From: Frank Brehm Date: Mon, 16 Dec 2024 17:17:29 +0000 (+0100) Subject: Adding playbooks/offline-backup-ldap-server.yaml and Ansible role 389ds-offline-backup X-Git-Url: https://git.uhu-banane.net/?a=commitdiff_plain;h=0e864cddeae0dd5b0bcf84e4d2fc9332c5f6272c;p=pixelpark%2Fpp-admin-tools.git Adding playbooks/offline-backup-ldap-server.yaml and Ansible role 389ds-offline-backup --- diff --git a/playbooks/offline-backup-ldap-server.yaml b/playbooks/offline-backup-ldap-server.yaml new file mode 100644 index 0000000..fec708c --- /dev/null +++ b/playbooks/offline-backup-ldap-server.yaml @@ -0,0 +1,101 @@ +--- + +- name: "Validate the LDAP server to perform an offline backup." + hosts: localhost + gather_facts: false + vars_prompt: + - name: ldap_server + prompt: "Wich LDAP server should be backed up offline" + private: false + + tasks: + + - name: "Setting fact ldapserver_to_backup." + ansible.builtin.set_fact: + ldapserver_to_backup: "{{ ldap_server }}" + cacheable: true + + - name: "Print a message" + ansible.builtin.debug: + msg: "The server {{ ldapserver_to_backup | quote }} should be backed up." + + - name: "Setting status variable" + ansible.builtin.set_fact: + found_ldapserver: false + + - name: "Searching for LDAP server '{{ ldapserver_to_backup }}' ..." + ansible.builtin.set_fact: + found_ldapserver: true + when: "item == ldapserver_to_backup" + ignore_errors: true + with_inventory_hostnames: + - ldap_servers + + - name: "Fail for non LDAP server." + ansible.builtin.fail: + msg: "The given host {{ ldapserver_to_backup | quote }} is not a valid LDAP server." + when: found_ldapserver == false + +- name: "Initial checks for the 389ds LDAP server." + hosts: ldap_servers + gather_facts: false + + tasks: + + - name: "Made basic checks for 389ds LDAP server." + include_role: + name: 389ds-check-initial + +- name: "Perform Offline backup on the given host." + hosts: ldap_servers + gather_facts: false + + tasks: + + - name: "Get the LDAP server to backup offline:" + ansible.builtin.set_fact: + ldapserver_to_backup: "{{ hostvars.localhost.ldapserver_to_backup }}" + cacheable: true + + - name: "Doing all on the server to be backed up." + when: inventory_hostname == ldapserver_to_backup + block: + + - name: "Setting timestamp variables." + include_role: + name: set-timestamp-vars + + - name: "The LDAP server to backup offline:" + debug: + var: ldapserver_to_backup + verbosity: 0 + + - name: "Disabling Puppet agent." + ansible.builtin.shell: | + puppet agent --disable "[{{ cur_timestamp }}]: Disabled by Ansible playbook 'disable-ldap-server.yaml'." + args: + creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + + - name: "Disabling Wazuh service." + ansible.builtin.service: + name: wazuh-agent + state: stopped + + - name: "Performing backup." + include_role: + name: 389ds-offline-backup + vars: + stop_instance: true + + - name: "Enabling Wazuh service." + ansible.builtin.service: + name: wazuh-agent + state: started + + - name: "Enabling Puppet agent." + ansible.builtin.shell: puppet agent --enable + args: + removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + + +# vim: filetype=yaml diff --git a/roles/389ds-offline-backup/defaults/main.yaml b/roles/389ds-offline-backup/defaults/main.yaml new file mode 100644 index 0000000..26012b3 --- /dev/null +++ b/roles/389ds-offline-backup/defaults/main.yaml @@ -0,0 +1,18 @@ +--- + +stop_instance: false +ds389_instance_was_stopped: false + +backup_directory: '/var/backup' +create_backup_directory: false + +directories_to_backup: + - /etc/dirsrv + - /root + - /home + - /var/backup/dirsrv + - /var/log/dirsrv* + - /var/lib/dirsrv + + +# vim: filetype=yaml diff --git a/roles/389ds-offline-backup/tasks/main.yaml b/roles/389ds-offline-backup/tasks/main.yaml new file mode 100644 index 0000000..3f1433a --- /dev/null +++ b/roles/389ds-offline-backup/tasks/main.yaml @@ -0,0 +1,67 @@ +--- + +- debug: + msg: "Performing an offline backup of the 389 backends and important file systems of a 389ds directory server." + +- name: "Define full_slapd_instance and slapd_is_running" + ansible.builtin.set_fact: + full_slapd_instance: "slapd-{{ slapd_instance }}" + slapd_is_running: true + +- name: "Get the status of the 389ds server instance." + ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} status" + check_mode: false + changed_when: false + register: get_slapd_status + +- name: "Show get_slapd_status" + debug: + var: get_slapd_status + verbosity: 2 + +- name: "Getting running state of slapd instance." + ansible.builtin.set_fact: + slapd_is_running: false + when: ( get_slapd_status.stdout | regex_search('^Instance \".*\" is not running', ignorecase=True) ) is not empty + +- name: "Stopping instance, if running" + when: stop_instance == true and slapd_is_running == true + block: + + - name: "Stopping LDAP server instance" + debug: + msg: "Stopping LDAP server instance {{ slapd_instance | quote }}, because it is still running" + verbosity: 0 + + - name: "Set fact ds389_instance_was_stopped." + ansible.builtin.set_fact: + ds389_instance_was_stopped: true + + - name: "Stopping LDAP instance." + ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} stop" + +- name: "Complaining about running instance." + when: stop_instance == false and slapd_is_running == true + block: + + - debug: + msg: "The LDAP server instance {{ slapd_instance | quote }} should not be running." + verbosity: 0 + + - name: "Fail, if instance is running" + ansible.builtin.fail: + msg: "Cannot perform offline backup, LDAP server instance {{ slapd_instance | quote }} is still running." + when: ansible_check_mode == false + +- name: "Start LDAP server instance, when it was stopped before." + when: ds389_instance_was_stopped == true + block: + + - debug: + msg: "Starting LDAP server instance {{ slapd_instance | quote }}, because it was stopped before." + + - name: "Starting LDAP server instance." + ansible.builtin.shell: "dsctl {{ full_slapd_instance | quote }} start" + + +# vim: filetype=yaml