mirror of
https://github.com/freeipa/ansible-freeipa.git
synced 2026-03-26 21:33:05 +00:00
59afa28260
There is a new backup role in the roles folder:
roles/ipabackup
This role allows to backup an IPA server, to copy a backup from the
server to the controller, to copy all backups from the server to the
controller, to remove a backup from the server, to remove all backups
from the server, to restore an IPA server locally and from the controller
and also to copy a backup from the controller to the server.
Here is the documentation for the role:
roles/ipabackup/README.md
New example playbooks have been added:
playbooks/backup-server.yml
playbooks/backup-server-to-controller.yml
playbooks/copy-backup-from-server.yml
playbooks/copy-all-backups-from-server.yml
playbooks/remove-backup-from-server.yml
playbooks/remove-all-backups-from-server.yml
playbooks/copy-backup-to-server.yml
playbooks/restore-server-from-controller.yml
playbooks/restore-server.yml
148 lines
4.6 KiB
YAML
148 lines
4.6 KiB
YAML
---
|
|
# tasks file for ipabackup
|
|
|
|
### VARIABLES
|
|
|
|
- name: Import variables specific to distribution
|
|
include_vars: "{{ item }}"
|
|
with_first_found:
|
|
- "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_version }}.yml"
|
|
- "{{ role_path }}/vars/{{ ansible_distribution }}-{{ ansible_distribution_major_version }}.yml"
|
|
- "{{ role_path }}/vars/{{ ansible_distribution }}.yml"
|
|
- "{{ role_path }}/vars/default.yml"
|
|
|
|
### GET SERVICES FROM BACKUP
|
|
|
|
- name: Stat backup on server
|
|
stat:
|
|
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}"
|
|
register: result_backup_stat
|
|
|
|
- name: Fail on missing backup directory
|
|
fail: msg="Unable to find backup {{ ipabackup_item }}"
|
|
when: result_backup_stat.stat.isdir is not defined
|
|
|
|
- name: Stat header file in backup "{{ ipabackup_item }}"
|
|
stat:
|
|
path: "{{ ipabackup_dir }}/{{ ipabackup_item }}/header"
|
|
register: result_backup_header_stat
|
|
|
|
- name: Fail on missing header file in backup
|
|
fail: msg="Unable to find backup {{ ipabackup_item }} header file"
|
|
when: result_backup_header_stat.stat.isreg is not defined
|
|
|
|
- name: Get services from backup
|
|
shell: >
|
|
grep "^services = " "{{ ipabackup_dir }}/{{ ipabackup_item }}/header" | cut -d"=" -f2 | tr -d '[:space:]'
|
|
register: result_services_grep
|
|
|
|
- name: Set ipabackup_services
|
|
set_fact:
|
|
ipabackup_services: "{{ result_services_grep.stdout.split(',') }}"
|
|
ipabackup_service_dns: DNS
|
|
ipabackup_service_adtrust: ADTRUST
|
|
ipabackup_service_ntp: NTP
|
|
|
|
### INSTALL PACKAGES
|
|
|
|
- block:
|
|
- name: Ensure that IPA server packages are installed
|
|
package:
|
|
name: "{{ ipaserver_packages }}"
|
|
state: present
|
|
|
|
- name: Ensure that IPA server packages for dns are installed
|
|
package:
|
|
name: "{{ ipaserver_packages_dns }}"
|
|
state: present
|
|
when: ipabackup_service_dns in ipabackup_services
|
|
|
|
- name: Ensure that IPA server packages for adtrust are installed
|
|
package:
|
|
name: "{{ ipaserver_packages_adtrust }}"
|
|
state: present
|
|
when: ipabackup_service_adtrust in ipabackup_services
|
|
|
|
- name: Ensure that firewalld packages are installed
|
|
package:
|
|
name: "{{ ipaserver_packages_firewalld }}"
|
|
state: present
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
when: ipabackup_install_packages | bool
|
|
|
|
### START FIREWALLD
|
|
|
|
- block:
|
|
- name: Ensure that firewalld is running
|
|
systemd:
|
|
name: firewalld
|
|
enabled: yes
|
|
state: started
|
|
|
|
- name: Firewalld - Verify runtime zone "{{ ipabackup_firewalld_zone }}"
|
|
shell: >
|
|
firewall-cmd
|
|
--info-zone="{{ ipabackup_firewalld_zone }}"
|
|
>/dev/null
|
|
when: ipabackup_firewalld_zone is defined
|
|
|
|
- name: Firewalld - Verify permanent zone "{{ ipabackup_firewalld_zone }}"
|
|
shell: >
|
|
firewall-cmd
|
|
--permanent
|
|
--info-zone="{{ ipabackup_firewalld_zone }}"
|
|
>/dev/null
|
|
when: ipabackup_firewalld_zone is defined
|
|
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
### RESTORE
|
|
|
|
- name: Restore backup
|
|
no_log: True
|
|
shell: >
|
|
ipa-restore
|
|
{{ ipabackup_item }}
|
|
--unattended
|
|
{{ "--password="+ipabackup_password if ipabackup_password is defined }}
|
|
{{ "--data" if ipabackup_data | bool }}
|
|
{{ "--online" if ipabackup_online | bool }}
|
|
{{ "--instance="+ipabackup_instance if ipabackup_instance is defined }}
|
|
{{ "--backend="+ipabackup_backend if ipabackup_backend is defined }}
|
|
{{ "--no-logs" if ipabackup_no_logs | bool }}
|
|
{{ "--log-file="+ipabackup_log_file if ipabackup_log_file is defined }}
|
|
register: result_iparestore
|
|
ignore_errors: yes
|
|
|
|
- name: Report error for restore operation
|
|
debug:
|
|
msg: "{{ result_iparestore.stderr }}"
|
|
when: result_iparestore is failed
|
|
failed_when: yes
|
|
|
|
### CONFIGURE FIREWALLD
|
|
|
|
- name: Configure firewalld
|
|
command: >
|
|
firewall-cmd
|
|
--permanent
|
|
--zone="{{ ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined }}"
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services }}
|
|
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services }}
|
|
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services }}
|
|
when: ipabackup_setup_firewalld | bool
|
|
|
|
- name: Configure firewalld runtime
|
|
command: >
|
|
firewall-cmd
|
|
--zone="{{ ipabackup_firewalld_zone if ipabackup_firewalld_zone is defined }}"
|
|
--add-service=freeipa-ldap
|
|
--add-service=freeipa-ldaps
|
|
{{ "--add-service=freeipa-trust" if ipabackup_service_adtrust in ipabackup_services }}
|
|
{{ "--add-service=dns" if ipabackup_service_dns in ipabackup_services }}
|
|
{{ "--add-service=ntp" if ipabackup_service_ntp in ipabackup_services }}
|
|
when: ipabackup_setup_firewalld | bool
|