From 80b017b5d1ba3eefe6f99875a43a25c0650ca363 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 31 May 2019 18:56:24 +0300
Subject: [PATCH] write ldap datadirectory handling more cleanly

---
 host_vars/ldap01.home.foo.sh.yml    |  1 +
 roles/ldap/server/defaults/main.yml |  1 +
 roles/ldap/server/tasks/main.yml    | 55 +++++++++++------------------
 3 files changed, 22 insertions(+), 35 deletions(-)

diff --git a/host_vars/ldap01.home.foo.sh.yml b/host_vars/ldap01.home.foo.sh.yml
index 0b5d1cb..16d7271 100644
--- a/host_vars/ldap01.home.foo.sh.yml
+++ b/host_vars/ldap01.home.foo.sh.yml
@@ -3,4 +3,5 @@ interfaces: [[20, "52:54:00:ac:dc:1f"]]
 vmhost: vmhost01.home.foo.sh
 datadisk_size: [10]
 
+ldap_datadir: /export/ldap
 ldap_master: true
diff --git a/roles/ldap/server/defaults/main.yml b/roles/ldap/server/defaults/main.yml
index 9b2bb79..f0092d2 100644
--- a/roles/ldap/server/defaults/main.yml
+++ b/roles/ldap/server/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
 ldap_server_cert: "{% if ldap_master is defined %}ldap01.foo.sh{% else %}\
  ldap.foo.sh{% endif %}"
+ldap_datadir: /srv/ldap
diff --git a/roles/ldap/server/tasks/main.yml b/roles/ldap/server/tasks/main.yml
index 361535c..868f3d9 100644
--- a/roles/ldap/server/tasks/main.yml
+++ b/roles/ldap/server/tasks/main.yml
@@ -7,41 +7,26 @@
     - openldap-servers
     - ldapvi
 
-- block:
-  - name: fix selinux context from ldap data directory
-    sefcontext:
-      path: /export/ldap(/.*)?
-      setype: slapd_db_t
-  - name: create ldap data directory
-    file:
-      path: /export/ldap
-      state: directory
-      mode: 0700
-      owner: ldap
-      group: ldap
-  - name: link ldap data directory
-    file:
-      path: /srv/ldap
-      src: /export/ldap
-      state: link
-      owner: root
-      group: root
-      follow: false
-  when: ldap_master is defined
-
-- block:
-  - name: fix selinux context from ldap data directory
-    sefcontext:
-      path: /srv/ldap(/.*)?
-      setype: slapd_db_t
-  - name: create ldap data directory
-    file:
-      path: /srv/ldap
-      state: directory
-      mode: 0700
-      owner: ldap
-      group: ldap
-  when: ldap_msater is not defined
+- name: fix selinux context from ldap data diretory
+  sefcontext:
+    path: "{{ ldap_datadir }}(/.*)?"
+    setype: slapd_db_t
+- name: create ldap data directory
+  file:
+    path: "{{ ldap_datadir }}"
+    state: directory
+    mode: 0700
+    owner: ldap
+    group: ldap
+- name: link ldap data directory
+  file:
+    path: /srv/ldap
+    src: /export/ldap
+    state: link
+    owner: root
+    group: root
+    follow: false
+  when: ldap_datadir != "/srv/ldap"
 
 - name: remove nss cert databases
   file: