---
-ds389_logging_config: true
-ds389_plugin_memberof_config: true
-ds389_plugin_referint_config: true
-ds389_plugin_attr_uniq_config: true
-ds389_plugin_account_policy_config: true
+# ds389_logging_config: true
+# ds389_plugin_memberof_config: true
+# ds389_plugin_referint_config: true
+# ds389_plugin_attr_uniq_config: true
+# ds389_plugin_account_policy_config: true
# vim: filetype=yaml
replica_id: 3
slapd_instance: dev-ds03
ldap_uri: 'ldaps://dev-ds03.pixelpark.com'
+ vars:
+ suffix: 'o=isp'
+ dirsrv_root_dn: 'cn=admin'
+ dirsrv_root_passwd_file: '/root/.private/dirsrv-mngr-pwd-wonl.txt'
+ replication_manager_dn: 'cn=Replication Manager,cn=config'
+ replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt'
+ replication_manager_idle_timeout: 0
+ ldaps_validate_certs: false
+ # ds389_plugin_attr_uniq_purge: false
+ ds389_plugin_attr_uniq_attributes:
+ 'uid':
+ across_all_subtrees: false
+ subtrees:
+ - 'o=bmas,o=isp'
+ - 'o=bmf,o=isp'
+ - 'o=BMWA,o=isp'
+ - 'o=bmwi,o=isp'
+ - 'o=bmwi-unternehmergeist,o=isp'
+ - 'o=cosTemplates,o=isp'
+ - 'o=Internet,o=isp'
+ - 'o=mbvd,o=isp'
+ - 'o=pfizer,o=isp'
+ - 'o=Pixelpark,o=isp'
+ - 'o=publicis,o=isp'
+ - 'o=PuF,o=isp'
+ - 'o=Radeberger,o=isp'
+ - 'o=sirona,o=isp'
+ - 'o=tov,o=isp'
+ 'gidNumber':
+ subtrees:
+ - 'o=isp'
+ 'mail':
+ subtrees:
+ - 'o=isp'
+ 'uidNumber':
+ subtrees:
+ - 'o=isp'
+ 'blaBlub':
+ ensure: absent
+
+ # Tempporary
+ ds389_logging_config: false
+ ds389_plugin_memberof_config: false
+ ds389_plugin_referint_config: false
+ # ds389_plugin_attr_uniq_config: false
+ ds389_plugin_account_policy_config: false
+
haproxy_servers:
hosts:
dev-ds-hap01.pixelpark.com: {}
dev-ds-hap02.pixelpark.com: {}
vars:
ansible_user: root
- suffix: 'o=isp'
- dirsrv_root_dn: 'cn=admin'
- dirsrv_root_passwd_file: '/root/.private/dirsrv-mngr-pwd-wonl.txt'
- replication_manager_dn: 'cn=Replication Manager,cn=config'
- replication_manager_password_file: '/root/.private/dirserv-repl-mngr-pwd.txt'
- replication_manager_idle_timeout: 0
haproxy_backend_name: 'be-ldap-dev1'
- ldaps_validate_certs: false
- # ds389_plugin_attr_uniq_purge: false
- ds389_plugin_attr_uniq_attributes:
- 'uid':
- across_all_subtrees: false
- subtrees:
- - 'o=bmas,o=isp'
- - 'o=bmf,o=isp'
- - 'o=BMWA,o=isp'
- - 'o=bmwi,o=isp'
- - 'o=bmwi-unternehmergeist,o=isp'
- - 'o=cosTemplates,o=isp'
- - 'o=Internet,o=isp'
- - 'o=mbvd,o=isp'
- - 'o=pfizer,o=isp'
- - 'o=Pixelpark,o=isp'
- - 'o=publicis,o=isp'
- - 'o=PuF,o=isp'
- - 'o=Radeberger,o=isp'
- - 'o=sirona,o=isp'
- - 'o=tov,o=isp'
- 'gidNumber':
- subtrees:
- - 'o=isp'
- 'mail':
- subtrees:
- - 'o=isp'
- 'uidNumber':
- subtrees:
- - 'o=isp'
- 'blaBlub':
- ensure: absent
-
-
- # Tempporary
- # ds389_logging_config: false
- # ds389_plugin_memberof_config: false
- # ds389_plugin_referint_config: false
- # ds389_plugin_attr_uniq_config: false
# vim: filetype=yaml
- 'dc=spk,dc=pixelpark,dc=net'
ds389_plugin_account_policy_config: false
+ # Temporary
+ ds389_logging_config: false
+ ds389_plugin_memberof_config: false
+ ds389_plugin_referint_config: false
+
# vim: filetype=yaml
include_role:
name: 389ds-check-initial
+ - name: "Set default for ds389_logging_config."
