From b74cee50c01459b8a1b4452c96f9b6e08f551b6e Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Tue, 3 Dec 2024 10:17:58 +0100 Subject: [PATCH] Adding and using role 389ds-restart --- playbooks/configure-ldap-servers.yaml | 4 ++++ playbooks/disable-ldap-server.yaml | 12 ++++++------ .../tasks/config-facility.yaml | 4 ++-- roles/389ds-config-plugins/tasks/memberof.yaml | 5 +++-- .../tasks/del-repl-agmt.yaml | 6 +++--- roles/389ds-del-repl-agmt/tasks/main.yaml | 4 ++-- .../389ds-disable-replication/tasks/main.yaml | 10 +++++----- .../tasks/main.yaml | 10 +++++----- roles/389ds-restart/tasks/main.yaml | 18 ++++++++++++++++++ roles/389ds-restart/vars/main.yaml | 5 +++++ .../389ds-set-backend-readonly/tasks/main.yaml | 12 +++++------- 11 files changed, 58 insertions(+), 32 deletions(-) create mode 100644 roles/389ds-restart/tasks/main.yaml create mode 100644 roles/389ds-restart/vars/main.yaml diff --git a/playbooks/configure-ldap-servers.yaml b/playbooks/configure-ldap-servers.yaml index 25a179c..4db4f40 100644 --- a/playbooks/configure-ldap-servers.yaml +++ b/playbooks/configure-ldap-servers.yaml @@ -35,4 +35,8 @@ include_role: name: 389ds-config-plugins + - name: "Restarting the 389ds LDAP server." + include_role: + name: 389ds-restart + # vim: filetype=yaml diff --git a/playbooks/disable-ldap-server.yaml b/playbooks/disable-ldap-server.yaml index b89d028..fd6140f 100644 --- a/playbooks/disable-ldap-server.yaml +++ b/playbooks/disable-ldap-server.yaml @@ -32,7 +32,7 @@ - name: "Fail for non LDAP server." ansible.builtin.fail: - msg: "The given host '{{ ldapserver_to_disable }}' is not a valid LDAP server." + msg: "The given host {{ ldapserver_to_disable | quote }} is not a valid LDAP server." when: found_ldapserver == false - name: "Disable the given host as a HAProxy backend server." @@ -114,29 +114,29 @@ var: target_replica_id verbosity: 0 - - name: "Disabling Puppet agent on '{{ ldapserver_to_disable }}'." + - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}." ansible.builtin.shell: | puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'." args: creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' when: ldapserver_to_disable == inventory_hostname - - name: "Disabling Puppet service on '{{ ldapserver_to_disable }}'." + - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}." ansible.builtin.service: enabled: false name: puppet state: stopped when: ldapserver_to_disable == inventory_hostname - - name: "Disabling Wazuh service on '{{ ldapserver_to_disable }}'." + - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}." ansible.builtin.service: enabled: false name: wazuh-agent state: stopped when: ldapserver_to_disable == inventory_hostname - - name: "Retrieve all backends from '{{ ldapserver_to_disable }}'." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list" + - name: "Retrieve all backends from {{ ldapserver_to_disable | quote }}." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list" register: backend_suffix_list changed_when: false check_mode: false diff --git a/roles/389ds-config-logging/tasks/config-facility.yaml b/roles/389ds-config-logging/tasks/config-facility.yaml index e0ec9be..e44feb3 100644 --- a/roles/389ds-config-logging/tasks/config-facility.yaml +++ b/roles/389ds-config-logging/tasks/config-facility.yaml @@ -1,7 +1,7 @@ --- - name: "Get current configuration of config for log facility '{{ log_facility.key }}'." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} config get | grep -P -i 'nsslapd-{{ log_facility.key }}log' || true" register: config_get changed_when: false check_mode: false @@ -36,7 +36,7 @@ verbosity: 1 - name: "Setting new value for {{ log_facility.key }} log to '{{ exp_logfile }}' ..." