From 5cb3248d0b39250cc06cdd84f91da4d692df2f4d Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Mon, 11 Nov 2024 18:07:11 +0100
Subject: [PATCH] Extending playbooks/disable-ldap-server.yaml

---
 inventory/dpx-ldap-dev1.yaml       |  3 ++
 inventory/spk-ldap-stage.yaml      |  2 +
 playbooks/disable-ldap-server.yaml | 79 ++++++++++++++++++++++++++++++
 3 files changed, 84 insertions(+)

diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml
index b754a5b..4c8a95e 100644
--- a/inventory/dpx-ldap-dev1.yaml
+++ b/inventory/dpx-ldap-dev1.yaml
@@ -5,10 +5,13 @@ all:
       hosts:
         dev-ds01.pixelpark.com:
           replica_id: 1
+          slapd_instance: dev-ds01
         dev-ds02.pixelpark.com:
           replica_id: 2
+          slapd_instance: dev-ds02
         dev-ds03.pixelpark.com:
           replica_id: 3
+          slapd_instance: dev-ds03
     haproxy_servers:
       hosts:
         dev-ds-hap01.pixelpark.com: {}
diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml
index 4d1d35d..affc831 100644
--- a/inventory/spk-ldap-stage.yaml
+++ b/inventory/spk-ldap-stage.yaml
@@ -5,8 +5,10 @@ all:
       hosts:
         stage-ds01-spk.spk.pixelpark.net:
           replica_id: 1
+          slapd_instance: stage-ds01-spk
         stage-ds02-spk.spk.pixelpark.net:
           replica_id: 2
+          slapd_instance: stage-ds02-spk
     haproxy_servers:
       hosts:
         live-ldap-hap01.spk.pixelpark.net: {}
diff --git a/playbooks/disable-ldap-server.yaml b/playbooks/disable-ldap-server.yaml
index cdc5433..ebbbe51 100644
--- a/playbooks/disable-ldap-server.yaml
+++ b/playbooks/disable-ldap-server.yaml
@@ -41,4 +41,83 @@
         wait_interval: 2
         wait_retries: 60
 
+- name: "Disabling Replication to '{{ ldapserver_to_disable }}'."
+  hosts: ldap_servers
+
+  tasks:
+
+    - name: Get timestamp from the system
+      ansible.builtin.shell: date +%Y-%m-%d_%H-%M-%S
+      register: tstamp
+      check_mode: false
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Show current timestamp"
+      debug:
+        var: tstamp
+        verbosity: 3
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Set date variables"
+      set_fact:
+        cur_date: "{{ tstamp.stdout[0:10] | default('2024-11-11') }}"
+        cur_time: "{{ tstamp.stdout[11:] | default('16-33-23') }}"
+        cur_timestamp: "{{ tstamp.stdout[0:10] }}_{{ tstamp.stdout[11:] | default('2024-11-11_16-33-23') }}"
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Show current date"
+      debug:
+        msg: "Current timestamp: '{{ cur_timestamp }}'."
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Disabling Puppet agent on '{{ ldapserver_to_disable }}'."
+      ansible.builtin.shell: |
+        puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'."
+      args:
+        creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Disabling Puppet service on '{{ ldapserver_to_disable }}'."
+      ansible.builtin.service:
+        enabled: false
+        name: puppet
+        state: stopped
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Disabling Wazuh service on '{{ ldapserver_to_disable }}'."
+      ansible.builtin.service:
+        enabled: false
+        name: wazuh-agent
+        state: stopped
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Retrieve all backends from '{{ ldapserver_to_disable }}'."
+      ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
+      register: backend_suffix_list
+      check_mode: false
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Show current backend_suffix_list"
+      debug:
+        var: backend_suffix_list
+        verbosity: 2
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Set backend variable"
+      set_fact:
+        suffix_names: "{{ backend_suffix_list.stdout_lines | map('regex_replace', '\\s+\\(.+\\)\\s*$', '') | list }}"
+        backend_names: "{{ backend_suffix_list.stdout_lines | map('regex_replace', '^.*\\((.+)\\)\\s*$', '\\1') | list }}"
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Set suffixes dict"
+      set_fact:
+        suffixes: "{{ dict( suffix_names | zip(backend_names) ) }}"
+      when: ldapserver_to_disable == ansible_nodename
+
+    - name: "Show current suffixes"
+      debug:
+        var: suffixes
+        verbosity: 0
+      when: ldapserver_to_disable == ansible_nodename
+
 # vim: filetype=yaml
-- 
2.39.5