From 27adb1fc5e048838656f2ec5778499fe2a4f4116 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Thu, 12 Dec 2024 14:48:10 +0100
Subject: [PATCH] Srializing the restart of the LDAP servers.

---
 playbooks/configure-ldap-servers.yaml                | 7 +++++++
 roles/389ds-config-plugins/tasks/account-policy.yaml | 2 +-
 roles/389ds-restart/defaults/main.yaml               | 1 +
 roles/389ds-restart/tasks/main.yaml                  | 5 +++++
 4 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/playbooks/configure-ldap-servers.yaml b/playbooks/configure-ldap-servers.yaml
index 3873630..4b88139 100644
--- a/playbooks/configure-ldap-servers.yaml
+++ b/playbooks/configure-ldap-servers.yaml
@@ -19,6 +19,13 @@
       include_role:
         name: 389ds-config-plugins
 
+- name: "Restart of the 389ds LDAP servers."
+  hosts: ldap_servers
+  gather_facts: false
+  serial: 1
+
+  tasks:
+
     - name: "Restarting the 389ds LDAP server."
       include_role:
         name: 389ds-restart
diff --git a/roles/389ds-config-plugins/tasks/account-policy.yaml b/roles/389ds-config-plugins/tasks/account-policy.yaml
index 4546546..abb0201 100644
--- a/roles/389ds-config-plugins/tasks/account-policy.yaml
+++ b/roles/389ds-config-plugins/tasks/account-policy.yaml
@@ -80,7 +80,7 @@
 - name: 'Check for always-record-login-attr'
   set_fact:
     exec_set: true
-  when: "ds389_plugin_account_policy_always_record_login_attr is not empty ('alwaysrecordloginattr' not in acc_plugin_cfg or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
+  when: "ds389_plugin_account_policy_always_record_login_attr is not empty and ('alwaysrecordloginattr' not in acc_plugin_cfg or (acc_plugin_cfg['alwaysrecordloginattr'] != ds389_plugin_account_policy_always_record_login_attr))"
 
 - name: 'Check limit-attr for vanishing'
   set_fact:
diff --git a/roles/389ds-restart/defaults/main.yaml b/roles/389ds-restart/defaults/main.yaml
index 201408b..a072bd5 100644
--- a/roles/389ds-restart/defaults/main.yaml
+++ b/roles/389ds-restart/defaults/main.yaml
@@ -1,5 +1,6 @@
 ---
 
 restart_389ds: false
+pause_after_restart_389ds: 10
 
 # vim: filetype=yaml
diff --git a/roles/389ds-restart/tasks/main.yaml b/roles/389ds-restart/tasks/main.yaml
index 07b717b..b54017e 100644
--- a/roles/389ds-restart/tasks/main.yaml
+++ b/roles/389ds-restart/tasks/main.yaml
@@ -14,5 +14,10 @@
         name: "dirsrv@{{ slapd_instance }}.service"
         state: restarted
 
+    - name: "Pause for {{ pause_after_restart_389ds }} seconds after restarting the 389ds LDAP server."
+      ansible.builtin.pause:
+        seconds: "{{ pause_after_restart_389ds }}"
+        prompt: "Waiting for Godot ..."
+
 
 # vim: filetype=yaml
-- 
2.39.5