From 3052ff493526fd11ce90a5a2c553893b5c51683a Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Thu, 11 Mar 2021 13:48:15 +1100 Subject: [PATCH] kerberos-kdc: add database backups Add a script to save a db dump to borg backups. Add the primary KDC to our backup list. Change-Id: I32f4ebc1bb4c1952034aba43c75e4d2f85a1b6d3 --- doc/source/kerberos.rst | 3 +-- inventory/service/groups.yaml | 1 + playbooks/roles/kerberos-kdc/tasks/primary.yaml | 13 +++++++++++++ 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/doc/source/kerberos.rst b/doc/source/kerberos.rst index d98c731539..3eab5b2158 100644 --- a/doc/source/kerberos.rst +++ b/doc/source/kerberos.rst @@ -59,8 +59,7 @@ The general process is: (primary-side push) and ``kpropod`` (replica-side listen). In a disaster recovery situation, we can provision a fresh realm and -recover principals from dump files (XXX: 2020-03-11 ianw -- dump file -backup to come). +recover principals from backup dumps. .. _addprinc: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index ad488d142b..86d2a37bf2 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -24,6 +24,7 @@ groups: - review-dev[0-9]*.open*.org - zuul[0-9]*.open*.org - refstack01.openstack.org + - kdc03.openstack.org # All these servers are "special-cased" in specifically # as they are puppet and should be replaced "soon" - ethercalc02.openstack.org diff --git a/playbooks/roles/kerberos-kdc/tasks/primary.yaml b/playbooks/roles/kerberos-kdc/tasks/primary.yaml index 199f50890e..b72e6d01de 100644 --- a/playbooks/roles/kerberos-kdc/tasks/primary.yaml +++ b/playbooks/roles/kerberos-kdc/tasks/primary.yaml @@ -92,3 +92,16 @@ state: started enabled: yes name: krb5-kdc + +- name: Setup db backup streaming job + block: + - name: Create backup streaming config dir + file: + path: /etc/borg-streams + state: directory + + - name: Create db streaming file + copy: + content: >- + /usr/sbin/kdb5_util dump + dest: /etc/borg-streams/kdb5