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' config replace {{ config_logfile_key }}={{ exp_logfile }}" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} config replace {{ config_logfile_key }}={{ exp_logfile }}" when: log_config[dict_logfile_key] != exp_logfile diff --git a/roles/389ds-config-plugins/tasks/memberof.yaml b/roles/389ds-config-plugins/tasks/memberof.yaml index a8e1112..457d599 100644 --- a/roles/389ds-config-plugins/tasks/memberof.yaml +++ b/roles/389ds-config-plugins/tasks/memberof.yaml @@ -57,9 +57,10 @@ when: exec_set == true block: - - name: "Init var plugin_memberof_cmd." + - name: "Init + set var plugin_memberof_cmd + restart_389ds." set_fact: plugin_memberof_cmd: "dsconf {{ slapd_instance | quote }} plugin memberof set" + restart_389ds: true - name: "Add attr to plugin_memberof_cmd." set_fact: @@ -82,7 +83,7 @@ block: - name: "Retrieve all backends" - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list" register: get_backend_suffixes changed_when: false check_mode: false diff --git a/roles/389ds-del-repl-agmt/tasks/del-repl-agmt.yaml b/roles/389ds-del-repl-agmt/tasks/del-repl-agmt.yaml index 1b353af..a75fb76 100644 --- a/roles/389ds-del-repl-agmt/tasks/del-repl-agmt.yaml +++ b/roles/389ds-del-repl-agmt/tasks/del-repl-agmt.yaml @@ -4,13 +4,13 @@ set_fact: agreement_name: "{{ slapd_instance }} to {{ target }} agreement" -- name: "Show replication agreement name for suffix '{{ suffix }}'." +- name: "Show replication agreement name for suffix {{ suffix | quote }}." debug: var: agreement_name verbosity: 0 -- name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'" +- name: "Removing replication agreement '{{ agreement_name }}' for suffix {{ suffix | quote }}." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-agmt delete --suffix {{ suffix | quote }} '{{ agreement_name }}'" ignore_errors: true diff --git a/roles/389ds-del-repl-agmt/tasks/main.yaml b/roles/389ds-del-repl-agmt/tasks/main.yaml index 942b531..4a55842 100644 --- a/roles/389ds-del-repl-agmt/tasks/main.yaml +++ b/roles/389ds-del-repl-agmt/tasks/main.yaml @@ -5,11 +5,11 @@ var: direction verbosity: 0 -- name: "Removing replication agreements to '{{ target }}' on suffix '{{ suffix }}'." +- name: "Removing replication agreements to '{{ target }}' on suffix {{ suffix | quote }}." when: direction == 'from-disabled' and target != inventory_hostname include_tasks: 'del-repl-agmt.yaml' -- name: "Removing replication agreement to '{{ target }}' on suffix '{{ suffix }}'." +- name: "Removing replication agreement to '{{ target }}' on suffix {{ suffix | quote }}." when: direction == 'to-disabled' and target == ldapserver_to_disable include_tasks: 'del-repl-agmt.yaml' diff --git a/roles/389ds-disable-replication/tasks/main.yaml b/roles/389ds-disable-replication/tasks/main.yaml index f6bf7e6..94ef5b6 100644 --- a/roles/389ds-disable-replication/tasks/main.yaml +++ b/roles/389ds-disable-replication/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: "Get a list of all replicated Suffixes." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' replication list" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} replication list" check_mode: false changed_when: false register: list_of_replicated_suffixes @@ -16,7 +16,7 @@ set_fact: suffix_is_replicated: false -- name: "Searching for suffix '{{ suffix }}' in the list of replicated suffixes." +- name: "Searching for suffix {{ suffix | quote }} in the list of replicated suffixes." set_fact: suffix_is_replicated: true when: ( this_line | regex_replace('^\\s*') | regex_replace('\\s*$') ) == suffix @@ -29,13 +29,13 @@ set_fact: list_of_replicated_suffixes: ~ -- name: "The suffix '{{ suffix }}' is replicated:" +- name: "The suffix {{ suffix | quote }} is replicated:" debug: var: suffix_is_replicated verbosity: 0 -- name: "Finally remove replication from suffix '{{ suffix }}'." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' disable --suffix '{{ suffix }}'" +- name: "Finally remove replication from suffix {{ suffix | quote }}." