f0cd8ba432
Every `occ config:app:set` / `ldap:set-config` / `notify_push:setup` call previously fired on every play, marking changed even when the stored value already matched. Now we read the current value first and only invoke the setter when it differs: * richdocuments (collabora): pre-read wopi_url, public_wopi_url, disable_certificate_verification, wopi_allowlist into a fact map; guard each `config:app:set` and tag `richdocuments:activate-config` with `changed_when: false` since it's a discovery refresh. * drawio: same pattern for DrawioUrl, DrawioTheme, DrawioOffline, comparing as strings (occ stores booleans as "1"/"0"). * user_ldap: pre-read `ldap:show-config s01 --output=json`, parse JSON defensively (occ logs interleave on stderr), and skip per-key `ldap:set-config` calls when the stored value already equals the desired one. * notify_push: skip `notify_push:setup` when the stored base_endpoint already matches the computed URL. * plugins: `app:install`/`app:enable` were treating "already installed/ enabled" output as a change. Add the negative match to `changed_when` so re-runs of a fully-provisioned site report ok rather than changed.
60 lines
No EOL
2 KiB
YAML
60 lines
No EOL
2 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# LDAP configuration for Nextcloud user_ldap app
|
|
|
|
- name: Check if LDAP configuration exists
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
command: php /var/www/html/occ ldap:show-config
|
|
register: ldap_show_config
|
|
changed_when: false
|
|
|
|
- name: Create LDAP configuration
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
command: php /var/www/html/occ ldap:create-empty-config
|
|
when: "'s01' not in ldap_show_config.stdout"
|
|
|
|
- name: Read current LDAP config for s01
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
command: php /var/www/html/occ ldap:show-config s01 --output=json
|
|
register: _ldap_show_s01
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Parse current LDAP config
|
|
ansible.builtin.set_fact:
|
|
_ldap_current: >-
|
|
{{
|
|
(_ldap_show_s01.stdout | from_json) if (
|
|
(_ldap_show_s01.stdout | default('') | trim) is match('^[\\[{]')
|
|
) else {}
|
|
}}
|
|
when: _ldap_show_s01.rc | default(1) == 0
|
|
|
|
- name: Configure LDAP settings
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
argv:
|
|
- php
|
|
- /var/www/html/occ
|
|
- ldap:set-config
|
|
- s01
|
|
- "{{ item.key }}"
|
|
- "{{ item.value | string }}"
|
|
loop: "{{ nextcloud_ldap_config | dict2items }}"
|
|
loop_control:
|
|
label: "{{ item.key }}"
|
|
no_log: true
|
|
when: ((_ldap_current | default({})).get(item.key) | default(none) | string) != (item.value | string)
|
|
|
|
- name: Test LDAP configuration
|
|
community.docker.docker_container_exec:
|
|
container: "{{ nextcloud_service_name }}-nextcloud-1"
|
|
command: php /var/www/html/occ ldap:test-config s01
|
|
register: ldap_test_result
|
|
changed_when: false
|
|
failed_when:
|
|
- ldap_test_result.rc != 0
|
|
- "'succeeded' not in (ldap_test_result.stdout | default('') | lower)" |