LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
446 Commits
12 Branches
967 KiB
Tree: cec0b7cf50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cec0b7cf50'
${ noResults }
lilik_playbook/roles/borgrepo/tasks/main.yaml

167 lines
4.2 KiB
Raw Normal View History

roles/borg[server|repo]: new roles!
4 years ago
 
  1. ---

  2. - name: 'install borg'

  3.   apt:

  4.     pkg: 'borgbackup'

  5.     state: 'latest'

  6.     update_cache: true

  7.     cache_valid_time: 3600

  8. 

  9. - name: 'create .ssh folder'

  10.   file:

  11.     path: '/root/.ssh'

  12.     mode: '0700'

  13.     state: 'directory'

  14. 

  15. - name: 'create backup keypair'

  16.   openssh_keypair:

  17.     path: '/root/.ssh/id_ed25519_BORG'

  18.     force: '{{ borgrepo_force_new_key }}'

  19.     type: 'ed25519'

  20.     comment: 'backup@{{ host_fqdn }}'

  21.   register: ssh_keypair

  22. 

  23. - name: 'create host repos namespace'

  24.   file:

  25.     path: '/home/backup/repos/{{ host_fqdn }}'

  26.     owner: 'backup'

  27.     group: 'backup'

  28.     mode: '0700'

  29.     state: 'directory'

  30.   delegate_to: '{{ borgrepo_backup_host }}'

  31. 

  32. - name: 'authorize host key'

  33.   lineinfile:

  34.     path: '/home/backup/.ssh/authorized_keys'

  35.     owner: 'backup'

  36.     group: 'backup'

  37.     mode: '0600'

  38.     create: yes

  39.     line: >-

  40.       command="cd {{ repodir }}; borg serve --append-only --restrict-to-path {{ repodir }}",restrict

  41.       {{ ssh_keypair.public_key }}

  42.     regexp: '{{ ssh_keypair.comment }}$'

  43.     state: 'present'

  44.   vars:

  45.     repodir: '/home/backup/repos/{{ host_fqdn }}'

  46.   delegate_to: '{{ borgrepo_backup_host }}'

  47. 

  48. 

  49. - name: 'upload host ssh ca'

  50.   copy:

  51.     content: |

  52.       {% for ca in ssh_server_ca %}

  53.       @cert-authority *.dmz.{{ domain }} {{ ca }}

  54.       {% endfor %}

  55.     dest: '/root/.ssh/known_hosts'

  56.     mode: '0600'

  57. 

  58. ##ToDo setup encryption

  59. - name: 'initialize repo'

  60.   shell:

  61.     cmd: >

  62.       borg init -e none backup@{{ borgrepo_backup_host }}.dmz.{{ domain }}:{{ item.key }}

  63.   register: borgrepo_init_cmd

  64.   failed_when:

  65.     - borgrepo_init_cmd.rc != 0

  66.     - borgrepo_init_cmd.stderr !='A repository already exists at backup@backup.dmz.lilik.it:'+item.key+'.'

  67.   changed_when: borgrepo_init_cmd.rc == 0

  68.   environment:

  69.     BORG_RSH: 'ssh -i /root/.ssh/id_ed25519_BORG'

  70.   loop: '{{ borgrepo_repos|dict2items }}'

  71. 

  72. - name: 'create backup directory'

  73.   file:

  74.     path: '/etc/backup'

  75.     state: 'directory'

  76.     owner: 'root'

  77.     group: 'root'

  78.     mode: '0700'

  79. 

  80. - name: 'create log backup directory'

  81.   file:

  82.     path: '/var/log/backup-status'

  83.     state: 'directory'

  84.     owner: 'root'

  85.     group: 'root'

  86.     mode: '0755'

  87. 

  88. - name: 'create repo log directory'

  89.   file:

  90.     path: '/var/log/backup-status/{{ item.key }}'

  91.     state: 'directory'

  92.     owner: 'root'

  93.     group: 'root'

  94.     mode: '0755'

  95.   loop: '{{ borgrepo_repos|dict2items }}'

  96. 

  97. - name: 'create backup scripts'

  98.   template:

  99.     src: 'backupscript.sh.j2'

  100.     dest: '/etc/backup/{{ item.key }}.sh'

  101.     owner: 'root'

  102.     group: 'root'

  103.     mode: '0700'

  104.   loop: '{{ borgrepo_repos|dict2items }}'

  105. 

  106. - name: 'create systemd service'

  107.   template:

  108.     src: 'backupservice.service'

  109.     dest: '/etc/systemd/system/borg-backup@.service'

  110.   notify: reload systemd

  111. 

  112. - name: 'create systemd timers'

  113.   copy:

  114.     content: |

  115.       [Unit]

  116.       Description=BorgBackup %I repo timer.

  117. 

  118.       [Timer]

  119.       WakeSystem=false

  120.       OnCalendar=*-*-* 02:00:00

  121.       RandomizedDelaySec=20min

  122. 

  123.       [Install]

  124.       WantedBy=timers.target

  125.     dest: '/etc/systemd/system/borg-backup@.timer'

  126.   notify: reload systemd

  127. 

  128. - name: 'enable systemd timers'

  129.   systemd:

  130.     name: 'borg-backup@{{ item.key }}.timer'

  131.     daemon_reload: true

  132.     enabled: true

  133.     state: 'restarted'

  134.   loop: '{{ borgrepo_repos|dict2items }}'

  135. 

  136. - name: 'MONITORING | create entry'

  137.   set_fact:

  138.     borg_monitoring_repos: >

  139.       {{ borg_monitoring_repos|d({})|combine({

  140.                      item.key:

  141.                        {

  142.                           "backup_wage": item.value.interval|d(86400)|int,

  143.                           "backup_cage": (item.value.interval|d(86400)|int+7200)*2

  144.                        }

  145.       }) }}

  146.   loop: '{{ borgrepo_repos|dict2items }}'

  147.   tags:

  148.     - 'monitoring'

  149. 

  150. - name: 'MONITORING | update facts'

  151.   set_fact:

  152.     monitoring_facts: >

  153.       {{ hostvars[monitoring_host]["monitoring_facts"]

  154.           | default({})

  155.           | combine({

  156.                       host_fqdn:

  157.                         {

  158.                            "address": ansible_host,

  159.                            "borg_repos": borg_monitoring_repos

  160.                         }

  161.                     }, recursive=True) }}

  162.   delegate_to: '{{ monitoring_host }}'

  163.   delegate_facts: true

  164.   loop: '{{ borgrepo_repos|dict2items }}'

  165.   tags:

  166.     - 'monitoring'

  167. ...