Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

Chapter 6. Restoring IdM servers using Ansible playbooks

Using the ipabackup Ansible role, you can automate restoring an IdM server from a backup and transferring backup files between servers and your Ansible controller.

6.1. Creating an Ansible inventory file for IdM
링크 복사

When working with Ansible, it is good practice to create, in your home directory, a subdirectory dedicated to Ansible playbooks that you copy and adapt from the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/* and /usr/share/doc/rhel-system-roles/* subdirectories. This practice has the following advantages:

  • You can find all your playbooks in one place.
  • You can run your playbooks without invoking root privileges.

Procedure

  1. Create a directory for your Ansible configuration and playbooks in your home directory: 

    $ mkdir ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  2. Change into the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks
    Copy to Clipboard Toggle word wrap

  3. Create the ~/MyPlaybooks/ansible.cfg file with the following content: 

    [defaults]
inventory = /home/<username>/MyPlaybooks/inventory

[privilege_escalation]
become=True
    Copy to Clipboard Toggle word wrap

  4. Create the ~/MyPlaybooks/inventory file with the following content: 

    [eu]
server.idm.example.com

[us]
replica.idm.example.com

[ipaserver:children]
eu
us
    Copy to Clipboard Toggle word wrap

    This configuration defines two host groups, eu and us, for hosts in these locations. Additionally, this configuration defines the ipaserver host group, which contains all hosts from the eu and us groups.

6.2. Using Ansible to restore an IdM server from a backup stored on the server
링크 복사

You can use an Ansible playbook to restore an IdM server from a backup stored on that host.

Prerequisites

  • On the control node:

    • You are using Ansible version 2.15 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
  • The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
  • You know the LDAP Directory Manager password.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  2. Make a copy of the restore-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory: 

    $ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/restore-server.yml restore-my-server.yml
    Copy to Clipboard Toggle word wrap
  3. Open the restore-my-server.yml Ansible playbook file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup to restore.

    3. Set the ipabackup_password variable to the LDAP Directory Manager password. 

      ---
- name: Playbook to restore an IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00
    ipabackup_password: <your_LDAP_DM_password>

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: restored
      Copy to Clipboard Toggle word wrap

  5. Save the file.

    For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

  6. Run the Ansible playbook specifying the inventory file and the playbook file: 

    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server.yml
    Copy to Clipboard Toggle word wrap

You can use an Ansible playbook to restore an IdM server from a backup stored on your Ansible controller.

Prerequisites

  • On the control node:

    • You are using Ansible version 2.15 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
  • The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
  • You know the LDAP Directory Manager password.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  2. Make a copy of the restore-server-from-controller.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory: 

    $ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/restore-server-from-controller.yml restore-my-server-from-my-controller.yml
    Copy to Clipboard Toggle word wrap
  3. Open the restore-my-server-from-my-controller.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup to restore.

    3. Set the ipabackup_password variable to the LDAP Directory Manager password. 

      ---
- name: Playbook to restore IPA server from controller
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_password: <your_LDAP_DM_password>
    ipabackup_from_controller: true

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: restored
      Copy to Clipboard Toggle word wrap

  5. Save the file.

    For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file: 

    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server-from-my-controller.yml
    Copy to Clipboard Toggle word wrap

6.4. Using Ansible to copy a backup of an IdM server to your Ansible controller
링크 복사

You can use an Ansible playbook to copy an existing backup file of an IdM server from the IdM server to your Ansible controller.

Prerequisites

  • On the control node:

    • You are using Ansible version 2.15 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
  • The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. To store the backups, create a subdirectory in your home directory on the Ansible controller. 

    $ mkdir ~/ipabackups
    Copy to Clipboard Toggle word wrap

  2. Navigate to the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  3. Make a copy of the copy-backup-from-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory: 

    $ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/copy-backup-from-server.yml copy-backup-from-my-server-to-my-controller.yml
    Copy to Clipboard Toggle word wrap
  4. Open the copy-my-backup-from-my-server-to-my-controller.yml file for editing.

