Merge pull request #5115 from zenmonkeykstop/5107-restore-skip-tor

added --preserve-tor-config flag to securedrop-admin restore
freedomofpress · Feb 10, 2020 · 904cfe0 · 904cfe0
2 parents 0d96a52 + cfcd405
commit 904cfe0
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 1 deletion.
diff --git a/admin/securedrop_admin/__init__.py b/admin/securedrop_admin/__init__.py
@@ -698,12 +698,25 @@ def restore_securedrop(args):
     # Would like readable output if there's a problem
     os.environ["ANSIBLE_STDOUT_CALLBACK"] = "debug"
 
-    ansible_cmd = [
+    ansible_cmd_full_restore = [
         'ansible-playbook',
         os.path.join(args.ansible_path, 'securedrop-restore.yml'),
         '-e',
         "restore_file='{}'".format(restore_file_basename),
     ]
+
+    ansible_cmd_skip_tor = [
+        'ansible-playbook',
+        os.path.join(args.ansible_path, 'securedrop-restore.yml'),
+        '-e',
+        "restore_file='{}' restore_skip_tor='True'".format(restore_file_basename),
+    ]
+
+    if args.restore_skip_tor:
+        ansible_cmd = ansible_cmd_skip_tor
+    else:
+        ansible_cmd = ansible_cmd_full_restore
+
     return subprocess.check_call(ansible_cmd, cwd=args.ansible_path)
 
 
@@ -935,6 +948,10 @@ class ArgParseFormatterCombo(argparse.ArgumentDefaultsHelpFormatter,
                                           help=restore_securedrop.__doc__)
     parse_restore.set_defaults(func=restore_securedrop)
     parse_restore.add_argument("restore_file")
+    parse_restore.add_argument("--preserve-tor-config", default=False,
+                               action='store_true',
+                               dest='restore_skip_tor',
+                               help="Preserve the server's current Tor config")
 
     parse_update = subparsers.add_parser('update', help=update.__doc__)
     parse_update.set_defaults(func=update)

diff --git a/admin/tox.ini b/admin/tox.ini
@@ -1,6 +1,9 @@
 [tox]
 envlist = pylint,flake8,py3
 
+[flake8]
+max-line-length = 100
+
 [testenv]
 usedevelop = true
 deps =

diff --git a/install_files/ansible-base/roles/restore/tasks/main.yml b/install_files/ansible-base/roles/restore/tasks/main.yml
@@ -52,6 +52,15 @@
     dest: /
     remote_src: yes
     src: "/tmp/{{ restore_file}}"
+  when: restore_skip_tor is not defined
+
+- name: Extract backup, skipping tor service configuration
+  unarchive:
+    dest: /
+    remote_src: yes
+    src: "/tmp/{{ restore_file}}"
+    exclude: "var/lib/tor,etc/tor/torrc"
+  when: restore_skip_tor is defined
 
 - name: Reconfigure securedrop-app-code
   command: dpkg-reconfigure securedrop-app-code