Files
@ 8a6ebeaabb26
Branch filter:
Location: majic-ansible-roles/roles/backup_client/playbook.yml
8a6ebeaabb26
3.8 KiB
text/x-yaml
MAR-125: Eliminated a couple of warnings:
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 | ---
- hosts: all
tasks:
- name: Update all caches to avoid errors due to missing remote archives
apt:
update_cache: yes
changed_when: False
- hosts: backup-server
tasks:
- name: Deploy SSH server keys
copy:
content: "{{ lookup('file', item.key) + '\n' }}"
dest: "{{ item.value }}"
owner: root
group: root
mode: 0600
with_dict:
tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key
tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key
tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key
tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key
notify:
- Restart ssh
- name: Set-up backup user groups
group:
name: "{{ item.name }}"
with_items: "{{ backup_users }}"
- name: Set-up backup users
user:
name: "{{ item.name }}"
group: "{{ item.name }}"
with_items: "{{ backup_users }}"
- name: Set-up authorised keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.key }}"
with_items: "{{ backup_users }}"
- name: Set-up port forwarding
command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22"
changed_when: False
with_items:
- 2222
- 3333
- name: Set-up directory for parameters-mandatory backups
file:
path: /duplicity
state: directory
owner: bak-parameters-mandatory
group: bak-parameters-mandatory
mode: 0700
handlers:
- name: Restart ssh
service:
name: ssh
state: restarted
vars:
backup_users:
- name: bak-parameters-mandatory
key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
- name: backupuser
key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"
- hosts: parameters-mandatory
roles:
- role: backup_client
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}"
backup_server: 10.31.127.10
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}"
- hosts: parameters-optional
roles:
- role: backup_client
backup_additional_encryption_keys:
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}"
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}"
- "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}"
backup_client_username: backupuser
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: 10.31.127.10
backup_server_destination: "/home/backupuser"
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_server_port: 3333
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"
# Deploy a dummy pre-backup script for testing purposes.
- hosts: parameters-mandatory,parameters-optional
tasks:
- name: Deploy pre-backup script
copy:
src: tests/data/10-test-pre-backup.sh
dest: /etc/duply/main/pre.d/10-test-pre-backup.sh
owner: root
group: root
mode: 0700
|