+++ /dev/null
----
-
-- name: "Get current Readonly status of Backend '{{ backend.value }}' ..."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix get '{{ backend.value }}' | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'"
- check_mode: false
- changed_when: false
- register: backend_get_ro_status
-
-- name: "Show current backend_get_ro_status"
- debug:
- var: backend_get_ro_status
- verbosity: 2
-
-- name: "Set fact backend_ro."
- no_log: true
- set_fact:
- backend_ro: "{{ backend_get_ro_status.stdout is falsy }}"
-
-- name: "The backend '{{ backend.key }}' ({{ backend.value }}) readonly status:"
- debug:
- var: backend_ro
-
-- name: "Setting backend '{{ backend.value }}' to readonly."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix set --enable-readonly '{{ backend.value }}'"
- when: backend_ro == false
-
-- name: "Set fact backend_get_ro_status."
- no_log: true
- set_fact:
- backend_get_ro_status: ~
-
-# vim: filetype=yaml
tasks:
- name: "Exec command for retrieving version of 389ds LDAP server."
- ansible.builtin.shell: ns-slapd -v | grep -i '^389-Directory' | sed -e 's|.*/||' -e 's/[ ].*//'
+ ansible.builtin.shell: ns-slapd -v | grep -i '^389-Directory' | sed -e 's|.*/||' -e 's/\s.*//'
register: get_389ds_version
check_mode: false
changed_when: false
- name: "Fail for non existing 389ds LDAP server."
ansible.builtin.fail:
- msg: "No 389ds LDAP server found on host '{{ ansible_fqdn }}'."
+ msg: "No 389ds LDAP server found on host '{{ inventory_hostname }}'."
when: version_389ds == ''
- name: "Configure logging for host '{{ inventory_hostname }}'."
- name: "Disable the given host as a HAProxy backend server."
hosts: haproxy_servers
+ gather_facts: false
tasks:
var: ldapserver_to_disable
verbosity: 0
- - name: "Setting backend server {{ haproxy_backend_name }}/{{ ldapserver_to_disable }} into maintenance."
- community.general.haproxy:
- state: drain
- host: "{{ ldapserver_to_disable }}"
- socket: "{{ haproxy_admin_socket }}"
+ - name: "Setting HAProxy backend server into maintenance."
+ include_role:
+ name: 'haproxy-disable-backend'
+ vars:
backend: "{{ haproxy_backend_name }}"
- wait: true
- wait_interval: 2
- wait_retries: 60
+ backend_server: "{{ ldapserver_to_disable }}"
+
+ # - name: "Fail for stop."
+ # ansible.builtin.fail:
+ # msg: "Hard stopping here ..."
- name: "Disabling Replication on the given host."
hosts: ldap_servers
puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'."
args:
creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
- when: ldapserver_to_disable == ansible_fqdn
+ when: ldapserver_to_disable == inventory_hostname
- name: "Disabling Puppet service on '{{ ldapserver_to_disable }}'."
ansible.builtin.service:
enabled: false
name: puppet
state: stopped
- when: ldapserver_to_disable == ansible_fqdn
+ when: ldapserver_to_disable == inventory_hostname
- name: "Disabling Wazuh service on '{{ ldapserver_to_disable }}'."
ansible.builtin.service:
enabled: false
name: wazuh-agent
state: stopped
- when: ldapserver_to_disable == ansible_fqdn
+ when: ldapserver_to_disable == inventory_hostname
- name: "Retrieve all backends from '{{ ldapserver_to_disable }}'."
ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
verbosity: 0
- name: "Setting all backends to readonly."
- include_tasks: '../includes/set-389ds-backend-readonly.yaml'
- when: ldapserver_to_disable == ansible_fqdn
+ include_role:
+ name: 389ds-set-backend-readonly
+ when: ldapserver_to_disable == inventory_hostname
loop: "{{ suffixes | dict2items }}"
loop_control:
loop_var: backend
- name: "Removing replication agreements on host to disable."
include_tasks: '../includes/del-389ds-backend-repl-agmts-target.yaml'
- when: ldapserver_to_disable == ansible_fqdn
+ when: ldapserver_to_disable == inventory_hostname
vars:
suffix: "{{ item[0].key }}"
target: "{{ item[1] }}"
- name: "Removing replication agreements on hosts to keep."
include_tasks: '../includes/del-389ds-backend-repl-agmts-src.yaml'
- when: ldapserver_to_disable != ansible_fqdn
+ when: ldapserver_to_disable != inventory_hostname
vars:
suffix: "{{ item[0].key }}"
target: "{{ item[1] }}"
loop: "{{ suffixes | dict2items | product( ansible_play_batch ) | list }}"
- name: "Disabling replication on all suffixes."
- when: ldapserver_to_disable == ansible_fqdn
+ when: ldapserver_to_disable == inventory_hostname
include_tasks: '../includes/disable-389ds-replication.yaml'
vars:
suffix: "{{ item.key }}"
- name: "Clean all RUVs for Replication ID {{ target_replica_id }} on all suffixes ..."
include_tasks: '../includes/389ds-repl-tasks-cleanallruv.yaml'
- when: ldapserver_to_disable != ansible_fqdn
+ when: ldapserver_to_disable != inventory_hostname
vars:
suffix: "{{ item.key }}"
loop: "{{ suffixes | dict2items | list }}"
--- /dev/null
+---
+
+- name: "Get current Readonly status of Backend '{{ backend.value }}' ..."
+ ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix get '{{ backend.value }}' | grep -i '^nsslapd-readonly:' | sed -e 's/^nsslapd-readonly:[ ]*//i'"
+ check_mode: false
+ changed_when: false
+ register: backend_get_ro_status
+
+- name: "Show current backend_get_ro_status"
+ debug:
+ var: backend_get_ro_status
+ verbosity: 2
+
+- name: "Set fact backend_ro."
+ no_log: true
+ set_fact:
+ backend_ro: "{{ backend_get_ro_status.stdout is falsy }}"
+
+- name: "The backend '{{ backend.key }}' ({{ backend.value }}) readonly status:"
+ debug:
+ var: backend_ro
+
+- name: "Setting backend '{{ backend.value }}' to readonly."
+ ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix set --enable-readonly '{{ backend.value }}'"
+ when: backend_ro == false
+
+- name: "Set fact backend_get_ro_status."
+ no_log: true
+ set_fact:
+ backend_get_ro_status: ~
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+- debug:
+ msg: "Setting server '{{ backend_server }}' on HAProxy backend '{{ backend }}' into maintenance ..."
+ verbosity: 0
+
+- name: "Get file stat of HAProxy admin socket '{{ haproxy_admin_socket }}' ..."
+ ansible.builtin.stat:
+ path: "{{ haproxy_admin_socket }}"
+ register: admin_socket
+
+- name: "File stat of HAProxy admin socket '{{ haproxy_admin_socket }}': "
+ debug:
+ var: admin_socket
+ verbosity: 3
+
+- name: "Check existence of HAProxy admin socket '{{ haproxy_admin_socket }}'."
+ ansible.builtin.fail:
+ msg: "The HAProxy admin socket '{{ haproxy_admin_socket }}' does not exists."
+ when: admin_socket.stat.exists != true
+
+- name: "Checkinf, whether '{{ haproxy_admin_socket }}' is a socket."
+ ansible.builtin.fail:
+ msg: "The path '{{ haproxy_admin_socket }}' for the HAProxy admin socket is not a socket."
+ when: admin_socket.stat.issock != true
+
+- name: "Setting backend server {{ backend }}/{{ backend_server }} into maintenance."
+ community.general.haproxy:
+ state: drain
+ host: "{{ backend_server }}"
+ socket: "{{ haproxy_admin_socket }}"
+ backend: "{{ backend }}"
+ wait: "{{ haproxy_wait_for_disable }}"
+ wait_interval: "{{ haproxy_wait_interval }}"
+ wait_retries: "{{ haproxy_wait_retries }}"
+
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+haproxy_user_socket: '/run/haproxy/user.sock'
+haproxy_admin_socket: '/run/haproxy/admin.sock'
+haproxy_test_socket: '/etc/passwd'
+
+haproxy_wait_for_disable: true
+haproxy_wait_interval: 2
+haproxy_wait_retries: 60
+
+# vim: filetype=yaml
projects / pixelpark / pp-admin-tools.git / commitdiff