|
Packit Service |
a166ed |
ipabackup role
|
|
Packit Service |
a166ed |
==============
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Description
|
|
Packit Service |
a166ed |
-----------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
This role allows to backup an IPA server, to copy a backup from the server to the controller, to copy all backups from the server to the controller, to remove a backup from the server, to remove all backups from the server, to restore an IPA server locally and from the controller and also to copy a backup from the controller to the server.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
**Note**: The ansible playbooks and role require a configured ansible environment where the ansible nodes are reachable and are properly set up to have an IP address and a working package manager.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Features
|
|
Packit Service |
a166ed |
--------
|
|
Packit Service |
a166ed |
* Server backup
|
|
Packit Service |
a166ed |
* Server backup to controller
|
|
Packit Service |
a166ed |
* Copy backup from server to controller
|
|
Packit Service |
a166ed |
* Copy all backups from server to controller
|
|
Packit Service |
a166ed |
* Remove backup from the server
|
|
Packit Service |
a166ed |
* Remove all backups from the server
|
|
Packit Service |
a166ed |
* Server restore from server local backup.
|
|
Packit Service |
a166ed |
* Server restore from controller.
|
|
Packit Service |
a166ed |
* Copy a backup from the controller to the server.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Supported FreeIPA Versions
|
|
Packit Service |
a166ed |
--------------------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
FreeIPA versions 4.5 and up are supported by the backup role.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Supported Distributions
|
|
Packit Service |
a166ed |
-----------------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
* RHEL/CentOS 7.6+
|
|
Packit Service |
a166ed |
* Fedora 26+
|
|
Packit Service |
a166ed |
* Ubuntu
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Requirements
|
|
Packit Service |
a166ed |
------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
**Controller**
|
|
Packit Service |
a166ed |
* Ansible version: 2.8+
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
**Node**
|
|
Packit Service |
a166ed |
* Supported FreeIPA version (see above)
|
|
Packit Service |
a166ed |
* Supported distribution (needed for package installation only, see above)
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Usage
|
|
Packit Service |
a166ed |
=====
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example inventory file with fixed domain and realm, setting up of the DNS server and using forwarders from /etc/resolv.conf:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```ini
|
|
Packit Service |
a166ed |
[ipaserver]
|
|
Packit Service |
a166ed |
ipaserver.example.com
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to create a backup on the IPA server locally:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to backup IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: present
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to create a backup of the IPA server that is transferred to the controller using the server name as prefix for the backup and removed on the server:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to backup IPA server to controller
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_to_controller: yes
|
|
Packit Service |
a166ed |
# ipabackup_keep_on_server: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: present
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to create a backup of the IPA server that is transferred to the controller using the server name as prefix for the backup and kept on the server:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to backup IPA server to controller
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_to_controller: yes
|
|
Packit Service |
a166ed |
ipabackup_keep_on_server: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: present
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Copy backup `ipa-full-2020-10-01-10-00-00` from server to controller:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to copy backup from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: ipa-full-2020-10-01-10-00-00
|
|
Packit Service |
a166ed |
ipabackup_to_controller: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: copied
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Copy backups `ipa-full-2020-10-01-10-00-00` and `ipa-full-2020-10-02-10-00-00` from server to controller:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to copy backup from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name:
|
|
Packit Service |
a166ed |
- ipa-full-2020-10-01-10-00-00
|
|
Packit Service |
a166ed |
- ipa-full-2020-10-02-10-00-00
|
|
Packit Service |
a166ed |
ipabackup_to_controller: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: copied
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Copy all backups from server to controller that are following the backup naming scheme:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to copy all backups from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: all
|
|
Packit Service |
a166ed |
ipabackup_to_controller: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: copied
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Remove backup `ipa-full-2020-10-01-10-00-00` from server:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to remove backup from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: ipa-full-2020-10-01-10-00-00
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Remove backups `ipa-full-2020-10-01-10-00-00` and `ipa-full-2020-10-02-10-00-00` from server:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to remove backup from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name:
|
|
Packit Service |
a166ed |
- ipa-full-2020-10-01-10-00-00
|
|
Packit Service |
a166ed |
- ipa-full-2020-10-02-10-00-00
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Remove all backups from server that are following the backup naming scheme:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to remove all backups from IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: all
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: absent
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to restore an IPA server locally:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to restore an IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: ipa-full-2020-10-22-11-11-44
|
|
Packit Service |
a166ed |
ipabackup_password: SomeDMpassword
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: restored
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to restore IPA server from controller:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to restore IPA server from controller
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: ipaserver.test.local_ipa-full-2020-10-22-11-11-44
|
|
Packit Service |
a166ed |
ipabackup_password: SomeDMpassword
|
|
Packit Service |
a166ed |
ipabackup_from_controller: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: restored
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Example playbook to copy a backup from controller to the IPA server:
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```yaml
|
|
Packit Service |
a166ed |
---
|
|
Packit Service |
a166ed |
- name: Playbook to copy a backup from controller to the IPA server
|
|
Packit Service |
a166ed |
hosts: ipaserver
|
|
Packit Service |
a166ed |
become: true
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
vars:
|
|
Packit Service |
a166ed |
ipabackup_name: ipaserver.test.local_ipa-full-2020-10-22-11-11-44
|
|
Packit Service |
a166ed |
ipabackup_from_controller: yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
roles:
|
|
Packit Service |
a166ed |
- role: ipabackup
|
|
Packit Service |
a166ed |
state: copied
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Playbooks
|
|
Packit Service |
a166ed |
=========
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
The example playbooks to do the backup, copy a backup and also to remove a backup, also to do the restore, copy a backup to the server are part of the repository in the playbooks folder.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
backup-server.yml
|
|
Packit Service |
a166ed |
backup-server-to-controller.yml
|
|
Packit Service |
a166ed |
copy-all-backups-from-server.yml
|
|
Packit Service |
a166ed |
copy-backup-from-server.yml
|
|
Packit Service |
a166ed |
remove-all-backups-from-server.yml
|
|
Packit Service |
a166ed |
remove-backup-from-server.yml
|
|
Packit Service |
a166ed |
restore-server.yml
|
|
Packit Service |
a166ed |
restore-server-from-controller.yml
|
|
Packit Service |
a166ed |
copy-backup-from-controller.yml
|
|
Packit Service |
a166ed |
```
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Please remember to link or copy the playbooks to the base directory of ansible-freeipa if you want to use the roles within the source archive.
