Changeset - dbc3381e1ff3
Parent rev.
Child rev.
[Not reviewed]
0 3 3
Branko Majic (branko) - 10 years ago 2016-01-06 01:01:47
branko@majic.rs
MAR-44: Implemented backup support for the XMPP server role. Updated test site to include XMPP server as one of the backup clients.
6 files changed with 31 insertions and 0 deletions:
docs/rolereference.rst
11
roles/xmpp_server/files/backup_patterns
1
roles/xmpp_server/meta/main.yml
5
roles/xmpp_server/tasks/backup.yml
7
roles/xmpp_server/tasks/main.yml
4
testsite/group_vars/backup.yml
3
0 comments (0 inline, 0 general)
docs/rolereference.rst
Show inline comments
 
@@ -638,24 +638,35 @@ Prosody is configured as follows:
 
  FQDN set to ``proxy.DOMAIN``.
 

			




	
	
	
		
 
Prosody expects a specific directory structure in LDAP when doing look-ups:

			




	
	
	
		
 

			




	
	
	
		
 
* Prosody will log-in to LDAP as user

			




	
	
	
		
 
  ``cn=prosody,ou=services,XMPP_LDAP_BASE_DN``.

			




	
	
	
		
 
* User entries are read from sub-tree (first-level only)

			




	
	
	
		
 
  ``ou=people,XMPP_LDAP_BASE_DN``. Query filter used for finding users is

			




	
	
	
		
 
  ``(&(mail=$user@$host)(memberOf=cn=xmpp,ou=groups,XMPP_LDAP_BASE_DN))``. This

			




	
	
	
		
 
  allows group-based granting of XMPP service to users.

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Backups

			




	
	
	
		
 
~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
If the backup for this role has been enabled, the following paths are backed-up:

			




	
	
	
		
 

			




	
	
	
		
 
**/var/lib/prosody/**

			




	
	
	
		
 
  Roster information, as well as undelivered (offline) messages for all XMPP

			




	
	
	
		
 
  users. Keep in mind that list of available users and their credentials are

			




	
	
	
		
 
  stored in the LDAP directory (which is backed-up via LDAP server role).

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
Parameters

			




	
	
	
		
 
~~~~~~~~~~

			




	
	
	
		
 

			




	
	
	
		
 
**xmpp_administrators** (list, mandatory)

			




	
	
	
		
 
  List of Prosody users that should be granted administrator privileges over

			




	
	
	
		
 
  Prosody. Each item is a string with value equal to XMPP user ID

			




	
	
	
		
 
  (i.e. ``john.doe@example.com``).

			




	
	
	
		
 

			




	
	
	
		
 
**xmpp_domains** (list, optional, ``{{ ansible_domain }}``)

			




	
	
	
		
 
  List of domains that are served by this Prosody instance. Each item is a

			




	
	
	
		
 
  string specifying a domain.

			




	
	
	
		
 

			




        

    


    
    

    

        

                

                    roles/xmpp_server/files/backup_patterns
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
new file 100644

			




	
	
	
		
 
/var/lib/prosody

			




	
	
		
 
\ No newline at end of file

			




        

    


    
    

    

        

                

                    roles/xmpp_server/meta/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
new file 100644

			




	
	
	
		
 
---

			




	
	
	
		
 

			




	
	
	
		
 
dependencies:

			




	
	
	
		
 
  - role: backup_client

			




	
	
	
		
 
    when: enable_backup

			




	
	
		
 
\ No newline at end of file

			




        

    


    
    

    

        

                

                    roles/xmpp_server/tasks/backup.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
new file 100644

			




	
	
	
		
 
---

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy include patterns to backup

			




	
	
	
		
 
  copy: src="backup_patterns" dest="/etc/duply/main/patterns/xmpp_server"

			




	
	
	
		
 
        owner="root" group="root" mode="700"

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Assemble Duply include patterns

			




	
	
		
 
\ No newline at end of file

			




        

    


    
    

    

        

                

                    roles/xmpp_server/tasks/main.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -48,12 +48,16 @@

			




	
	
	
		
 
- name: Deploy Prosody configuration file

			




	
	
	
		
 
  template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart Prosody

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable and start Prosody service

			




	
	
	
		
 
  service: name=prosody enabled=yes state=started

			




	
	
	
		
 

			




	
	
	
		
 
- name: Deploy firewall configuration for XMPP server

			




	
	
	
		
 
  copy: src="ferm_xmpp.conf" dest="/etc/ferm/conf.d/30-xmpp.conf" owner=root group=root mode=640

			




	
	
	
		
 
  notify:

			




	
	
	
		
 
    - Restart ferm

			




	
	
	
		
 

			




	
	
	
		
 
- name: Enable backup

			




	
	
	
		
 
  include: backup.yml

			




	
	
	
		
 
  when: enable_backup

			




	
	
		
 
\ No newline at end of file

			




        

    


    
    

    

        

                

                    testsite/group_vars/backup.yml
                

                

                  
                      
                        

                      

                      
                        
                  

                  
                      
                  
                      
                  
                      
                  
                      
                  
                  
                

                

                    Show inline comments
                    
                

        

        

            



	
	
		
 
@@ -8,18 +8,21 @@ smtp_relay_host: mail.{{ testsite_domain }}

			




	
	
	
		
 
smtp_relay_truststore: /etc/ssl/certs/ca.pem

			




	
	
	
		
 

			




	
	
	
		
 
backup_clients:

			




	
	
	
		
 
  - server: web.{{ testsite_domain }}

			




	
	
	
		
 
    public_key: "{{ lookup('file', inventory_dir + '/ssh/web.' + testsite_domain + '.pub') }}"

			




	
	
	
		
 
    ip: 10.32.64.18

			




	
	
	
		
 
  - server: mail.{{ testsite_domain }}

			




	
	
	
		
 
    public_key: "{{ lookup('file', inventory_dir + '/ssh/mail.' + testsite_domain + '.pub') }}"

			




	
	
	
		
 
    ip: 10.32.64.15

			




	
	
	
		
 
  - server: ldap.{{ testsite_domain }}

			




	
	
	
		
 
    public_key: "{{ lookup('file', inventory_dir + '/ssh/ldap.' + testsite_domain + '.pub') }}"

			




	
	
	
		
 
    ip: 10.32.64.12

			




	
	
	
		
 
  - server: xmpp.{{ testsite_domain }}

			




	
	
	
		
 
    public_key: "{{ lookup('file', inventory_dir + '/ssh/xmpp.' + testsite_domain + '.pub') }}"

			




	
	
	
		
 
    ip: 10.32.64.16

			




	
	
	
		
 

			




	
	
	
		
 
backup_host_ssh_private_keys:

			




	
	
	
		
 
  dsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_dsa_key') }}"

			




	
	
	
		
 
  rsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key') }}"

			




	
	
	
		
 
  ed25519: "{{ lookup('file', inventory_dir + '/ssh/backup_server_ed25519_key') }}"

			




	
	
	
		
 
  ecdsa: "{{ lookup('file', inventory_dir + '/ssh/backup_server_ecdsa_key') }}"

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.