openldap-cluster.yaml @@ -3,6 +3,7 @@ - name: "Installation of OpenLDAP base" hosts: ldap_servers roles: + - rsyslog - base diff --git a/inventory/dev-ds.yaml b/inventory/dev-ds.yaml index 90228b6..1b07e84 100644 --- a/inventory/dev-ds.yaml +++ b/inventory/dev-ds.yaml @@ -6,10 +6,22 @@ all: hosts: dev-ds11.pixelpark.com: rid_token: '1' + rid_one: 21 + rid_two: 31 + uri_one: 'ldaps://dev-ds12.pixelpark.com' + uri_two: 'ldaps://dev-ds13.pixelpark.com' dev-ds12.pixelpark.com: rid_token: '2' + rid_one: 12 + rid_two: 32 + uri_one: 'ldaps://dev-ds11.pixelpark.com' + uri_two: 'ldaps://dev-ds13.pixelpark.com' dev-ds13.pixelpark.com: rid_token: '3' + rid_one: 13 + rid_two: 23 + uri_one: 'ldaps://dev-ds11.pixelpark.com' + uri_two: 'ldaps://dev-ds12.pixelpark.com' providers: hosts: dev-ds11.pixelpark.com: @@ -28,6 +40,12 @@ all: example_db_suffix: 'dc=my-domain,dc=com' example_db_suffix_re: 'dc=my-domain,\s*dc=com' admin_bind_dn_prefix: 'cn=admin' - repl_retry: '5 +' - repl_timeout: '3' + repl_retry: '5 5 300 5' + repl_timeout: '2' + rsyslog_dir: '/etc/rsyslog.d' + rsyslog_config: '/etc/rsyslog.d/01-opendap.conf' + rsyslog_service: 'rsyslog' + log_dir: '/var/log/openldap' + log_file: '/var/log/openldap/slapd.log' + logrotate_conf: '/etc/logrotate.d/openldap' diff --git a/roles/base/tasks/consumers_per_db.yaml b/roles/base/tasks/consumers_per_db.yaml index c7ed392..9103acc 100644 --- a/roles/base/tasks/consumers_per_db.yaml +++ b/roles/base/tasks/consumers_per_db.yaml @@ -1,5 +1,8 @@ --- +- set_fact: + db_id_token: "{{ database_name | regex_replace('\\{', '') | regex_replace('\\}.*', '') }}" + - set_fact: db_suffix: 'cn=config' when: database_name == '{0}config' @@ -12,10 +15,62 @@ bind_dn: "{{ admin_bind_dn_prefix }},{{ db_suffix }}" - set_fact: - db_dn: "{{ database_name }},cn=config" + db_dn: "olcDatabase={{ database_name }},cn=config" + +# - name: "Acticvating SyncRepl consumers for database '{{ database_name }}' for providers ..." +# include_tasks: "consumers_per_provider.yaml" +# loop: "{{ groups['providers'] }}" +# loop_control: +# loop_var: provider_host + +- name: "Get state of possibly applied SyncRepl consumers for database '{{ database_name }}'." + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ db_dn }}' -o ldif-wrap olcSyncrepl | grep -i '^olcSyncrepl'" + changed_when: False + ignore_errors: True + # no_log: True + register: get_syncrepl + +- name: "Applying SyncRepl consumers for database '{{ database_name }}' ..." + block: + + - name: "Initializing LDIF file for applying SyncRepl consumers" + tempfile: + state: 'file' + prefix: 'syncrepl.' + suffix: '.ldif' + register: syncrepl_file + + - name: "Get content of applying SyncRepl consumers" + template: + src: "templates/syncrepl.ldif.j2" + dest: "{{ syncrepl_file.path }}" + owner: root + group: root + mode: 0600 + + - name: "Get content of applying SyncRepl consumers file" + shell: "cat '{{ syncrepl_file.path }}'" + register: content_syncrepl_file + changed_when: False + # no_log: True + + - name: "Show content of applying SyncRepl consumers file." + debug: msg={{ content_syncrepl_file.stdout_lines }} + + # name: "Applying SyncRepl consumers file at the end ..." + # shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ syncrepl_file.path }}'" + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing applying SyncRepl consumers file ..." + file: + path: "{{ syncrepl_file.path }}" + state: absent + + when: get_syncrepl.rc != 0 -- name: "Acticvating SyncRepl consumers for database '{{ database_name }}' for providers ..." - include_tasks: "consumers_per_provider.yaml" - loop: "{{ groups['providers'] }}" - loop_control: - loop_var: provider_host diff --git a/roles/base/tasks/consumers_per_provider.yaml b/roles/base/tasks/consumers_per_provider.yaml index f7bfa56..b9ea246 100644 --- a/roles/base/tasks/consumers_per_provider.yaml +++ b/roles/base/tasks/consumers_per_provider.yaml @@ -3,14 +3,18 @@ - name: "Acticvating SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..." block: - - set_fact: - db_id_token: "{{ database_name | regex_replace('\\{', '') | regex_replace('\\}.