feat(ldap): support partial execution with prepare and deploy tags

2024-11-10 06:24:17 +00:00 · 2021-05-26 14:34:02 +02:00 · 2021-05-26 14:34:02 +02:00 · fef4a7ffe8
commit fef4a7ffe8
parent 9fd7f2ec98
4 changed files with 36 additions and 14 deletions
--- a/roles/ldap/tasks/configure.yml
+++ b/roles/ldap/tasks/configure.yml
@ -13,9 +13,7 @@
  delay: 3
  register: acl_res
  until: acl_res is succeeded
-  tags:
-    - ldap-sync
-    - ldap-sync-acl
+  tags: [ 'deploy', 'deploy-ldap', 'ldap-sync', 'ldap-sync-acl' ]

 - name: Ensure rootDN credentials up-to-date
  become: true
@ -32,8 +30,7 @@
    - key: olcRootPW
      value: "{{ ldap_root_pass }}"
      log: false
-  tags:
-    - ldap-sync
+  tags: [ 'deploy', 'deploy-ldap', 'ldap-sync' ]

 # Root node can be created with normal bind via LDAP
 - name: Create root node
@ -50,8 +47,7 @@
    bind_dn: "{{ ldap_rootdn }}"
    bind_pw: "{{ ldap_root_pass }}"
    server_uri: "{{ ldap_server_uri }}"
-  tags:
-    - ldap-sync
+  tags: [ 'deploy', 'deploy-ldap', 'ldap-sync' ]

 - name: Ensure root node is correctly configured
  become: true
@ -69,8 +65,7 @@
      value: "{{ ldap_org }}"
    - key: dc
      value: "{{ ldap_domain|regex_replace('\\..+', '') }}"
-  tags:
-    - ldap-sync
+  tags: [ 'deploy', 'deploy-ldap', 'ldap-sync' ]

 - name: Create organizational units
  ldap_entry:
@ -83,5 +78,4 @@
  loop: "{{ ldap_org_units }}"
  loop_control:
    loop_var: ou_name
-  tags:
-    - ldap-sync
+  tags: [ 'deploy', 'deploy-ldap', 'ldap-sync' ]
--- a/roles/ldap/tasks/initialize.yml
+++ b/roles/ldap/tasks/initialize.yml
@ -4,10 +4,12 @@
  stat:
    path: "{{ ldap_config_path }}/cn=config"
  register: stat_result
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: Determine if the container needs to be initialized
  set_fact:
    ldap_needs_init: "{{ stat_result.stat.exists|bool == False }}"
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: (init) Template initial slapd.ldif
  template:
@ -15,6 +17,7 @@
    dest: "{{ ldap_base_path }}/slapd.ldif"
    mode: 0644
  when: ldap_needs_init|bool
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: (init) Copy additional schema
  copy:
@ -26,6 +29,7 @@
  loop_control:
    loop_var: schema
    label: "{{ schema.name }}"
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: (init) Map additional schemas into container
  set_fact:
@ -41,6 +45,7 @@
  loop_control:
    loop_var: schema
    label: "{{ schema.name }}"
+  tags: [ 'deploy', 'deploy-ldap' ]

 # The detach and cleanup options force the task to
 # stall until slapadd is done. Else, an unconfigured
@ -56,6 +61,7 @@
    pull: "{{ ldap_container_pull }}"
    volumes: "{{ ldap_container_volumes + ldap_init_container_additional_volumes }}"
  when: ldap_needs_init|bool
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: (init) Remove files needed for bootstrapping
  file:
@ -63,3 +69,4 @@
    state: absent
  when: ldap_needs_init|bool
  loop: "{{ [ { 'name': 'slapd.ldif'} ] + ldap_additional_schemas }}"
+  tags: [ 'deploy', 'deploy-ldap' ]
--- a/roles/ldap/tasks/ldap-web-ui.yml
+++ b/roles/ldap/tasks/ldap-web-ui.yml
@ -1,4 +1,12 @@
 ---
+- name: Ensure LDAP management container image is pulled
+  docker_image:
+    name: "{{ ldap_management_container_image }}"
+    force_source: "{{ ldap_management_container_pull }}"
+    source: pull
+    state: present
+  when: ldap_management_container_enabled|bool
+  tags: ['prepare', 'prepare-ldap']

 - name: Ensure LDAP management container is started
  docker_container:
@ -18,9 +26,11 @@
        || exit 1

  when: ldap_management_container_enabled|bool
+  tags: ['deploy', 'deploy-ldap']

 - name: Ensure LDAP management container is absent
  docker_container:
    name: "{{ ldap_management_container_name }}"
    state: absent
  when: not ldap_management_container_enabled|bool
+  tags: ['deploy', 'deploy-ldap']
--- a/roles/ldap/tasks/main.yml
+++ b/roles/ldap/tasks/main.yml
@ -5,6 +5,7 @@
    path: "{{ ldap_base_path }}"
    state: directory
    mode: 0700
+  tags: [ 'prepare', 'prepare-ldap' ]

 - name: Create volume paths
  file:
@ -15,9 +16,18 @@
    - "{{ ldap_data_path }}"
    - "{{ ldap_config_path }}"
    - "{{ ldap_base_path }}/sock"
+  tags: [ 'prepare', 'prepare-ldap' ]

 - name: Provide intial container configuration
-  include_tasks: initialize.yml
+  import_tasks: initialize.yml
+
+- name: Ensure LDAP container image is pulled
+  docker_image:
+    name: "{{ ldap_container_image }}"
+    force_source: "{{ ldap_container_pull }}"
+    source: pull
+    state: present
+  tags: [ 'prepare', 'prepare-ldap' ]

 - name: Ensure LDAP container is started
  docker_container:
@ -31,14 +41,15 @@
    ulimits: "{{ ldap_container_ulimits }}"
    memory_reservation: "{{ ldap_container_memory_reservation }}"
    memory: "{{ ldap_container_memory }}"
-    restart_policy: unless-stopped
    recreate: "{{ ldap_container_recreate }}"
-    pull: "{{ ldap_container_pull }}"
+    restart_policy: unless-stopped
+    state: started
    healthcheck:
      test: >-
        [[ $(netstat -plnte | grep slapd | wc -l) -ge 1 ]]
        && [[ $(ps aux | grep slapd | wc -l) -ge 1 ]]
        || exit 1
+  tags: [ 'deploy', 'deploy-ldap' ]

 - name: Configure LDAP DIT
  import_tasks: configure.yml