Files @ 8a6ebeaabb26
Branch filter:

Location: majic-ansible-roles/roles/backup_client/playbook.yml

branko
MAR-125: Eliminated a couple of warnings:

- Use the file module when cleaning-up the /etc/duply/main/gnupg directory.
- Mark the bind_password in m_ldap_entry and m_ldap_permissions as no_log
parameters.
---

- hosts: all
  tasks:

    - name: Update all caches to avoid errors due to missing remote archives
      apt:
        update_cache: yes
      changed_when: False

- hosts: backup-server
  tasks:

    - name: Deploy SSH server keys
      copy:
        content: "{{ lookup('file', item.key) + '\n' }}"
        dest: "{{ item.value }}"
        owner: root
        group: root
        mode: 0600
      with_dict:
        tests/data/ssh/server_dsa: /etc/ssh/ssh_host_dsa_key
        tests/data/ssh/server_rsa: /etc/ssh/ssh_host_rsa_key
        tests/data/ssh/server_ed25519: /etc/ssh/ssh_host_ed25519_key
        tests/data/ssh/server_ecdsa: /etc/ssh/ssh_host_ecdsa_key
      notify:
        - Restart ssh

    - name: Set-up backup user groups
      group:
        name: "{{ item.name }}"
      with_items: "{{ backup_users }}"

    - name: Set-up backup users
      user:
        name: "{{ item.name }}"
        group: "{{ item.name }}"
      with_items: "{{ backup_users }}"

    - name: Set-up authorised keys
      authorized_key:
        user: "{{ item.name }}"
        key: "{{ item.key }}"
      with_items: "{{ backup_users }}"

    - name: Set-up port forwarding
      command: "iptables -t nat -A PREROUTING -p tcp -m tcp --dport '{{ item }}' -j REDIRECT --to-ports 22"
      changed_when: False
      with_items:
        - 2222
        - 3333

    - name: Set-up directory for parameters-mandatory backups
      file:
        path: /duplicity
        state: directory
        owner: bak-parameters-mandatory
        group: bak-parameters-mandatory
        mode: 0700

  handlers:
    - name: Restart ssh
      service:
        name: ssh
        state: restarted

  vars:
    backup_users:
      - name: bak-parameters-mandatory
        key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"
      - name: backupuser
        key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

- hosts: parameters-mandatory
  roles:
    - role: backup_client
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-mandatory.asc') }}"
      backup_server: 10.31.127.10
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory' ) }}"

- hosts: parameters-optional
  roles:
    - role: backup_client
      backup_additional_encryption_keys:
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_1.asc') }}"
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_2.asc') }}"
        - "{{ lookup('file', 'tests/data/gnupg/additional_encryption_key_3.asc') }}"
      backup_client_username: backupuser
      backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
      backup_server: 10.31.127.10
      backup_server_destination: "/home/backupuser"
      backup_server_host_ssh_public_keys:
        - "{{ lookup('file', 'tests/data/ssh/server_dsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
        - "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
      backup_server_port: 3333
      backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional' ) }}"


# Deploy a dummy pre-backup script for testing purposes.
- hosts: parameters-mandatory,parameters-optional
  tasks:

    - name: Deploy pre-backup script
      copy:
        src: tests/data/10-test-pre-backup.sh
        dest: /etc/duply/main/pre.d/10-test-pre-backup.sh
        owner: root
        group: root
        mode: 0700