From: Frank Brehm Date: Fri, 16 Oct 2020 14:09:44 +0000 (+0200) Subject: Setting example database to readonly X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=9f29a183fc7505009e34ff562fd7f056db6b75d4;p=pixelpark%2Fldap-migration.git Setting example database to readonly --- diff --git a/roles/base/tasks/config_root_account.yaml b/roles/base/tasks/config_root_account.yaml index 000ed4c..7048a0e 100644 --- a/roles/base/tasks/config_root_account.yaml +++ b/roles/base/tasks/config_root_account.yaml @@ -69,7 +69,7 @@ - name: "Show content of managing RootDN for config database file." debug: msg={{ content_rootdn_config_file.stdout_lines }} - - name: "Applying managing RootDN for config database file." + - name: "Applying managing RootDN for config database file." shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ rootdn_config_file.path }}'" rescue: diff --git a/roles/base/tasks/example-database-ro.yaml b/roles/base/tasks/example-database-ro.yaml new file mode 100644 index 0000000..b1e7d16 --- /dev/null +++ b/roles/base/tasks/example-database-ro.yaml @@ -0,0 +1,66 @@ +--- + +################################################################ +# Setting example databae to readonly + + +- name: "Detecting the readonly state of the example database." + shell: "ldapsearch -Q -Y EXTERNAL -H ldapi:/// -LLL -s base -b '{{ example_database.dn }}' -o ldif-wrap=no olcReadonly | grep -i '^olcReadonly:' | sed -e 's/^olcReadonly:[ ]*//i' | tr '[:upper:]' '[:lower:]'" + changed_when: False + ignore_errors: True + no_log: True + register: example_database_ro + +- name: "Setting readonly state of example database to readonly." + block: + + - name: "Initializing LDIF file for setting readonly state." + tempfile: + state: 'file' + prefix: 'set-example-db-ro.' + suffix: '.ldif' + register: set_ro_file + + - set_fact: + changetype: 'add' + when: example_database_ro.rc != 0 + + - set_fact: + changetype: 'replace' + when: example_database_ro.rc == 0 + + - name: "Get content of setting database to readonly" + template: + src: "templates/set-ro-example-db.ldif.j2" + dest: "{{ set_ro_file.path }}" + owner: root + group: root + mode: 0644 + + - name: "Get content of setting database to readonly file" + shell: "cat '{{ set_ro_file.path }}'" + register: content_set_ro_file + changed_when: False + no_log: True + + - name: "Show content of setting database to readonly file." + debug: msg={{ content_set_ro_file.stdout_lines }} + + - name: "Applying setting database to readonly file." + shell: "ldapadd -Q -Y EXTERNAL -H ldapi:/// -f '{{ set_ro_file.path }}'" + + rescue: + - name: "Failing base installation of OpenLDAP server because of some errors." + fail: + msg: "I caught an error" + + always: + + - name: "Removing setting database to readonly file ..." + file: + path: "{{ set_ro_file.path }}" + state: absent + + when: (example_database_ro.rc != 0) or (example_database_ro.stdout != 'true') + + diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index 5d55497..a5341fe 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -43,6 +43,9 @@ - include: 'overlays0-memberof.yaml' +- include: 'example-database-ro.yaml' + when: example_database_name != '' + - include: 'config_root_account.yaml' - include: 'providers.yaml' diff --git a/roles/base/templates/set-ro-example-db.ldif.j2 b/roles/base/templates/set-ro-example-db.ldif.j2 new file mode 100644 index 0000000..66631e1 --- /dev/null +++ b/roles/base/templates/set-ro-example-db.ldif.j2 @@ -0,0 +1,6 @@ +dn: {{ example_database.dn }} +changetype: modify +{{ changetype }}: olcReadonly +olcReadonly: TRUE + +# vim: filetype=ldif