majic-ansible-roles Files · roles/backup

Files @ 61e6cfb81789

Branch filter:

Location: majic-ansible-roles/roles/backup_client/tasks/main.yml

61e6cfb81789 3.1 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-51: Fixed documentation for ansible_key parameter in preseed role. Updated ca_certificates parameter in common role to accept key-value pairs of filenames and certificates to put on remote host (so lookups/inventory can be utilised in more flexible manner). Updated backup_client role to fail if it is not possible to extract encryption key IDs from deployed keys. Moved purging of Exim4 configuration files from handlers to tasks (more robust, and still idempotent). All documentation has been updated as well.

---

- name: Install backup software
  apt: name="{{ item }}" state=installed
  with_items:
    - duplicity
    - duply

- name: Set-up Duply directories
  file: path="{{ item }}" state=directory owner=root group=root mode=700
  with_items:
    - "/etc/duply"
    - "/etc/duply/main"
    - "/etc/duply/main/patterns"
    - "/etc/duply/main/gnupg"
    - "/etc/duply/main/ssh"
    - "/var/cache/duply"
    - "/var/cache/duply/main"

- name: Deploy GnuPG private keys
  copy: content="{{ backup_encryption_key }}" dest="/etc/duply/main/private_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Deploy GnuPG public keys
  copy: content="{{ backup_additional_encryption_keys | join('\n') }}" dest="/etc/duply/main/public_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{8}//'"
  register: backup_encryption_key_id
  changed_when: False
  failed_when: backup_encryption_key_id.stdout == ""

- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sort -u | sed -re 's/^.{8}//' | tr '\n' ',' | sed -e 's/,$//'"
  register: backup_additional_encryption_keys_ids
  when: backup_additional_encryption_keys
  changed_when: False
  failed_when: backup_additional_encryption_keys_ids.stdout == ""

- name: Deploy private SSH key for logging-in into backup server
  copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
        owner="root" group="root" mode="600"
  no_log: True

- name: Deploy custom known_hosts for backup purposes
  template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
            owner="root" group="root" mode="600"

- name: Deploy Duply configuration file
  template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
            owner=root group=root mode=600

- name: Deploy base exclude pattern (exclude all by default)
  copy: content="- **" dest="/etc/duply/main/exclude"
        owner="root" group="root" mode="600"

- name: Configure backup patterns
  template: src="backup_patterns.j2" dest="/etc/duply/main/patterns/{{ backup_patterns_filename }}"
            owner="root" group="root" mode=700

- name: Set-up directory for storing pre-backup scripts
  file: path="/etc/duply/main/pre.d/" state=directory
        owner="root" group="root" mode="700"

- name: Set-up script for running all pre-backup scripts
  copy: src="duply_pre" dest="/etc/duply/main/pre"
        owner="root" group="root" mode="700"

- name: Deploy crontab entry for running backups
  cron: name=backup cron_file=backup hour=2 minute=0 job="/usr/bin/duply main backup"
        state=present user=root