Add backup configuration (client and server) and some other updates
This commit is contained in:
parent
eb82a501f3
commit
79b4b43e57
|
@ -6,3 +6,6 @@ public_key_backup_user_host: "{{ vault_public_key_backup_user_host }}"
|
||||||
git_repositories:
|
git_repositories:
|
||||||
- https://git.example.org/user/template-repository.git
|
- https://git.example.org/user/template-repository.git
|
||||||
- git@git.example.org:user/template-repository.git
|
- git@git.example.org:user/template-repository.git
|
||||||
|
|
||||||
|
# Destination backup folder
|
||||||
|
backup_folder: "/data"
|
||||||
|
|
8
playbook_backup_deploy.yml
Normal file
8
playbook_backup_deploy.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- hosts: all,!backup_server
|
||||||
|
roles:
|
||||||
|
- backup_client
|
||||||
|
|
||||||
|
- hosts: backup_server
|
||||||
|
roles:
|
||||||
|
- backup_server
|
|
@ -1,4 +0,0 @@
|
||||||
---
|
|
||||||
- hosts: backup_server
|
|
||||||
roles:
|
|
||||||
- backup_server
|
|
|
@ -9,6 +9,4 @@
|
||||||
- client_tools
|
- client_tools
|
||||||
- users_sudo
|
- users_sudo
|
||||||
- client_iptables
|
- client_iptables
|
||||||
- munin-node
|
|
||||||
- munin-async
|
|
||||||
- postfix
|
- postfix
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
---
|
---
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- munin-node
|
||||||
|
- munin-async
|
||||||
|
|
||||||
- hosts: munin_server
|
- hosts: munin_server
|
||||||
roles:
|
roles:
|
||||||
- geerlingguy.munin
|
- geerlingguy.munin
|
70
roles/backup_client/README.md
Normal file
70
roles/backup_client/README.md
Normal file
|
@ -0,0 +1,70 @@
|
||||||
|
Ansible Role: backup_client
|
||||||
|
=========
|
||||||
|
|
||||||
|
This role set up a GNU/Linux backup client.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
You need a valid postfix configuration on your host (to send email reports).
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
All variables and default values are defined in `defaults/main.yml` :
|
||||||
|
|
||||||
|
# Name of the cron service and cron package (depends on your OS, can be cron, cronie, crond...)
|
||||||
|
cron_client_service_name: cron
|
||||||
|
cron_client_package: cron
|
||||||
|
|
||||||
|
# Name of the Borkbackup package
|
||||||
|
borgbackup_package: borgbackup
|
||||||
|
|
||||||
|
# Backup client folders to backup (separated with a space)
|
||||||
|
backup_client_folders_to_backup: ""
|
||||||
|
|
||||||
|
# Folder to deploy backup client scripts
|
||||||
|
backup_scripts_folder: "/usr/local/sbin"
|
||||||
|
|
||||||
|
# Backup client user and home directory
|
||||||
|
backup_client_user: "root"
|
||||||
|
backup_client_user_home: "/root"
|
||||||
|
|
||||||
|
# Crontask backup client scheduling
|
||||||
|
backup_client_cron_weekday: "*"
|
||||||
|
backup_client_cron_hour: "1"
|
||||||
|
backup_client_cron_minute: "30"
|
||||||
|
|
||||||
|
# Alias config file
|
||||||
|
aliases_config_file: "/etc/aliases"
|
||||||
|
|
||||||
|
# User or email to send client backup scripts report
|
||||||
|
backup_client_mail_target: "root"
|
||||||
|
|
||||||
|
# Compression parameters
|
||||||
|
backup_client_compression_param: "lzma,9"
|
||||||
|
|
||||||
|
**NOTE :** this role will only configure backup client on host if `backup_client_folders_to_backup` is not empty.
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
None.
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- backup_client
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
This role was created in 2020 by Nemo.