*', '') }}" - - set_fact: rid: "{{ hostvars[provider_host].rid_token }}{{ rid_token }}{{ db_id_token }}" - set_fact: - provider_uri: "ldaps://{{ hostvars[provider_host].ansible_fqdn }}" + provider_uri: "ldaps://{{ hostvars[provider_host].ansible_fqdn }}" + + - name: "Get state of an possibly applied SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..." + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ db_dn }}' -o ldif-wrap olcSyncrepl | grep -i '^olcSyncrepl'| sed -e 's/^olcSyncrepl:[ ]*//i' | grep -i 'provider={{ provider_uri }}'" + changed_when: False + ignore_errors: True + no_log: True + register: get_syncrepl_entry - name: "Applying SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..." block: @@ -39,7 +43,8 @@ - name: "Show content of applying SyncRepl consumers file." debug: msg={{ content_syncrepl_file.stdout_lines }} - # TODO - Apply fehlt + - name: "Applying SyncRepl consumers file at the end ..." + shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ syncrepl_file.path }}'" rescue: - name: "Failing base installation of OpenLDAP server because of some errors." @@ -53,7 +58,7 @@ path: "{{ syncrepl_file.path }}" state: absent - # TODO - When Klausel für Apply block fehlt + when: get_syncrepl_entry.rc != 0 when: provider_host != ansible_fqdn diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index 413128c..473bd85 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -51,6 +51,8 @@ - include: 'providers.yaml' when: "'providers' in group_names" +- include: 'server_ids.yaml' + - include: 'consumers.yaml' when: "'consumers' in group_names" diff --git a/roles/base/tasks/server_id_per_host.yaml b/roles/base/tasks/server_id_per_host.yaml new file mode 100644 index 0000000..78622e5 --- /dev/null +++ b/roles/base/tasks/server_id_per_host.yaml @@ -0,0 +1,55 @@ +--- + +- set_fact: + entry: "{{ hostvars[ldap_server].rid_token }} ldaps://{{ ldap_server }}" + +- name: "Get possible entry for host {{ ldap_server }} ..." + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wrap=no olcServerID | grep -i '{{ entry }}'" + changed_when: False + ignore_errors: True + register: get_host_entry + +- name: "Registering Server-Id for host {{ ldap_server }} ..." + block: + + - name: "Initializing LDIF file for registering Server-Id." + tempfile: + state: 'file' + prefix: 'set-server-id.' + suffix: '.ldif' + register: set_serverid_file + + - name: "Get content of registering Server-Id." + template: + src: "templates/set-serverid.ldif.j2" + dest: "{{ set_serverid_file.path }}" + owner: root + group: root + mode: 0644 + + - name: "Get content of registering Server-Id file" + shell: "cat '{{ set_serverid_file.path }}'" + register: set_serverid_file_content + changed_when: False + no_log: True + + - name: "Show content of registering Server-Id file." + debug: msg={{ set_serverid_file_content.stdout_lines }} + + - name: "Applying registering Server-Id file at the end ..." + shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ set_serverid_file.path }}'" + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing applying registering Server-Id file ..." + file: + path: "{{ set_serverid_file.path }}" + state: absent + + when: get_host_entry.rc != 0 + diff --git a/roles/base/tasks/server_ids.yaml b/roles/base/tasks/server_ids.yaml new file mode 100644 index 0000000..d909316 --- /dev/null +++ b/roles/base/tasks/server_ids.yaml @@ -0,0 +1,8 @@ +--- + +- name: "Setting Server Ids for hosts ..." + include_tasks: "server_id_per_host.yaml" + loop: "{{ groups['ldap_servers'] }}" + loop_control: + loop_var: ldap_server + diff --git a/roles/base/templates/server-ids.ldif b/roles/base/templates/server-ids.ldif new file mode 100644 index 0000000..e9fd74e --- /dev/null +++ b/roles/base/templates/server-ids.ldif @@ -0,0 +1,6 @@ +dn: cn=config +changetype: modify +add: olcServerID +olcServerID: 1 ldaps://dev-ds11.pixelpark.com +olcServerID: 2 ldaps://dev-ds12.pixelpark.com +olcServerID: 3 ldaps://dev-ds13.pixelpark.com diff --git a/roles/base/templates/set-serverid.ldif.j2 b/roles/base/templates/set-serverid.ldif.j2 new file mode 100644 index 0000000..61617bb --- /dev/null +++ b/roles/base/templates/set-serverid.ldif.j2 @@ -0,0 +1,6 @@ +dn: cn=config +changetype: modify +add: olcServerID +olcServerID: {{ entry }} + +# vim: filetype=ldif diff --git a/roles/base/templates/syncrepl.ldif.j2 b/roles/base/templates/syncrepl.ldif.j2 new file mode 100644 index 0000000..4123c22 --- /dev/null +++ b/roles/base/templates/syncrepl.ldif.j2 @@ -0,0 +1,28 @@ +dn: {{ db_dn }} +changetype: modify +add: olcSyncRepl +olcSyncRepl: rid={{ rid_one }}{{ db_id_token }} + provider={{ uri_one }} + binddn="{{ bind_dn }}" + bindmethod=simple + credentials="{{ admin_password }}" + searchbase="{{ db_suffix }}" + type=refreshAndPersist + retry="{{ repl_retry }}" + tls_reqcert=never + timeout={{ repl_timeout }} +olcSyncRepl: rid={{ rid_two }}{{ db_id_token }} + provider={{ uri_two }} + binddn="{{ bind_dn }}" + bindmethod=simple + credentials="{{ admin_password }}" + searchbase="{{ db_suffix }}" + type=refreshAndPersist + retry="{{ repl_retry }}" + tls_reqcert=never + timeout={{ repl_timeout }} +- +add: olcMirrorMode +olcMirrorMode: TRUE + +# vim: filetype=ldif diff --git a/roles/rsyslog/handlers/main.yaml b/roles/rsyslog/handlers/main.yaml new file mode 100644 index 0000000..540ce29 --- /dev/null +++ b/roles/rsyslog/handlers/main.yaml @@ -0,0 +1,7 @@ +--- + +- name: "Restart rsyslog instance" + service: + name: "{{ rsyslog_service }}" + state: restarted + diff --git a/roles/rsyslog/tasks/main.yaml b/roles/rsyslog/tasks/main.yaml new file mode 100644 index 0000000..8f0aa54 --- /dev/null +++ b/roles/rsyslog/tasks/main.yaml @@ -0,0 +1,38 @@ +--- + +- name: "Ensuring logging directory {{ log_dir }} ..." + file: + path: "{{ log_dir }}" + state: directory + mode: '0755' + owner: root + group: root + +- name: "Ensuring rsyslog config subdirectory {{ rsyslog_dir }} ..." + file: + path: "{{ rsyslog_dir }}" + state: directory + mode: '0755' + owner: root + group: root + +- name: "Ensuring rsyslog configuration file {{ rsyslog_config }} ..." + template: + src: "templates/rsyslog.conf.j2" + dest: "{{ rsyslog_config }}" + owner: root + group: root + mode: 0644 + notify: "Restart rsyslog instance" + +- name: Flush handlers + meta: flush_handlers + +- name: "Ensuring logrotation config file {{ logrotate_conf }} ..." + template: + src: "templates/logrotate.conf.j2" + dest: "{{ logrotate_conf }}" + owner: root + group: root + mode: 0644 + diff --git a/roles/rsyslog/templates/logrotate.conf.j2 b/roles/rsyslog/templates/logrotate.conf.j2 new file mode 100644 index 0000000..c1454f5 --- /dev/null +++ b/roles/rsyslog/templates/logrotate.conf.j2 @@ -0,0 +1,16 @@ + +{{ log_dir }}/*.log: { + create 0644 root root + dateext + dateformat -%Y-%m-%d + minsize 10M + missingok + daily + rotate 10 + sharedscripts + postrotate + /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true + endscript +} + +# vim: filetype=conf ts=4 et diff --git a/roles/rsyslog/templates/rsyslog.conf.j2 b/roles/rsyslog/templates/rsyslog.conf.j2 new file mode 100644 index 0000000..8616f94 --- /dev/null +++ b/roles/rsyslog/templates/rsyslog.conf.j2 @@ -0,0 +1,4 @@ +# Logging for slapd (OpenLDAP-Server) + +local4.* {{ log_file }} + -- 2.39.5