Install IPA replicas with a larger nsslapd-maxsasliosize

Related to https://pagure.io/fedora-infrastructure/issue/10358 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
2026-05-12 02:46:20 +08:00 · 2023-10-24 13:56:13 +02:00
parent f6e6921655
commit 94478cc88b
2 changed files with 30 additions and 16 deletions
--- a/roles/ipa/server/files/replica-install.ldif
+++ b/roles/ipa/server/files/replica-install.ldif
@@ -0,0 +1,4 @@
+dn: cn=config
+changetype: modify
+replace: nsslapd-maxsasliosize
+nsslapd-maxsasliosize: 3145728
--- a/roles/ipa/server/tasks/main.yml
+++ b/roles/ipa/server/tasks/main.yml
@@ -86,6 +86,30 @@
  - config
  when: ipa_initial

+- name: Create LDIF directory
+  file:
+    path: /root/ldif
+    state: directory
+    owner: root
+    group: root
+    mode: 0750
+  tags:
+  - ipa/server
+  - config
+
+- name: Copy LDIF files
+  copy:
+    src: "{{item}}"
+    dest: /root/ldif/{{item}}
+  with_items:
+  - grant_anonymous_replication_view.ldif
+  - grant_fas_sync.ldif
+  - use_id_fp_o.ldif
+  - replica-install.ldif
+  tags:
+  - ipa/server
+  - config
+
 - name: determine whether we need to set up replication
  stat: path=/etc/ipa/default.conf
  register: replication_status
@@ -138,6 +162,7 @@
             --forwarder=10.3.163.34
             --skip-conncheck
             --log-file=/var/log/ipainstall.log
+             --dirsrv-config-file=/root/ldif/replica-install.ldif
             /root/ipa_replica_{{inventory_hostname}}.gpg
             creates=/etc/ipa/default.conf
    when: ansible_distribution_major_version|int < 8
@@ -158,6 +183,7 @@
             --log-file=/var/log/ipainstall.log
             --domain={{ipa_realm}}
             --server=ipa01{{ env_suffix }}.iad2.fedoraproject.org
+             --dirsrv-config-file=/root/ldif/replica-install.ldif
             creates=/etc/ipa/default.conf
    when: ansible_distribution_major_version|int >= 8
  when: not ipa_initial and not replication_status.stat.exists
@@ -608,22 +634,6 @@
  - config


- name: Create LDIF directory
-  file: path=/root/ldif state=directory owner=root group=root mode=0750
-  tags:
-  - ipa/server
-  - config
-
- name: Copy LDIF files
-  copy: src={{item}} dest=/root/ldif/{{item}}
-  with_items:
-  - grant_anonymous_replication_view.ldif
-  - grant_fas_sync.ldif
-  - use_id_fp_o.ldif
-  tags:
-  - ipa/server
-  - config
-
 # This is a special one, in that it needs to apply on each master since it's non-replicated.
 - name: Grant access to replication status
  command: ldapmodify -Y EXTERNAL -H {{ ipa_ldap_socket }}