Files
@ 834c3a4d591a
Branch filter:
Location: majic-ansible-roles/roles/backup_client/tasks/main.yml - annotation
834c3a4d591a
3.8 KiB
text/x-yaml
MAR-218: Use built-in module for diverting the ferm binary.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 | a45dcc06530a a45dcc06530a a45dcc06530a c10934519e18 a20ca43cd967 a20ca43cd967 a20ca43cd967 6e57b636d3a7 a45dcc06530a a45dcc06530a c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 a45dcc06530a 0848aea59392 0848aea59392 d61d01c00362 d61d01c00362 a45dcc06530a d61d01c00362 c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 a45dcc06530a 0848aea59392 0848aea59392 d61d01c00362 d61d01c00362 a45dcc06530a c6f217756635 c10934519e18 364c0adf308e fcf5abdd3ad5 fcf5abdd3ad5 c6f217756635 6e57b636d3a7 fcf5abdd3ad5 c6f217756635 c6f217756635 c10934519e18 364c0adf308e fcf5abdd3ad5 fcf5abdd3ad5 1ac4be13293b 3dca599dbdc9 6e57b636d3a7 fcf5abdd3ad5 c6f217756635 a45dcc06530a c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 6e57b636d3a7 a45dcc06530a a45dcc06530a c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 a45dcc06530a 3498d77cad32 c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 3498d77cad32 a45dcc06530a c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 a45dcc06530a 5e15f8ca16fc c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 5e15f8ca16fc 5e15f8ca16fc c10934519e18 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7cabc17c71c3 5e15f8ca16fc 3686169e9565 c10934519e18 3dca599dbdc9 3dca599dbdc9 1ac4be13293b 1ac4be13293b 35140b3eb5b8 3dca599dbdc9 3dca599dbdc9 7387caca37f3 f4962ad6a0ec c10934519e18 f4962ad6a0ec f4962ad6a0ec 6e57b636d3a7 f4962ad6a0ec f4962ad6a0ec 7cabc17c71c3 f4962ad6a0ec 7387caca37f3 0c330b88956a fcf5abdd3ad5 7387caca37f3 bfafd526bfc3 | ---
- name: Install backup software
ansible.builtin.apt:
name:
- duplicity
- duply
state: present
- name: Set-up Duply directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: "0700"
with_items:
- "/etc/duply"
- "/etc/duply/main"
- "/etc/duply/main/patterns"
- "/etc/duply/main/gnupg"
- "/etc/duply/main/ssh"
- "/var/cache/duply"
- "/var/cache/duply/main"
- name: Deploy GnuPG private keys
ansible.builtin.copy:
content: "{{ backup_encryption_key }}"
dest: "/etc/duply/main/private_keys.asc"
owner: root
group: root
mode: "0600"
notify:
- Remove current keyring
- Create keyring directory
- Import private keys
- Import public keys
- name: Deploy GnuPG public keys
ansible.builtin.copy:
content: "{{ backup_additional_encryption_keys | join('\n') }}"
dest: "/etc/duply/main/public_keys.asc"
owner: root
group: root
mode: "0600"
notify:
- Remove current keyring
- Create keyring directory
- Import private keys
- Import public keys
- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
ansible.builtin.shell: "set -o pipefail && gpg --no-tty --list-packets /etc/duply/main/private_keys.asc | grep keyid: |
head -n1 | sed -e 's/.*: //'"
args:
executable: /bin/bash
register: backup_encryption_key_id
changed_when: false
failed_when: not backup_encryption_key_id.stdout
- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
ansible.builtin.shell: "set -o pipefail && gpg --no-tty --list-packets /etc/duply/main/public_keys.asc | grep keyid: |
sed -e 's/.*: //' | sort -u | tr '\n' ',' | sed -e 's/,$//'"
args:
executable: /bin/bash
when: backup_additional_encryption_keys | length > 0
register: backup_additional_encryption_keys_ids
changed_when: false
failed_when: not backup_additional_encryption_keys_ids.stdout
- name: Deploy private SSH key for logging-in into backup server
ansible.builtin.copy:
content: "{{ backup_ssh_key }}"
dest: "/etc/duply/main/ssh/identity"
owner: root
group: root
mode: "0600"
no_log: true
- name: Deploy custom known_hosts for backup purposes
ansible.builtin.template:
src: "known_hosts.j2"
dest: "/etc/duply/main/ssh/known_hosts"
owner: root
group: root
mode: "0600"
- name: Deploy Duply configuration file
ansible.builtin.template:
src: "duply_main_conf.j2"
dest: "/etc/duply/main/conf"
owner: root
group: root
mode: "0600"
- name: Deploy base exclude pattern (exclude all by default)
ansible.builtin.copy:
content: "- **"
dest: "/etc/duply/main/exclude"
owner: root
group: root
mode: "0600"
- name: Set-up directory for storing pre-backup scripts
ansible.builtin.file:
path: "/etc/duply/main/pre.d/"
state: directory
owner: root
group: root
mode: "0700"
- name: Set-up script for running all pre-backup scripts
ansible.builtin.copy:
src: "duply_pre"
dest: "/etc/duply/main/pre"
owner: root
group: root
mode: "0700"
- name: Deploy crontab entry for running backups
ansible.builtin.cron:
name: backup
cron_file: backup
hour: "2"
minute: "0"
job: "/usr/bin/duply main pre_and_bkp && /usr/bin/duply main post_and_purge --force"
state: present
user: root
- name: Ensure the file with include patterns exists (but do not overwrite)
ansible.builtin.copy:
content: ""
dest: /etc/duply/main/include
force: false
group: root
owner: root
mode: "0600"
- name: Explicitly run all handlers
ansible.builtin.import_tasks: ../handlers/main.yml
when: "run_handlers | default(False) | bool()"
tags:
- handlers
|