Browse Source

Add backup configuration (client and server) and some other updates

master
Nemo 3 years ago
parent
commit
79b4b43e57
  1. 3
      inventory_template/group_vars/backup_server.yml
  2. 8
      playbook_backup_deploy.yml
  3. 4
      playbook_backup_server_deploy.yml
  4. 2
      playbook_general_deploy.yml
  5. 0
      playbook_ldap_deploy.yml
  6. 5
      playbook_munin_deploy.yml
  7. 70
      roles/backup_client/README.md
  8. 33
      roles/backup_client/defaults/main.yml
  9. 11
      roles/backup_client/handlers/main.yml
  10. 26
      roles/backup_client/meta/main.yml
  11. 8
      roles/backup_client/tasks/aliases.yml
  12. 12
      roles/backup_client/tasks/crontask.yml
  13. 18
      roles/backup_client/tasks/main.yml
  14. 13
      roles/backup_client/tasks/package.yml
  15. 10
      roles/backup_client/tasks/script.yml
  16. 30
      roles/backup_client/tasks/server.yml
  17. 6
      roles/backup_client/tasks/user_backup.yml
  18. 21
      roles/backup_client/templates/backup.sh.j2
  19. 4
      roles/backup_client/vars/Debian.yml
  20. 4
      roles/backup_client/vars/Gentoo.yml
  21. 4
      roles/backup_client/vars/RedHat.yml
  22. 1
      roles/backup_server/tasks/aliases.yml
  23. 1
      roles/postfix/tasks/main.yml

3
inventory_template/group_vars/backup_server.yml

@ -6,3 +6,6 @@ public_key_backup_user_host: "{{ vault_public_key_backup_user_host }}"
git_repositories:
- https://git.example.org/user/template-repository.git
- git@git.example.org:user/template-repository.git
# Destination backup folder
backup_folder: "/data"

8
playbook_backup_deploy.yml

@ -0,0 +1,8 @@
---
- hosts: all,!backup_server
roles:
- backup_client
- hosts: backup_server
roles:
- backup_server

4
playbook_backup_server_deploy.yml

@ -1,4 +0,0 @@
---
- hosts: backup_server
roles:
- backup_server

2
playbook_general_deploy.yml

@ -9,6 +9,4 @@
- client_tools
- users_sudo
- client_iptables
- munin-node
- munin-async
- postfix

0
playbook_ldap_server_deploy.yml → playbook_ldap_deploy.yml

5
playbook_munin_server_deploy.yml → playbook_munin_deploy.yml

@ -1,4 +1,9 @@
---
- hosts: all
roles:
- munin-node
- munin-async
- hosts: munin_server
roles:
- geerlingguy.munin

70
roles/backup_client/README.md

@ -0,0 +1,70 @@
Ansible Role: backup_client
=========
This role set up a GNU/Linux backup client.
Requirements
------------
You need a valid postfix configuration on your host (to send email reports).
Role Variables
--------------
All variables and default values are defined in `defaults/main.yml` :
# Name of the cron service and cron package (depends on your OS, can be cron, cronie, crond...)
cron_client_service_name: cron
cron_client_package: cron
# Name of the Borkbackup package
borgbackup_package: borgbackup
# Backup client folders to backup (separated with a space)
backup_client_folders_to_backup: ""
# Folder to deploy backup client scripts
backup_scripts_folder: "/usr/local/sbin"
# Backup client user and home directory
backup_client_user: "root"
backup_client_user_home: "/root"
# Crontask backup client scheduling
backup_client_cron_weekday: "*"
backup_client_cron_hour: "1"
backup_client_cron_minute: "30"
# Alias config file
aliases_config_file: "/etc/aliases"
# User or email to send client backup scripts report
backup_client_mail_target: "root"
# Compression parameters
backup_client_compression_param: "lzma,9"
**NOTE :** this role will only configure backup client on host if `backup_client_folders_to_backup` is not empty.
Dependencies
------------
None.
Example Playbook
----------------
- hosts: all
roles:
- backup_client
License
-------
BSD
Author Information
------------------
This role was created in 2020 by Nemo.

33
roles/backup_client/defaults/main.yml

@ -0,0 +1,33 @@
---
# defaults file for backup_client
# Name of the Cron service and cron package (depends on your OS, can be cron, cronie, crond...)
cron_client_service_name: cron
cron_client_package: cron
# Name of the Borkbackup package
borgbackup_package: borgbackup
# Backup client folders to backup (separated with a space)
backup_client_folders_to_backup: ""
# Folder to deploy backup client scripts
backup_client_scripts_folder: "/usr/local/sbin"
# Backup client user and home directory
backup_client_user: "root"
backup_client_user_home: "/root"
# Crontask backup client scheduling
backup_client_cron_weekday: "*"
backup_client_cron_hour: "1"
backup_client_cron_minute: "30"
# Alias config file
aliases_config_file: "/etc/aliases"
# User or email to send client backup scripts report
backup_client_mail_target: "root"
# Compression parameters
backup_client_compression_param: "lzma,9"

11
roles/backup_client/handlers/main.yml

@ -0,0 +1,11 @@
---
# handlers file for backup_client
- name: "restart cron"
service:
name: "{{ cron_service_name }}"
enabled: yes
state: restarted
- name: update aliases
command: postalias {{ aliases_config_file }}

26
roles/backup_client/meta/main.yml

@ -0,0 +1,26 @@
galaxy_info:
author: nemo
description: Set up backup client for GNU/Linux.
company: Wirebrass
license: license (BSD)
min_ansible_version: 2.4
platforms:
- name: Debian
versions:
- stretch
- buster
- name: Gentoo
versions:
- all
galaxy_tags:
- backup
- borgbackup
- system
- server
- auto
dependencies: []

