From d0c58b62057c9606f601b6c3299fe7507c85b4ac Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Fri, 8 Nov 2024 17:42:40 +0100 Subject: [PATCH] Adding inventory files and Ansible playbook for taking a LDAP server off from replication. --- disable-ldap-server.yaml | 49 +++++++++++++++++++++++++++++++++++ inventory/dpx-ldap-dev1.yaml | 27 +++++++++++++++++++ inventory/spk-ldap-stage.yaml | 23 ++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 disable-ldap-server.yaml create mode 100644 inventory/dpx-ldap-dev1.yaml create mode 100644 inventory/spk-ldap-stage.yaml diff --git a/disable-ldap-server.yaml b/disable-ldap-server.yaml new file mode 100644 index 0000000..8ad04e9 --- /dev/null +++ b/disable-ldap-server.yaml @@ -0,0 +1,49 @@ +--- +- name: "Validate the LDAP server to take off replication" + hosts: 127.0.0.1 + # vars_prompt: + + # - name: ldapserver_to_disable + # prompt: 'On which LDAP server do you want to disable replication?' + # private: false + + tasks: + + - name: Print a message + ansible.builtin.debug: + msg: "Replication should be disabled on the server '{{ ldapserver_to_disable }}'." + + - name: Setting status variable + ansible.builtin.set_fact: + found_ldapserver: false + + - name: "Searching for LDAP server '{{ ldapserver_to_disable }}' ..." + ansible.builtin.set_fact: + found_ldapserver: true + when: "item == ldapserver_to_disable" + ignore_errors: true + with_inventory_hostnames: + - ldap_servers + + - name: "Fail for non LDAP server." + ansible.builtin.fail: + msg: "The given host '{{ ldapserver_to_disable }}' is not a valid LDAP server." + when: found_ldapserver == false + +- name: "Disable host '{{ ldapserver_to_disable }}' as a HAProxy backend server." + hosts: haproxy_servers + + tasks: + + - name: "Setting backend server {{ haproxy_backend_name }}/{{ ldapserver_to_disable }} into maintenance." + community.general.haproxy: + state: disabled + host: "{{ ldapserver_to_disable }}" + socket: "{{ haproxy_admin_socket }}" + backend: "{{ haproxy_backend_name }}" + wait: true + drain: true + wait_interval: 2 + wait_retries: 60 + +# vim: filetype=yaml diff --git a/inventory/dpx-ldap-dev1.yaml b/inventory/dpx-ldap-dev1.yaml new file mode 100644 index 0000000..b754a5b --- /dev/null +++ b/inventory/dpx-ldap-dev1.yaml @@ -0,0 +1,27 @@ +--- +all: + children: + ldap_servers: + hosts: + dev-ds01.pixelpark.com: + replica_id: 1 + dev-ds02.pixelpark.com: + replica_id: 2 + dev-ds03.pixelpark.com: + replica_id: 3 + haproxy_servers: + hosts: + dev-ds-hap01.pixelpark.com: {} + dev-ds-hap02.pixelpark.com: {} + vars: + ansible_user: root + suffix: 'o=isp' + dirsrv_root_dn: 'cn=admin' + dirsrv_root_passwd_file: '/root/.private/dirsrv-mngr-pwd-wonl.txt' + replication_manager_dn: 'cn=Replication Manager,cn=config' + replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt' + replication_manager_idle_timeout: 0 + haproxy_backend_name: 'be-ldap-dev1' + haproxy_user_socket: '/run/haproxy/user.sock' + haproxy_admin_socket: '/run/haproxy/admin.sock' + diff --git a/inventory/spk-ldap-stage.yaml b/inventory/spk-ldap-stage.yaml new file mode 100644 index 0000000..b6c5796 --- /dev/null +++ b/inventory/spk-ldap-stage.yaml @@ -0,0 +1,23 @@ +--- +all: + children: + ldap_servers: + hosts: + stage-ds01-spk.spk.pixelpark.net: + replica_id: 1 + stage-ds02-spk.spk.pixelpark.net: + replica_id: 2 + haproxy_servers: + hosts: + live-ldap-hap01.spk.pixelpark.net: {} + live-ldap-hap02.spk.pixelpark.net: {} + vars: + ansible_user: root + suffix: 'dc=spk,dc=pixelpark,dc=net' + dirsrv_root_dn: 'cn=admin' + dirsrv_root_passwd_file: '/root/.private/dirsrv-mngr-pwd-wonl.txt' + replication_manager_dn: 'cn=Replication Manager,cn=config' + replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt' + replication_manager_idle_timeout: 0 + haproxy_backend_name: 'be-stage-ldap' + -- 2.39.5