majic-ansible-roles Changeset

Changeset - 881a85f08e22

Parent rev.

Child rev.

[Not reviewed]

0 7 2

Branko Majic (branko) - 8 years ago 2016-01-05 17:19:18
branko@majic.rs

MAR-44: Added another global parameter for controlling deployment of backup configs for roles. Implemented backup support for the LDAP server role. Updated testsite configuration, moving the backup configuration to be global.

9 files changed with 69 insertions and 17 deletions:

docs/rolereference.rst

roles/ldap_server/defaults/main.yml

roles/ldap_server/files/backup_patterns

roles/ldap_server/meta/main.yml

roles/ldap_server/tasks/backup.yml

roles/ldap_server/tasks/main.yml

testsite/group_vars/all.yml

testsite/group_vars/backup.yml

testsite/group_vars/web.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

@@ @@ -10,6 +10,15 @@ Common parameters @@
 A number of common parameters are used by all of the roles during
 deployment. This section lists such parameters.
 **enable_backup** (boolean, optional, ``False``)
   If set to ``True``, and the role supports backups, server will be configured
   for back-up of role's data. See role description for more details on what is
   backed-up and if the option is available. Just keep in mind that if you enable
   this globally, all the roles will be running backup-specific tasks. If the
   option has been enabled, the ``backup_client`` role will be included
   automatically (see the role reference for details on parameters that need to
   be provided in the case).
 **tls_private_key_dir** (string, optional if paths to private keys for all roles are explicitly specified)
   Path to directory on Ansible host that contains the private keys used by
   services deployed by various roles. When TLS key path is not explicitly
@@ @@ -439,6 +448,17 @@ The role implements the following: @@
 * Sets the LDAP server administrator's password.
 Backups
 ~~~~~~~
 If the backup for this role has been enabled, the following paths are backed-up:
 **/srv/backup/slapd.bak**
   Dump of the LDAP database. LDAP database dump is created every day at 01:45 in
   the morning. This does *not* include the dump of the config database
   (``cn=config``).
 Parameters
 ~~~~~~~~~~

roles/ldap_server/defaults/main.yml

➞

Show inline comments

 ---
 enable_backup: False
 ldap_entries: []
 ldap_server_domain: "{{ ansible_domain }}"
 # Internal value, base DN.

roles/ldap_server/files/backup_patterns

➞

Show inline comments

		new file 100644
		/srv/backup/slapd.bak
		\ No newline at end of file

roles/ldap_server/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
   - ldap_client
@@ \ No newline at end of file @@
   - ldap_client
   - role: backup_client
     when: enable_backup
@@ \ No newline at end of file @@

roles/ldap_server/tasks/backup.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Create directory for storing LDAP database dumps
   file: path="{{ item }}" state=directory
         owner=root group=root mode=700
   with_items:
     - "/srv"
     - "/srv/backup"
 - name: Deploy include patterns to backup
   copy: src="backup_patterns" dest="/etc/duply/main/patterns/ldap_server"
         owner="root" group="root" mode="700"
   notify:
     - Assemble Duply include patterns
 - name: Create crontab entry for creating LDAP database dumps every day at 01:45
   cron: name=ldapdump cron_file=ldapdump hour=1 minute=45
         job="/usr/sbin/slapcat > /srv/backup/slapd.bak"
         state=present user=root

roles/ldap_server/tasks/main.yml

➞

Show inline comments

@@ @@ -162,3 +162,7 @@ @@
 - name: Remove temporary file with LDAP admin password
   file: path="/root/.ldap_admin_password" state=absent
   changed_when: False
 - name: Enable backup
   include: backup.yml
   when: enable_backup
@@ \ No newline at end of file @@

testsite/group_vars/all.yml

➞

Show inline comments

@@ @@ -61,3 +61,21 @@ ldap_client_config: @@
   - comment: Enforce TLS
     option: TLS_REQCERT
     value: demand
 # Enable and configure backups
 enable_backup: yes
 backup_encryption_keys:
   - "backup.{{ testsite_domain }}"
 backup_signing_key: "{{ ansible_fqdn }}"
 backup_server: "backup.{{ testsite_domain }}"
 backup_server_host_ssh_public_keys:
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
 backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/' + ansible_fqdn) }}"

testsite/group_vars/backup.yml

➞

Show inline comments

@@ @@ -9,12 +9,14 @@ smtp_relay_truststore: /etc/ssl/certs/ca.pem @@
 backup_clients:
   - server: web.{{ testsite_domain }}
     uid: 3000
     public_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.18
   - server: mail.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/mail.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.15
   - server: ldap.{{ testsite_domain }}
     public_key: "{{ lookup('file', inventory_dir + '/ssh/ldap.' + testsite_domain + '.pub') }}"
     ip: 10.32.64.12
 backup_host_ssh_private_keys:
   dsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key') }}"

testsite/group_vars/web.yml

➞

Show inline comments

@@ @@ -14,18 +14,3 @@ web_default_title: "Welcome to Example Inc." @@
 web_default_message: "You are attempting to access the web server using a wrong name or an IP address. Please check your URL."
 db_root_password: "root"
 backup_encryption_keys:
   - "backup.{{ testsite_domain }}"
 backup_signing_key: "web.{{ testsite_domain }}"
 backup_server: "backup.{{ testsite_domain }}"
 backup_server_host_ssh_public_keys:
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key.pub') }}"
   - "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key.pub') }}"
 backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain) }}"

0 comments (0 inline, 0 general)