From 4b964a31bd962fd24afd71e36f12890fd46c0448 2017-04-09 15:10:00 From: Branko Majic Date: 2017-04-09 15:10:00 Subject: [PATCH] MAR-95: Separated configuration for backing-up the /root and /home directories in the common role. This should allow user to have better fine-grained control over what gets backed-up in the home directory. Updated role reference documentation. Updated the testsite variable configuration so the new setting can be tested. --- diff --git a/docs/rolereference.rst b/docs/rolereference.rst index 849428221239c2ec198c043236eabfb2a4e9048a..db7c13e9b04f9727fb5325fab65820aef8718b75 100644 --- a/docs/rolereference.rst +++ b/docs/rolereference.rst @@ -280,10 +280,10 @@ If the backup for this role has been enabled, the following paths are backed-up: Log files from the system. **/home** - Home directory for regular users. + Home directory for regular users (this can be changed via role parameters). **/root** - Root user's home directory. + Root user's home directory (this can be changed via role parameters). **/etc/shadow** Operating system user passwords. @@ -346,6 +346,10 @@ Parameters directory ``/usr/local/share/ca-certificates/``, while values are corresponding content to be placed in the file. +**extra_backup_patterns** (list, optional, ``[ "/home", "/root" ]]``) + List of additional globbing patterns defining additional files or directories + that should be backed-up. + **incoming_connection_limit** (string, optional, ``3/second``) Rate at which the incoming ICMP echo-request packages and new TCP connections will be accepted at. The value should be specified in the same format as value diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml index 985f053802953c6372fb484b83b2e4888cf80955..11e746f1b1b0033f8b4ff22c57d3e477f1f6ef6c 100644 --- a/roles/common/defaults/main.yml +++ b/roles/common/defaults/main.yml @@ -9,6 +9,9 @@ incoming_connection_limit: 3/second incoming_connection_limit_burst: 9 prompt_colour: none prompt_id: null +extra_backup_patterns: + - "/root" + - "/home" # Internal use only. prompt_colour_mapping: diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml index 49e2edc62c92a7fe5361d6cc618e7c498574c152..6ed972cf16df94898842d0005784a319980190af 100644 --- a/roles/common/meta/main.yml +++ b/roles/common/meta/main.yml @@ -5,9 +5,11 @@ dependencies: when: enable_backup backup_patterns_filename: common backup_patterns: - - "/root" - - "/home" - "/var/log" - "/etc/shadow" - "/var/mail" - - "/var/spool/cron" \ No newline at end of file + - "/var/spool/cron" + - role: backup + when: enable_backup + backup_patterns_filename: common_extra + backup_patterns: "{{ extra_backup_patterns }}" diff --git a/testsite/group_vars/mail.yml b/testsite/group_vars/mail.yml index 8900ddbe3aeeceb953f452f4a47db44af371c1f5..eb7a6cb760dd74295e3dfe66840c58bf3066c9db 100644 --- a/testsite/group_vars/mail.yml +++ b/testsite/group_vars/mail.yml @@ -35,4 +35,7 @@ mail_server_tls_protocols: - TLSv1.2 - TLSv1.1 -mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT" \ No newline at end of file +mail_server_tls_ciphers: "DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA:!aNULL:!MD5:!EXPORT" + +extra_backup_patterns: + - "/root" \ No newline at end of file