# Copyright 2021 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
- name: Include provision_idrac vars
include_vars: "{{ playbook_dir }}/../roles/provision_idrac/vars/main.yml"
run_once: true
- name: Include control_plane_common vars
include_vars: "{{ playbook_dir }}/../roles/control_plane_common/vars/main.yml"
run_once: true
- name: Include idrac_vars.yml
include_vars: "{{ playbook_dir }}/../{{ idrac_input_filename }}"
run_once: true
- name: Set ldap_directory_services in lowercase
set_fact:
ldap_directory_services: "{{ ldap_directory_services | lower }}"
- name: Assert ldap_directory_services value
assert:
that:
- ldap_directory_services | length > 1
- ldap_directory_services == "enabled" or ldap_directory_services == "disabled"
success_msg: "{{ ldap_success_msg }}"
fail_msg: "{{ ldap_fail_msg }}"
- block:
- name: Check idrac_tools_vars.yml file is encrypted
command: cat "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
changed_when: false
run_once: true
register: config_content
- name: Decrpyt idrac_tools_vars.yml
command: >-
ansible-vault decrypt "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
--vault-password-file "{{ playbook_dir }}/../{{ idrac_tools_vaultname }}"
changed_when: false
run_once: true
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
- name: Include variable file idrac_tools_vars.yml
include_vars: "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
run_once: true
no_log: true
- name: Validate LDAP parameters are not empty
fail:
msg: "{{ ldap_input_fail_msg }}"
when:
- cert_validation_enable | length < 1 or
ldap_server_address | length < 1 or
ldap_port | length < 1 or
base_dn | length < 1 or
group_attribute_is_dn | length < 1 or
role_group1_dn | length < 1 or
role_group1_privilege | length < 1
- name: Set ldap_directory_services in lowercase
set_fact:
cert_validation_enable: "{{ cert_validation_enable | lower }}"
group_attribute_is_dn: "{{ group_attribute_is_dn | lower }}"
base_dn: "{{ base_dn | lower }}"
role_group1_dn: "{{ role_group1_dn | lower }}"
bind_dn: "{{ bind_dn | lower }}"
- name: Assert cert_validation_enable value
assert:
that: cert_validation_enable == "disabled"
success_msg: "{{ cert_validation_success_msg }}"
fail_msg: "{{ cert_validation_fail_msg }}"
- name: Assert bind_dn value
assert:
that:
- '"dc=" in bind_dn'
- '"ou=" in bind_dn'
success_msg: "{{ bind_dn_success_msg }}"
fail_msg: "{{ bind_dn_fail_msg }}"
when: bind_dn | length > 1
- name: Assert base_dn value
assert:
that: '"dc=" in base_dn'
success_msg: "{{ base_dn_success_msg }}"
fail_msg: "{{ base_dn_fail_msg }}"
- name: Assert group_attribute_is_dn value
assert:
that: group_attribute_is_dn == "disabled" or group_attribute_is_dn == "enabled"
success_msg: "{{ group_attribute_success_msg }}"
fail_msg: "{{ group_attribute_fail_msg }}"
- name: Assert role_group1_dn value
assert:
that:
- '"dc=" in role_group1_dn'
- '"ou=" in role_group1_dn'
success_msg: "{{ role_group1_dn_success_msg }}"
fail_msg: "{{ role_group1_dn_fail_msg }}"
- name: Assert role_group1_privilege value
assert:
that:
- role_group1_privilege == "Administrator" or
role_group1_privilege == "Operator" or
role_group1_privilege == "ReadOnly"
success_msg: "{{ role_group1_privilege_success_msg }}"
fail_msg: "{{ role_group1_privilege_fail_msg }}"
- name: Set role_group1_privilege value
set_fact:
role_group1_privilege_id: "{{ item.value }}"
when: item.name == role_group1_privilege
with_items:
- { name: "Administrator", value: "511" }
- { name: "Operator", value: "499" }
- { name: "ReadOnly", value: "1" }
- name: Encrypt idrac_tools_vars.yml
command: >-
ansible-vault encrypt "{{ playbook_dir }}/../{{ idrac_tools_vars_filename }}"
--vault-password-file "{{ playbook_dir }}/../{{ idrac_tools_vaultname }}"
changed_when: false
run_once: true
when: "'$ANSIBLE_VAULT;' in config_content.stdout"
when: ldap_directory_services == "enabled"