Este conteúdo não está disponível no idioma selecionado.

Chapter 6. Restoring IdM servers using Ansible playbooks

Use the ipabackup Ansible role to automate restoring an Identity Management (IdM) server from a backup and transfer backup files between servers and your Ansible controller.

6.1. Creating an Ansible inventory file for IdM
Copiar o link

Create an Ansible inventory file for Identity Management (IdM) to organize playbook targets and run playbooks from your home directory without root privileges.

When working with Ansible, it is good practice to create, in your home directory, a subdirectory dedicated to Ansible playbooks that you copy and adapt from the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/* and /usr/share/doc/rhel-system-roles/* subdirectories. This practice has the following advantages:

You can find all your playbooks in one place.
You can run your playbooks without invoking root privileges.

Procedure

Create a directory for your Ansible configuration and playbooks in your home directory:
```
$ mkdir ~/MyPlaybooks/
```
Change into the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks
```

Create the ~/MyPlaybooks/ansible.cfg file with the following content:

[defaults]
inventory = /home/<username>/MyPlaybooks/inventory

[privilege_escalation]
become=True

Create the ~/MyPlaybooks/inventory file with the following content:
```
[eu]
server.idm.example.com

[us]
replica.idm.example.com

[ipaserver:children]
eu
us
```
This configuration defines two host groups, eu and us, for hosts in these locations. Additionally, this configuration defines the ipaserver host group, which contains all hosts from the eu and us groups.

6.2. Using Ansible to restore an IdM server from a backup stored on the server
Copiar o link

You can use an Ansible playbook to restore an IdM server from a backup stored on that host.

Prerequisites

On the control node:
- You are using Ansible version 2.15 or later.
- You have installed the ansible-freeipa package.
- The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
- The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
You know the LDAP Directory Manager password.

Procedure

Navigate to the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks/
```
Make a copy of the restore-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory:
```
$ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/restore-server.yml restore-my-server.yml
```
Open the restore-my-server.yml Ansible playbook file for editing.
Adapt the file by setting the following variables:
1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
2. Set the ipabackup_name variable to the name of the ipabackup to restore.
3. Set the ipabackup_password variable to the LDAP Directory Manager password.
  --- - name: Playbook to restore an IPA server hosts: ipaserver become: true vars: ipabackup_name: ipa-full-2021-04-30-13-12-00 ipabackup_password: <your_LDAP_DM_password> roles: - role: freeipa.ansible_freeipa.ipabackup state: restored
Save the file.
For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

Run the Ansible playbook specifying the inventory file and the playbook file:

$ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server.yml

6.3. Using Ansible to restore an IdM server from a backup stored on your Ansible controller
Copiar o link

You can use an Ansible playbook to restore an IdM server from a backup stored on your Ansible controller.

Prerequisites

On the control node:
- You are using Ansible version 2.15 or later.
- You have installed the ansible-freeipa package.
- The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
- The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.
You know the LDAP Directory Manager password.

Procedure

Navigate to the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks/
```

Make a copy of the restore-server-from-controller.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory:

$ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/restore-server-from-controller.yml restore-my-server-from-my-controller.yml

Open the restore-my-server-from-my-controller.yml file for editing.

Adapt the file by setting the following variables:

Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
Set the ipabackup_name variable to the name of the ipabackup to restore.

Set the ipabackup_password variable to the LDAP Directory Manager password.

---
- name: Playbook to restore IPA server from controller
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_password: <your_LDAP_DM_password>
    ipabackup_from_controller: true

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: restored

Save the file.
For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

Run the Ansible playbook, specifying the inventory file and the playbook file:

$ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory restore-my-server-from-my-controller.yml

6.4. Using Ansible to copy a backup of an IdM server to your Ansible controller
Copiar o link

You can use an Ansible playbook to copy an existing backup file of an IdM server from the IdM server to your Ansible controller.

Prerequisites

On the control node:
- You are using Ansible version 2.15 or later.
- You have installed the ansible-freeipa package.
- The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
- The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

To store the backups, create a subdirectory in your home directory on the Ansible controller.
```
$ mkdir ~/ipabackups
```
Navigate to the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks/
```

Make a copy of the copy-backup-from-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory:

$ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/copy-backup-from-server.yml copy-backup-from-my-server-to-my-controller.yml

Open the copy-my-backup-from-my-server-to-my-controller.yml file for editing.
Adapt the file by setting the following variables:
1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
2. Set the ipabackup_name variable to the name of the ipabackup on your IdM server to copy to your Ansible controller.
3. By default, backups are stored in the present working directory of the Ansible controller. To specify the directory you created in Step 1, add the ipabackup_controller_path variable and set it to the /home/user/ipabackups directory.
  --- - name: Playbook to copy backup from IPA server hosts: ipaserver become: true vars: ipabackup_name: ipa-full-2021-04-30-13-12-00 ipabackup_to_controller: true ipabackup_controller_path: /home/user/ipabackups roles: - role: freeipa.ansible_freeipa.ipabackup state: present
Save the file.
For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.
Run the Ansible playbook, specifying the inventory file and the playbook file:
```
$ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-server-to-my-controller.yml
```
Note
To copy all IdM backups to your controller, set the ipabackup_name variable in the Ansible playbook to all:
vars: ipabackup_name: all ipabackup_to_controller: true
For an example, see the copy-all-backups-from-server.yml Ansible playbook in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory.

Verification

Verify your backup is in the /home/user/ipabackups directory on your Ansible controller:

[user@controller ~]$ ls /home/user/ipabackups
server.idm.example.com_ipa-full-2021-04-30-13-12-00

6.5. Using Ansible to copy a backup of an IdM server from your Ansible controller to the IdM server
Copiar o link

You can use an Ansible playbook to copy an existing backup file of an IdM server from your Ansible controller to the IdM server.

