Files @ 32f61f233098
Branch filter:

Location: majic-ansible-roles/roles/backup_client/tasks/main.yml

32f61f233098 3.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
Noticket: Fixed documentation and examples for CA certificate deployment in common role. Fixed usage instructions, mainly some syntax changes and more explicit listing of parameters and such. Fixed path to truststore file for mail_forwarder role. Fixed testsite configurtion for CA certificates.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
---

- name: Install backup software
  apt: name="{{ item }}" state=installed
  with_items:
    - duplicity
    - duply

- name: Set-up Duply directories
  file: path="{{ item }}" state=directory owner=root group=root mode=700
  with_items:
    - "/etc/duply"
    - "/etc/duply/main"
    - "/etc/duply/main/patterns"
    - "/etc/duply/main/gnupg"
    - "/etc/duply/main/ssh"
    - "/var/cache/duply"
    - "/var/cache/duply/main"

- name: Deploy GnuPG private keys
  copy: content="{{ backup_encryption_key }}" dest="/etc/duply/main/private_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Deploy GnuPG public keys
  copy: content="{{ backup_additional_encryption_keys | join('\n') }}" dest="/etc/duply/main/public_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{8}//'"
  register: backup_encryption_key_id
  changed_when: False
  failed_when: backup_encryption_key_id.stdout == ""

- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sort -u | sed -re 's/^.{8}//' | tr '\n' ',' | sed -e 's/,$//'"
  register: backup_additional_encryption_keys_ids
  when: backup_additional_encryption_keys
  changed_when: False
  failed_when: backup_additional_encryption_keys_ids.stdout == ""

- name: Deploy private SSH key for logging-in into backup server
  copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
        owner="root" group="root" mode="600"
  no_log: True

- name: Deploy custom known_hosts for backup purposes
  template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
            owner="root" group="root" mode="600"

- name: Deploy Duply configuration file
  template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
            owner=root group=root mode=600

- name: Deploy base exclude pattern (exclude all by default)
  copy: content="- **" dest="/etc/duply/main/exclude"
        owner="root" group="root" mode="600"

- name: Set-up directory for storing pre-backup scripts
  file: path="/etc/duply/main/pre.d/" state=directory
        owner="root" group="root" mode="700"

- name: Set-up script for running all pre-backup scripts
  copy: src="duply_pre" dest="/etc/duply/main/pre"
        owner="root" group="root" mode="700"

- name: Deploy crontab entry for running backups
  cron: name=backup cron_file=backup hour=2 minute=0 job="/usr/bin/duply main backup"
        state=present user=root

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.