- name: "Installation of OpenLDAP base"
hosts: ldap_servers
roles:
+ - rsyslog
- base
hosts:
dev-ds11.pixelpark.com:
rid_token: '1'
+ rid_one: 21
+ rid_two: 31
+ uri_one: 'ldaps://dev-ds12.pixelpark.com'
+ uri_two: 'ldaps://dev-ds13.pixelpark.com'
dev-ds12.pixelpark.com:
rid_token: '2'
+ rid_one: 12
+ rid_two: 32
+ uri_one: 'ldaps://dev-ds11.pixelpark.com'
+ uri_two: 'ldaps://dev-ds13.pixelpark.com'
dev-ds13.pixelpark.com:
rid_token: '3'
+ rid_one: 13
+ rid_two: 23
+ uri_one: 'ldaps://dev-ds11.pixelpark.com'
+ uri_two: 'ldaps://dev-ds12.pixelpark.com'
providers:
hosts:
dev-ds11.pixelpark.com:
example_db_suffix: 'dc=my-domain,dc=com'
example_db_suffix_re: 'dc=my-domain,\s*dc=com'
admin_bind_dn_prefix: 'cn=admin'
- repl_retry: '5 +'
- repl_timeout: '3'
+ repl_retry: '5 5 300 5'
+ repl_timeout: '2'
+ rsyslog_dir: '/etc/rsyslog.d'
+ rsyslog_config: '/etc/rsyslog.d/01-opendap.conf'
+ rsyslog_service: 'rsyslog'
+ log_dir: '/var/log/openldap'
+ log_file: '/var/log/openldap/slapd.log'
+ logrotate_conf: '/etc/logrotate.d/openldap'
---
+- set_fact:
+ db_id_token: "{{ database_name | regex_replace('\\{', '') | regex_replace('\\}.*', '') }}"
+
- set_fact:
db_suffix: 'cn=config'
when: database_name == '{0}config'
bind_dn: "{{ admin_bind_dn_prefix }},{{ db_suffix }}"
- set_fact:
- db_dn: "{{ database_name }},cn=config"
+ db_dn: "olcDatabase={{ database_name }},cn=config"
+
+# - name: "Acticvating SyncRepl consumers for database '{{ database_name }}' for providers ..."
+# include_tasks: "consumers_per_provider.yaml"
+# loop: "{{ groups['providers'] }}"
+# loop_control:
+# loop_var: provider_host
+
+- name: "Get state of possibly applied SyncRepl consumers for database '{{ database_name }}'."
+ shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ db_dn }}' -o ldif-wrap olcSyncrepl | grep -i '^olcSyncrepl'"
+ changed_when: False
+ ignore_errors: True
+ # no_log: True
+ register: get_syncrepl
+
+- name: "Applying SyncRepl consumers for database '{{ database_name }}' ..."
+ block:
+
+ - name: "Initializing LDIF file for applying SyncRepl consumers"
+ tempfile:
+ state: 'file'
+ prefix: 'syncrepl.'
+ suffix: '.ldif'
+ register: syncrepl_file
+
+ - name: "Get content of applying SyncRepl consumers"
+ template:
+ src: "templates/syncrepl.ldif.j2"
+ dest: "{{ syncrepl_file.path }}"
+ owner: root
+ group: root
+ mode: 0600
+
+ - name: "Get content of applying SyncRepl consumers file"
+ shell: "cat '{{ syncrepl_file.path }}'"
+ register: content_syncrepl_file
+ changed_when: False
+ # no_log: True
+
+ - name: "Show content of applying SyncRepl consumers file."
+ debug: msg={{ content_syncrepl_file.stdout_lines }}
+
+ # name: "Applying SyncRepl consumers file at the end ..."
+ # shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ syncrepl_file.path }}'"
+
+ rescue:
+ - name: "Failing base installation of OpenLDAP server because of some errors."
+ fail:
+ msg: "I caught an error"
+
+ always:
+
+ - name: "Removing applying SyncRepl consumers file ..."
+ file:
+ path: "{{ syncrepl_file.path }}"
+ state: absent
+
+ when: get_syncrepl.rc != 0
-- name: "Acticvating SyncRepl consumers for database '{{ database_name }}' for providers ..."
- include_tasks: "consumers_per_provider.yaml"
- loop: "{{ groups['providers'] }}"
- loop_control:
- loop_var: provider_host
- name: "Acticvating SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..."
block:
- - set_fact:
- db_id_token: "{{ database_name | regex_replace('\\{', '') | regex_replace('\\}.*', '') }}"
-
- set_fact:
rid: "{{ hostvars[provider_host].rid_token }}{{ rid_token }}{{ db_id_token }}"
- set_fact:
- provider_uri: "ldaps://{{ hostvars[provider_host].ansible_fqdn }}"
+ provider_uri: "ldaps://{{ hostvars[provider_host].ansible_fqdn }}"
+
+ - name: "Get state of an possibly applied SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..."
+ shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ db_dn }}' -o ldif-wrap olcSyncrepl | grep -i '^olcSyncrepl'| sed -e 's/^olcSyncrepl:[ ]*//i' | grep -i 'provider={{ provider_uri }}'"
+ changed_when: False
+ ignore_errors: True
+ no_log: True
+ register: get_syncrepl_entry
- name: "Applying SyncRepl consumers for database '{{ database_name }}' and provider {{ provider_host }} ..."
block:
- name: "Show content of applying SyncRepl consumers file."
debug: msg={{ content_syncrepl_file.stdout_lines }}
- # TODO - Apply fehlt
+ - name: "Applying SyncRepl consumers file at the end ..."
+ shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ syncrepl_file.path }}'"
rescue:
- name: "Failing base installation of OpenLDAP server because of some errors."
path: "{{ syncrepl_file.path }}"
state: absent
- # TODO - When Klausel für Apply block fehlt
+ when: get_syncrepl_entry.rc != 0
when: provider_host != ansible_fqdn
- include: 'providers.yaml'
when: "'providers' in group_names"
+- include: 'server_ids.yaml'
+
- include: 'consumers.yaml'
when: "'consumers' in group_names"
--- /dev/null
+---
+
+- set_fact:
+ entry: "{{ hostvars[ldap_server].rid_token }} ldaps://{{ ldap_server }}"
+
+- name: "Get possible entry for host {{ ldap_server }} ..."
+ shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b 'cn=config' -o ldif-wrap=no olcServerID | grep -i '{{ entry }}'"
+ changed_when: False
+ ignore_errors: True
+ register: get_host_entry
+
+- name: "Registering Server-Id for host {{ ldap_server }} ..."
+ block:
+
+ - name: "Initializing LDIF file for registering Server-Id."
+ tempfile:
+ state: 'file'
+ prefix: 'set-server-id.'
+ suffix: '.ldif'
+ register: set_serverid_file
+
+ - name: "Get content of registering Server-Id."
+ template:
+ src: "templates/set-serverid.ldif.j2"
+ dest: "{{ set_serverid_file.path }}"
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: "Get content of registering Server-Id file"
+ shell: "cat '{{ set_serverid_file.path }}'"
+ register: set_serverid_file_content
+ changed_when: False
+ no_log: True
+
+ - name: "Show content of registering Server-Id file."
+ debug: msg={{ set_serverid_file_content.stdout_lines }}
+
+ - name: "Applying registering Server-Id file at the end ..."
+ shell: "ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f '{{ set_serverid_file.path }}'"
+
+ rescue:
+ - name: "Failing base installation of OpenLDAP server because of some errors."
+ fail:
+ msg: "I caught an error"
+
+ always:
+
+ - name: "Removing applying registering Server-Id file ..."
+ file:
+ path: "{{ set_serverid_file.path }}"
+ state: absent
+
+ when: get_host_entry.rc != 0
+
--- /dev/null
+---
+
+- name: "Setting Server Ids for hosts ..."
+ include_tasks: "server_id_per_host.yaml"
+ loop: "{{ groups['ldap_servers'] }}"
+ loop_control:
+ loop_var: ldap_server
+
--- /dev/null
+dn: cn=config
+changetype: modify
+add: olcServerID
+olcServerID: 1 ldaps://dev-ds11.pixelpark.com
+olcServerID: 2 ldaps://dev-ds12.pixelpark.com
+olcServerID: 3 ldaps://dev-ds13.pixelpark.com
--- /dev/null
+dn: cn=config
+changetype: modify
+add: olcServerID
+olcServerID: {{ entry }}
+
+# vim: filetype=ldif
--- /dev/null
+dn: {{ db_dn }}
+changetype: modify
+add: olcSyncRepl
+olcSyncRepl: rid={{ rid_one }}{{ db_id_token }}
+ provider={{ uri_one }}
+ binddn="{{ bind_dn }}"
+ bindmethod=simple
+ credentials="{{ admin_password }}"
+ searchbase="{{ db_suffix }}"
+ type=refreshAndPersist
+ retry="{{ repl_retry }}"
+ tls_reqcert=never
+ timeout={{ repl_timeout }}
+olcSyncRepl: rid={{ rid_two }}{{ db_id_token }}
+ provider={{ uri_two }}
+ binddn="{{ bind_dn }}"
+ bindmethod=simple
+ credentials="{{ admin_password }}"
+ searchbase="{{ db_suffix }}"
+ type=refreshAndPersist
+ retry="{{ repl_retry }}"
+ tls_reqcert=never
+ timeout={{ repl_timeout }}
+-
+add: olcMirrorMode
+olcMirrorMode: TRUE
+
+# vim: filetype=ldif
--- /dev/null
+---
+
+- name: "Restart rsyslog instance"
+ service:
+ name: "{{ rsyslog_service }}"
+ state: restarted
+
--- /dev/null
+---
+
+- name: "Ensuring logging directory {{ log_dir }} ..."
+ file:
+ path: "{{ log_dir }}"
+ state: directory
+ mode: '0755'
+ owner: root
+ group: root
+
+- name: "Ensuring rsyslog config subdirectory {{ rsyslog_dir }} ..."
+ file:
+ path: "{{ rsyslog_dir }}"
+ state: directory
+ mode: '0755'
+ owner: root
+ group: root
+
+- name: "Ensuring rsyslog configuration file {{ rsyslog_config }} ..."
+ template:
+ src: "templates/rsyslog.conf.j2"
+ dest: "{{ rsyslog_config }}"
+ owner: root
+ group: root
+ mode: 0644
+ notify: "Restart rsyslog instance"
+
+- name: Flush handlers
+ meta: flush_handlers
+
+- name: "Ensuring logrotation config file {{ logrotate_conf }} ..."
+ template:
+ src: "templates/logrotate.conf.j2"
+ dest: "{{ logrotate_conf }}"
+ owner: root
+ group: root
+ mode: 0644
+
--- /dev/null
+
+{{ log_dir }}/*.log: {
+ create 0644 root root
+ dateext
+ dateformat -%Y-%m-%d
+ minsize 10M
+ missingok
+ daily
+ rotate 10
+ sharedscripts
+ postrotate
+ /bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
+ endscript
+}
+
+# vim: filetype=conf ts=4 et
--- /dev/null
+# Logging for slapd (OpenLDAP-Server)
+
+local4.* {{ log_file }}
+
projects / pixelpark / ldap-migration.git / commitdiff