roles/burp-client: Deploy BURP client
The *burp-client* role installs and configures a BURP client. It should support RHEL/CentOS/Fedora and Gentoo. To manage the client password and other server-mandated configuration, the role uses Ansible's delegation feature to generate a configuration file in the "clientconfdir" on the BURP server. An hourly cron task is scheduled that runs `burp -a t` every hour. This allows the server to configure backup timebands and intervals.
This commit is contained in:
54
roles/burp-client/tasks/main.yml
Normal file
54
roles/burp-client/tasks/main.yml
Normal file
@@ -0,0 +1,54 @@
|
||||
- name: load distribution-specific variables
|
||||
include_vars: '{{ item }}'
|
||||
with_first_found:
|
||||
- '{{ ansible_distribution }}.yml'
|
||||
- '{{ ansible_os_family }}.yml'
|
||||
- defaults.yml
|
||||
tags:
|
||||
- always
|
||||
- name: load burp secrets
|
||||
include_vars: '{{ item }}'
|
||||
with_fileglob: vault/burp/{{ ansible_fqdn }}
|
||||
tags:
|
||||
- always
|
||||
|
||||
- name: ensure burp is installed
|
||||
package:
|
||||
name={{ burp_client_packages|join(',') }}
|
||||
state=present
|
||||
tags:
|
||||
- install
|
||||
|
||||
- name: ensure burp server is configured for client
|
||||
template:
|
||||
src=server-clientconf.j2
|
||||
dest=/etc/burp/clientconfdir/{{ ansible_fqdn }}
|
||||
mode=0400
|
||||
delegate_to: '{{ burp_server }}'
|
||||
|
||||
- name: ensure burp pre-backup script is installed
|
||||
copy:
|
||||
src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_pre|basename }}
|
||||
dest={{ burp_backup_script_pre }}
|
||||
mode=0755
|
||||
when: burp_backup_script_pre is defined
|
||||
- name: ensure burp post-backup script is installed
|
||||
copy:
|
||||
src=scripts/{{ inventory_hostname }}/{{ burp_backup_script_post|basename }}
|
||||
dest={{ burp_backup_script_post }}
|
||||
mode=0755
|
||||
when: burp_backup_script_post is defined
|
||||
- name: ensure burp client is configured
|
||||
template:
|
||||
src=burp.conf.j2
|
||||
dest=/etc/burp/burp.conf
|
||||
mode=0600
|
||||
- name: ensure burp client certificate is available
|
||||
command:
|
||||
burp -c /etc/burp/burp.conf -g
|
||||
creates=/etc/burp/ssl_cert-client.pem
|
||||
- name: ensure automatic backup is scheduled
|
||||
copy:
|
||||
src={{ burp_backup_crontab }}
|
||||
dest=/etc/cron.d/burp-backup
|
||||
mode=0644
|
||||
Reference in New Issue
Block a user