majic-ansible-roles Changeset

Changeset - 3d1e72c4cbaf

Parent rev.

Child rev.

[Not reviewed]

0 5 2

Branko Majic (branko) - 2 months ago 2024-03-04 00:01:37
branko@majic.rs

MAR-192: Drop rsyslog/logrotate configuration for ldap_server role under Debian 12 Bookworm:

- Default installations of Debian 12 Bookworm no longer come with
rsyslog pre-installed (and it is considered to be deprecated as
default system logger under Debian 12 Bookworm).

7 files changed with 85 insertions and 38 deletions:

docs/releasenotes.rst

docs/rolereference.rst

roles/ldap_server/handlers/main.yml

roles/ldap_server/molecule/default/tests/test_default.py

roles/ldap_server/molecule/default/tests/test_default_bookworm.py

roles/ldap_server/molecule/default/tests/test_default_bullseye.py

roles/ldap_server/tasks/main.yml

0 comments (0 inline, 0 general)

docs/releasenotes.rst

➞

Show inline comments

@@ @@ -46,6 +46,16 @@ Dropped support for Debian 10 (Buster). @@
     servers. Parameter ``ntp_servers`` has been deprecated and
     replaced with parameter ``ntp_pools``.
 * ``ldap_server`` role
   * Starting with Debian 12 Bookworm, the role no longer deploys
     *rsyslog* and *logrotate* configuration for writing and rotating
     the LDAP servers logs under ``/var/log/slapd.log``. Primary
     reason is that Debian 12 Bookworm no longer installs *rsyslog* by
     default, and it is considered to be deprecated at this point. The
     LDAP server logs can be read via ``journalctl -u slapd`` when
     necessary.
 * ``mail_server`` role
   * Parameter ``mail_server_tls_protocols`` has been dropped and

docs/rolereference.rst

➞

Show inline comments

@@ @@ -603,8 +603,10 @@ The role implements the following: @@
 * Configures TLS versions and ciphers suppported by the server.
 * Installs OpenLDAP server (package ``slapd``).
 * Configures OpenLDAP server (base DN - domain, organisation, TLS, SSF, log levels).
 * Sets-up separate log file for OpenLDAP server at ``/var/log/slapd.log`` (with
   log rotation included).
 * Sets-up separate log file for OpenLDAP server at
   ``/var/log/slapd.log`` (with log rotation included), but *only* on
   Debian 11 Bullseye. Starting with Debian 12 Bookworm, the use of
   rsyslog is considered to be deprecated by Majic Ansible Roles.
 * Enables the ``misc`` LDAP schema (from ``/etc/ldap/schema/misc.ldif``). This
   is necessary for the mail server role.
 * Enables the ``memberof`` overlay on top of default database. The overlay is

roles/ldap_server/handlers/main.yml

➞

Show inline comments

@@ @@ -4,6 +4,7 @@ @@
   service:
     name: rsyslog
     state: restarted
   when: "ansible_distribution_release == 'bullseye'"
 - name: Restart slapd
   service:

roles/ldap_server/molecule/default/tests/test_default.py

➞

Show inline comments

@@ @@ -48,42 +48,6 @@ def test_ldap_server_service(host): @@
     assert service.is_running
 def test_syslog_configuration(host):
     """
     Tests if syslog configuration file has been deployed, and log file was
     created correctly (and is being logged to).
     """
     config = host.file('/etc/rsyslog.d/slapd.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     with host.sudo():
         log = host.file('/var/log/slapd.log')
         assert log.is_file
         assert 'slapd' in log.content_string
 def test_log_rotation_configuration(host):
     """
     Tests if log rotation configuration file has been deployed correctly and has
     valid syntax.
     """
     config = host.file('/etc/logrotate.d/slapd')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     with host.sudo():
         assert host.run('logrotate /etc/logrotate.d/slapd').rc == 0
 def test_misc_schema_presence(host):
     """
     Tests if the misc LDAP schema has been imported.

roles/ldap_server/molecule/default/tests/test_default_bookworm.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*-bookworm')
 def test_log_rotation_configuration(host):
     """
     Tests if log rotation configuration file is absent.
     """
     config = host.file('/etc/logrotate.d/slapd')
     assert not config.exists
 def test_syslog_configuration(host):
     """
     Tests if syslog configuration file is absent.
     """
     config = host.file('/etc/rsyslog.d/slapd.conf')
     assert not config.exists

roles/ldap_server/molecule/default/tests/test_default_bullseye.py

➞

Show inline comments

@@ new file 100644 @@
 import os
 import testinfra.utils.ansible_runner
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
     os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*-bullseye')
 def test_log_rotation_configuration(host):
     """
     Tests if log rotation configuration file has been deployed correctly and has
     valid syntax.
     """
     config = host.file('/etc/logrotate.d/slapd')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     with host.sudo():
         assert host.run('logrotate /etc/logrotate.d/slapd').rc == 0
 def test_syslog_configuration(host):
     """
     Tests if syslog configuration file has been deployed, and log file was
     created correctly (and is being logged to).
     """
     config = host.file('/etc/rsyslog.d/slapd.conf')
     assert config.is_file
     assert config.user == 'root'
     assert config.group == 'root'
     assert config.mode == 0o644
     with host.sudo():
         log = host.file('/var/log/slapd.log')
         assert log.is_file
         assert 'slapd' in log.content_string

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -64,6 +64,7 @@ @@
     owner: root
     group: root
     mode: 0644
   when: "ansible_distribution_release == 'bullseye'"
   notify:
     - Restart rsyslog
@@ @@ -74,6 +75,7 @@ @@
     owner: root
     group: root
     mode: 0644
   when: "ansible_distribution_release == 'bullseye'"
 - name: Change log level for slapd
   ldap_attr:

0 comments (0 inline, 0 general)