summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2014-07-06 19:55:58 +0200
committerGuilhem Moulin <guilhem@fripost.org>2015-06-07 02:52:32 +0200
commit1e68d980a0587bb1afea3685d0a46fce86135cb9 (patch)
tree64ef0d52ec5142058beab3ce5728d7cfbdd9f1a8
parentf877db8c189fc0a0c43aa5df9303ad34cceb774e (diff)
Enable zero-copy updates to the LDAP directory.
-rw-r--r--ansible.cfg10
-rw-r--r--lib/action_plugins/openldap.py83
-rw-r--r--lib/modules/openldap5
-rw-r--r--roles/LDAP-provider/tasks/main.yml9
-rw-r--r--roles/common-LDAP/tasks/main.yml27
-rw-r--r--roles/common-LDAP/templates/etc/ldap/database.ldif.j22
6 files changed, 103 insertions, 33 deletions
diff --git a/ansible.cfg b/ansible.cfg
index 10b8f7f..cfa03e5 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -90,11 +90,11 @@ ansible_managed = Ansible Managed: modified on %Y-%m-%d %H:%M:%S by {uid}@{host}
# additional plugin paths for non-core plugins
-action_plugins = /usr/share/ansible_plugins/action_plugins
-callback_plugins = /usr/share/ansible_plugins/callback_plugins
-connection_plugins = /usr/share/ansible_plugins/connection_plugins
-lookup_plugins = /usr/share/ansible_plugins/lookup_plugins
-vars_plugins = /usr/share/ansible_plugins/vars_plugins
+action_plugins = ./lib/action_plugins
+callback_plugins = ./lib/callback_plugins
+connection_plugins = ./lib/connection_plugins
+lookup_plugins = ./lib/lookup_plugins
+vars_plugins = ./lib/vars_plugins
[ssh_connection]
diff --git a/lib/action_plugins/openldap.py b/lib/action_plugins/openldap.py
new file mode 100644
index 0000000..ee8a991
--- /dev/null
+++ b/lib/action_plugins/openldap.py
@@ -0,0 +1,83 @@
+# Manage OpenLDAP databases
+# Copyright (c) 2014 Guilhem Moulin <guilhem@fripost.org>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import pipes
+import tempfile
+
+from ansible.utils import template
+from ansible import utils
+from ansible.runner.return_data import ReturnData
+
+class ActionModule(object):
+ TRANSFERS_FILES = True
+
+ def __init__(self, runner):
+ self.runner = runner
+
+ def run(self, conn, tmp, module_name, module_args, inject, complex_args=None, **kwargs):
+ ''' handler for file transfer operations '''
+
+ # load up options
+ options = {}
+ if complex_args:
+ options.update(complex_args)
+ options.update(utils.parse_kv(module_args))
+
+ target = options.get('target', None)
+ local = options.get('local', 'no')
+
+ if local not in [ 'no', 'file', 'template' ]:
+ result = dict(failed=True, msg="local must be in ['no','file','template']")
+ return ReturnData(conn=conn, comm_ok=False, result=result)
+
+ if local != 'no' and target is None:
+ result = dict(failed=True, msg="target is required in local mode")
+ return ReturnData(conn=conn, comm_ok=False, result=result)
+
+ if local == 'no':
+ # run the module remotely
+ return self.runner._execute_module(conn, tmp, 'openldap', module_args, inject=inject, complex_args=complex_args)
+ elif '_original_file' in inject:
+ target = utils.path_dwim_relative(inject['_original_file'], local+'s', target, self.runner.basedir)
+ else:
+ # the source is local, so expand it here
+ target = os.path.expanduser(target)
+
+ options['local'] = 'no'
+ options['target'] = os.path.join(tmp, os.path.basename(target))
+ if local == 'template':
+ # template the source data locally and transfer it
+ try:
+ s = template.template_from_file(self.runner.basedir, target, inject, vault_password=self.runner.vault_pass)
+ tmpfile = tempfile.NamedTemporaryFile(delete=False)
+ tmpfile.write(s)
+ tmpfile.close()
+ target = tmpfile.name
