freeipa_server_backup

This role manages backups for your FreeIPA servers.

Requirements

You need: Ansible 2.6.0 or a newer version.

You can install a stable version easily using pip:

pip install ansible==2.7.9

All platform requirements are detailed in the metadata file.

Check the dependencies to use this role.

Also refer to the official documentation.

Install

ansible-galaxy install timorunge.freeipa_server_backup

Role Variables

Here are the variables you can use with this role and their brief descriptions. (For the complete list, check defaults/main.yml)

Currently, you cannot change the backup directory. This is a limitation of the ipa-backup command itself, and the default location is /var/lib/ipa/backup.

# Maximum age of backups (in days)
# Type: Int
freeipa_server_backup_max_age: 14

# Time for a full backup (this will stop and start the ipa services!)
# Type: Dict
freeipa_server_backup_cron_full:
  minute: "{{ 59 | random(seed=inventory_hostname) }}"
  month: "*"
  weekday: "*"
  hour: 4
  day: "*"
  state: present

# Time for an online backup
# Type: Dict
freeipa_server_backup_cron_online:
  minute: "{{ 59 | random(seed=inventory_hostname) }}"
  month: "*"
  weekday: "*"
  hour: "*"
  day: "*"
  state: present

Examples

1) Install the FreeIPA server backup with default settings

- hosts: freeipa-server-backup
  roles:
    - timorunge.freeipa_server_backup

2) Install the FreeIPA server backup with custom settings

- hosts: freeipa-server-backup
  vars:
    freeipa_server_backup_max_age: 7
    freeipa_server_backup_cron_full:
      day: "*"
      hour: 3
      minute: "11"
      month: "*"
      state: present
      weekday: "*"
    freeipa_server_backup_cron_online:
      day: "*"
      hour: "*"
      minute: 33
      month: "*"
      state: present
      weekday: "*"
    freeipa_server_backup_cron_delete:
      day: "*"
      hour: 3
      minute: 55
      month: "*"
      state: present
      weekday: "*"
  roles:
    - timorunge.freeipa_server_backup

3) Install the FreeIPA server backup and move data to another location (using rsync)

- hosts: freeipa-server-backup
  vars:
    freeipa_server_backup_mv_location: rsync
    freeipa_server_backup_rsync_opts:
      - "-avq"
      - "--ignore-existing"
      - '-e "ssh -i /home/ipa-backups/.ssh/id_rsa"'
    freeipa_server_backup_rsync_dest: [email protected]:/var/backups/ipa-backup
  roles:
    - timorunge.freeipa_server_backup

Testing

Tests are performed using Docker and docker_test_runner, which runs the following containers:

• CentOS 7
• Ubuntu 16.04 (Xenial Xerus)
• Ubuntu 17.10 (Artful Aardvark)
• Ubuntu 18.04 (Bionic Beaver)
• Ubuntu 18.10 (Cosmic Cuttlefish)

Ansible 2.7.9 is installed on all containers to run a test playbook locally.

For more details, check the docker_test_runner configuration and the Docker entrypoint.

# Local testing:
curl https://raw.githubusercontent.com/timorunge/docker-test-runner/master/install.sh | sh
./docker_test_runner.py -f tests/docker_test_runner.yml

Dependencies

This role requires an operational FreeIPA Server (Github Repo).

If your OS doesn't provide FreeIPA packages directly, use the above Ansible role.

Make sure to set freeipa_server_backup_install_pkgs to false to disable package installation by this role.

To Do

• Add encryption for backups (--gpg and --gpg-keyring=GPG_KEYRING)
• Enable moving files to an off-site location (s3, rsync & ssh)

License

BSD 3-Clause "New" or "Revised" License

Author Information

• Timo Runge