Jeremy Lecour
ee21973371
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend
|:-:|:-:|:-:|:-:|:-:
|2777|524|2253|2462|:+1:
Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a>
gitea/ansible-roles/pipeline/head This commit looks good
Fully Qualified Collection Name
65 lines
2 KiB
YAML
65 lines
2 KiB
YAML
---
|
|
|
|
- name: "Is /root/.ldapvirc present ?"
|
|
ansible.builtin.stat:
|
|
path: /root/.ldapvirc
|
|
check_mode: no
|
|
register: root_ldapvirc_path
|
|
|
|
- name: Warning when ldapvirc file is present and ldap_admin_password is given
|
|
ansible.builtin.debug:
|
|
msg: "WARNING: an LDAP admin password is given, but an ldapvirc file already exists. It will not be updated."
|
|
when:
|
|
- ldap_admin_password | length > 0
|
|
- root_ldapvirc_path.stat.exists
|
|
|
|
# Generate ldap password if none is given and ldapvirc is absent
|
|
- name: apg package is installed
|
|
ansible.builtin.apt:
|
|
name: apg
|
|
state: present
|
|
when: not root_ldapvirc_path.stat.exists
|
|
|
|
- name: create a password for cn=admin
|
|
ansible.builtin.command:
|
|
cmd: "apg -n 1 -m 16 -M lcN"
|
|
register: new_ldap_admin_password
|
|
changed_when: False
|
|
when:
|
|
- ldap_admin_password | length == 0
|
|
- not root_ldapvirc_path.stat.exists
|
|
|
|
# Use the generated password or the one found in the file
|
|
- name: overwrite ldap_admin_password
|
|
ansible.builtin.set_fact:
|
|
ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
|
|
when:
|
|
- ldap_admin_password | length == 0
|
|
- not root_ldapvirc_path.stat.exists
|
|
|
|
- name: hash password for cn=admin
|
|
ansible.builtin.command:
|
|
cmd: "slappasswd -s {{ ldap_admin_password }}"
|
|
register: ldap_admin_password_ssha
|
|
changed_when: False
|
|
when: not root_ldapvirc_path.stat.exists
|
|
|
|
- name: create ldapvirc config
|
|
ansible.builtin.template:
|
|
src: ldapvirc.j2
|
|
dest: /root/.ldapvirc
|
|
mode: "0640"
|
|
when: not root_ldapvirc_path.stat.exists
|
|
|
|
# Read ldap password when none is given and ldapvirc is present
|
|
- name: read ldap admin password from ldapvirc file
|
|
ansible.builtin.shell:
|
|
cmd: "grep -E '^password: .+$' /root/.ldapvirc | awk '{print $2}'"
|
|
changed_when: False
|
|
check_mode: no
|
|
register: new_ldap_admin_password
|
|
|
|
# Use the password found in the file
|
|
- name: overwrite ldap_admin_password
|
|
ansible.builtin.set_fact:
|
|
ldap_admin_password: "{{ new_ldap_admin_password.stdout }}"
|