EOX GitLab Instance

Commit 3faa07eb authored by Karl Grube's avatar Karl Grube
Browse files

borg client started

parent d1620ef5
---
backup_storage_quota: '4000G'
backup_servers: "{{groups.backup_server}}"
backup_clientname: "srv_{{inventory_hostname}}"
backup_encryption: 'none'
backup_keep_daily: 14
backup_keep_weekly: 4
backup_keep_monthly: 12
backup_keep_yearly: 2
backup_prune: True
---
- name: backup_script file
copy:
force: no
content: '#!/bin/bash'
dest: /usr/local/bin/make_backup
mode: 0700
- name: backup_script cronjob
cron:
name: "make backup"
minute: '5'
hour: '0'
job: /usr/local/bin/make_backup
- name: block for service
blockinfile:
insertafter: "^#!/bin/bash$"
path: /usr/local/bin/make_backup
marker: "#{mark} ANSIBLE MANAGED SERVICE BACKUP FOR {{service_name}}"
block: |
{% for backup_server in backup_servers %}
borg create backup@{{backup_server}}:{{service_name}}::$(date -I) {{backup_path}}
{% endfor %}
when: backup_path is defined
---
- name: borgbackup
package:
name: borgbackup
- name: backup necessary folders
file:
path: '/root/{{item}}'
state: directory
mode: 0700
with_items:
- '.ssh'
- '.cache'
- '.config'
- name: ssh keys for the backup servers
openssh_keypair:
path: '/root/.ssh/id_ed25519'
type: ed25519
state: present
force: no
- name: slurp my backupkey
slurp:
src: '/root/.ssh/id_ed25519.pub'
register: backupkey_slurp
- name: set backupkey variable
set_fact:
backup_key: "{{backupkey_slurp['content'] |b64decode }}"
---
- include: local.yml
- include: remote.yml
with_items: "{{backup_servers}}"
loop_control:
loop_var: backup_server
- include: backup.yml
---
- name: print current backup_server
debug:
msg: "{{backup_server}}"
- name: check for backup directory
stat:
path: "/home/backup/repos/{{backup_clientname}}/{{service_name}}"
register: remote_backup_directory
delegate_to: "{{backup_server}}"
- name: slurp host_key from {{backup_server}}
slurp:
path: /etc/ssh/ssh_host_ed25519_key.pub
register: remote_backup_key
delegate_to: "{{backup_server}}"
- name: add backup server to known_hosts file
known_hosts:
key: "{{backup_server}} {{remote_backup_key['content'] |b64decode }}"
name: "{{backup_server}}"
- name: line in authorized_keys
lineinfile:
path: /home/backup/.ssh/authorized_keys
line: restrict,command="cd /home/backup/repos/{{backup_clientname}};borg serve --restrict-to-path /home/backup/repos/{{backup_clientname}} --append-only --storage-quota {{backup_storage_quota}}" {{backup_key}}
regex: ".*{{backup_clientname}}.*"
delegate_to: "{{backup_server}}"
- name: new backup repository for this server
block:
- name: create backup directory
file:
path: "/home/backup/repos/{{backup_clientname}}"
state: directory
owner: backup
group: backup
delegate_to: "{{backup_server}}"
- name: initialize backup
command: "borg init backup@{{backup_server}}:{{service_name}} -e {{backup_encryption}}"
when: remote_backup_directory.stat.exists == False
- name: borg pruning
cron:
name: "prune {{backup_clientname}} {{service_name}}"
minute: '10'
hour: '1'
job: 'borg prune /home/backup/repos/{{backup_clientname}}/{{service_name}} --keep-daily {{backup_keep_daily}} --keep-monthly {{backup_keep_monthly}} --keep-yearly {{backup_keep_yearly}}'
user: backup
delegate_to: "{{backup_server}}"
when: backup_prune == True
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment