mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
157 lines
5.7 KiB
YAML
157 lines
5.7 KiB
YAML
---
|
|
# tasks file for ipabackup
|
|
|
|
### VARIABLES
|
|
|
|
- name: Import variables specific to distribution
|
|
ansible.builtin.include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_version'] }}.yml"
|
|
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
|
|
- "{{ role_path }}/vars/{{ ansible_facts['distribution'] }}.yml"
|
|
# os_family is used as a fallback for distros which are not currently
|
|
# supported, but are based on a supported distro family. For example,
|
|
# Oracle, Rocky, Alma and Alibaba linux, which are all "RedHat" based.
|
|
- "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_version'] }}.yml"
|
|
- "vars/{{ ansible_facts['os_family'] }}-{{ ansible_facts['distribution_major_version'] }}.yml"
|
|
- "vars/{{ ansible_facts['os_family'] }}.yml"
|
|
# If neither distro nor family is supported, try a default configuration.
|
|
- "{{ role_path }}/vars/default.yml"
|
|
|
|
### GET SERVICES FROM BACKUP
|
|
|
|
- name: Stat backup on server
|
|
ansible.builtin.stat:
|
|
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
|
|
register: result_backup_stat
|
|
|
|
- name: Fail on missing backup directory
|
|
ansible.builtin.fail: msg="Unable to find backup {{ ipabackup_item }}"
|
|
when: result_backup_stat.stat.isdir is not defined
|
|
|
|
- name: Stat header file in backup "{{ ipabackup_item }}"
|
|
ansible.builtin.stat:
|
|
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}/header"
|
|
register: result_backup_header_stat
|
|
|
|
- name: Fail on missing header file in backup
|
|
ansible.builtin.fail: msg="Unable to find backup {{ ipabackup_item }} header file"
|
|
when: result_backup_header_stat.stat.isreg is not defined
|
|
|
|
- name: Get services from backup
|
|
ansible.builtin.shell: >
|
|
grep "^services = " "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" | cut -d"=" -f2 | tr -d '[:space:]'
|
|
register: result_services_grep
|
|
|
|
- name: Set ipabackup_services
|
|
ansible.builtin.set_fact:
|
|
ipabackup_services: "{{ result_services_grep.stdout.split(',') }}"
|
|
ipabackup_service_dns: DNS
|
|
ipabackup_service_adtrust: ADTRUST
|
|
ipabackup_service_ntp: NTP
|
|
|
|
### INSTALL PACKAGES
|
|
|
|
- name: Package installation
|
|
block:
|
|
- name: Ensure that IPA server packages are installed
|
|
ansible.builtin.package:
|
|
name: "{{ ipaserver_packages }}"
|
|
state: present
|
|
|
|
- name: Ensure that IPA server packages for dns are installed
|
|
ansible.builtin.package:
|
|
name: "{{ ipaserver_packages_dns }}"
|
|
state: present
|
|
when: ipabackup_service_dns in ipabackup_services
|
|
|
|
- name: Ensure that IPA server packages for adtrust are installed
|
|
ansible.builtin.package:
|
|
name: "{{ ipaserver_packages_adtrust }}"
|
|
state: present
|
|
when: ipabackup_service_adtrust in ipabackup_services
|
|
|
|
- name: Ensure that firewalld packages are installed
|
|
ansible.builtin.package:
|
|
name: "{{ ipaserver_packages_firewalld }}"
|
|
state: present
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
when: ipabackup_install_packages | bool
|
|
|
|
### START FIREWALLD
|
|
|
|
- name: Firewall configuration
|
|
block:
|
|
- name: Ensure that firewalld is running
|
|
ansible.builtin.systemd:
|
|
name: firewalld
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Firewalld - Verify runtime zone "{{ ipabackup_firewalld_zone }}"
|
|
ansible.builtin.shell: >
|
|
firewall-cmd
|
|
--info-zone="{{ ipabackup_firewalld_zone }}"
|
|
>/dev/null
|
|
when: ipabackup_firewalld_zone is defined
|
|
|
|
- name: Firewalld - Verify permanent zone "{{ ipabackup_firewalld_zone }}"
|
|
ansible.builtin.shell: >
|
|
firewall-cmd
|
|
--permanent
|
|
--info-zone="{{ ipabackup_firewalld_zone }}"
|
|
>/dev/null
|
|
when: ipabackup_firewalld_zone is defined
|
|
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
### RESTORE
|
|
|
|
- name: Restore backup
|
|
no_log: True
|
|
ansible.builtin.shell: >
|
|
ipa-restore
|
|
{{ ipabackup_item }}
|
|
--unattended
|
|
{{ "--password="+ipabackup_password if ipabackup_password is defined else "" }}
|
|
{{ "--data" if ipabackup_data | bool else "" }}
|
|
{{ "--online" if ipabackup_online | bool else "" }}
|
|
{{ "--instance="+ipabackup_instance if ipabackup_instance is defined else "" }}
|
|
{{ "--backend="+ipabackup_backend if ipabackup_backend is defined else "" }}
|
|
{{ "--no-logs" if ipabackup_no_logs | bool else "" }}
|
|
{{ "--log-file="+ipabackup_log_file if ipabackup_log_file is defined else "" }}
|
|
register: result_iparestore
|
|
ignore_errors: yes
|
|
|
|
- name: Report error for restore operation
|
|
ansible.builtin.debug:
|
|
msg: "{{ result_iparestore.stderr }}"
|
|
when: result_iparestore is failed
|
|
failed_when: yes
|
|
|
|
### CONFIGURE FIREWALLD
|
|
|
|
- name: Configure firewalld
|
|
ansible.builtin.command: >
|
|
firewall-cmd
|
|
--permanent
|
|
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}
|
|
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }}
|
|
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }}
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
- name: Configure firewalld runtime
|
|
ansible.builtin.command: >
|
|
firewall-cmd
|
|
{{ "--zone="+ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined else "" }}
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services else "" }}
|
|
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services else "" }}
|
|
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services else "" }}
|
|
when: ipabackup_setup_firewalld | bool
|