+ set_fact:
+ ds389_logging_config: true
+ when: ds389_logging_config is undefined
+
- name: "Configure logging for 389ds LDAP server."
include_role:
name: 389ds-config-logging
when: ( ds389_logging_config | bool ) == true
- - name: "Configure all necessay plugins of the 389ds LDAP server."
+ - name: "Configure all necessary plugins of the 389ds LDAP server."
include_role:
name: 389ds-config-plugins
"""Check whether a value is false or an empty string, list or dict."""
if isinstance(value, Undefined):
return True
- if isinstance(value, bool):
- return not value
+ # if isinstance(value, bool):
+ # return not value
if value is None:
return True
if value == '':
- name: "Adding entry name to entry_add_cmd."
set_fact:
- entry_add_cmd: "{{ entry_add_cmd }} {{ entry_name | quote }}."
+ entry_add_cmd: "{{ entry_add_cmd }} {{ entry_name | quote }}"
- name: "Show command for adding an attr-uniq entry."
debug:
- name: "Check across-all-subtrees for should be vanished."
set_fact:
remove_attr_uniq_entry_before: true
- when: "('across-all-subtrees' in attr_uniq_config) and ('across_all_subtrees' not in entry_data or entry_data['across_all_subtrees'] is empty)"
+ when: "('across-all-subtrees' in attr_uniq_config) and ('across_all_subtrees' not in entry_data)"
- name: "Check across-all-subtrees"
set_fact:
exec_set: true
- when: "'across_all_subtrees' in entry_data and entry_data['across_all_subtrees'] is not empty and ('across-all-subtrees' not in attr_uniq_config or entry_data['across_all_subtrees'] != attr_uniq_config['across-all-subtrees'])"
+ when: "'across_all_subtrees' in entry_data and entry_data['across_all_subtrees'] is not empty \
+ and ('across-all-subtrees' not in attr_uniq_config or entry_data['across_all_subtrees'] != attr_uniq_config['across-all-subtrees'])"
- name: "Check top-entry-oc for should be vanished."
set_fact:
- name: 'Check top-entry-oc'
set_fact:
exec_set: true
- when: "('top_entry_oc' in entry_data) and (entry_data['top_entry_oc'] is not empty) and (('top-entry-oc' not in attr_uniq_config) or ((attr_uniq_config['top-entry-oc'] | lower) != (entry_data['top_entry_oc'] | lower)) )"
+ when: "('top_entry_oc' in entry_data) and (entry_data['top_entry_oc'] is not empty) and \
+ (('top-entry-oc' not in attr_uniq_config) or ((attr_uniq_config['top-entry-oc'] | lower) != (entry_data['top_entry_oc'] | lower)) )"
- name: "Check subtree-entries-oc for should be vanished."
set_fact:
- name: 'Check subtree-entries-oc'
set_fact:
exec_set: true
- when: "('subtree_entries_oc' in entry_data) and (entry_data['subtree_entries_oc'] is not empty) and (('subtree-entries-oc' not in attr_uniq_config) or ((attr_uniq_config['subtree-entries-oc'] | lower) != (entry_data['subtree_entries_oc'] | lower)) )"
+ when: "('subtree_entries_oc' in entry_data) and (entry_data['subtree_entries_oc'] is not empty) and \
+ (('subtree-entries-oc' not in attr_uniq_config) or \
+ ((attr_uniq_config['subtree-entries-oc'] | lower) != (entry_data['subtree_entries_oc'] | lower)) )"
- name: 'Actions for removing attr-uniq entry.'
when: remove_attr_uniq_entry_before == true
- name: 'Remove attr-uniq entry.'
ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} plugin attr-uniq delete {{ entry_name | quote }}"
+ - name: "Setting restart_389ds."
+ set_fact:
+ restart_389ds: true
+
- name: 'Actions for adding or modifying attr-uniq entry.'
when: exec_set == true
block:
- name: "Adding entry name to entry_set_cmd."
set_fact:
- entry_set_cmd: "{{ entry_set_cmd }} {{ entry_name | quote }}."
+ entry_set_cmd: "{{ entry_set_cmd }} {{ entry_name | quote }}"
- name: "Show command for adding/modifying an attr-uniq entry."
debug:
var: entry_set_cmd
verbosity: 0
-- name: "Finally adding attr-uniq entry."
- ansible.builtin.shell: "{{ entry_add_cmd }}"
+ - name: "Finally adding attr-uniq entry."