  5. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
    2. Set the ipabackup_name variable to the name of the ipabackup on your IdM server to copy to your Ansible controller.

    3. By default, backups are stored in the present working directory of the Ansible controller. To specify the directory you created in Step 1, add the ipabackup_controller_path variable and set it to the /home/user/ipabackups directory. 

      ---
- name: Playbook to copy backup from IPA server
  hosts: ipaserver
  become: true
  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00
    ipabackup_to_controller: true
    ipabackup_controller_path: /home/user/ipabackups

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: present
      Copy to Clipboard Toggle word wrap

  6. Save the file.

    For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

  7. Run the Ansible playbook, specifying the inventory file and the playbook file: 

    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-server-to-my-controller.yml
    Copy to Clipboard Toggle word wrap
    Note

    To copy all IdM backups to your controller, set the ipabackup_name variable in the Ansible playbook to all: 

      vars:
    ipabackup_name: all
    ipabackup_to_controller: true
    Copy to Clipboard Toggle word wrap

    For an example, see the copy-all-backups-from-server.yml Ansible playbook in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory.

Verification

  • Verify your backup is in the /home/user/ipabackups directory on your Ansible controller: 

    [user@controller ~]$ ls /home/user/ipabackups
server.idm.example.com_ipa-full-2021-04-30-13-12-00
    Copy to Clipboard Toggle word wrap

You can use an Ansible playbook to copy an existing backup file of an IdM server from your Ansible controller to the IdM server.

Prerequisites

  • You have configured your Ansible control node to meet the following requirements:

    • You are using Ansible version 2.15 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
  • The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  2. Make a copy of the copy-backup-from-controller.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory: 

    $ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/copy-backup-from-controller.yml copy-backup-from-my-controller-to-my-server.yml
    Copy to Clipboard Toggle word wrap
  3. Open the copy-my-backup-from-my-controller-to-my-server.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

    2. Set the ipabackup_name variable to the name of the ipabackup on your Ansible controller to copy to the IdM server. 

      ---
- name: Playbook to copy a backup from controller to the IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_from_controller: true

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: copied
      Copy to Clipboard Toggle word wrap

  5. Save the file.

    For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file: 

    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-controller-to-my-server.yml
    Copy to Clipboard Toggle word wrap

6.6. Using Ansible to remove a backup from an IdM server
링크 복사

You can use an Ansible playbook to automate the removal of old or unnecessary backup files from an IdM server.

Prerequisites

  • On the control node:

    • You are using Ansible version 2.15 or later.
    • You have installed the ansible-freeipa package.
    • The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
    • The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
  • The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

  1. Navigate to the ~/MyPlaybooks/ directory: 

    $ cd ~/MyPlaybooks/
    Copy to Clipboard Toggle word wrap

  2. Make a copy of the remove-backup-from-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory: 

    $ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/remove-backup-from-server.yml remove-backup-from-my-server.yml
    Copy to Clipboard Toggle word wrap
  3. Open the remove-backup-from-my-server.yml file for editing.

  4. Adapt the file by setting the following variables:

    1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

    2. Set the ipabackup_name variable to the name of the ipabackup to remove from your IdM server. 

      ---
- name: Playbook to remove backup from IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: ipa-full-2021-04-30-13-12-00

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: absent
      Copy to Clipboard Toggle word wrap

  5. Save the file.

    For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

  6. Run the Ansible playbook, specifying the inventory file and the playbook file: 

    $ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory remove-backup-from-my-server.yml
    Copy to Clipboard Toggle word wrap
    Note

    To remove all IdM backups from the IdM server, set the ipabackup_name variable in the Ansible playbook to all: 

      vars:
    ipabackup_name: all
    Copy to Clipboard Toggle word wrap

    For an example, see the remove-all-backups-from-server.yml Ansible playbook in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory.

Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2026 Red Hat맨 위로 이동