--- # tasks file for ipabackup ### VARIABLES - name: Import variables specific to distribution ansible.builtin.include_vars: "{{ item }}" with_first_found: - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml" - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" - "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml" # os_family is used as a fallback for distros which are not currently # supported, but are based on a supported distro family. For example, # Oracle, Rocky, Alma and Alibaba linux, which are all "RedHat" based. - "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yml" - "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yml" - "vars/{{ ansible_facts['os_family'] }}.yml" # If neither distro nor family is supported, try a default configuration. - "{{ role_path }}/vars/default.yml" ### GET SERVICES FROM BACKUP - name: Stat backup on server ansible.builtin.stat: path: "{{ ipabackup_dir }}/{{ ipabackup_item }}" register: result_backup_stat - name: Fail on missing backup directory ansible.builtin.fail: msg: "Unable to find backup {{ ipabackup_item }}" when: result_backup_stat.stat.isdir is not defined - name: Stat header file in backup "{{ ipabackup_item }}" ansible.builtin.stat: path: "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" register: result_backup_header_stat - name: Fail on missing header file in backup ansible.builtin.fail: msg: "Unable to find backup {{ ipabackup_item }} header file" when: result_backup_header_stat.stat.isreg is not defined - name: Get services from backup ansible.builtin.shell: > grep "^services = " "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" | cut -d"=" -f2 | tr -d '[:space:]' register: result_services_grep - name: Set ipabackup_services ansible.builtin.set_fact: ipabackup_services: "{{ result_services_grep.stdout.split(',') }}" ipabackup_service_dns: DNS ipabackup_service_adtrust: ADTRUST ipabackup_service_ntp: NTP ### INSTALL PACKAGES - name: Package installation when: ipabackup_install_packages | bool block: - name: Ensure that IPA server packages are installed ansible.builtin.package: name: "{{ ipaserver_packages }}" state: present - name: Ensure that IPA server packages for dns are installed ansible.builtin.package: name: "{{ ipaserver_packages_dns }}" state: present when: ipabackup_service_dns in ipabackup_services - name: Ensure that IPA server packages for adtrust are installed ansible.builtin.package: name: "{{ ipaserver_packages_adtrust }}" state: present when: ipabackup_service_adtrust in ipabackup_services - name: Ensure that firewalld packages are installed ansible.builtin.package: name: "{{ ipaserver_packages_firewalld }}" state: present when: ipabackup_setup_firewalld | bool ### START FIREWALLD - name: Firewall configuration when: ipabackup_setup_firewalld | bool block: - name: Ensure that firewalld is running ansible.builtin.systemd: name: firewalld enabled: yes state: started - name: Firewalld - Verify zones when: ipabackup_firewalld_zone is defined block: - name: Firewalld - Verify runtime zone from ipabackup_firewalld_zone ansible.builtin.shell: > firewall-cmd --info-zone="{{ ipabackup_firewalld_zone }}" >/dev/null - name: Firewalld - Verify permanent zone from ipabackup_firewalld_zone ansible.builtin.shell: > firewall-cmd --permanent --info-zone="{{ ipabackup_firewalld_zone }}" >/dev/null ### RESTORE - name: Restore backup no_log: True ansible.builtin.shell: > ipa-restore {{ ipabackup_item }} --unattended {{ "--password=" + ipabackup_password if ipabackup_password is defined else "" }} {{ "--data" if ipabackup_data | bool else "" }} {{ "--online" if ipabackup_online | bool else "" }} {{ "--instance=" + ipabackup_instance if ipabackup_instance is defined else "" }} {{ "--backend=" + ipabackup_backend if ipabackup_backend is defined else "" }} {{ "--no-logs" if ipabackup_no_logs | bool else "" }} {{ "--log-file=" + ipabackup_log_file if ipabackup_log_file is defined else "" }} register: result_iparestore ignore_errors: yes - name: Report error for restore operation ansible.builtin.debug: msg: "{{ result_iparestore.stderr }}" when: result_iparestore is failed failed_when: yes ### CONFIGURE FIREWALLD - name: Configure firewalld ansible.builtin.command: > firewall-cmd --permanent {{ "--zone=" + ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }} --add-service=freeipa-ldap --add-service=freeipa-ldaps {{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }} {{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }} {{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }} when: ipabackup_setup_firewalld | bool - name: Configure firewalld runtime ansible.builtin.command: > firewall-cmd {{ "--zone=" + ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }} --add-service=freeipa-ldap --add-service=freeipa-ldaps {{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }} {{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }} {{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }} when: ipabackup_setup_firewalld | bool