Files
@ c8d4251a6ea5
Branch filter:
Location: majic-ansible-roles/roles/backup_server/tasks/main.yml - annotation
c8d4251a6ea5
4.6 KiB
text/x-yaml
MAR-131: Added support for specifying Python version in wsgi_website role:
- Introduced additional role parameter for specifying the Python
version.
- Updated tests to verify new functionality.
- Fixed existing tests to account for differences between Python 2 and
Python 3 - including changes to WSGI test applications.
- Updated documentation, documenting new parameter and fixing one
minor typo.
- Updated release notes.
- Bumped default version of Gunicorn/futures used.
- Introduced additional role parameter for specifying the Python
version.
- Updated tests to verify new functionality.
- Fixed existing tests to account for differences between Python 2 and
Python 3 - including changes to WSGI test applications.
- Updated documentation, documenting new parameter and fixing one
minor typo.
- Updated release notes.
- Bumped default version of Gunicorn/futures used.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 | 500658358454 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 57b1e111d650 500658358454 500658358454 500658358454 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 55d6b2e2f4f3 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 55d6b2e2f4f3 55d6b2e2f4f3 3dca599dbdc9 3dca599dbdc9 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 922cda0a1834 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 55d6b2e2f4f3 3dca599dbdc9 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 922cda0a1834 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 500658358454 500658358454 989f5c583406 989f5c583406 989f5c583406 989f5c583406 989f5c583406 989f5c583406 922cda0a1834 500658358454 500658358454 55d6b2e2f4f3 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 500658358454 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 55d6b2e2f4f3 500658358454 500658358454 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 500658358454 500658358454 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 989f5c583406 | ---
- name: Install backup software
apt:
name: "{{ item }}"
state: present
with_items:
- duplicity
- duply
- name: Create directory for storing backups
file:
path: "/srv/backups"
state: directory
owner: root
group: root
mode: 0751
tags:
# [ANSIBLE0009] Octal file permissions must contain leading zero
# Misleading message, linting is complaining here actually because of the
# executable bit without read/write for others (e.g. the "1" in "0751").
- skip_ansible_lint
- name: Create backup client groups
group:
name: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
gid: "{{ item.uid | default(omit) }}"
system: true
with_items: "{{ backup_clients }}"
- name: Create backup client users
user:
name: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
groups: "backup"
uid: "{{ item.uid | default(omit) }}"
system: true
createhome: false
state: present
home: "/srv/backups/{{ item.server }}"
with_items: "{{ backup_clients }}"
- name: Create home directories for backup client users
file:
path: "/srv/backups/{{ item.server }}"
state: directory
owner: root
group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
mode: 0750
with_items: "{{ backup_clients }}"
- name: Create duplicity directories for backup client users
file:
path: "/srv/backups/{{ item.server }}/duplicity"
state: directory
owner: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
mode: 0770
with_items: "{{ backup_clients }}"
- name: Create SSH directory for backup client users
file:
path: "/srv/backups/{{ item.server }}/.ssh"
state: directory
owner: root
group: root
mode: 0751
with_items: "{{ backup_clients }}"
tags:
# [ANSIBLE0009] Octal file permissions must contain leading zero
# Misleading message, linting is complaining here actually because of the
# executable bit without read/write for others (e.g. the "1" in "0751").
- skip_ansible_lint
- name: Populate authorized keys for backup client users
authorized_key:
user: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
key: "{{ item.public_key }}"
manage_dir: false
state: present
with_items: "{{ backup_clients }}"
- name: Set-up authorized_keys file permissions for backup client users
file:
path: "/srv/backups/{{ item.server }}/.ssh/authorized_keys"
state: file
owner: root
group: "{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
mode: 0640
with_items: "{{ backup_clients }}"
- name: Deny the backup group login via regular SSH
lineinfile:
dest: "/etc/ssh/sshd_config"
state: present
line: "DenyGroups backup"
notify:
- Restart SSH
- name: Set-up directory for the backup OpenSSH server instance
file:
path: "/etc/ssh-backup/"
state: directory
owner: root
group: root
mode: 0700
- name: Deploy configuration file for the backup OpenSSH server instance service
copy:
src: "ssh-backup.default"
dest: "/etc/default/ssh-backup"
owner: root
group: root
mode: 0644
notify:
- Restart backup SSH server
- name: Deploy configuration file for the backup OpenSSH server instance
copy:
src: "backup-sshd_config"
dest: "/etc/ssh-backup/sshd_config"
owner: root
group: root
mode: 0600
notify:
- Restart backup SSH server
- name: Deploy the private keys for backup OpenSSH server instance
template:
src: "ssh_host_key.j2"
dest: "/etc/ssh-backup/ssh_host_{{ item.key }}_key"
owner: root
group: root
mode: 0600
with_dict: "{{ backup_host_ssh_private_keys }}"
notify:
- Restart backup SSH server
no_log: true
- name: Deploy backup OpenSSH server systemd service file
copy:
src: "ssh-backup.service"
dest: "/etc/systemd/system/ssh-backup.service"
owner: root
group: root
mode: 0644
notify:
- Reload systemd
- Restart backup SSH server
- name: Start and enable OpenSSH backup service
service:
name: "ssh-backup"
state: started
enabled: true
- name: Deploy firewall configuration for backup server
template:
src: "ferm_backup.conf.j2"
dest: "/etc/ferm/conf.d/40-backup.conf"
owner: root
group: root
mode: 0640
notify:
- Restart ferm
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|