majic-ansible-roles Changeset

Changeset - b2cbf5050e57

Parent rev.

Child rev.

[Not reviewed]

1 11 5

Branko Majic (branko) - 8 years ago 2016-06-07 21:51:34
branko@majic.rs

MAR-56: Separated backup pattern assembly into a separate role in order to reduce number of tasks that run during each run, and to make the whole thing more consistent/modular. Updated usage and reference documentation.

16 files changed with 96 insertions and 41 deletions:

docs/rolereference.rst

docs/usage.rst

roles/backup/defaults/main.yml

roles/backup/handlers/main.yml

roles/backup/meta/main.yml

roles/backup/tasks/main.yml

roles/backup/templates/backup_patterns.j2

rename

roles/backup_client/defaults/main.yml

roles/backup_client/handlers/main.yml

roles/backup_client/meta/main.yml

roles/backup_client/tasks/main.yml

roles/common/meta/main.yml

roles/database/meta/main.yml

roles/ldap_server/meta/main.yml

roles/mail_server/meta/main.yml

roles/xmpp_server/meta/main.yml

0 comments (0 inline, 0 general)

docs/rolereference.rst

➞

Show inline comments

 configuration files, and encryption/signing private key to the backup client in
 order to be able to perform backup.
 Files that should be backed-up are specified using the ``backup`` role.
 The role implements the following:
 * Installs backup software (Duplicity, Duply).
@@ @@ -1750,8 +1752,8 @@ Duply is configured as follows: @@
 * Base directory for back-ups is root (``/``), but *all* files are excluded by
   default to prevent huge back-ups. Ansible roles that want to utilise the
   backup client role can specify which patterns should be included in the backup
   when including the role. Include pattern file is assembled and stored in
   location ``/etc/duply/main/include``.
   when including the ``backup`` role. Include pattern file is assembled and
   stored in location ``/etc/duply/main/include``.
 * Backups are encrypted and signed with the specified encryption key.
 * Maximum age for old backups is set to 6 months.
 * Maximum age for full backups is set to 1 month.
@@ @@ -1791,16 +1793,6 @@ Parameters @@
   to destination server and that can be also used for the restore operations
   (for data decryption). The key must not be password-protected.
 **backup_patterns_filename** (string, mandatory)
   Name of the backup patterns file. The file is stored in directory
   ``/etc/duply/main/patterns/``. This should be a unique filename amongst all
   roles. If role can be included multiple times, make sure the filename is
   always unique when depending on the backup client role.
 **backup_patterns** (list, optional, ``[]``)
   List of globbing patterns defining which file or directories should be
   backed-up.
 **backup_server** (string, mandatory)
   Backup server to connect to.
       - "{{ lookup('file', inventory_dir + '/ssh/backup_server_rsa_key.pub') }}"
     backup_server_port: 22
     backup_ssh_key: "{{ lookup('file', inventory_dir + '/ssh/web.example.com') }}"
 Backup
 ------
 The ``backup`` role can be used to specify what files should be backed-up to the
 backup server.
 The role provides a convenient way to deploy a file containing file and
 directory patterns describing the file/directory paths that should be included
 in the back-up.
 The role implements the following:
 * Installs a file with provided patterns in directory
   ``/etc/duply/main/patterns/``.
 * Assembles/refresshes the main include pattern file at
   ``/etc/duply/main/include``.
 Role dependencies
 ~~~~~~~~~~~~~~~~~
 Depends on the following roles:
 * **backup_client**
 Parameters
 ~~~~~~~~~~
 **backup_patterns_filename** (string, mandatory)
   Name of the backup patterns file. The file is stored in directory
   ``/etc/duply/main/patterns/``. This should be a unique filename amongst all
   roles. If role can be included multiple times, make sure the filename is
   always unique when depending on the backup role.
 **backup_patterns** (list, optional, ``[]``)
   List of globbing patterns defining which files or directories should be
   backed-up.
 Examples
 ~~~~~~~~
 Here is an example configuration for setting-up the role:
 .. code-block:: yaml
   - role: backup
     backup_patterns_filename: myapp
     backup_patters:
       - /var/www/myapp.example.com

docs/usage.rst

➞

Show inline comments

@@ @@ -1813,12 +1813,12 @@ Backups, backups, backups! @@
 As it is well known, everyone has backups of their important data. Right?
 Riiiiight?
 There are two Ansible roles that implement backup functionality. One is the
 ``backup_server`` role, while the other is ``backup_client`` role. Backup is
 based around the use of `Duplicity <http://duplicity.nongnu.org/>`_ and its
 convenience wrapper, `Duply <http://duply.net>`_. Due to this selection, it
 should be noted that the backup clients are the ones making connection to the
 backup server (not the other way around).
 There are three Ansible roles that implement backup functionality -
