ansible-roles/roles/ldap2pg/tasks/conf.yml

---

- name: Deploy ldap2pg configuration
  block:
    - name: Render config template
      template:
        src: ldap2pg.yml.j2
        dest: "/etc/ldap2pg.yml"
        owner: "{{ ldap2pg_user }}"
        group: "{{ ldap2pg_user }}"
        mode: 0600
        backup: True
      register: ldap2pg_rendered_conf
      notify:
        - restart ldap2pg.timer

    - name: Validate new configuration
      command: /bin/ldap2pg --config /etc/ldap2pg.yml --dry
      changed_when: False
      become_user: "{{ ldap2pg_user }}"
      register: ldap2pg_conf_validation

  rescue:
    - name: Rollback previous configuration
      copy:
        src: "{{ ldap2pg_rendered_conf.backup_file }}"
        dest: /etc/ldap2pg.yml
        remote_src: True
        owner: "{{ ldap2pg_user }}"
        group: "{{ ldap2pg_user }}"
        mode: 0600
      when: ldap2pg_rendered_conf.backup_file is defined

  tags: pg

- name: Fails if new configuration isn't validated
  fail:
    msg: "Failed to validate /etc/ldap2pg: {{ ldap2pg_conf_validation.stdout }}"
  when: ldap2pg_conf_validation.rc != 0
  tags: pg