Files
@ 8a6ebeaabb26
Branch filter:
Location: majic-ansible-roles/roles/backup_client/tasks/main.yml - annotation
8a6ebeaabb26
3.6 KiB
text/x-yaml
MAR-125: Eliminated a couple of warnings:
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 | a45dcc06530a a45dcc06530a d2a9e41cd838 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 6b87dd13b24c a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a d61d01c00362 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a c6f217756635 279640b2178c c6f217756635 c6f217756635 61e6cfb81789 c6f217756635 c6f217756635 279640b2178c c6f217756635 3dca599dbdc9 c6f217756635 61e6cfb81789 c6f217756635 a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a a45dcc06530a a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a 3498d77cad32 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3498d77cad32 a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a 5e15f8ca16fc 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 5e15f8ca16fc 5e15f8ca16fc 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 5e15f8ca16fc 3686169e9565 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7387caca37f3 f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 bfafd526bfc3 | ---
- name: Install pexpect for pexpect+sftp Duplicity backend (mainly needed on Stretch)
apt:
name: "python-pexpect"
state: installed
- name: Install backup software
apt:
name: "{{ item }}"
state: installed
with_items:
- duplicity
- duply
- name: Set-up Duply directories
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: 0700
with_items:
- "/etc/duply"
- "/etc/duply/main"
- "/etc/duply/main/patterns"
- "/etc/duply/main/gnupg"
- "/etc/duply/main/ssh"
- "/var/cache/duply"
- "/var/cache/duply/main"
- name: Deploy GnuPG private keys
copy:
content: "{{ backup_encryption_key }}"
dest: "/etc/duply/main/private_keys.asc"
owner: root
group: root
mode: 0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Deploy GnuPG public keys
copy:
content: "{{ backup_additional_encryption_keys | join('\n') }}"
dest: "/etc/duply/main/public_keys.asc"
owner: root
group: root
mode: 0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//'"
register: backup_encryption_key_id
changed_when: False
failed_when: backup_encryption_key_id.stdout == ""
- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/public_keys.asc | grep keyid: | sed -e 's/.*: //' | sort -u | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//' | tr '\n' ',' | sed -e 's/,$//'"
when: backup_additional_encryption_keys
register: backup_additional_encryption_keys_ids
changed_when: False
failed_when: backup_additional_encryption_keys_ids.stdout == ""
- name: Deploy private SSH key for logging-in into backup server
copy:
content: "{{ backup_ssh_key }}"
dest: "/etc/duply/main/ssh/identity"
owner: root
group: root
mode: 0600
no_log: True
- name: Deploy custom known_hosts for backup purposes
template:
src: "known_hosts.j2"
dest: "/etc/duply/main/ssh/known_hosts"
owner: root
group: root
mode: 0600
- name: Deploy Duply configuration file
template:
src: "duply_main_conf.j2"
dest: "/etc/duply/main/conf"
owner: root
group: root
mode: 0600
- name: Deploy base exclude pattern (exclude all by default)
copy:
content: "- **"
dest: "/etc/duply/main/exclude"
owner: root
group: root
mode: 0600
- name: Set-up directory for storing pre-backup scripts
file:
path: "/etc/duply/main/pre.d/"
state: directory
owner: root
group: root
mode: 0700
- name: Set-up script for running all pre-backup scripts
copy:
src: "duply_pre"
dest: "/etc/duply/main/pre"
owner: root
group: root
mode: 0700
- name: Deploy crontab entry for running backups
cron:
name: backup
cron_file: backup
hour: 2
minute: 0
job: "/usr/bin/duply main backup"
state: present
user: root
- name: Ensure the file with include patterns exists (but do not overwrite)
copy:
content: ""
dest: /etc/duply/main/include
force: no
group: root
owner: root
mode: 0600
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|