|
||||||
|
|
33
roles/backup_client/defaults/main.yml
Normal file
33
roles/backup_client/defaults/main.yml
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
# defaults file for backup_client
|
||||||
|
|
||||||
|
# Name of the Cron service and cron package (depends on your OS, can be cron, cronie, crond...)
|
||||||
|
cron_client_service_name: cron
|
||||||
|
cron_client_package: cron
|
||||||
|
|
||||||
|
# Name of the Borkbackup package
|
||||||
|
borgbackup_package: borgbackup
|
||||||
|
|
||||||
|
# Backup client folders to backup (separated with a space)
|
||||||
|
backup_client_folders_to_backup: ""
|
||||||
|
|
||||||
|
# Folder to deploy backup client scripts
|
||||||
|
backup_client_scripts_folder: "/usr/local/sbin"
|
||||||
|
|
||||||
|
# Backup client user and home directory
|
||||||
|
backup_client_user: "root"
|
||||||
|
backup_client_user_home: "/root"
|
||||||
|
|
||||||
|
# Crontask backup client scheduling
|
||||||
|
backup_client_cron_weekday: "*"
|
||||||
|
backup_client_cron_hour: "1"
|
||||||
|
backup_client_cron_minute: "30"
|
||||||
|
|
||||||
|
# Alias config file
|
||||||
|
aliases_config_file: "/etc/aliases"
|
||||||
|
|
||||||
|
# User or email to send client backup scripts report
|
||||||
|
backup_client_mail_target: "root"
|
||||||
|
|
||||||
|
# Compression parameters
|
||||||
|
backup_client_compression_param: "lzma,9"
|
11
roles/backup_client/handlers/main.yml
Normal file
11
roles/backup_client/handlers/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
# handlers file for backup_client
|
||||||
|
|
||||||
|
- name: "restart cron"
|
||||||
|
service:
|
||||||
|
name: "{{ cron_service_name }}"
|
||||||
|
enabled: yes
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: update aliases
|
||||||
|
command: postalias {{ aliases_config_file }}
|
26
roles/backup_client/meta/main.yml
Normal file
26
roles/backup_client/meta/main.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: nemo
|
||||||
|
description: Set up backup client for GNU/Linux.
|
||||||
|
company: Wirebrass
|
||||||
|
|
||||||
|
license: license (BSD)
|
||||||
|
|
||||||
|
min_ansible_version: 2.4
|
||||||
|
|
||||||
|
platforms:
|
||||||
|
- name: Debian
|
||||||
|
versions:
|
||||||
|
- stretch
|
||||||
|
- buster
|
||||||
|
- name: Gentoo
|
||||||
|
versions:
|
||||||
|
- all
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- backup
|
||||||
|
- borgbackup
|
||||||
|
- system
|
||||||
|
- server
|
||||||
|
- auto
|
||||||
|
|
||||||
|
dependencies: []
|
8
roles/backup_client/tasks/aliases.yml
Normal file
8
roles/backup_client/tasks/aliases.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
- name: Update mail aliases.
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ aliases_config_file }}"
|
||||||
|
line: "{{ backup_client_user }}: {{ backup_client_mail_target }}"
|
||||||
|
regexp: "^{{ backup_client_user }}:"
|
||||||
|
when: backup_client_mail_target != backup_client_user and backup_client_folders_to_backup != ""
|
||||||
|
notify: update aliases
|
12
roles/backup_client/tasks/crontask.yml
Normal file
12
roles/backup_client/tasks/crontask.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
- name: Backup client crontask configured
|
||||||
|
cron:
|
||||||
|
name: "Backup client"
|
||||||
|
user: "{{ backup_client_user }}"
|
||||||
|
weekday: "{{ backup_client_cron_weekday }}"
|
||||||
|
hour: "{{ backup_client_cron_hour }}"
|
||||||
|
minute: "{{ backup_client_cron_minute }}"
|
||||||
|
job: "{{ backup_client_scripts_folder }}/backup.sh"
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
notify: restart cron
|
||||||
|
|
18
roles/backup_client/tasks/main.yml
Normal file
18
roles/backup_client/tasks/main.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
# Main tasks file for backup_server
|
||||||
|
|
||||||
|
- name: Include OS-specific variables.
|
||||||
|
include_vars: "{{ ansible_os_family }}.yml"
|
||||||
|
|
||||||
|
- import_tasks: user_backup.yml
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
- import_tasks: package.yml
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
- import_tasks: script.yml
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
- import_tasks: crontask.yml
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
- import_tasks: aliases.yml
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
- import_tasks: server.yml
|
||||||
|
when: "'backup_server' not in group_names and backup_client_folders_to_backup != \"\""
|
13
roles/backup_client/tasks/package.yml
Normal file
13
roles/backup_client/tasks/package.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: Cron installed
|
||||||
|
package:
|
||||||
|
name: "{{ cron_package }}"
|
||||||
|
state: present
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
notify: restart cron
|
||||||
|
|
||||||
|
- name: BorgBackup installed
|
||||||
|
package:
|
||||||
|
name: "{{ borgbackup_package }}"
|
||||||
|
state: present
|
||||||
|
when: backup_client_folders_to_backup != ""
|
10
roles/backup_client/tasks/script.yml
Normal file
10
roles/backup_client/tasks/script.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Deploy client backup script
