Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 9. Backing up and restoring IdM servers using Ansible playbooks

Using the ipabackup Ansible role, you can automate backing up an IdM server, transferring backup files between servers and your Ansible controller, and restoring an IdM server from a backup.

9.1. Using Ansible to create a backup of an IdM server

You can use the ipabackup role in an Ansible playbook to create a backup of an IdM server and store it on the IdM server.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  2. Make a copy of the backup-server.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/backup-server.yml backup-my-server.yml
  3. Open the backup-my-server.yml Ansible playbook file for editing.

  4. Adapt the file by setting the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group:

    Copy to Clipboard Toggle word wrap 
    ---
- name: Playbook to backup IPA server
  hosts: ipaserver
  become: true

  roles:
  - role: ipabackup
    state: present
  5. Save the file.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory backup-my-server.yml

Verification

  1. Log into the IdM server that you have backed up.

  2. Verify that the backup is in the /var/lib/ipa/backup directory.

    Copy to Clipboard Toggle word wrap 
    [root@server ~]# ls /var/lib/ipa/backup/
ipa-full-2021-04-30-13-12-00

Additional resources

  • For more sample Ansible playbooks that use the ipabackup role, see:

    • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
    • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.2. Using Ansible to create a backup of an IdM server on your Ansible controller

You can use the ipabackup role in an Ansible playbook to create a backup of an IdM server and automatically transfer it on your Ansible controller. Your backup file name begins with the host name of the IdM server.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. To store the backups, create a subdirectory in your home directory on the Ansible controller.

    Copy to Clipboard Toggle word wrap 
    $ mkdir ~/ipabackups

  2. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  3. Make a copy of the backup-server-to-controller.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/backup-server-to-controller.yml backup-my-server-to-my-controller.yml
  4. Open the backup-my-server-to-my-controller.yml file for editing.

  5. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

    2. Optional: To maintain a copy of the backup on the IdM server, uncomment the following line:

      Copy to Clipboard Toggle word wrap 
       # ipabackup_keep_on_server: true

  6. By default, backups are stored in the present working directory of the Ansible controller. To specify the backup directory you created in Step 1, add the ipabackup_controller_path variable and set it to the /home/user/ipabackups directory.

    Copy to Clipboard Toggle word wrap 
    ---
- name: Playbook to backup IPA server to controller
  hosts: ipaserver
  become: true
  vars:
    ipabackup_to_controller: true
    # ipabackup_keep_on_server: true
    ipabackup_controller_path: /home/user/ipabackups

  roles:
  - role: ipabackup
    state: present
  7. Save the file.

  8. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory backup-my-server-to-my-controller.yml

Verification

  • Verify that the backup is in the /home/user/ipabackups directory of your Ansible controller:

    Copy to Clipboard Toggle word wrap 
    [user@controller ~]$ ls /home/user/ipabackups
server.idm.example.com_ipa-full-2021-04-30-13-12-00

Additional resources

  • For more sample Ansible playbooks that use the ipabackup role, see:

    • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
    • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.3. Using Ansible to copy a backup of an IdM server to your Ansible controller

You can use an Ansible playbook to copy a backup of an IdM server from the IdM server to your Ansible controller.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. To store the backups, create a subdirectory in your home directory on the Ansible controller.

    Copy to Clipboard Toggle word wrap 
    $ mkdir ~/ipabackups

  2. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  3. Make a copy of the copy-backup-from-server.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/copy-backup-from-server.yml copy-backup-from-my-server-to-my-controller.yml
  4. Open the copy-my-backup-from-my-server-to-my-controller.yml file for editing.

  5. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup on your IdM server to copy to your Ansible controller.

    3. By default, backups are stored in the present working directory of the Ansible controller. To specify the directory you created in Step 1, add the ipabackup_controller_path variable and set it to the /home/user/ipabackups directory.

      Copy to Clipboard Toggle word wrap 
      ---
- name: Playbook to copy backup from IPA server
  hosts: ipaserver
  become: true
  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00
    ipabackup_to_controller: true
    ipabackup_controller_path: /home/user/ipabackups

  roles:
  - role: ipabackup
    state: present
  6. Save the file.

  7. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-server-to-my-controller.yml
Note

To copy all IdM backups to your controller, set the ipabackup_name variable in the Ansible playbook to all:

Copy to Clipboard Toggle word wrap 
  vars:
    ipabackup_name: all
    ipabackup_to_controller: true

For an example, see the copy-all-backups-from-server.yml Ansible playbook in the /usr/share/doc/ansible-freeipa/playbooks directory.

