Add backup configuration (client and server) and some other updates

This commit is contained in:
Nemo 2020-07-25 15:06:58 +02:00
parent eb82a501f3
commit 79b4b43e57
23 changed files with 288 additions and 6 deletions

View file

@ -6,3 +6,6 @@ public_key_backup_user_host: "{{ vault_public_key_backup_user_host }}"
git_repositories: git_repositories:
- https://git.example.org/user/template-repository.git - https://git.example.org/user/template-repository.git
- git@git.example.org:user/template-repository.git - git@git.example.org:user/template-repository.git
# Destination backup folder
backup_folder: "/data"

View file

@ -0,0 +1,8 @@
---
- hosts: all,!backup_server
roles:
- backup_client
- hosts: backup_server
roles:
- backup_server

View file

@ -1,4 +0,0 @@
---
- hosts: backup_server
roles:
- backup_server

View file

@ -9,6 +9,4 @@
- client_tools - client_tools
- users_sudo - users_sudo
- client_iptables - client_iptables
- munin-node
- munin-async
- postfix - postfix

View file

@ -1,4 +1,9 @@
--- ---
- hosts: all
roles:
- munin-node
- munin-async
- hosts: munin_server - hosts: munin_server
roles: roles:
- geerlingguy.munin - geerlingguy.munin

View file

@ -0,0 +1,70 @@
Ansible Role: backup_client
=========
This role set up a GNU/Linux backup client.
Requirements
------------
You need a valid postfix configuration on your host (to send email reports).
Role Variables
--------------
All variables and default values are defined in `defaults/main.yml` :
# Name of the cron service and cron package (depends on your OS, can be cron, cronie, crond...)
cron_client_service_name: cron
cron_client_package: cron
# Name of the Borkbackup package
borgbackup_package: borgbackup
# Backup client folders to backup (separated with a space)
backup_client_folders_to_backup: ""
# Folder to deploy backup client scripts
backup_scripts_folder: "/usr/local/sbin"
# Backup client user and home directory
backup_client_user: "root"
backup_client_user_home: "/root"
# Crontask backup client scheduling
backup_client_cron_weekday: "*"
backup_client_cron_hour: "1"
backup_client_cron_minute: "30"
# Alias config file
aliases_config_file: "/etc/aliases"
# User or email to send client backup scripts report
backup_client_mail_target: "root"
# Compression parameters
backup_client_compression_param: "lzma,9"
**NOTE :** this role will only configure backup client on host if `backup_client_folders_to_backup` is not empty.
Dependencies
------------
None.
Example Playbook
----------------
- hosts: all
roles:
- backup_client
License
-------
BSD
Author Information
------------------
This role was created in 2020 by Nemo.

View file

@ -0,0 +1,33 @@
---
# defaults file for backup_client
# Name of the Cron service and cron package (depends on your OS, can be cron, cronie, crond...)
cron_client_service_name: cron
cron_client_package: cron
# Name of the Borkbackup package
borgbackup_package: borgbackup
# Backup client folders to backup (separated with a space)
backup_client_folders_to_backup: ""
# Folder to deploy backup client scripts
backup_client_scripts_folder: "/usr/local/sbin"
# Backup client user and home directory
backup_client_user: "root"
backup_client_user_home: "/root"
# Crontask backup client scheduling
backup_client_cron_weekday: "*"
backup_client_cron_hour: "1"
backup_client_cron_minute: "30"
# Alias config file
aliases_config_file: "/etc/aliases"
# User or email to send client backup scripts report
backup_client_mail_target: "root"
# Compression parameters
backup_client_compression_param: "lzma,9"

View file

@ -0,0 +1,11 @@
---
# handlers file for backup_client
- name: "restart cron"
service:
name: "{{ cron_service_name }}"
enabled: yes
state: restarted
- name: update aliases
command: postalias {{ aliases_config_file }}

View file

@ -0,0 +1,26 @@
galaxy_info:
author: nemo
description: Set up backup client for GNU/Linux.
company: Wirebrass
license: license (BSD)
min_ansible_version: 2.4
platforms:
- name: Debian
versions:
- stretch
- buster
- name: Gentoo
versions:
- all
galaxy_tags:
- backup
- borgbackup
- system
- server
- auto
dependencies: []

View file

@ -0,0 +1,8 @@
---
- name: Update mail aliases.
lineinfile:
dest: "{{ aliases_config_file }}"
line: "{{ backup_client_user }}: {{ backup_client_mail_target }}"
regexp: "^{{ backup_client_user }}:"
when: backup_client_mail_target != backup_client_user and backup_client_folders_to_backup != ""
notify: update aliases

View file

@ -0,0 +1,12 @@
---
- name: Backup client crontask configured
cron:
name: "Backup client"
user: "{{ backup_client_user }}"
weekday: "{{ backup_client_cron_weekday }}"
hour: "{{ backup_client_cron_hour }}"
minute: "{{ backup_client_cron_minute }}"
job: "{{ backup_client_scripts_folder }}/backup.sh"
when: backup_client_folders_to_backup != ""
notify: restart cron

