-
Notifications
You must be signed in to change notification settings - Fork 1
/
amanda_client_restore.yml
196 lines (173 loc) · 7.41 KB
/
amanda_client_restore.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
---
# D Simpson 2021,2023 ds-04
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
# We import defaults from the server role
- hosts: amanda_server, amanda_client_restore
gather_facts: 'no'
tasks:
- name: include roles/amanda_server/defaults
ansible.builtin.include_vars:
file: roles/amanda_server/defaults/main.yml
name: amanda_include_vars
- hosts: amanda_server, amanda_client_restore
tasks:
- name: Set fact for Debian user/home/group
ansible.builtin.set_fact:
server_user_var: "{{ amanda_include_vars.debian_user }}"
server_user_home: "{{ amanda_include_vars.debian_user_home }}"
server_group: "{{ amanda_include_vars.debian_group }}"
when: ansible_os_family == "Debian"
- name: Set fact for RedHat/Centos user/home/group
ansible.builtin.set_fact:
server_user_var: "{{ amanda_include_vars.redhat_user }}"
server_user_home: "{{ amanda_include_vars.redhat_user_home }}"
server_group: "{{ amanda_include_vars.redhat_group }}"
when: ansible_os_family == "RedHat"
- hosts: amanda_server
tasks:
- name: Set fact for amanda_server known_hosts_key_type, std_ssh_key_opts, amandad_search_paths #only needed for server as connection to server
ansible.builtin.set_fact:
local_known_hosts_key_type: "{{ amanda_include_vars.known_hosts_key_type }}" # these settings are not OS dependent, for clarity made local here
local_amandad_search_paths: "{{ amanda_include_vars.amandad_search_paths }}"
- name: Find amandad binary (from known supplied paths)
ansible.builtin.stat:
path: "{{ item }}"
register: findres
loop: "{{ local_amandad_search_paths }}" #comes from above
- name: Assign the dicovered amandad_path var
ansible.builtin.set_fact:
amandad_path: "{{ item.item }}"
loop: "{{ findres.results }}"
when: item.stat.exists
# kept for debug
#- name: show results
# ansible.builtin.debug:
# msg: "{{ amandad_path }}"
# Assigned in this way for clarity more than anything else... (rather than direct)
- hosts: amanda_client_restore
tasks:
- name: assign various server vars from defaults for client restore
ansible.builtin.set_fact:
local_server_ip: "{{ ansible_default_ipv4.address }}"
local_update_server_known_hosts: "{{ amanda_include_vars.update_client_restore_known_hosts }}"
local_client_restore_ssh_keypair: "{{ amanda_include_vars.client_restore_ssh_keypair }}"
local_ssh_key_algo: "{{ amanda_include_vars.ssh_key_algo }}"
local_std_ssh_key_opts: "{{ amanda_include_vars.std_ssh_key_opts }}" #this is a global, but attach it amanda_client_restore
# If vagrant test setup override
- name: Vagrant - override the local_server_ip for amanda_server
ansible.builtin.set_fact:
local_server_ip: "{{ ansible_all_ipv4_addresses|regex_search('192.168.[0-9]*.[0-9]*')|default(ansible_default_ipv4.address) }}"
when: vagrant_hostname is defined and vagrant_hostname|bool
- name: Create /root/.ssh on client restore system
ansible.builtin.file:
state: directory
owner: root
group: root
mode: '0700'
path: "/root/.ssh"
become: 'True'
- name: Generate ssh keys on client system "{{ local_client_restore_ssh_keypair }}"
ansible.builtin.openssh_keypair:
force: 'no'
type: "{{ local_ssh_key_algo }}"
owner: root
group: root
path: "/root/.ssh/{{ local_client_restore_ssh_keypair }}"
become: 'True'
#Get the client's public key
- hosts: amanda_client_restore
gather_facts: 'no'
tasks:
- name: Get ssh keys on client restore systems
ansible.builtin.slurp:
src: "/root/.ssh/{{ local_client_restore_ssh_keypair }}.pub"
register: amanda_client_restore_pub
become: 'True'
# kept for debug
#- hosts: amanda_client_restore
# tasks:
# - name: debug
# ansible.builtin.debug:
# msg: "{{ local_ssh_key_opts }}"
# Delegate and apply amanda_client_restore public key to the server
- hosts: amanda_client_restore
gather_facts: 'no'
tasks:
- name: add client public key to the server from client restore systems
ansible.builtin.authorized_key:
user: "{{ hostvars[item]['server_user_var'] }}"
key: "{{ amanda_client_restore_pub.content | b64decode }}"
key_options: "from=\"{{ local_server_ip }}\",{{ local_std_ssh_key_opts }},command=\"{{ hostvars[item]['amandad_path'] }} -auth=ssh amindexd amidxtaped\"" #N.B. these are the key options relating to the amanda backup server
delegate_to: "{{ item }}"
loop: "{{ groups['amanda_server'] }}"
become: 'True'
- hosts: amanda_server
gather_facts: 'no'
tasks:
- name: "slurp the ssh_host_{{ local_known_hosts_key_type }}_key.pub"
ansible.builtin.slurp:
src: "/etc/ssh/ssh_host_{{ local_known_hosts_key_type }}_key.pub"
register: client_restore_host_pub
become: 'True'
- hosts: amanda_server
gather_facts: 'no'
tasks:
- name: Split and assign the content of "ssh_host_{{ local_known_hosts_key_type }}_key.pub"
ansible.builtin.set_fact:
client_restore_host_pub2: "{{ (client_restore_host_pub.content|b64decode).split() }}"
- hosts: amanda_server
gather_facts: 'no'
tasks:
- name: debug - print the client target restore host pub keys
ansible.builtin.debug:
msg: "{{ client_restore_host_pub2 }}" # this is a list and we don't want the 3rd item to be used
- hosts: amanda_client_restore
gather_facts: 'no'
tasks:
- name: touch /root/.ssh/known_hosts
ansible.builtin.file:
state: touch
path: "/root/.ssh/known_hosts" # amrecover uses root
modification_time: preserve
access_time: preserve
owner: root
group: root
mode: '0644'
become: 'True'
when: local_update_server_known_hosts|bool
- hosts: amanda_client_restore
gather_facts: 'no'
tasks:
- name: Update root's ssh known_hosts file on client restore hosts (i)
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts" # amrecover uses root
name: "{{ item }}"
key: "{{ item }} {{ hostvars[item].client_restore_host_pub2[0] }} {{ hostvars[item].client_restore_host_pub2[1] }}" # dns name line
state: present
hash_host: 'yes'
loop: "{{ groups['amanda_server'] }}"
become: 'True'
when: local_update_server_known_hosts|bool
- name: Update root's ssh known_hosts file on client restore hosts (ii)
ansible.builtin.known_hosts:
path: "/root/.ssh/known_hosts" # amrecover uses root
name: "{{ hostvars[item].ansible_default_ipv4.address }}"
key: "{{ hostvars[item].ansible_default_ipv4.address }} {{ hostvars[item].client_restore_host_pub2[0] }} {{ hostvars[item].client_restore_host_pub2[1] }}" # ip line
state: present
hash_host: 'yes'
loop: "{{ groups['amanda_server'] }}"
become: 'True'
when: local_update_server_known_hosts|bool
...