From 4e313c27f23e45cd1b43a694d98130a52e9d5207 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 3 Dec 2024 11:40:59 +0100 Subject: [PATCH] Adding tasks for configuring the referential-integrity plugin in role 389ds-config-plugins --- roles/389ds-config-plugins/tasks/main.yaml | 4 + .../389ds-config-plugins/tasks/memberof.yaml | 23 +++- .../389ds-config-plugins/tasks/referint.yaml | 114 ++++++++++++++++++ roles/389ds-config-plugins/vars/main.yaml | 17 +++ 4 files changed, 155 insertions(+), 3 deletions(-) create mode 100644 roles/389ds-config-plugins/tasks/referint.yaml diff --git a/roles/389ds-config-plugins/tasks/main.yaml b/roles/389ds-config-plugins/tasks/main.yaml index c1acbef..19d9fc5 100644 --- a/roles/389ds-config-plugins/tasks/main.yaml +++ b/roles/389ds-config-plugins/tasks/main.yaml @@ -4,4 +4,8 @@ include_tasks: 'memberof.yaml' when: (ds389_plugin_memberof_config | bool) == true +- name: "Configuring the 389ds referential-integrity-Plugin." + include_tasks: 'referint.yaml' + when: (ds389_plugin_referint_config | bool) == true + # vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/memberof.yaml b/roles/389ds-config-plugins/tasks/memberof.yaml index 457d599..b609eb2 100644 --- a/roles/389ds-config-plugins/tasks/memberof.yaml +++ b/roles/389ds-config-plugins/tasks/memberof.yaml @@ -1,7 +1,10 @@ --- - name: 'Get the current configuration of the memberOf-Plugin.' - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof show | grep -P -i '^(memberof|nsslapd-pluginEnabled)' | sed -e 's/^memberof//i' -e 's/nsslapd-plugin//i' | tr '[:upper:]' '[:lower:]' | sort || true" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof show | \ + grep -P -i '^(memberof|nsslapd-pluginEnabled)' | \ + sed -e 's/^memberof//i' -e 's/nsslapd-plugin//i' | tr '[:upper:]' '[:lower:]' | \ + sort || true" register: plugin_memberof changed_when: false check_mode: false @@ -114,11 +117,25 @@ ansible.builtin.shell: "{{ plugin_memberof_cmd }}" - name: "Enabling memberof plugin." - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof enable" when: "plugin_memberof_config['enabled'] == false and ds389_plugin_memberof_enabled == true" + block: + + - name: "Enabling memberof plugin." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof enable" + + - name: "Setting restart_389ds." + set_fact: + restart_389ds: true - name: "Disabling memberof plugin." - ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof disable" when: "plugin_memberof_config['enabled'] == true and ds389_plugin_memberof_enabled == false" + block: + + - name: "Disabling memberof plugin." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin memberof disable" + + - name: "Setting restart_389ds." + set_fact: + restart_389ds: true # vim: filetype=yaml diff --git a/roles/389ds-config-plugins/tasks/referint.yaml b/roles/389ds-config-plugins/tasks/referint.yaml new file mode 100644 index 0000000..f91dafa --- /dev/null +++ b/roles/389ds-config-plugins/tasks/referint.yaml @@ -0,0 +1,114 @@ +--- + +- name: 'Get the current configuration of the referential-integrity-Plugin.' + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin referential-integrity show | \ + grep -P -i '^(referint|nsslapd-pluginEnabled)' | \ + sed -e 's/^referint-//i' -e 's/nsslapd-plugin//i' | tr '[:upper:]' '[:lower:]' | \ + sort || true" + register: plugin_referint + changed_when: false + check_mode: false + +- name: 'Show raw referential-integrity attribute config.' + debug: + var: plugin_referint + verbosity: 3 + +- name: "Set variable plugin_referint_config" + set_fact: + plugin_referint_config: "{{ plugin_referint.stdout_lines | cfg_389ds_to_dict }}" + +- name: "Show config hash:" + debug: + var: plugin_referint_config + verbosity: 0 + +- name: 'Predefine variable exec_set to false' + set_fact: + exec_set: false + +- name: 'Check for membership-attr not set.' + set_fact: + exec_set: true + when: '"membership-attr" not in plugin_referint_config' + +- name: 'Check for membership-attr.' + set_fact: + exec_set: true + when: '"groupattr" in plugin_referint_config and (plugin_referint_config["membership-attr"] | compare_lc_list(ds389_plugin_referint_membership_attributes) != true)' + +- name: 'Check for update-delay.' + set_fact: + exec_set: true + when: '"update-delay" not in plugin_referint_config or plugin_referint_config["update-delay"] != ds389_plugin_referint_update_delay' + +- name: 'Set expected logfile.' + set_fact: + referint_expected_logfile: "{{ base_logdir }}/slapd-{{ slapd_instance }}/{{ ds389_plugin_referint_logfile }}" + +- name: "Show referential-integrity-Plugin logfile stuff" + debug: + msg: "Current logfile: '{{ plugin_referint_config['logfile'] }}', expected: '{{ referint_expected_logfile }}'." + verbosity: 0 + +- name: 'Check for logfilelogfile.' + set_fact: + exec_set: true + when: plugin_referint_config['logfile'] != referint_expected_logfile + +- name: "Has the referential-integrity-Plugin to be configured:" + debug: + var: exec_set + +- name: "Configure the referential-integrity plugin, if necessary." + when: exec_set == true + block: + + - name: "Init + set var plugin_referint_cmd + restart_389ds." + set_fact: + plugin_referint_cmd: "dsconf {{ slapd_instance | quote }} plugin referential-integrity set" + restart_389ds: true + + - name: "Add membership-attr to plugin_referint_cmd" + set_fact: + plugin_referint_cmd: "{{ plugin_referint_cmd }} --membership-attr {{ ds389_plugin_referint_membership_attributes | map('quote') | join(' ') }}" + + - name: "Add logfile to plugin_referint_cmd" + set_fact: + plugin_referint_cmd: "{{ plugin_referint_cmd }} --log-file {{ referint_expected_logfile | quote }}" + + - name: "Add update-delay to plugin_referint_cmd" + set_fact: + plugin_referint_cmd: "{{ plugin_referint_cmd }} --update-delay {{ ds389_plugin_referint_update_delay }}" + + - name: "Show the command to execute:" + debug: + var: plugin_referint_cmd + verbosity: 0 + + - name: "Finally configure the referential-integrity plugin." + ansible.builtin.shell: "{{ plugin_referint_cmd }}" + +- name: "Enabling referential-integrity plugin." + when: "plugin_referint_config['enabled'] == false and ds389_plugin_referint_enabled == true" + block: + + - name: "Enabling referential-integrity plugin." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin referential-integrity enable" + + - name: "Setting restart_389ds." + set_fact: + restart_389ds: true + +- name: "Disabling referential-integrity plugin." + when: "plugin_referint_config['enabled'] == true and ds389_plugin_referint_enabled == false" + block: + + - name: "Disabling referential-integrity plugin." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin referential-integrity disable" + + - name: "Setting restart_389ds." + set_fact: + restart_389ds: true + +# vim: filetype=yaml diff --git a/roles/389ds-config-plugins/vars/main.yaml b/roles/389ds-config-plugins/vars/main.yaml index cfde282..780110c 100644 --- a/roles/389ds-config-plugins/vars/main.yaml +++ b/roles/389ds-config-plugins/vars/main.yaml @@ -1,5 +1,8 @@ --- +############################### +# Plugin memberOf + ds389_plugin_memberof_config: true ds389_plugin_memberof_enabled: true ds389_plugin_memberof_attr: 'memberOf' @@ -14,5 +17,19 @@ ds389_plugin_memberof_scopes: [] ds389_plugin_memberof_escapes: [] ds389_plugin_memberof_auto_add_oc: ~ +############################### +# Plugin referential-integrity + +ds389_plugin_referint_config: true +ds389_plugin_referint_enabled: true +ds389_plugin_referint_membership_attributes: + - 'member' + - 'uniqueMember' + - 'owner' + - 'seeAlso' +ds389_plugin_referint_logfile: 'referint.log' +ds389_plugin_referint_update_delay: 0 + +base_logdir: '/var/log/dirsrv' # vim: filetype=yaml -- 2.39.5