diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2015-06-10 18:16:13 +0200 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2015-06-10 18:52:21 +0200 |
| commit | f24f936c69ee97cca6095923549430cb6d510320 (patch) | |
| tree | c541c7976bfdf43486b3052ed893c84b1ae029b1 /roles/common-LDAP/tasks/main.yml | |
| parent | b408390ae9311b7d703ce57c25a78dce23c31b16 (diff) | |
slapd monitoring.
We don't use the provided 'slapd_' Munin plugin because it doesn't
support SASL binds.
Diffstat (limited to 'roles/common-LDAP/tasks/main.yml')
| -rw-r--r-- | roles/common-LDAP/tasks/main.yml | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/roles/common-LDAP/tasks/main.yml b/roles/common-LDAP/tasks/main.yml index 2eb0dfb..a8c784d 100644 --- a/roles/common-LDAP/tasks/main.yml +++ b/roles/common-LDAP/tasks/main.yml @@ -1,30 +1,33 @@ # XXX If #742056 gets fixed, we should preseed slapd to use peercreds as # RootDN once the fix enters stable. - name: Install OpenLDAP apt: pkg={{ item }} with_items: - slapd - ldap-utils - ldapvi - db-util - python-ldap + # for the 'slapd2_' munin plugin + - libnet-ldap-perl + - libauthen-sasl-perl - name: Configure slapd template: src=etc/default/slapd.j2 dest=/etc/default/slapd owner=root group=root mode=0644 register: r1 notify: - Restart slapd - name: Create directory /etc/ldap/ssl file: path=/etc/ldap/ssl state=directory owner=root group=root mode=0755 tags: - genkey # XXX: It's ugly to list all roles here, and to prunes them with a # conditional... @@ -90,46 +93,68 @@ - meta: flush_handlers - name: Copy fripost & amavis' schema copy: src=etc/ldap/schema/{{ item }} dest=/etc/ldap/schema/{{ item }} owner=root group=root mode=0644 # It'd certainly be nicer if we didn't have to deploy amavis' schema # everywhere, but we need the 'objectClass' in our replicates, hence # they need to be aware of the 'amavisAccount' class. with_items: - fripost.ldif - amavis.schema tags: - amavis - name: Load amavis' schema openldap: target=/etc/ldap/schema/amavis.schema format=slapd.conf name=amavis - tags: - - ldap - name: Load Fripost' schema openldap: target=/etc/ldap/schema/fripost.ldif - tags: - - ldap + +- name: Load the back_monitor overlay + openldap: module=back_monitor # We assume a clean (=stock) cn=config - name: Configure the LDAP database openldap: target=etc/ldap/database.ldif.j2 local=template # On read-only replicates, you might have to temporarily switch back to # read-write, delete the SyncRepl, and delete the DN manually: # sudo ldapdelete -Y EXTERNAL -H ldapi:// cn=admin,dc=fripost,dc=org - name: Remove cn=admin,dc=fripost,dc=org openldap: name="cn=admin,dc=fripost,dc=org" delete=entry - name: Remove the rootDN under the 'config' database openldap: name="olcDatabase={0}config,cn=config" delete=olcRootDN,olcRootPW - name: Copy /usr/local/sbin/slapcat-all.sh copy: src=usr/local/sbin/slapcat-all.sh dest=/usr/local/sbin/slapcat-all.sh owner=root group=root mode=0755 + + +- name: Install 'slapd2_' Munin wildcard plugin + # we don't install 'slapd_' because it doesn't support SASL binds + file: src=/usr/local/share/munin/plugins/slapd2_ + dest=/etc/munin/plugins/slapd2_{{ item }} + owner=root group=root + state=link force=yes + with_items: + # sudo /usr/share/munin/plugins/slapd2_ suggest + - connections + - statistics_entries + - operations_diff + - statistics_referrals + - statistics_pdu + - waiters + - statistics_bytes + - operations + tags: + - munin + - munin-node + notify: + - Restart munin-node |