From e37b4002aa971bac78094aef42f084d5f05fda82 Mon Sep 17 00:00:00 2001
From: Frank Brehm <frank.brehm@pixelpark.com>
Date: Tue, 12 Nov 2024 14:05:14 +0100
Subject: [PATCH] Adding includes/del-389ds-backend-repl-agmts.yaml and
 removing replication agreements in playbook
 playbooks/disable-ldap-server.yaml

---
 includes/del-389ds-backend-repl-agmts.yaml | 42 ++++++++++++++++++++++
 includes/set-389ds-backend-readonly.yaml   |  6 +---
 playbooks/disable-ldap-server.yaml         | 17 ++++++---
 3 files changed, 55 insertions(+), 10 deletions(-)
 create mode 100644 includes/del-389ds-backend-repl-agmts.yaml

diff --git a/includes/del-389ds-backend-repl-agmts.yaml b/includes/del-389ds-backend-repl-agmts.yaml
new file mode 100644
index 0000000..7d167f4
--- /dev/null
+++ b/includes/del-389ds-backend-repl-agmts.yaml
@@ -0,0 +1,42 @@
+---
+
+- name: "Removing replication agreements on {{ ansible_nodename }}."
+  when: ldapserver_to_disable != ansible_nodename
+  block:
+
+    - name: "Removing replication agreements to {{ target }}."
+      when: ldapserver_to_disable == target
+      block:
+
+        - name: "Set fact agreement_name."
+          set_fact:
+            agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
+
+        - name: "Show replication agreement name for suffix '{{ suffix }}'."
+          debug:
+            var: agreement_name
+            verbosity: 0
+
+        - name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
+          ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
+          ignore_errors: true
+
+- name: "Removing replication agreements on {{ ldapserver_to_disable }}."
+  when: ldapserver_to_disable == ansible_nodename
+  block:
+
+    - name: "Set fact agreement_name."
+      set_fact:
+        agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
+
+    - name: "Show replication agreement name for suffix '{{ suffix }}'."
+      debug:
+        var: agreement_name
+        verbosity: 0
+
+    - name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
+      ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
+      ignore_errors: true
+
+
+# vim: filetype=yaml
diff --git a/includes/set-389ds-backend-readonly.yaml b/includes/set-389ds-backend-readonly.yaml
index ef4d4ba..8fab773 100644
--- a/includes/set-389ds-backend-readonly.yaml
+++ b/includes/set-389ds-backend-readonly.yaml
@@ -1,13 +1,9 @@
 ---
 
-# - name: "Set fact backend_name."
-#   # no_log: true
-#   set_fact:
-#     backend_name: "{{ lookup('vars', ansible_loop_var) }}.value"
-
 - name: "Get current Readonly status of Backend '{{ backend.value }}' ..."
   ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix get '{{ backend.value }}' | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ 	]*//i'"
   check_mode: false
+  changed_when: false
   register: backend_get_ro_status
 
 - name: "Show current backend_get_ro_status"
diff --git a/playbooks/disable-ldap-server.yaml b/playbooks/disable-ldap-server.yaml
index 3af53ff..62ab319 100644
--- a/playbooks/disable-ldap-server.yaml
+++ b/playbooks/disable-ldap-server.yaml
@@ -50,6 +50,7 @@
       ansible.builtin.shell: date +%Y-%m-%d_%H-%M-%S
       register: tstamp
       check_mode: false
+      changed_when: false
       when: ldapserver_to_disable == ansible_nodename
 
     - name: "Show current timestamp"
@@ -94,33 +95,29 @@
     - name: "Retrieve all backends from '{{ ldapserver_to_disable }}'."
       ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
       register: backend_suffix_list
+      changed_when: false
       check_mode: false
-      when: ldapserver_to_disable == ansible_nodename
 
     - name: "Show current backend_suffix_list"
       debug:
         var: backend_suffix_list
         verbosity: 2
-      when: ldapserver_to_disable == ansible_nodename
 
     - name: "Set backend variable"
       no_log: true
       set_fact:
         suffix_names: "{{ backend_suffix_list.stdout_lines | map('regex_replace', '\\s+\\(.+\\)\\s*$', '') | list }}"
         backend_names: "{{ backend_suffix_list.stdout_lines | map('regex_replace', '^.*\\((.+)\\)\\s*$', '\\1') | list }}"
-      when: ldapserver_to_disable == ansible_nodename
 
     - name: "Set suffixes dict"
       no_log: true
       set_fact:
         suffixes: "{{ dict( suffix_names | zip(backend_names) ) }}"
-      when: ldapserver_to_disable == ansible_nodename
 
     - name: "Show current suffixes"
       debug:
         var: suffixes
         verbosity: 0
-      when: ldapserver_to_disable == ansible_nodename
 
     - name: "Setting all backends to readonly."
       when: ldapserver_to_disable == ansible_nodename
@@ -129,4 +126,14 @@
         loop_var: backend
       include_tasks: '../includes/set-389ds-backend-readonly.yaml'
 
+    - name: "Removing replication agreements"
+      include_tasks: '../includes/del-389ds-backend-repl-agmts.yaml'
+      vars:
+        suffix: "{{ item[0].key }}"
+        target: "{{ item[1] }}"
+      loop: "{{ suffixes | dict2items | product( ansible_play_batch ) | list }}"
+
+
+# vim: filetype=yaml
+
 # vim: filetype=yaml
-- 
2.39.5