Prerequisites

You have configured your Ansible control node to meet the following requirements:
- You are using Ansible version 2.15 or later.
- You have installed the ansible-freeipa package.
- The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
- The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

Navigate to the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks/
```

Make a copy of the copy-backup-from-controller.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory:

$ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/copy-backup-from-controller.yml copy-backup-from-my-controller-to-my-server.yml

Open the copy-my-backup-from-my-controller-to-my-server.yml file for editing.

Adapt the file by setting the following variables:

Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.

Set the ipabackup_name variable to the name of the ipabackup on your Ansible controller to copy to the IdM server.

---
- name: Playbook to copy a backup from controller to the IPA server
  hosts: ipaserver
  become: true

  vars:
    ipabackup_name: server.idm.example.com_ipa-full-2021-04-30-13-12-00
    ipabackup_from_controller: true

  roles:
  - role: freeipa.ansible_freeipa.ipabackup
    state: copied

Save the file.
For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.

Run the Ansible playbook, specifying the inventory file and the playbook file:

$ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory copy-backup-from-my-controller-to-my-server.yml

6.6. Using Ansible to remove a backup from an IdM server
Copiar o link

You can use an Ansible playbook to automate the removal of old or unnecessary backup files from an IdM server.

Prerequisites

On the control node:
- You are using Ansible version 2.15 or later.
- You have installed the ansible-freeipa package.
- The example assumes that in the ~/MyPlaybooks/ directory, you have created an Ansible inventory file with the fully-qualified domain name (FQDN) of the IdM server.
- The example assumes that the secret.yml Ansible vault stores your ipaadmin_password and that you have access to a file that stores the password protecting the secret.yml file.
The target node, that is the node on which the freeipa.ansible_freeipa module is executed, is part of the IdM domain as an IdM client, server or replica.

Procedure

Navigate to the ~/MyPlaybooks/ directory:
```
$ cd ~/MyPlaybooks/
```
Make a copy of the remove-backup-from-server.yml file located in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory:
```
$ cp /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/remove-backup-from-server.yml remove-backup-from-my-server.yml
```
Open the remove-backup-from-my-server.yml file for editing.
Adapt the file by setting the following variables:
1. Set the hosts variable to a host group from your inventory file. In this example, set it to the ipaserver host group.
2. Set the ipabackup_name variable to the name of the ipabackup to remove from your IdM server.
  --- - name: Playbook to remove backup from IPA server hosts: ipaserver become: true vars: ipabackup_name: ipa-full-2021-04-30-13-12-00 roles: - role: freeipa.ansible_freeipa.ipabackup state: absent
Save the file.
For details about variables and example playbooks in the FreeIPA Ansible collection, see the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/README.md file and the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks/ directory on the control node.
Run the Ansible playbook, specifying the inventory file and the playbook file:
```
$ ansible-playbook --vault-password-file=password_file -v -i ~/MyPlaybooks/inventory remove-backup-from-my-server.yml
```
Note
To remove all IdM backups from the IdM server, set the ipabackup_name variable in the Ansible playbook to all:
vars: ipabackup_name: all
For an example, see the remove-all-backups-from-server.yml Ansible playbook in the /usr/share/ansible/collections/ansible_collections/freeipa/ansible_freeipa/playbooks directory.

Este conteúdo não está disponível no idioma selecionado.

Chapter 6. Restoring IdM servers using Ansible playbooks

6.1. Creating an Ansible inventory file for IdM
Copiar o link

6.2. Using Ansible to restore an IdM server from a backup stored on the server
Copiar o link

6.3. Using Ansible to restore an IdM server from a backup stored on your Ansible controller
Copiar o link

6.4. Using Ansible to copy a backup of an IdM server to your Ansible controller
Copiar o link

6.5. Using Ansible to copy a backup of an IdM server from your Ansible controller to the IdM server
Copiar o link

6.6. Using Ansible to remove a backup from an IdM server
Copiar o link

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Tornando o open source mais inclusivo

Sobre a Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

Este conteúdo não está disponível no idioma selecionado.

Chapter 6. Restoring IdM servers using Ansible playbooks

6.1. Creating an Ansible inventory file for IdMCopiar o linkLink copiado para a área de transferência!

6.2. Using Ansible to restore an IdM server from a backup stored on the serverCopiar o linkLink copiado para a área de transferência!

6.3. Using Ansible to restore an IdM server from a backup stored on your Ansible controllerCopiar o linkLink copiado para a área de transferência!

6.4. Using Ansible to copy a backup of an IdM server to your Ansible controllerCopiar o linkLink copiado para a área de transferência!

6.5. Using Ansible to copy a backup of an IdM server from your Ansible controller to the IdM serverCopiar o linkLink copiado para a área de transferência!

6.6. Using Ansible to remove a backup from an IdM serverCopiar o linkLink copiado para a área de transferência!

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Tornando o open source mais inclusivo

Sobre a Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

6.1. Creating an Ansible inventory file for IdM
Copiar o link

6.2. Using Ansible to restore an IdM server from a backup stored on the server
Copiar o link

6.3. Using Ansible to restore an IdM server from a backup stored on your Ansible controller
Copiar o link

6.4. Using Ansible to copy a backup of an IdM server to your Ansible controller
Copiar o link

6.5. Using Ansible to copy a backup of an IdM server from your Ansible controller to the IdM server
Copiar o link

6.6. Using Ansible to remove a backup from an IdM server
Copiar o link