8
roles/backup_client/tasks/aliases.yml

@ -0,0 +1,8 @@
---
- name: Update mail aliases.
lineinfile:
dest: "{{ aliases_config_file }}"
line: "{{ backup_client_user }}: {{ backup_client_mail_target }}"
regexp: "^{{ backup_client_user }}:"
when: backup_client_mail_target != backup_client_user and backup_client_folders_to_backup != ""
notify: update aliases

12
roles/backup_client/tasks/crontask.yml

@ -0,0 +1,12 @@
---
- name: Backup client crontask configured
cron:
name: "Backup client"
user: "{{ backup_client_user }}"
weekday: "{{ backup_client_cron_weekday }}"
hour: "{{ backup_client_cron_hour }}"
minute: "{{ backup_client_cron_minute }}"
job: "{{ backup_client_scripts_folder }}/backup.sh"
when: backup_client_folders_to_backup != ""
notify: restart cron

18
roles/backup_client/tasks/main.yml

@ -0,0 +1,18 @@
---
# Main tasks file for backup_server
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- import_tasks: user_backup.yml
when: backup_client_folders_to_backup != ""
- import_tasks: package.yml
when: backup_client_folders_to_backup != ""
- import_tasks: script.yml
when: backup_client_folders_to_backup != ""
- import_tasks: crontask.yml
when: backup_client_folders_to_backup != ""
- import_tasks: aliases.yml
when: backup_client_folders_to_backup != ""
- import_tasks: server.yml
when: "'backup_server' not in group_names and backup_client_folders_to_backup != \"\""

13
roles/backup_client/tasks/package.yml

@ -0,0 +1,13 @@
---
- name: Cron installed
package:
name: "{{ cron_package }}"
state: present
when: backup_client_folders_to_backup != ""
notify: restart cron
- name: BorgBackup installed
package:
name: "{{ borgbackup_package }}"
state: present
when: backup_client_folders_to_backup != ""

10
roles/backup_client/tasks/script.yml

@ -0,0 +1,10 @@
---
- name: Deploy client backup script
template:
src: backup.sh.j2
dest: "{{ backup_client_scripts_folder }}/backup.sh"
owner: "{{ backup_client_user }}"
group: "{{ backup_client_user }}"
mode: '0740'
when: backup_client_folders_to_backup != ""

30
roles/backup_client/tasks/server.yml

@ -0,0 +1,30 @@
---
- name: "Read backup SSH pubkey and register"
slurp:
src: "{{ backup_client_user_home }}/.ssh/id_rsa.pub"
register: ssh_backup_pubkey
- name: "Backup user created on backup server"
user:
name: "backup-{{ inventory_hostname_short }}"
create_home: yes
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"
- name: "Backup directory created on backup server"
file:
path: "{{ hostvars[item]['backup_folder'] }}/{{ inventory_hostname_short }}"
owner: "backup-{{ inventory_hostname_short }}"
group: "backup-{{ inventory_hostname_short }}"
mode: "0700"
state: directory
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"
- name: "Authorized key defined for backup user on backup server"
authorized_key:
user: "backup-{{ inventory_hostname_short }}"
state: present
key: "{{ ssh_backup_pubkey['content'] | b64decode }}"
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"

6
roles/backup_client/tasks/user_backup.yml

@ -0,0 +1,6 @@
---
- name: "Client backup user created"
user:
name: "{{ backup_client_user }}"
generate_ssh_key: yes
when: backup_client_folders_to_backup != ""

21
roles/backup_client/templates/backup.sh.j2

@ -0,0 +1,21 @@
#!/bin/bash
{% for backup_serv in groups['backup_server'] %}
# Check if {{ backup_serv }} is a known host
grep {{ backup_serv }} ~/.ssh/known_hosts &> /dev/null
if [ ! $? -eq 0 ]; then
ssh-keygen -F {{ backup_serv }} || ssh-keyscan {{ backup_serv }} >>~/.ssh/known_hosts
fi
borg list backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) &>/dev/null
if [ $? -ne 0 ]
then
ssh backup-$(hostname -s)@{{ backup_serv }} mkdir -p {{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) -m 0700
export BORG_PASSPHRASE=""
borg init --encryption=repokey backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)
fi
borg prune -v backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1
borg create --info --stats --compression {{ backup_client_compression_param }} backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)::$(date +%F) $(find {{ backup_client_folders_to_backup }} -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/run|^/proc|^/dev|^/sys' | tr '\n' ' ')
{% endfor %}

4
roles/backup_client/vars/Debian.yml

@ -0,0 +1,4 @@
---
cron_service_name: cron
cron_package: cron
aliases_config_file: /etc/aliases

4
roles/backup_client/vars/Gentoo.yml

@ -0,0 +1,4 @@
---
cron_service_name: cronie
cron_package: cronie
aliases_config_file: /etc/mail/aliases

4
roles/backup_client/vars/RedHat.yml

@ -0,0 +1,4 @@
---
cron_service_name: crond
cron_package: cronie
aliases_config_file: /etc/aliases

1
roles/backup_server/tasks/aliases.yml

@ -4,4 +4,5 @@
dest: "{{ aliases_config_file }}"
line: "{{ backup_user_git }}: {{ backup_git_mail_target }}"
regexp: "^{{ backup_user_git }}:"
when: backup_user_git != backup_git_mail_target
notify: update aliases

1
roles/postfix/tasks/main.yml

@ -12,6 +12,7 @@
dest: "{{ aliases_config_file }}"
line: "root: {{ alias_email }}"
regexp: "^root:"
when: alias_email != "root"
notify: update aliases
- name: Update Postfix configuration.

Loading…
Cancel
Save