+ except Exception, e:
+ result = dict(failed=True, msg=str(e))
+ return ReturnData(conn=conn, comm_ok=False, result=result)
+ conn.put_file(tmpfile.name, options['target'])
+ os.unlink(tmpfile.name)
+
+ elif local == 'file':
+ conn.put_file(target, options['target'])
+
+ # run the script remotely with the new (temporary) filename
+ module_args = ""
+ for o in options:
+ module_args = "%s %s=%s" % (module_args, o, pipes.quote(options[o]))
+ return self.runner._execute_module(conn, tmp, 'openldap', module_args, inject=inject)
diff --git a/lib/modules/openldap b/lib/modules/openldap
index 7293b23..3f6ea39 100644
--- a/lib/modules/openldap
+++ b/lib/modules/openldap
@@ -351,6 +351,7 @@ def main():
suffix = dict( default=None ),
format = dict( default="ldif", choices=["ldif","slapd.conf"] ),
name = dict( default=None ),
+ local = dict( default="no", choices=["no","file","template"] ),
),
supports_check_mode=True
)
@@ -428,7 +429,7 @@ def main():
module.exit_json(changed=changed)
+# import module snippets
+from ansible.module_utils.basic import *
-# this is magic, see lib/ansible/module_common.py
-#<<INCLUDE_ANSIBLE_MODULE_COMMON>>
main()
diff --git a/roles/LDAP-provider/tasks/main.yml b/roles/LDAP-provider/tasks/main.yml
index 64c8e30..fc9ed62 100644
--- a/roles/LDAP-provider/tasks/main.yml
+++ b/roles/LDAP-provider/tasks/main.yml
@@ -1,12 +1,7 @@
-- name: Copy the syncprov overlay configuration
- copy: src=etc/ldap/syncprov.ldif
- dest=/etc/ldap/fripost/syncprov.ldif
- owner=root group=root
- mode=0644
-
- name: Load and configure the syncprov overlay
openldap: module=syncprov state=present
suffix=o=mailHosting,dc=fripost,dc=org
- target=/etc/ldap/fripost/syncprov.ldif
+ target=etc/ldap/syncprov.ldif
+ local=file
# TODO: authz constraint
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml
index 3ef02e8..5aa8a2e 100644
--- a/roles/common-LDAP/tasks/main.yml
+++ b/roles/common-LDAP/tasks/main.yml
@@ -43,18 +43,6 @@
# Not sure if required
- Restart slapd
-- name: Create directory /etc/ldap/fripost
- file: path=/etc/ldap/fripost
- state=directory
- owner=root group=root
- mode=0755
-
-- name: Copy fripost database definition
- template: src=etc/ldap/database.ldif.j2
- dest=/etc/ldap/fripost/database.ldif
- owner=root group=root
- mode=0600
-
- name: Copy fripost & amavis' schema
copy: src=etc/ldap/schema/{{ item }}
dest=/etc/ldap/schema/{{ item }}
@@ -69,18 +57,21 @@
tags:
- amavis
-- name: Load fripost's schema and configure the database
- openldap: target=/etc/ldap/{{ item }} state=present
- with_items:
- - schema/fripost.ldif
- - fripost/database.ldif
-
- name: Load amavis' schema
openldap: target=/etc/ldap/schema/amavis.schema state=present
format=slapd.conf name=amavis
tags:
- ldap
+- name: Load Fripost' schema
+ openldap: target=/etc/ldap/schema/fripost.ldif state=present
+ tags:
+ - ldap
+
+- name: Configure the LDAP database
+ openldap: target=etc/ldap/database.ldif.j2 local=template
+ state=present
+
- name: Start slapd
service: name=slapd state=started
when: not (r1.changed or r2.changed)
diff --git a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2 b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
index cde9069..af31836 100644
--- a/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
+++ b/roles/common-LDAP/templates/etc/ldap/database.ldif.j2
@@ -1,5 +1,5 @@
# Fripost's LDAP database definition
-# Copyright © 2013 Guilhem Moulin <guilhem@fripost.org>
+# Copyright (c) 2013 Guilhem Moulin <guilhem@fripost.org>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by