don't use /export for ldap data directory on slaves

2019-05-31 18:34:39 +03:00 · 2019-05-31 18:34:39 +03:00 · 0163a5f932
commit 0163a5f932
parent 7238a595f2
1 changed files with 34 additions and 20 deletions
--- a/roles/ldap/server/tasks/main.yml
+++ b/roles/ldap/server/tasks/main.yml
@ -7,27 +7,41 @@
    - openldap-servers
    - ldapvi

- name: fix selinux context from ldap data directory
-  sefcontext:
-    path: /export/ldap(/.*)?
-    setype: slapd_db_t
+- block:
+  - name: fix selinux context from ldap data directory
+    sefcontext:
+      path: /export/ldap(/.*)?
+      setype: slapd_db_t
+  - name: create ldap data directory
+    file:
+      path: /export/ldap
+      state: directory
+      mode: 0700
+      owner: ldap
+      group: ldap
+  - name: link ldap data directory
+    file:
+      path: /srv/ldap
+      src: /export/ldap
+      state: link
+      owner: root
+      group: root
+      follow: false
+  when: ldap_master is defined

- name: create ldap data directory
-  file:
-    path: /export/ldap
-    state: directory
-    mode: 0700
-    owner: ldap
-    group: ldap
-
- name: link ldap data directory
-  file:
-    path: /srv/ldap
-    src: /export/ldap
-    state: link
-    owner: root
-    group: root
-    follow: false
+- block:
+  - name: fix selinux context from ldap data directory
+    sefcontext:
+      path: /srv/ldap(/.*)?
+      setype: slapd_db_t
+  - name: create ldap data directory
+    file:
+      path: /srv/ldap
+      state: directory
+      mode: 0700
+      owner: ldap
+      group: ldap
+  when: ldap_msater is not defined

 - name: remove nss cert databases
  file: