internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-07 13:53:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
0.4
ansible-freeipa/roles/ipabackup/tasks/restore.yml
Rafael Guterres Jeffman 8028730cf5 ipabackup: Modify vars loading in ansible-freeipa roles. 
When loading variables in all ansible-freeipa roles, it is expected
that a file with these variables is present for each supported Linux
distribution, and then, based on the information about the distribution
provided by Ansible, the correct file is loaded.

Previously, only the facts `distribution` and dinstribution version
related facts were used, which required specific files, or links to
files for distributions in the same "family", which will probably have
the same variables set.

This change adds searching for files based on the `os_family` fact,
allowing distributions that follow the same family rules to be
supported, without any changes to the codebase. It is still possible
that a specific distribution configuration overrides the default
behavior, as `os_family` has lower priority than `distribution`.

For example, distributions on the `RedHat` family, like Oracle Linux,
Alma Linux, and Rocky Linux, work withoutadding new files, or links to
files, to fill the `vars`.

Fix issue #573. Fix issue #523.
2021-08-31 15:15:41 -03:00

155 lines
5.3 KiB
YAML
Raw Permalink Blame History

---
# tasks file for ipabackup
### VARIABLES
- name: Import variables specific to distribution
include_vars: "{{ item }}"
with_first_found:
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml"
# os_family is used as a fallback for distros which are not currently
# supported, but are based on a supported distro family. For example,
# Oracle, Rocky, Alma and Alibaba linux, which are all "RedHat" based.
- "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yml"
- "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
- "vars/{{ ansible_facts['os_family'] }}.yml"
# If neither distro nor family is supported, try a default configuration.
- "{{ role_path }}/vars/default.yml"
### GET SERVICES FROM BACKUP
- name: Stat backup on server
stat:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
register: result_backup_stat
- name: Fail on missing backup directory
fail: msg="Unable to find backup {{ ipabackup_item }}"
when: result_backup_stat.stat.isdir is not defined
- name: Stat header file in backup "{{ ipabackup_item }}"
stat:
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}/header"
register: result_backup_header_stat
- name: Fail on missing header file in backup
fail: msg="Unable to find backup {{ ipabackup_item }} header file"
when: result_backup_header_stat.stat.isreg is not defined
- name: Get services from backup
shell: >
grep "^services = " "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" | cut -d"=" -f2 | tr -d '[:space:]'
register: result_services_grep
- name: Set ipabackup_services
set_fact:
ipabackup_services: "{{ result_services_grep.stdout.split(',') }}"
ipabackup_service_dns: DNS
ipabackup_service_adtrust: ADTRUST
ipabackup_service_ntp: NTP
### INSTALL PACKAGES
- block:
- name: Ensure that IPA server packages are installed
package:
name: "{{ ipaserver_packages }}"
state: present
- name: Ensure that IPA server packages for dns are installed
package:
name: "{{ ipaserver_packages_dns }}"
state: present
when: ipabackup_service_dns in ipabackup_services
- name: Ensure that IPA server packages for adtrust are installed
package:
name: "{{ ipaserver_packages_adtrust }}"
state: present
when: ipabackup_service_adtrust in ipabackup_services
- name: Ensure that firewalld packages are installed
package:
name: "{{ ipaserver_packages_firewalld }}"
state: present
when: ipabackup_setup_firewalld | bool
when: ipabackup_install_packages | bool
### START FIREWALLD
- block:
- name: Ensure that firewalld is running
systemd:
name: firewalld
enabled: yes
state: started
- name: Firewalld - Verify runtime zone "{{ ipabackup_firewalld_zone }}"
shell: >
firewall-cmd
--info-zone="{{ ipabackup_firewalld_zone }}"
>/dev/null
when: ipabackup_firewalld_zone is defined
- name: Firewalld - Verify permanent zone "{{ ipabackup_firewalld_zone }}"
shell: >
firewall-cmd
--permanent
--info-zone="{{ ipabackup_firewalld_zone }}"
>/dev/null
when: ipabackup_firewalld_zone is defined
when: ipabackup_setup_firewalld | bool
### RESTORE
- name: Restore backup
no_log: True
shell: >
ipa-restore
{{ ipabackup_item }}
--unattended
{{ "--password="+ipabackup_password if ipabackup_password is defined else "" }}
{{ "--data" if ipabackup_data | bool else "" }}
{{ "--online" if ipabackup_online | bool else "" }}
{{ "--instance="+ipabackup_instance if ipabackup_instance is defined else "" }}
{{ "--backend="+ipabackup_backend if ipabackup_backend is defined else "" }}
{{ "--no-logs" if ipabackup_no_logs | bool else "" }}
{{ "--log-file="+ipabackup_log_file if ipabackup_log_file is defined else "" }}
register: result_iparestore
ignore_errors: yes
- name: Report error for restore operation
debug:
msg: "{{ result_iparestore.stderr }}"
when: result_iparestore is failed
failed_when: yes
### CONFIGURE FIREWALLD
- name: Configure firewalld
command: >
firewall-cmd
--permanent
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
--add-service=freeipa-ldap
--add-service=freeipa-ldaps
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }}
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }}
when: ipabackup_setup_firewalld | bool
- name: Configure firewalld runtime
command: >
firewall-cmd
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
--add-service=freeipa-ldap
--add-service=freeipa-ldaps
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }}
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }}
when: ipabackup_setup_firewalld | bool
Reference in New Issue View Git Blame Copy Permalink