Files
@ f05151d6f802
Branch filter:
Location: majic-ansible-roles/roles/backup_client/tasks/main.yml - annotation
f05151d6f802
3.6 KiB
text/x-yaml
MAR-132: Added support for Debian 9 (Stretch) to wsgi_website role:
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).
- Set the shell for application system account explicitly (workaround
for Debian bug 865762 in Stretch).
- Updated Molecule tests to cover Debian 9.
- Updated Molecule test preparation playbook to account for a number
of differences between Jessie and Stretch (mainly related to mailing
functionality).
- Renamed a couple of variables in test for sending out mails to make
it clearer what is being looked up as part of regex matching.
- Updated Molecule tests where certain paths depend on what Debian
release they are ran against.
- Split-up Jessie-specific tests into separate file.
- Remove the /bin/ss utility instead of renaming it (testinfra socket
tests do not work with /bin/ss).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 | a45dcc06530a a45dcc06530a d2a9e41cd838 3dca599dbdc9 3dca599dbdc9 6e57b636d3a7 6b87dd13b24c a45dcc06530a 3dca599dbdc9 3dca599dbdc9 6e57b636d3a7 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a a45dcc06530a d61d01c00362 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a d61d01c00362 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a d61d01c00362 d61d01c00362 d61d01c00362 a45dcc06530a c6f217756635 6e57b636d3a7 6e57b636d3a7 c6f217756635 6e57b636d3a7 61e6cfb81789 c6f217756635 c6f217756635 6e57b636d3a7 6e57b636d3a7 c6f217756635 3dca599dbdc9 6e57b636d3a7 61e6cfb81789 c6f217756635 a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 6e57b636d3a7 a45dcc06530a a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a 3498d77cad32 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3498d77cad32 a45dcc06530a 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 a45dcc06530a 5e15f8ca16fc 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 5e15f8ca16fc 5e15f8ca16fc 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 5e15f8ca16fc 3686169e9565 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 3dca599dbdc9 7387caca37f3 f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec 6e57b636d3a7 f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec f4962ad6a0ec 7387caca37f3 7387caca37f3 7387caca37f3 7387caca37f3 bfafd526bfc3 | ---
- name: Install pexpect for pexpect+sftp Duplicity backend (mainly needed on Stretch)
apt:
name: "python-pexpect"
state: present
- name: Install backup software
apt:
name: "{{ item }}"
state: present
with_items:
- duplicity
- duply
- name: Set-up Duply directories
file:
path: "{{ item }}"
state: directory
owner: root
group: root
mode: 0700
with_items:
- "/etc/duply"
- "/etc/duply/main"
- "/etc/duply/main/patterns"
- "/etc/duply/main/gnupg"
- "/etc/duply/main/ssh"
- "/var/cache/duply"
- "/var/cache/duply/main"
- name: Deploy GnuPG private keys
copy:
content: "{{ backup_encryption_key }}"
dest: "/etc/duply/main/private_keys.asc"
owner: root
group: root
mode: 0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Deploy GnuPG public keys
copy:
content: "{{ backup_additional_encryption_keys | join('\n') }}"
dest: "/etc/duply/main/public_keys.asc"
owner: root
group: root
mode: 0600
notify:
- Clean-up GnuPG keyring for import of new keys
- Import private keys
- Import public keys
- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/private_keys.asc | grep keyid: |
head -n1 | sed -e 's/.*: //' | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//'"
register: backup_encryption_key_id
changed_when: false
failed_when: backup_encryption_key_id.stdout == ""
- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
shell: "{{ gnupg_binary }} --list-packets /etc/duply/main/public_keys.asc | grep keyid: |
sed -e 's/.*: //' | sort -u | sed -re 's/^.{{ '{' + gnupg_key_cutoff + '}' }}//' | tr '\n' ',' | sed -e 's/,$//'"
when: backup_additional_encryption_keys
register: backup_additional_encryption_keys_ids
changed_when: false
failed_when: backup_additional_encryption_keys_ids.stdout == ""
- name: Deploy private SSH key for logging-in into backup server
copy:
content: "{{ backup_ssh_key }}"
dest: "/etc/duply/main/ssh/identity"
owner: root
group: root
mode: 0600
no_log: true
- name: Deploy custom known_hosts for backup purposes
template:
src: "known_hosts.j2"
dest: "/etc/duply/main/ssh/known_hosts"
owner: root
group: root
mode: 0600
- name: Deploy Duply configuration file
template:
src: "duply_main_conf.j2"
dest: "/etc/duply/main/conf"
owner: root
group: root
mode: 0600
- name: Deploy base exclude pattern (exclude all by default)
copy:
content: "- **"
dest: "/etc/duply/main/exclude"
owner: root
group: root
mode: 0600
- name: Set-up directory for storing pre-backup scripts
file:
path: "/etc/duply/main/pre.d/"
state: directory
owner: root
group: root
mode: 0700
- name: Set-up script for running all pre-backup scripts
copy:
src: "duply_pre"
dest: "/etc/duply/main/pre"
owner: root
group: root
mode: 0700
- name: Deploy crontab entry for running backups
cron:
name: backup
cron_file: backup
hour: 2
minute: 0
job: "/usr/bin/duply main backup"
state: present
user: root
- name: Ensure the file with include patterns exists (but do not overwrite)
copy:
content: ""
dest: /etc/duply/main/include
force: false
group: root
owner: root
mode: 0600
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "handlers | default(False) | bool() == True"
tags:
- handlers
|