add daily ldap database dumps to ldap master

roles/ldap/server/files/ldap-backup.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+umask 027
+
+PATH="/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin"
+
+if [ "$(whoami)" != "ldap" ]; then
+    echo "ERR: Script needs to be run as ldap user" 1>&2
+    exit 1
+fi
+
+BACKUPDIR="/srv/backup"
+BACKUPAGE="7"
+
+DATE="$(date '+%Y-%m-%d')"
+
+ldapsearch -LLL -x -H ldapi:// -s base -b 'cn=Databases,cn=Monitor' \
+    '(objectClass=*)' namingContexts | \
+    sed -n 's/^namingContexts: \(.*\)/\1/p' | while read db ; do
+        [ "${db}" = "cn=config" ] && continue
+        slapcat -f /etc/openldap/slapd.conf -b "${db}" 2> /dev/null | gzip > \
+            "${BACKUPDIR}/${db}.${DATE}.gz"
+        if [ $? -ne 0 ]; then
+            echo "ERR: Failed to backup database ${db}" 1>&2
+            continue
+        fi
+done
+
+cd ${BACKUPDIR} && {
+    find . -xdev -depth -mindepth 1 -maxdepth 1 -type f -mtime +${BACKUPAGE} \
+        -name '*.gz' -execdir rm -f -- {} \;
+}

roles/ldap/server/tasks/main.yml

@@ -28,6 +28,38 @@
     follow: false
   when: ldap_datadir != "/srv/ldap"
 
+- block:
+  - name: create backup directory
+    file:
+      path: /export/backup
+      state: directory
+      mode: 0750
+      owner: ldap
+      group: ldap
+  - name: link backup directory
+    file:
+      path: /srv/backup
+      src: /export/backup
+      state: link
+      owner: root
+      group: "{{ ansible_wheel }}"
+      follow: false
+  - name: copy backup script
+    copy:
+      dest: /usr/local/sbin/ldap-backup
+      src: ldap-backup.sh
+      mode: 0755
+      owner: root
+      group: "{{ ansible_wheel }}"
+  - name: create backup cron job
+    cron:
+      name: ldap-backup
+      job: /usr/local/sbin/ldap-backup
+      hour: 0
+      minute: 10
+      user: ldap
+  when: ldap_master is defined
+
 - name: remove nss cert databases
   file:
     path: "/etc/openldap/certs/{{ item }}"