 ``backup_server``, ``backup_client``, and ``backup``. Backup is based around the
 use of `Duplicity <http://duplicity.nongnu.org/>`_ and its convenience wrapper,
 `Duply <http://duply.net>`_. Due to this selection, it should be noted that the
 backup clients are the ones making connection to the backup server (not the
 other way around).
 Backups are encrypted and signed using GnuPG before being stored on the backup
 server. Private key used for encryption and signing is therefore stored on the
 What is not backed-up for us, though, are the files uploaded to *The Bug
 Genie*. So let's fix that one.
 . Add the backup client role to list of dependencies. It is important to define
    unique filename for the backup patterns. Take into account that you can use
    pretty much any globbing pattern supported by Duplicity.
 . Add the ``backup`` role to list of dependencies. Take note that while the
    ``backup_client`` role deals with basic set-up of backup client and its
    configuration, the ``backup`` role is used to define what should be
    backed-up. It is important to define unique filename for the backup patterns
    file. Take into account that you can use pretty much any globbing pattern
    supported by Duplicity.
    :file:`~/mysite/roles/tbg/meta/main.yml`
    ::
-        - role: backup_client
+        - role: backup
           when: enable_backup
           backup_patterns_filename: "tbg"
           backup_patterns:

roles/backup/defaults/main.yml

➞

Show inline comments

		new file 100644
		---

		backup_patterns: []

roles/backup/handlers/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Assemble Duply include patterns
   assemble: dest="/etc/duply/main/include" src="/etc/duply/main/patterns"
             owner=root group=root mode=600 backup=yes

roles/backup/meta/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 allow_duplicates: yes
 dependencies:
   - backup_client
@@ \ No newline at end of file @@

roles/backup/tasks/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Configure backup patterns
   template: src="backup_patterns.j2" dest="/etc/duply/main/patterns/{{ backup_patterns_filename }}"
             owner="root" group="root" mode=700
   notify:
     - Assemble Duply include patterns

roles/backup/templates/backup_patterns.j2

➞

Show inline comments

file renamed from roles/backup_client/templates/backup_patterns.j2 to roles/backup/templates/backup_patterns.j2

roles/backup_client/defaults/main.yml

➞

Show inline comments

@@ @@ -2,6 +2,5 @@ @@
 backup_additional_encryption_keys: []
 backup_client_username: "bak-{{ ansible_fqdn | replace('.', '_') }}"
 backup_patterns: []
 backup_server_destination: //duplicity
 backup_server_port: 2222

roles/backup_client/handlers/main.yml

➞

Show inline comments

 ---
 - name: Assemble Duply include patterns
   assemble: dest="/etc/duply/main/include" src="/etc/duply/main/patterns"
             owner=root group=root mode=600 backup=yes
 - name: Clean-up GnuPG keyring for import of new keys
   shell: rm -f /etc/duply/main/gnupg/*

roles/backup_client/meta/main.yml

➞

Show inline comments

		---

		allow_duplicates: yes

roles/backup_client/tasks/main.yml

➞

Show inline comments

@@ @@ -63,12 +63,6 @@ @@
   copy: content="- **" dest="/etc/duply/main/exclude"
         owner="root" group="root" mode="600"
 - name: Configure backup patterns
   template: src="backup_patterns.j2" dest="/etc/duply/main/patterns/{{ backup_patterns_filename }}"
             owner="root" group="root" mode=700
   notify:
     - Assemble Duply include patterns
 - name: Set-up directory for storing pre-backup scripts
   file: path="/etc/duply/main/pre.d/" state=directory
         owner="root" group="root" mode="700"

roles/common/meta/main.yml

➞

Show inline comments

 ---
 dependencies:
-  - role: backup_client
+  - role: backup
     when: enable_backup
     backup_patterns_filename: common
     backup_patterns:

roles/database/meta/main.yml

➞

Show inline comments

@@ @@ -4,7 +4,7 @@ allow_duplicates: yes @@
 dependencies:
   - database_server
-  - role: backup_client
+  - role: backup
     when: enable_backup
     backup_patterns_filename: "database_{{ db_name }}"
     backup_patterns:

roles/ldap_server/meta/main.yml

➞

Show inline comments

@@ @@ -3,7 +3,7 @@ @@
 dependencies:
   - common
   - ldap_client
-  - role: backup_client
+  - role: backup
     when: enable_backup
     backup_patterns_filename: "ldap_server"
     backup_patterns:

roles/mail_server/meta/main.yml

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 dependencies:
   - common
-  - role: backup_client
+  - role: backup
     when: enable_backup
     backup_patterns_filename: "mail_server"
     backup_patterns:

roles/xmpp_server/meta/main.yml

➞

Show inline comments

@@ @@ -2,7 +2,7 @@ @@
 dependencies:
   - common
-  - role: backup_client
+  - role: backup
     when: enable_backup
     backup_patterns_filename: "xmpp_server"
     backup_patterns:

0 comments (0 inline, 0 general)