Namespace all variables

stuvusIT · Apr 13, 2017 · ef42618 · ef42618
1 parent 9ee02a3
commit ef42618
Show file tree

Hide file tree

Showing 9 changed files with 46 additions and 47 deletions.
diff --git a/README.md b/README.md
@@ -18,22 +18,22 @@ A dpkg- or pacman-based Linux distribution.
 The role allows to set a number of variables.
 All variables are required.
 
-| Name                  | Default               | Description                                                         |
-|-----------------------|-----------------------|---------------------------------------------------------------------|
-| `run_dir`             | `/run/slapd`          | Runtime directory for args file, pid file and ldapi socket          |
-| `ldapi_socket`        | `{{run_dir}}/ldapi`   | ldapi unix socket for local slapd administration                    |
-| `db_dir`              | `/var/lib/slapd`      | Directory for the mdb. The directory is created, but the mdb is not |
-| `etc_dir`             | `/etc/ldap`           | slapd configuration in /etc, usually /etc/ldap or /etc/openldap     |
-| `olc_dir`             | `{{etc_dir}}/slapd.d` | Path where the LDIF files of the OLC reside                         |
-| `flags_dir`           | `{{etc_dir}}`         | Path where this role puts flags about what was done                 |
-| `schema_dir`          | `{{etc_dir}}/schema`  | Path where the default slapd schemas reside                         |
-| `slapd_user`          | `openldap`            | User under which slapd runs                                         |
-| `slapd_group`         | `{{slapd_user}}`      | Group under which slapd runs                                        |
-| `olc_rootdn`          | `cn=root,cn=config`   | Rootdn of the OLC                                                   |
-| `olc_rootdn_password` |                       | Password for the OLC rootdn                                         |
-
-All of these variables are exposed as facts for other roles.
-The only exception is `olc_rootdn_password` for security purposes.
+| Name                        | Default                     | Description                                                         |
+|-----------------------------|-----------------------------|---------------------------------------------------------------------|
+| `slapd_run_dir`             | `/run/slapd`                | Runtime directory for args file, pid file and ldapi socket          |
+| `slapd_ldapi_socket`        | `{{slapd_run_dir}}/ldapi`   | ldapi unix socket for local slapd administration                    |
+| `slapd_mdb_dir`             | `/var/lib/slapd`            | Directory for the mdb. The directory is created, but the mdb is not |
+| `slapd_etc_dir`             | `/etc/ldap`                 | slapd configuration in /etc, usually /etc/ldap or /etc/openldap     |
+| `slapd_olc_dir`             | `{{slapd_etc_dir}}/slapd.d` | Path where the LDIF files of the OLC reside                         |
+| `global_flags_dir`          | `{{slapd_etc_dir}}`         | Path where this role puts flags about what was done                 |
+| `slapd_schema_dir`          | `{{slapd_etc_dir}}/schema`  | Path where the default slapd schemas reside                         |
+| `slapd_user`                | `openldap`                  | User under which slapd runs                                         |
+| `slapd_group`               | `{{slapd_user}}`            | Group under which slapd runs                                        |
+| `slapd_olc_rootdn`          | `cn=root,cn=config`         | Rootdn of the OLC                                                   |
+| `slapd_olc_rootdn_password` |                             | Password for the OLC rootdn                                         |
+
+All of the variables prefixed with `slapd_` are exposed as facts for other roles.
+The only exception is `slapd_olc_rootdn_password` for security purposes.
 
 ## Dependencies
 
@@ -45,7 +45,7 @@ None
 - hosts: ldap
   roles:
   - slapd-base
-    etc_dir: /etc/openldap
+    slapd_etc_dir: /etc/openldap
 ```
 
 ## License

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
-run_dir: /run/slapd
-ldapi_socket: "{{ run_dir }}/ldapi"
-db_dir: /var/lib/slapd
-etc_dir: /etc/ldap
-olc_dir: "{{ etc_dir }}/slapd.d"
-flags_dir: "{{ etc_dir }}"
-schema_dir: "{{ etc_dir }}/schema"
+slapd_run_dir: /run/slapd
+slapd_ldapi_socket: "{{ slapd_run_dir }}/ldapi"
+slapd_mdb_dir: /var/lib/slapd
+slapd_etc_dir: /etc/ldap
+slapd_olc_dir: "{{ slapd_etc_dir }}/slapd.d"
+global_flags_dir: "{{ slapd_etc_dir }}"
+slapd_schema_dir: "{{ slapd_etc_dir }}/schema"
 slapd_user: openldap
 slapd_group: "{{ slapd_user }}"
-olc_rootdn: cn=root,cn=config
+slapd_olc_rootdn: cn=root,cn=config
diff --git a/tasks/facts.yml b/tasks/facts.yml
@@ -2,12 +2,11 @@
 # This file exposes all relevant role variables as facts.
 - name: Set slapd facts
   set_fact:
-    run_dir: "{{ run_dir }}"
-    ldapi_socket: "{{ ldapi_socket }}"
-    db_dir: "{{ db_dir }}"
-    olc_dir: "{{ olc_dir }}"
-    flags_dir: "{{ flags_dir }}"
-    schema_dir: "{{ schema_dir }}"
+    slapd_run_dir: "{{ slapd_run_dir }}"
+    slapd_ldapi_socket: "{{ slapd_ldapi_socket }}"
+    slapd_mdb_dir: "{{ slapd_mdb_dir }}"
+    slapd_olc_dir: "{{ slapd_olc_dir }}"
+    slapd_schema_dir: "{{ slapd_schema_dir }}"
     slapd_user: "{{ slapd_user }}"
     slapd_group: "{{ slapd_group }}"
-    olc_rootdn: "{{ olc_rootdn }}"
+    slapd_olc_rootdn: "{{ olc_rootdn }}"
diff --git a/tasks/install.yml b/tasks/install.yml
@@ -51,7 +51,7 @@
 
 - name: Create slapd OLC location
   file:
-    path: "{{ olc_dir }}"
+    path: "{{ slapd_olc_dir }}"
     state: directory
     owner: "{{ slapd_user }}"
     group: "{{ slapd_group }}"

diff --git a/tasks/olc-setup.yml b/tasks/olc-setup.yml
@@ -8,13 +8,13 @@
 
 - name: Wipe default OLC
   file:
-    path: "{{ olc_dir }}"
+    path: "{{ slapd_olc_dir }}"
     state: absent
   when: not olccreated.stat.exists
 
 - name: Create new slapd OLC location
   file:
-    path: "{{ olc_dir }}"
+    path: "{{ slapd_olc_dir }}"
     state: directory
     owner: "{{ slapd_user }}"
     group: "{{ slapd_group }}"
@@ -23,7 +23,7 @@
 - name: Hash OLC password
   command: "/bin/bash -c '/usr/sbin/slappasswd -n -T /dev/stdin < <(echo -n $password)'"
   environment:
-    password: "{{ olc_rootdn_password | mandatory }}"
+    password: "{{ slapd_olc_rootdn_password | mandatory }}"
   register: hashedPassword
   when: not olccreated.stat.exists
   changed_when: false
@@ -37,7 +37,7 @@
 
 # Not using become the user may be overridden
 - name: Apply basic OLC configuration
-  command: "/usr/bin/sudo -u {{ slapd_user }} /usr/sbin/slaptest -f {{ olc_tmp }} -F {{ olc_dir }}"
+  command: "/usr/bin/sudo -u {{ slapd_user }} /usr/sbin/slaptest -f {{ olc_tmp }} -F {{ slapd_olc_dir }}"
   when: not olccreated.stat.exists
 
 - name: Clean OLC configuration
@@ -46,7 +46,7 @@
     state: absent
 
 - name: Load core schema
-  shell: "schema2ldif {{ schema_dir }}/core.schema | slapadd -b cn=config -F {{ olc_dir }}"
+  shell: "schema2ldif {{ slapd_schema_dir }}/core.schema | slapadd -b cn=config -F {{ slapd_olc_dir }}"
   when: not olccreated.stat.exists
 
 - name: Create OLC flag

diff --git a/templates/slapd.conf.j2 b/templates/slapd.conf.j2
@@ -9,15 +9,15 @@
 # PID and arguments
 #####
 
-pidfile  {{ run_dir }}/slapd.pid
-argsfile {{ run_dir }}/slapd.args
+pidfile  {{ slapd_run_dir }}/slapd.pid
+argsfile {{ slapd_run_dir }}/slapd.args
 
 #####
 # OLC
 #####
 
 database config
-rootdn   {{ olc_rootdn }}
+rootdn   {{ slapd_olc_rootdn }}
 rootpw   {{ hashedPassword.stdout }}
 access   to * by * none
 
diff --git a/templates/slapd.service.j2 b/templates/slapd.service.j2
@@ -6,15 +6,15 @@ OnFailure=unit-failed@%n.service
 
 [Service]
 Type=forking
-ExecStart=/usr/sbin/slapd -u {{ slapd_user }} -g {{ slapd_group }} -F {{ olc_dir }} -h 'ldapi://{{ ldapi_socket | urlencode() | regex_replace('/', '%2F') }} ldap://[::] ldaps://[::]'
-PIDFile={{ run_dir }}/slapd.pid
+ExecStart=/usr/sbin/slapd -u {{ slapd_user }} -g {{ slapd_group }} -F {{ slapd_olc_dir }} -h 'ldapi://{{ slapd_ldapi_socket | urlencode() | regex_replace('/', '%2F') }} ldap://[::] ldaps://[::]'
+PIDFile={{ slapd_run_dir }}/slapd.pid
 SyslogFacility=local4
 # Security
 UMask=0077
 CapabilityBoundingSet=CAP_DAC_OVERRIDE CAP_NET_BIND_SERVICE CAP_SETUID CAP_SETGID
 NoNewPrivileges=true
 InaccessiblePaths=-/home -/root
-ReadWritePaths={{ olc_dir }} {{ db_dir }} {{ run_dir }}
+ReadWritePaths={{ slapd_olc_dir }} {{ slapd_mdb_dir }} {{ slapd_run_dir }}
 PrivateTmp=true
 PrivateDevices=true
 ProtectSystem=strict

diff --git a/templates/tmpfiles.conf.j2 b/templates/tmpfiles.conf.j2
@@ -1,2 +1,2 @@
 # {{ ansible_managed }}
-d {{ run_dir }} 0755 {{ slapd_user}} {{ slapd_group }} -
+d {{ slapd_run_dir }} 0755 {{ slapd_user}} {{ slapd_group }} -
diff --git a/vars/main.yml b/vars/main.yml
@@ -1,4 +1,4 @@
 ---
-olccreated_flag: "{{ flags_dir }}/.olccreated.flag"
-mdbwiped_flag: "{{ flags_dir }}/.mdbwiped.flag"
+olccreated_flag: "{{ global_flags_dir }}/.slapd-olccreated.flag"
+mdbwiped_flag: "{{ global_flags_dir }}/.slapd-mdbwiped.flag"
 olc_tmp: /tmp/olc.conf