ldap-server: Run backups as root and share them via sftp
This commit is contained in:
parent
a90b1f814f
commit
6492a7de03
2 changed files with 15 additions and 8 deletions
|
|
@ -4,8 +4,8 @@ umask 027
|
|||
|
||||
PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
|
||||
|
||||
if [ "$(whoami)" != "ldap" ]; then
|
||||
echo "ERR: Script needs to be run as ldap user" 1>&2
|
||||
if [ "$(whoami)" != "root" ]; then
|
||||
echo "ERR: Script needs to be run as root user" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -18,12 +18,12 @@ ldapsearch -LLL -x -H ldapi:// -s base -b 'cn=Databases,cn=Monitor' \
|
|||
'(objectClass=*)' namingContexts | \
|
||||
sed -n 's/^namingContexts: \(.*\)/\1/p' | while read db ; do
|
||||
[ "${db}" = "cn=config" ] && continue
|
||||
slapcat -f /etc/openldap/slapd.conf -b "${db}" 2> /dev/null | gzip > \
|
||||
"${BACKUPDIR}/${db}.${DATE}.gz"
|
||||
if [ $? -ne 0 ]; then
|
||||
if ! slapcat -f /etc/openldap/slapd.conf -b "${db}" 2> /dev/null | \
|
||||
gzip > "${BACKUPDIR}/${db}.${DATE}.gz" ; then
|
||||
echo "ERR: Failed to backup database ${db}" 1>&2
|
||||
continue
|
||||
fi
|
||||
chgrp backup "${BACKUPDIR}/${db}.${DATE}.gz"
|
||||
done
|
||||
|
||||
cd ${BACKUPDIR} && {
|
||||
|
|
|
|||
|
|
@ -31,13 +31,20 @@
|
|||
follow: false
|
||||
when: ldap_datadir != "/srv/ldap"
|
||||
|
||||
- import_role:
|
||||
name: sftpuser
|
||||
vars:
|
||||
chroot: /export/backup
|
||||
user: backup
|
||||
publickeys: "{{ backup_publickeys }}"
|
||||
|
||||
- name: create backup directory
|
||||
file:
|
||||
path: /export/backup
|
||||
state: directory
|
||||
mode: 0750
|
||||
owner: ldap
|
||||
group: ldap
|
||||
owner: root
|
||||
group: backup
|
||||
- name: link backup directory
|
||||
file:
|
||||
path: /srv/backup
|
||||
|
|
@ -59,7 +66,7 @@
|
|||
job: /usr/local/sbin/ldap-backup
|
||||
hour: "0"
|
||||
minute: "10"
|
||||
user: ldap
|
||||
user: root
|
||||
|
||||
- name: copy spn helper script
|
||||
copy:
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue