From 1f4da207112ac70478fe1403ed901429341e7a46 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Mon, 9 Dec 2024 15:26:31 +0100
Subject: [PATCH] Retrieving the admin password of the LDAP server

---
 inventory/dpx-ldap-dev1.yaml              |  4 ++++
 inventory/spk-ldap-stage.yaml             |  3 +++
 roles/389ds-check-initial/tasks/main.yaml | 16 ++++++++++++++++
 3 files changed, 23 insertions(+)

diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml
index 25e901b..7f660e2 100644
--- a/inventory/dpx-ldap-dev1.yaml
+++ b/inventory/dpx-ldap-dev1.yaml
@@ -6,12 +6,15 @@ all:
         dev-ds01.pixelpark.com:
           replica_id: 1
           slapd_instance: dev-ds01
+          ldap_uri: 'ldaps://dev-ds01.pixelpark.com'
         dev-ds02.pixelpark.com:
           replica_id: 2
           slapd_instance: dev-ds02
+          ldap_uri: 'ldaps://dev-ds02.pixelpark.com'
         dev-ds03.pixelpark.com:
           replica_id: 3
           slapd_instance: dev-ds03
+          ldap_uri: 'ldaps://dev-ds03.pixelpark.com'
     haproxy_servers:
       hosts:
         dev-ds-hap01.pixelpark.com: {}
@@ -25,6 +28,7 @@ all:
     replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt'
     replication_manager_idle_timeout: 0
     haproxy_backend_name: 'be-ldap-dev1'
+    ldaps_validate_certs: false
     # ds389_plugin_attr_uniq_purge: false
     ds389_plugin_attr_uniq_attributes:
       'uid':
diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml
index f536d71..cbe8ee6 100644
--- a/inventory/spk-ldap-stage.yaml
+++ b/inventory/spk-ldap-stage.yaml
@@ -6,9 +6,11 @@ all:
         stage-ds01-spk.spk.pixelpark.net:
           replica_id: 1
           slapd_instance: stage-ds01-spk
+          ldap_uri: 'ldaps://stage-ds01-spk.spk.pixelpark.net'
         stage-ds02-spk.spk.pixelpark.net:
           replica_id: 2
           slapd_instance: stage-ds02-spk
+          ldap_uri: 'ldaps://stage-ds02-spk.spk.pixelpark.net'
     haproxy_servers:
       hosts:
         live-ldap-hap01.spk.pixelpark.net: {}
@@ -22,6 +24,7 @@ all:
     replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt'
     replication_manager_idle_timeout: 0
     haproxy_backend_name: 'be-stage-ldap'
+    ldaps_validate_certs: false
     ds389_plugin_attr_uniq_config: false
     # ds389_plugin_attr_uniq_purge: false
     ds389_plugin_attr_uniq_attributes:
diff --git a/roles/389ds-check-initial/tasks/main.yaml b/roles/389ds-check-initial/tasks/main.yaml
index ea6ed15..d1fc740 100644
--- a/roles/389ds-check-initial/tasks/main.yaml
+++ b/roles/389ds-check-initial/tasks/main.yaml
@@ -61,5 +61,21 @@
     msg: "The Directory Server instances '{{ slapd_instance }}' was not found on '{{ inventory_hostname }}'."
   when: slapd_instance not in instances_389ds
 
+- name: 'Get the admin password from the password file.'
+  ansible.builtin.shell: "cat {{ dirsrv_root_passwd_file | quote }}"
+  register: get_dirsrv_root_passwd
+  check_mode: false
+  changed_when: false
+  no_log: true
+
+- name: 'Get the admin password.'
+  ansible.builtin.set_fact:
+    dirsrv_root_passwd: "{{ get_dirsrv_root_passwd.stdout }}"
+  no_log: true
+
+- name: 'Got no admin password'
+  ansible.builtin.fail:
+    msg: "Did not found a password in file {{ dirsrv_root_passwd_file || quote }}."
+  when: dirsrv_root_passwd == ''
 
 # vim: filetype=yaml
-- 
2.39.5