Verification

  • Verify your backup is in the /home/user/ipabackups directory on your Ansible controller:

    Copy to Clipboard Toggle word wrap 
    [user@controller ~]$ ls /home/user/ipabackups
server.idm.example.com_ipa-full-2021-04-30-13-12-00

Additional resources

  • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
  • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.4. Using Ansible to copy a backup of an IdM server from your Ansible controller to the IdM server

You can use an Ansible playbook to copy a backup of an IdM server from your Ansible controller to the IdM server.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  2. Make a copy of the copy-backup-from-controller.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/copy-backup-from-controller.yml copy-backup-from-my-controller-to-my-server.yml
  3. Open the copy-my-backup-from-my-controller-to-my-server.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

    2. Set the ipabackup_name variable to the name of the ipabackup on your Ansible controller to copy to the IdM server.

      Copy to Clipboard Toggle word wrap 
      ---
- name: Playbook to copy a backup from controller to the IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_from_controller: true

  roles:
  - role: ipabackup
    state: copied
  5. Save the file.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-controller-to-my-server.yml

Additional resources

  • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
  • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.5. Using Ansible to remove a backup from an IdM server

You can use an Ansible playbook to remove a backup from an IdM server.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  2. Make a copy of the remove-backup-from-server.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/remove-backup-from-server.yml remove-backup-from-my-server.yml
  3. Open the remove-backup-from-my-server.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

    2. Set the ipabackup_name variable to the name of the ipabackup to remove from your IdM server.

      Copy to Clipboard Toggle word wrap 
      ---
- name: Playbook to remove backup from IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00

  roles:
  - role: ipabackup
    state: absent
  5. Save the file.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory remove-backup-from-my-server.yml
Note

To remove all IdM backups from the IdM server, set the ipabackup_name variable in the Ansible playbook to all:

Copy to Clipboard Toggle word wrap 
  vars:
    ipabackup_name: all

For an example, see the remove-all-backups-from-server.yml Ansible playbook in the /usr/share/doc/ansible-freeipa/playbooks directory.

Additional resources

  • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
  • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.6. Using Ansible to restore an IdM server from a backup stored on the server

You can use an Ansible playbook to restore an IdM server from a backup stored on that host.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
  • You know the LDAP Directory Manager password.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  2. Make a copy of the restore-server.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/restore-server.yml restore-my-server.yml
  3. Open the restore-my-server.yml Ansible playbook file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup to restore.

    3. Set the ipabackup_password variable to the LDAP Directory Manager password.

      Copy to Clipboard Toggle word wrap 
      ---
- name: Playbook to restore an IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00
    ipabackup_password: <your_LDAP_DM_password>

  roles:
  - role: ipabackup
    state: restored
  5. Save the file.

  6. Run the Ansible playbook specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server.yml

Additional resources

  • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
  • The /usr/share/doc/ansible-freeipa/playbooks/ directory.

9.7. Using Ansible to restore an IdM server from a backup stored on your Ansible controller

You can use an Ansible playbook to restore an IdM server from a backup stored on your Ansible controller.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.13 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password.
  • The target node, that is the node on which the ansible-freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
  • You know the LDAP Directory Manager password.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory:

    Copy to Clipboard Toggle word wrap 
    $ cd ~/MyPlaybooks/

  2. Make a copy of the restore-server-from-controller.yml file located in the /usr/share/doc/ansible-freeipa/playbooks directory:

    Copy to Clipboard Toggle word wrap 
    $ cp /usr/share/doc/ansible-freeipa/playbooks/restore-server-from-controller.yml restore-my-server-from-my-controller.yml
  3. Open the restore-my-server-from-my-controller.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup to restore.

    3. Set the ipabackup_password variable to the LDAP Directory Manager password.

      Copy to Clipboard Toggle word wrap 
      ---
- name: Playbook to restore IPA server from controller
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_password: <your_LDAP_DM_password>
    ipabackup_from_controller: true

  roles:
  - role: ipabackup
    state: restored
  5. Save the file.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file:

    Copy to Clipboard Toggle word wrap 
    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server-from-my-controller.yml

Additional resources

  • The README.md file in the /usr/share/doc/ansible-freeipa/roles/ipabackup directory.
  • The /usr/share/doc/ansible-freeipa/playbooks/ directory.
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat, Inc.