|
@@ -8,7 +8,7 @@
|
|
|
|
|
|
- name: Create directory for storing backups
|
|
|
file: path="/srv/backups" state=directory
|
|
|
owner="root" group="root" mode=751
|
|
|
owner="root" group="root" mode=0751
|
|
|
|
|
|
- name: Create backup client groups
|
|
|
group: name="{{ item.server | replace('.', '_') | regex_replace('^', 'bak-') }}"
|
|
@@ -58,23 +58,27 @@
|
|
|
|
|
|
- name: Set-up directory for the backup OpenSSH server instance
|
|
|
file: path="/etc/ssh-backup/" state=directory
|
|
|
owner="root" group="root" mode="700"
|
|
|
owner="root" group="root" mode="0700"
|
|
|
|
|
|
- name: Deploy configuration file for the backup OpenSSH server instance service
|
|
|
copy: src="ssh-backup.default" dest="/etc/default/ssh-backup"
|
|
|
owner="root" group="root" mode="644"
|
|
|
owner="root" group="root" mode="0644"
|
|
|
notify:
|
|
|
- Restart backup SSH server
|
|
|
|
|
|
- name: Deploy configuration file for the backup OpenSSH server instance
|
|
|
copy: src="backup-sshd_config" dest="/etc/ssh-backup/sshd_config"
|
|
|
owner="root" group="root" mode="600"
|
|
|
owner="root" group="root" mode="0600"
|
|
|
notify:
|
|
|
- Restart backup SSH server
|
|
|
|
|
|
- name: Deploy the private keys for backup OpenSSH server instance
|
|
|
copy: content="{{ item.value }}" dest="/etc/ssh-backup/ssh_host_{{ item.key }}_key"
|
|
|
owner="root" group="root" mode="600"
|
|
|
template:
|
|
|
src: "ssh_host_key.j2"
|
|
|
dest: "/etc/ssh-backup/ssh_host_{{ item.key }}_key"
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0600
|
|
|
with_dict: "{{ backup_host_ssh_private_keys }}"
|
|
|
no_log: True
|
|
|
notify:
|
|
@@ -82,7 +86,7 @@
|
|
|
|
|
|
- name: Deploy backup OpenSSH server systemd service file
|
|
|
copy: src="ssh-backup.service" dest="/etc/systemd/system/ssh-backup.service"
|
|
|
owner=root group=root mode=644
|
|
|
owner=root group=root mode=0644
|
|
|
notify:
|
|
|
- Reload systemd
|
|
|
- Restart backup SSH server
|
|
@@ -91,7 +95,7 @@
|
|
|
service: name="ssh-backup" state="started" enabled="yes"
|
|
|
|
|
|
- name: Deploy firewall configuration for backup server
|
|
|
template: src="ferm_backup.conf.j2" dest="/etc/ferm/conf.d/40-backup.conf" owner=root group=root mode=640
|
|
|
template: src="ferm_backup.conf.j2" dest="/etc/ferm/conf.d/40-backup.conf" owner=root group=root mode=0640
|
|
|
notify:
|
|
|
- Restart ferm
|
|
|
|
|
@@ -99,4 +103,4 @@
|
|
|
include: ../handlers/main.yml
|
|
|
when: "handlers | default(False) | bool() == True"
|
|
|
tags:
|
|
|
- handlers
|
|
\ No newline at end of file
|
|
|
- handlers
|