Files @ 7977a2033d9a
Branch filter:

Location: majic-ansible-roles/roles/backup_client/tasks/main.yml

7977a2033d9a 3.0 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
Noticket: Fixed ldap_permissions module - if no olcAccess rules are defined, assume empty list (otherwise we get key lookup exception).
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
---

- name: Install backup software
  apt: name="{{ item }}" state=installed
  with_items:
    - duplicity
    - duply

- name: Set-up Duply directories
  file: path="{{ item }}" state=directory owner=root group=root mode=700
  with_items:
    - "/etc/duply"
    - "/etc/duply/main"
    - "/etc/duply/main/patterns"
    - "/etc/duply/main/gnupg"
    - "/etc/duply/main/ssh"
    - "/var/cache/duply"
    - "/var/cache/duply/main"

- name: Deploy GnuPG private keys
  copy: content="{{ backup_encryption_key }}" dest="/etc/duply/main/private_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Deploy GnuPG public keys
  copy: content="{{ backup_additional_encryption_keys | join('\n') }}" dest="/etc/duply/main/public_keys.asc"
        owner=root group=root mode=600
  notify:
    - Clean-up GnuPG keyring for import of new keys
    - Import private keys
    - Import public keys

- name: Extract encryption key identifier (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sed -re 's/^.{8}//'"
  register: backup_encryption_key_id
  changed_when: False
  failed_when: backup_encryption_key_id.stdout == ""

- name: Extract additional encryption keys identifiers (Duplicty requires key ID in hexadecimal format)
  shell: "gpg2 --list-packets /etc/duply/main/private_keys.asc | grep keyid: | head -n1 | sed -e 's/.*: //' | sort -u | sed -re 's/^.{8}//' | tr '\n' ',' | sed -e 's/,$//'"
  register: backup_additional_encryption_keys_ids
  when: backup_additional_encryption_keys
  changed_when: False
  failed_when: backup_additional_encryption_keys_ids.stdout == ""

- name: Deploy private SSH key for logging-in into backup server
  copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
        owner="root" group="root" mode="600"
  no_log: True

- name: Deploy custom known_hosts for backup purposes
  template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
            owner="root" group="root" mode="600"

- name: Deploy Duply configuration file
  template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
            owner=root group=root mode=600

- name: Deploy base exclude pattern (exclude all by default)
  copy: content="- **" dest="/etc/duply/main/exclude"
        owner="root" group="root" mode="600"

- name: Set-up directory for storing pre-backup scripts
  file: path="/etc/duply/main/pre.d/" state=directory
        owner="root" group="root" mode="700"

- name: Set-up script for running all pre-backup scripts
  copy: src="duply_pre" dest="/etc/duply/main/pre"
        owner="root" group="root" mode="700"

- name: Deploy crontab entry for running backups
  cron: name=backup cron_file=backup hour=2 minute=0 job="/usr/bin/duply main backup"
        state=present user=root

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.