+ ansible.builtin.shell: "{{ entry_set_cmd }}"
+
+ - name: "Setting restart_389ds."
+ set_fact:
+ restart_389ds: true
+- name: "The attr-uniq entry should not be set."
+ debug:
+ var: entry_name
+ when: exec_set != true
# vim: filetype=yaml
- debug:
msg: "Entry {{ entry_name | quote }} should exists: {{ entry_should_exists }}"
- verbosity: 2
+ verbosity: 0
- name: 'Ensure absence of attr-uniq entry.'
when: "entry_should_exists == false"
- name: 'Show cur_attr_uniq_entries.'
debug:
var: cur_attr_uniq_entries
- verbosity: 2
+ verbosity: 0
- name: 'Show cur_attr_uniq_entries_lc.'
debug:
- name: 'Show exp_attr_uniq_entries_lc.'
debug:
var: exp_attr_uniq_entries_lc
- verbosity: 2
+ verbosity: 0
-- name: 'Configure attr-uniq entry.'
- include_tasks: 'attr-uniq-entry.yaml'
- vars:
- attr_name: "{{ attrdict.key }}"
- entry_data: "{{ attrdict.value }}"
- loop: "{{ uniq_attributes | dict2items }}"
+- name: "Predefine attr_uniq_entries_for_remove."
+ set_fact:
+ attr_uniq_entries_for_remove: []
+
+- name: "Get all attr-uniq entries for removing."
+ set_fact:
+ attr_uniq_entries_for_remove: "{{ attr_uniq_entries_for_remove + [attr_uniq_entry] }}"
+ when: ( attr_uniq_entry | lower ) not in exp_attr_uniq_entries_lc
+ loop: "{{ cur_attr_uniq_entries }}"
loop_control:
- loop_var: attrdict
+ loop_var: attr_uniq_entry
+
+- name: "All attr_uniq_entries_for_remove."
+ debug:
+ var: attr_uniq_entries_for_remove
- name: 'Purge attr-uniq entries.'
when: (ds389_plugin_attr_uniq_purge | bool) == true
include_tasks: 'attr-uniq-entry-remove.yaml'
vars:
entry_name: "{{ attr_uniq_entry }}"
- when: ( attr_uniq_entry | lower ) not in exp_attr_uniq_entries_lc
- loop: "{{ cur_attr_uniq_entries }}"
+ loop: "{{ attr_uniq_entries_for_remove }}"
loop_control:
loop_var: attr_uniq_entry
+- name: 'Configure attr-uniq entry.'
+ include_tasks: 'attr-uniq-entry.yaml'
+ vars:
+ attr_name: "{{ attrdict.key }}"
+ entry_data: "{{ attrdict.value }}"
+ loop: "{{ uniq_attributes | dict2items }}"
+ loop_control:
+ loop_var: attrdict
+
# vim: filetype=yaml
---
+- name: "Set default for ds389_plugin_memberof_config."
+ set_fact:
+ ds389_plugin_memberof_config: true
+ when: ds389_plugin_memberof_config is undefined
+
- name: "Configuring the 389ds memberOf-Plugin."
include_tasks: 'memberof.yaml'
when: (ds389_plugin_memberof_config | bool) == true
+- name: "Set default for ds389_plugin_referint_config."
+ set_fact:
+ ds389_plugin_referint_config: true
+ when: ds389_plugin_referint_config is undefined
+
- name: "Configuring the 389ds referential-integrity-Plugin."
include_tasks: 'referint.yaml'
when: (ds389_plugin_referint_config | bool) == true
+- name: "Set default for ds389_plugin_attr_uniq_config."
+ set_fact:
+ ds389_plugin_attr_uniq_config: true
+ when: ds389_plugin_attr_uniq_config is undefined
+
- name: "Configuring the 389ds attr-uniq-Plugin."
include_tasks: 'attr-uniq.yaml'
when: (ds389_plugin_attr_uniq_config | bool) == true
+- name: "Set default for ds389_plugin_account_policy_config."
+ set_fact:
+ ds389_plugin_account_policy_config: true
+ when: ds389_plugin_account_policy_config is undefined
+
- name: "Configuring the 389ds account-policy-Plugin."
include_tasks: 'account-policy.yaml'
when: (ds389_plugin_account_policy_config | bool) == true
- name: "Show the command to execute:"
debug:
var: plugin_referint_cmd
- verbosity: 1
+ verbosity: 0
- name: "Finally configure the referential-integrity plugin."
ansible.builtin.shell: "{{ plugin_referint_cmd }}"
projects / pixelpark / pp-admin-tools.git / commitdiff