majic-ansible-roles Files · roles/backup

Files @ c4113608aa36

Branch filter:

Location: majic-ansible-roles/roles/backup_client/tasks/main.yml

c4113608aa36 2.8 KiB text/x-yaml Show Annotation Show as Raw Download as Raw

branko

MAR-44: Added role reference documentation for the backup_client role. Added role reference examples for the backup_server role.

---

- name: Install backup software
  apt: name="{{ item }}" state=installed
  with_items:
    - duplicity
    - duply

- name: Set-up Duply directories
  file: path="{{ item }}" state=directory owner=root group=root mode=700
  with_items:
    - "/etc/duply"
    - "/etc/duply/main"
    - "/etc/duply/main/patterns"
    - "/etc/duply/main/gnupg"
    - "/etc/duply/main/ssh"
    - "/var/cache/duply"
    - "/var/cache/duply/main"

- name: Extract encryption keys
  local_action: command gpg2 --homedir "{{ backup_gnupg_keyring }}" --armor --export "{{ backup_encryption_keys | join(',') }}"
  become: no
  register: encryption_keys
  changed_when: False

- name: Extract signing key
  local_action: command gpg2 --homedir "{{ backup_gnupg_keyring }}" --armor --export-secret-key "{{ backup_signing_key }}"
  become: no
  when: backup_signing_key is defined
  register: signing_key
  changed_when: False

- name: Extract signing key ID (duplicity accepts 8-char hex code only)
  local_action: shell gpg2 --homedir "{{ backup_gnupg_keyring }}" --with-colons --list-secret-keys "{{ backup_signing_key }}" | grep '^sec' | sort -n -k 6 -t ":"  | cut -f 5 -d ':' | grep -o '[A-F0-9]\{8\}$'
  become: no
  when: backup_signing_key is defined
  register: signing_key_id
  changed_when: False

- name: Deploy GnuPG public keys for encryption
  copy: content="{{ encryption_keys.stdout }}" dest="/etc/duply/main/public_encryption_keys.asc"
        owner=root group=root mode=600
  register: new_enc_key
  notify:
    - Import signing private keys
    - Import encryption public keys

- name: Deploy GnuPG private keys for signing
  copy: content="{{ signing_key.stdout }}" dest="/etc/duply/main/private_signing_key.asc"
        owner=root group=root mode=600
  no_log: True
  when: backup_signing_key is defined
  register: new_sign_key
  notify:
    - Import signing private keys
    - Import encryption public keys

- name: Clean-up GnuPG keyring for import of new keys
  shell: rm -f /etc/duply/main/gnupg/*
  when: new_enc_key.changed or new_sign_key.changed

- name: Deploy private SSH key for logging-in into backup server
  copy: content="{{ backup_ssh_key }}" dest="/etc/duply/main/ssh/identity"
        owner="root" group="root" mode="600"
  no_log: True

- name: Deploy custom known_hosts for backup purposes
  template: src="known_hosts.j2" dest="/etc/duply/main/ssh/known_hosts"
            owner="root" group="root" mode="600"

- name: Deploy Duply configuration file
  template: src="duply_main_conf.j2" dest="/etc/duply/main/conf"
            owner=root group=root mode=600

- name: Deploy base exclude pattern (exclude all by default)
  copy: content="- **" dest="/etc/duply/main/exclude"
        owner="root" group="root" mode="600"

- name: Assemble Duply include patterns
  assemble: src="/etc/duply/main/patterns" dest="/etc/duply/main/include"
            owner="root" group="root" mode="600"