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} disable --suffix {{ suffix | quote }}" when: suffix_is_replicated == true # vim: filetype=yaml diff --git a/roles/389ds-repl-tasks-cleanallruv/tasks/main.yaml b/roles/389ds-repl-tasks-cleanallruv/tasks/main.yaml index 3193ec4..dfb1121 100644 --- a/roles/389ds-repl-tasks-cleanallruv/tasks/main.yaml +++ b/roles/389ds-repl-tasks-cleanallruv/tasks/main.yaml @@ -1,17 +1,17 @@ --- -- name: "Clean all RUVs for Replication ID {{ target_replica_id }} on suffix '{{ suffix }}' ..." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-tasks cleanallruv --suffix '{{ suffix }}' --replica-id={{ target_replica_id }}" +- name: "Clean all RUVs for Replication ID {{ target_replica_id }} on suffix {{ suffix | quote }} ..." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-tasks cleanallruv --suffix {{ suffix | quote }} --replica-id={{ target_replica_id }}" ignore_errors: true -- name: "Get the result of cleaning RUVs on suffix '{{ suffix }}' ..." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-tasks list-cleanruv-tasks --suffix '{{ suffix }}'" +- name: "Get the result of cleaning RUVs on suffix {{ suffix | quote }} ..." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} repl-tasks list-cleanruv-tasks --suffix {{ suffix | quote }}" register: list_cleanruv_tasks_results ignore_errors: true check_mode: false changed_when: false -- name: "Show current list_cleanruv_tasks_results for suffix '{{ suffix }}'." +- name: "Show current list_cleanruv_tasks_results for suffix {{ suffix | quote }}." debug: msg: "{{ list_cleanruv_tasks_results.stdout }}" verbosity: 0 diff --git a/roles/389ds-restart/tasks/main.yaml b/roles/389ds-restart/tasks/main.yaml new file mode 100644 index 0000000..07b717b --- /dev/null +++ b/roles/389ds-restart/tasks/main.yaml @@ -0,0 +1,18 @@ +--- + +- name: "Should the 389ds LDAP server be restarted." + when: ( restart_389ds | bool ) == true + block: + + - name: "The 389ds LDAP server must be restarted?" + debug: + msg: "Restarting instance {{ slapd_instance | quote }}: {{ restart_389ds }}" + verbosity: 0 + + - name: "Restarting the LDAP server instance." + ansible.builtin.service: + name: "dirsrv@{{ slapd_instance }}.service" + state: restarted + + +# vim: filetype=yaml diff --git a/roles/389ds-restart/vars/main.yaml b/roles/389ds-restart/vars/main.yaml new file mode 100644 index 0000000..201408b --- /dev/null +++ b/roles/389ds-restart/vars/main.yaml @@ -0,0 +1,5 @@ +--- + +restart_389ds: false + +# vim: filetype=yaml diff --git a/roles/389ds-set-backend-readonly/tasks/main.yaml b/roles/389ds-set-backend-readonly/tasks/main.yaml index e6042df..58f32e7 100644 --- a/roles/389ds-set-backend-readonly/tasks/main.yaml +++ b/roles/389ds-set-backend-readonly/tasks/main.yaml @@ -1,7 +1,7 @@ --- - name: "Get current Readonly status of Backend '{{ backend.value }}' ..." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix get '{{ backend.value }}' | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'" + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix get {{ backend.value | quote }} | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'" check_mode: false changed_when: false register: backend_get_ro_status @@ -12,20 +12,18 @@ verbosity: 2 - name: "Set fact backend_ro." - no_log: true set_fact: backend_ro: "{{ backend_get_ro_status.stdout is falsy }}" -- name: "The backend '{{ backend.key }}' ({{ backend.value }}) readonly status:" +- name: "The backend {{ backend.key | quote }} ({{ backend.value }}) readonly status:" debug: var: backend_ro -- name: "Setting backend '{{ backend.value }}' to readonly." - ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix set --enable-readonly '{{ backend.value }}'" - when: backend_ro == false +- name: "Setting backend {{ backend.value | quote }} to readonly." + ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix set --enable-readonly {{ backend.value | quote }}" + when: ( backend_ro | bool ) == false - name: "Set fact backend_get_ro_status." - no_log: true set_fact: backend_get_ro_status: ~ -- 2.39.5