--- /dev/null
+---
+
+- name: "Set fact agreement_name."
+ set_fact:
+ agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
+
+- name: "Show replication agreement name for suffix '{{ suffix }}'."
+ debug:
+ var: agreement_name
+ verbosity: 0
+
+- name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
+ ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
+ ignore_errors: true
+
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+- name: "Removing replication agreement to '{{ target }}' on suffix '{{ suffix }}'."
+ include_tasks: '../includes/del-389ds-backend-repl-agmt.yaml'
+ when: target == ldapserver_to_disable
+
+# vim: filetype=yaml
--- /dev/null
+---
+
+# name: "Removing replication agreements to '{{ target }}' on suffix '{{ suffix }}'."
+# when: target != ansible_fqdn
+# block:
+
+# - name: "Set fact agreement_name."
+# set_fact:
+# agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
+
+# - name: "Show replication agreement name for suffix '{{ suffix }}'."
+# debug:
+# var: agreement_name
+# verbosity: 0
+
+# - name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
+# ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
+# ignore_errors: true
+
+- name: "Removing replication agreements to '{{ target }}' on suffix '{{ suffix }}'."
+ when: target != ansible_fqdn
+ include_tasks: '../includes/del-389ds-backend-repl-agmt.yaml'
+
+# vim: filetype=yaml
+++ /dev/null
----
-
-- name: "Removing replication agreements on {{ ansible_nodename }}."
- when: ldapserver_to_disable != ansible_nodename
- block:
-
- - name: "Removing replication agreements to {{ target }}."
- when: ldapserver_to_disable == target
- block:
-
- - name: "Set fact agreement_name."
- set_fact:
- agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
-
- - name: "Show replication agreement name for suffix '{{ suffix }}'."
- debug:
- var: agreement_name
- verbosity: 0
-
- - name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
- ignore_errors: true
-
-- name: "Removing replication agreements on {{ ldapserver_to_disable }}."
- when: ldapserver_to_disable == ansible_nodename
- block:
-
- - name: "Set fact agreement_name."
- set_fact:
- agreement_name: "{{ slapd_instance }} to {{ target }} agreement"
-
- - name: "Show replication agreement name for suffix '{{ suffix }}'."
- debug:
- var: agreement_name
- verbosity: 0
-
- - name: "Removing replication agreement '{{ agreement_name }}' for suffix '{{ suffix }}'."
- ansible.builtin.shell: "dsconf '{{ slapd_instance }}' repl-agmt delete --suffix '{{ suffix }}' '{{ agreement_name }}'"
- ignore_errors: true
-
-
-# vim: filetype=yaml
--- /dev/null
+---
+
+- name: "Get a list of all replicated Suffixes."
+ ansible.builtin.shell: "dsconf '{{ slapd_instance }}' replication list"
+ check_mode: false
+ changed_when: false
+ register: list_of_replicated_suffixes
+
+- name: "Show current list_of_replicated_suffixes"
+ debug:
+ var: list_of_replicated_suffixes
+ verbosity: 2
+
+- name: "Set fact suffix_is_replicated."
+ no_log: true
+ set_fact:
+ suffix_is_replicated: false
+
+- name: "Searching for suffix '{{ suffix }}' in the list of replicated suffixes."
+ set_fact:
+ suffix_is_replicated: true
+ when: ( this_line | regex_replace('^\\s*') | regex_replace('\\s*$') ) == suffix
+ loop: "{{ list_of_replicated_suffixes.stdout_lines }}"
+ loop_control:
+ loop_var: this_line
+
+- name: "Set fact list_of_replicated_suffixes."
+ no_log: true
+ set_fact:
+ list_of_replicated_suffixes: ~
+
+- name: "The suffix '{{ suffix }}' is replicated:"
+ debug:
+ var: suffix_is_replicated
+
+
+# vim: filetype=yaml
debug:
var: backend_ro
-- name: "Setting '{{ backend.value }}' to readonly."
+- name: "Setting backend '{{ backend.value }}' to readonly."
ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix set --enable-readonly '{{ backend.value }}'"
when: backend_ro == false
register: tstamp
check_mode: false
changed_when: false
- when: ldapserver_to_disable == ansible_nodename
+ # when: ldapserver_to_disable == ansible_fqdn
- name: "Show current timestamp"
debug:
var: tstamp
verbosity: 3
- when: ldapserver_to_disable == ansible_nodename
+ # when: ldapserver_to_disable == ansible_fqdn
- name: "Set date variables"
set_fact:
cur_date: "{{ tstamp.stdout[0:10] | default('2024-11-11') }}"
cur_time: "{{ tstamp.stdout[11:] | default('16-33-23') }}"
cur_timestamp: "{{ tstamp.stdout[0:10] }}_{{ tstamp.stdout[11:] | default('2024-11-11_16-33-23') }}"
- when: ldapserver_to_disable == ansible_nodename
+ # when: ldapserver_to_disable == ansible_fqdn
- name: "Show current date"
debug:
msg: "Current timestamp: '{{ cur_timestamp }}'."
- when: ldapserver_to_disable == ansible_nodename
+ verbosity: 0
+ # when: ldapserver_to_disable == ansible_fqdn
- name: "Disabling Puppet agent on '{{ ldapserver_to_disable }}'."
ansible.builtin.shell: |
puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'."
args:
creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock'
- when: ldapserver_to_disable == ansible_nodename
+ when: ldapserver_to_disable == ansible_fqdn
- name: "Disabling Puppet service on '{{ ldapserver_to_disable }}'."
ansible.builtin.service:
enabled: false
name: puppet
state: stopped
- when: ldapserver_to_disable == ansible_nodename
+ when: ldapserver_to_disable == ansible_fqdn
- name: "Disabling Wazuh service on '{{ ldapserver_to_disable }}'."
ansible.builtin.service:
enabled: false
name: wazuh-agent
state: stopped
- when: ldapserver_to_disable == ansible_nodename
+ when: ldapserver_to_disable == ansible_fqdn
- name: "Retrieve all backends from '{{ ldapserver_to_disable }}'."
ansible.builtin.shell: "dsconf '{{ slapd_instance }}' backend suffix list"
verbosity: 0
- name: "Setting all backends to readonly."
- when: ldapserver_to_disable == ansible_nodename
+ include_tasks: '../includes/set-389ds-backend-readonly.yaml'
+ when: ldapserver_to_disable == ansible_fqdn
loop: "{{ suffixes | dict2items }}"
loop_control:
loop_var: backend
- include_tasks: '../includes/set-389ds-backend-readonly.yaml'
- - name: "Removing replication agreements"
- include_tasks: '../includes/del-389ds-backend-repl-agmts.yaml'
+ - name: "Removing replication agreements on host to disable."
+ include_tasks: '../includes/del-389ds-backend-repl-agmts-target.yaml'
+ when: ldapserver_to_disable == ansible_fqdn
vars:
suffix: "{{ item[0].key }}"
target: "{{ item[1] }}"
loop: "{{ suffixes | dict2items | product( ansible_play_batch ) | list }}"
+ - name: "Removing replication agreements on hosts to keep."
+ include_tasks: '../includes/del-389ds-backend-repl-agmts-src.yaml'
+ when: ldapserver_to_disable != ansible_fqdn
+ vars:
+ suffix: "{{ item[0].key }}"
+ target: "{{ item[1] }}"
+ loop: "{{ suffixes | dict2items | product( ansible_play_batch ) | list }}"
-# vim: filetype=yaml
+ - name: "Disabling replication on all suffixes."
+ when: ldapserver_to_disable == ansible_fqdn
+ include_tasks: '../includes/disable-389ds-replication.yaml'
+ vars:
+ suffix: "{{ item[0].key }}"
+ loop: "{{ suffixes | dict2items | product( ansible_play_batch ) | list }}"
# vim: filetype=yaml
projects / pixelpark / pp-admin-tools.git / commitdiff