View file

@ -0,0 +1,18 @@
---
# Main tasks file for backup_server
- name: Include OS-specific variables.
include_vars: "{{ ansible_os_family }}.yml"
- import_tasks: user_backup.yml
when: backup_client_folders_to_backup != ""
- import_tasks: package.yml
when: backup_client_folders_to_backup != ""
- import_tasks: script.yml
when: backup_client_folders_to_backup != ""
- import_tasks: crontask.yml
when: backup_client_folders_to_backup != ""
- import_tasks: aliases.yml
when: backup_client_folders_to_backup != ""
- import_tasks: server.yml
when: "'backup_server' not in group_names and backup_client_folders_to_backup != \"\""

View file

@ -0,0 +1,13 @@
---
- name: Cron installed
package:
name: "{{ cron_package }}"
state: present
when: backup_client_folders_to_backup != ""
notify: restart cron
- name: BorgBackup installed
package:
name: "{{ borgbackup_package }}"
state: present
when: backup_client_folders_to_backup != ""

View file

@ -0,0 +1,10 @@
---
- name: Deploy client backup script
template:
src: backup.sh.j2
dest: "{{ backup_client_scripts_folder }}/backup.sh"
owner: "{{ backup_client_user }}"
group: "{{ backup_client_user }}"
mode: '0740'
when: backup_client_folders_to_backup != ""

View file

@ -0,0 +1,30 @@
---
- name: "Read backup SSH pubkey and register"
slurp:
src: "{{ backup_client_user_home }}/.ssh/id_rsa.pub"
register: ssh_backup_pubkey
- name: "Backup user created on backup server"
user:
name: "backup-{{ inventory_hostname_short }}"
create_home: yes
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"
- name: "Backup directory created on backup server"
file:
path: "{{ hostvars[item]['backup_folder'] }}/{{ inventory_hostname_short }}"
owner: "backup-{{ inventory_hostname_short }}"
group: "backup-{{ inventory_hostname_short }}"
mode: "0700"
state: directory
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"
- name: "Authorized key defined for backup user on backup server"
authorized_key:
user: "backup-{{ inventory_hostname_short }}"
state: present
key: "{{ ssh_backup_pubkey['content'] | b64decode }}"
delegate_to: "{{ item }}"
loop: "{{ groups['backup_server'] }}"

View file

@ -0,0 +1,6 @@
---
- name: "Client backup user created"
user:
name: "{{ backup_client_user }}"
generate_ssh_key: yes
when: backup_client_folders_to_backup != ""

View file

@ -0,0 +1,21 @@
#!/bin/bash
{% for backup_serv in groups['backup_server'] %}
# Check if {{ backup_serv }} is a known host
grep {{ backup_serv }} ~/.ssh/known_hosts &> /dev/null
if [ ! $? -eq 0 ]; then
ssh-keygen -F {{ backup_serv }} || ssh-keyscan {{ backup_serv }} >>~/.ssh/known_hosts
fi
borg list backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) &>/dev/null
if [ $? -ne 0 ]
then
ssh backup-$(hostname -s)@{{ backup_serv }} mkdir -p {{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) -m 0700
export BORG_PASSPHRASE=""
borg init --encryption=repokey backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)
fi
borg prune -v backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1
borg create --info --stats --compression {{ backup_client_compression_param }} backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)::$(date +%F) $(find {{ backup_client_folders_to_backup }} -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/run|^/proc|^/dev|^/sys' | tr '\n' ' ')
{% endfor %}

View file

@ -0,0 +1,4 @@
---
cron_service_name: cron
cron_package: cron
aliases_config_file: /etc/aliases

View file

@ -0,0 +1,4 @@
---
cron_service_name: cronie
cron_package: cronie
aliases_config_file: /etc/mail/aliases

View file

@ -0,0 +1,4 @@
---
cron_service_name: crond
cron_package: cronie
aliases_config_file: /etc/aliases

View file

@ -4,4 +4,5 @@
dest: "{{ aliases_config_file }}" dest: "{{ aliases_config_file }}"
line: "{{ backup_user_git }}: {{ backup_git_mail_target }}" line: "{{ backup_user_git }}: {{ backup_git_mail_target }}"
regexp: "^{{ backup_user_git }}:" regexp: "^{{ backup_user_git }}:"
when: backup_user_git != backup_git_mail_target
notify: update aliases notify: update aliases

View file

@ -12,6 +12,7 @@
dest: "{{ aliases_config_file }}" dest: "{{ aliases_config_file }}"
line: "root: {{ alias_email }}" line: "root: {{ alias_email }}"
regexp: "^root:" regexp: "^root:"
when: alias_email != "root"
notify: update aliases notify: update aliases
- name: Update Postfix configuration. - name: Update Postfix configuration.