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Variables
|
|
Packit Service |
a166ed |
=========
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Base Variables
|
|
Packit Service |
a166ed |
--------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Variable | Description | Required
|
|
Packit Service |
a166ed |
-------- | ----------- | --------
|
|
Packit Service |
a166ed |
ipabackup_backend | The backend to restore within the instance or instances, str | no
|
|
Packit Service |
a166ed |
ipabackup_data | Backup only the data with `state: present` and restore only the data with `state: restored`, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_disable_role_check | Perform the backup even if this host does not have all the roles used in the cluster. This is not recommended, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_gpg | Encrypt the backup, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_gpg_keyring | Full path to the GPG keyring without the file extension, only for GPG 1 and up to IPA 4.6 str | no
|
|
Packit Service |
a166ed |
ipabackup_instance | The 389-ds instance to restore (defaults to all found), str | no
|
|
Packit Service |
a166ed |
ipabackup_log_file | Log to the given file on server for `state: present` and `state: restored` only, string | no
|
|
Packit Service |
a166ed |
ipabackup_logs | Include log files in backup, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_no_logs | Do not restore log files from the backup, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_online | Perform the LDAP backups online for data only with `state: present` and perform the LDAP restore online for data only with `state: restored`. If `ipabackup_data` is not set it will automatically be enabled. bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_password | The diretory manager password needed for restoring a backup with `state: restored`, str | no
|
|
Packit Service |
a166ed |
state | `present` to make a new backup, `absent` to remove a backup and `copied` to copy a backup from the server to the controller or from the controller to the server, `restored` to restore a backup. string (default: `present`) | yes
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Special Variables
|
|
Packit Service |
a166ed |
-----------------
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Variable | Description | Required
|
|
Packit Service |
a166ed |
-------- | ----------- | --------
|
|
Packit Service |
a166ed |
ipabackup_name | The IPA backup name(s). Only for removal of server local backup(s) with `state: absent`, to copy server local backup(s) to the controller with `state: copied` and `ipabackup_from_server` set, to copy a backup from the controller to the server with `state: copied` and `ipabackup_from_controller` set or to restore a backup with `state: restored` either locally on the server of from the controller with `ipabackup_from_controller` set. If `all` is used all available backups are copied or removed that are following the backup naming scheme. string list | no
|
|
Packit Service |
a166ed |
ipabackup_keep_on_server | Keep local copy of backup on server with `state: present` and `ipabackup_to_controller`, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_to_controller | Copy backup to controller, prefixes backup with node name, remove backup on server if `ipabackup_keep_on_server` is not set, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_controller_path | Pre existing path on controller to store the backup in with `state: present`, path on the controller to copy the backup from with `state: copied` and `ipabackup_from_controller` set also for the restore with `state: restored` and `ipabackup_from_controller` set. If this is not set, the current working dir is used. string | no
|
|
Packit Service |
a166ed |
ipabackup_name_prefix | Set prefix to use for backup directory on controller with `state: present` or `state: copied` and `ipabackup_to_controller` set, The default is the server FQDN, string | no
|
|
Packit Service |
a166ed |
ipabackup_from_controller | Copy backup from controller to server, restore if `state: restored`, copy backup to server if `state: copied`, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_install_packages | Install needed packages to be able to apply the backup with `state: restored`, bool (default: `yes`) | no
|
|
Packit Service |
a166ed |
ipabackup_firewalld_zone | The value defines the firewall zone that will be used with `state: restored`. This needs to be an existing runtime and permanent zone, bool (default: `no`) | no
|
|
Packit Service |
a166ed |
ipabackup_setup_firewalld | The value defines if the needed services will automatically be opened in the firewall managed by firewalld with `state: restored`, bool (default: `yes`) | no
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Authors
|
|
Packit Service |
a166ed |
=======
|
|
Packit Service |
a166ed |
|
|
Packit Service |
a166ed |
Thomas Woerner
|