|
||||||
|
template:
|
||||||
|
src: backup.sh.j2
|
||||||
|
dest: "{{ backup_client_scripts_folder }}/backup.sh"
|
||||||
|
owner: "{{ backup_client_user }}"
|
||||||
|
group: "{{ backup_client_user }}"
|
||||||
|
mode: '0740'
|
||||||
|
when: backup_client_folders_to_backup != ""
|
||||||
|
|
30
roles/backup_client/tasks/server.yml
Normal file
30
roles/backup_client/tasks/server.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
- name: "Read backup SSH pubkey and register"
|
||||||
|
slurp:
|
||||||
|
src: "{{ backup_client_user_home }}/.ssh/id_rsa.pub"
|
||||||
|
register: ssh_backup_pubkey
|
||||||
|
|
||||||
|
- name: "Backup user created on backup server"
|
||||||
|
user:
|
||||||
|
name: "backup-{{ inventory_hostname_short }}"
|
||||||
|
create_home: yes
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
loop: "{{ groups['backup_server'] }}"
|
||||||
|
|
||||||
|
- name: "Backup directory created on backup server"
|
||||||
|
file:
|
||||||
|
path: "{{ hostvars[item]['backup_folder'] }}/{{ inventory_hostname_short }}"
|
||||||
|
owner: "backup-{{ inventory_hostname_short }}"
|
||||||
|
group: "backup-{{ inventory_hostname_short }}"
|
||||||
|
mode: "0700"
|
||||||
|
state: directory
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
loop: "{{ groups['backup_server'] }}"
|
||||||
|
|
||||||
|
- name: "Authorized key defined for backup user on backup server"
|
||||||
|
authorized_key:
|
||||||
|
user: "backup-{{ inventory_hostname_short }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ ssh_backup_pubkey['content'] | b64decode }}"
|
||||||
|
delegate_to: "{{ item }}"
|
||||||
|
loop: "{{ groups['backup_server'] }}"
|
6
roles/backup_client/tasks/user_backup.yml
Normal file
6
roles/backup_client/tasks/user_backup.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
- name: "Client backup user created"
|
||||||
|
user:
|
||||||
|
name: "{{ backup_client_user }}"
|
||||||
|
generate_ssh_key: yes
|
||||||
|
when: backup_client_folders_to_backup != ""
|
21
roles/backup_client/templates/backup.sh.j2
Normal file
21
roles/backup_client/templates/backup.sh.j2
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/bash
|
||||||
|
{% for backup_serv in groups['backup_server'] %}
|
||||||
|
|
||||||
|
# Check if {{ backup_serv }} is a known host
|
||||||
|
grep {{ backup_serv }} ~/.ssh/known_hosts &> /dev/null
|
||||||
|
if [ ! $? -eq 0 ]; then
|
||||||
|
ssh-keygen -F {{ backup_serv }} || ssh-keyscan {{ backup_serv }} >>~/.ssh/known_hosts
|
||||||
|
fi
|
||||||
|
|
||||||
|
borg list backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) &>/dev/null
|
||||||
|
|
||||||
|
if [ $? -ne 0 ]
|
||||||
|
then
|
||||||
|
ssh backup-$(hostname -s)@{{ backup_serv }} mkdir -p {{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) -m 0700
|
||||||
|
export BORG_PASSPHRASE=""
|
||||||
|
borg init --encryption=repokey backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)
|
||||||
|
fi
|
||||||
|
|
||||||
|
borg prune -v backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s) --keep-daily=7 --keep-weekly=4 --keep-monthly=1
|
||||||
|
borg create --info --stats --compression {{ backup_client_compression_param }} backup-$(hostname -s)@{{ backup_serv }}:{{ hostvars[backup_serv]['backup_folder'] }}/$(hostname -s)::$(date +%F) $(find {{ backup_client_folders_to_backup }} -maxdepth 1 -type d | grep -Ev '^/$|^/tmp|^/lost\+found|^/run|^/proc|^/dev|^/sys' | tr '\n' ' ')
|
||||||
|
{% endfor %}
|
4
roles/backup_client/vars/Debian.yml
Normal file
4
roles/backup_client/vars/Debian.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
cron_service_name: cron
|
||||||
|
cron_package: cron
|
||||||
|
aliases_config_file: /etc/aliases
|
4
roles/backup_client/vars/Gentoo.yml
Normal file
4
roles/backup_client/vars/Gentoo.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
cron_service_name: cronie
|
||||||
|
cron_package: cronie
|
||||||
|
aliases_config_file: /etc/mail/aliases
|
4
roles/backup_client/vars/RedHat.yml
Normal file
4
roles/backup_client/vars/RedHat.yml
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
cron_service_name: crond
|
||||||
|
cron_package: cronie
|
||||||
|
aliases_config_file: /etc/aliases
|
|
@ -4,4 +4,5 @@
|
||||||
dest: "{{ aliases_config_file }}"
|
dest: "{{ aliases_config_file }}"
|
||||||
line: "{{ backup_user_git }}: {{ backup_git_mail_target }}"
|
line: "{{ backup_user_git }}: {{ backup_git_mail_target }}"
|
||||||
regexp: "^{{ backup_user_git }}:"
|
regexp: "^{{ backup_user_git }}:"
|
||||||
|
when: backup_user_git != backup_git_mail_target
|
||||||
notify: update aliases
|
notify: update aliases
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
dest: "{{ aliases_config_file }}"
|
dest: "{{ aliases_config_file }}"
|
||||||
line: "root: {{ alias_email }}"
|
line: "root: {{ alias_email }}"
|
||||||
regexp: "^root:"
|
regexp: "^root:"
|
||||||
|
when: alias_email != "root"
|
||||||
notify: update aliases
|
notify: update aliases
|
||||||
|
|
||||||
- name: Update Postfix configuration.
|
- name: Update Postfix configuration.
|
||||||
|
|
Loading…
Reference in a new issue