freeipa_server_backup
freeipa_server_backup
This role is taking care of the backups for your FreeIPA servers.
Requirements
This role requires Ansible 2.6.0 or higher.
You can simply use pip to install (and define) a stable version:
pip install ansible==2.7.9
All platform requirements are listed in the metadata file.
In order to use this role take a look at the dependencies.
Also take a look at the official documentation.
Install
ansible-galaxy install timorunge.freeipa_server_backup
Role Variables
The variables that can be passed to this role and a brief description about them are as follows. (For all variables, take a look at defaults/main.yml)
At this given point in time it's - unfortunately - not possible to set the
backup directory. This is a limitation from the ipa-backup command itself (the
default location is /var/lib/ipa/backup).
# Defines the maximum age of backups (in days)
# Type: Int
freeipa_server_backup_max_age: 14
# Define the time when a full backup should run
# (this will stop and start the ipa services!)
# Type: Dict
freeipa_server_backup_cron_full:
minute: "{{ 59 | random(seed=inventory_hostname) }}"
month: "*"
weekday: "*"
hour: 4
day: "*"
state: present
# Define the time when a online backup should run
# Type: Dict
freeipa_server_backup_cron_online:
minute: "{{ 59 | random(seed=inventory_hostname) }}"
month: "*"
weekday: "*"
hour: "*"
day: "*"
state: present
Examples
1) Install the FreeIPA server backup with default settings
- hosts: freeipa-server-backup
roles:
- timorunge.freeipa_server_backup
2) Install the FreeIPA server backup with some custom settings
- hosts: freeipa-server-backup
vars:
freeipa_server_backup_max_age: 7
freeipa_server_backup_cron_full:
day: "*"
hour: 3
minute: "11"
month: "*"
state: present
weekday: "*"
freeipa_server_backup_cron_online:
day: "*"
hour: "*"
minute: 33
month: "*"
state: present
weekday: "*"
freeipa_server_backup_cron_delete:
day: "*"
hour: 3
minute: 55
month: "*"
state: present
weekday: "*"
roles:
- timorunge.freeipa_server_backup
3) Install the FreeIPA server backup and move the data to another location (via rsync)
- hosts: freeipa-server-backup
vars:
freeipa_server_backup_mv_location: rsync
freeipa_server_backup_rsync_opts:
- "-avq"
- "--ignore-existing"
- '-e "ssh -i /home/ipa-backups/.ssh/id_rsa"'
freeipa_server_backup_rsync_dest: [email protected]:/var/backups/ipa-backup
roles:
- timorunge.freeipa_server_backup
Testing
Tests are done with Docker and docker_test_runner which brings up the following containers:
- CentOS 7
- Ubuntu 16.04 (Xenial Xerus)
- Ubuntu 17.10 (Artful Aardvark)
- Ubuntu 18.04 (Bionic Beaver)
- Ubuntu 18.10 (Cosmic Cuttlefish)
Ansible 2.7.9 is installed on all containers and is applying a test playbook locally.
For further details and additional checks take a look at the docker_test_runner configuration and the Docker entrypoint.
# Testing locally:
curl https://raw.githubusercontent.com/timorunge/docker-test-runner/master/install.sh | sh
./docker_test_runner.py -f tests/docker_test_runner.yml
Dependencies
This role requires an up and running FreeIPA Server (Github Repo).
If you're using an operating system which is not providing FreeIPA packages directly out of repositories you can use the Ansible role mentioned above.
In this case ensure that you have freeipa_server_backup_install_pkgs set
to false (which will disable the complete package installation of this role).
Todo
- Add possibility to encrypt backups (
--gpgand--gpg-keyring=GPG_KEYRING) - Moving the files to an off-site location (s3,
rsync & ssh)
License
BSD 3-Clause "New" or "Revised" License
Author Information
- Timo Runge