forked from evolix/ansible-roles
Compare commits
2 commits
stable
...
evobackup_
Author | SHA1 | Date | |
---|---|---|---|
Patrick Marchand | de4ba88790 | ||
Patrick Marchand | 8caca4c711 |
|
@ -1,57 +1,34 @@
|
|||
---
|
||||
|
||||
- name: 'create jail'
|
||||
command: "bkctld init {{ evolinux_hostname }}"
|
||||
args:
|
||||
creates: "/backup/jails/{{ evolinux_hostname }}/"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify:
|
||||
- 'created new jail'
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
- block:
|
||||
- name: 'create jail'
|
||||
command: "bkctld init {{ evolinux_hostname }}"
|
||||
args:
|
||||
creates: "/backup/jails/{{ evolinux_hostname }}/"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify:
|
||||
- 'created new jail'
|
||||
|
||||
# temp fix for bkctld 2.x because the ip and key command return 1
|
||||
# if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31
|
||||
- name: 'start jail'
|
||||
command: "bkctld restart {{ evolinux_hostname }}"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
# temp fix for bkctld 2.x because the ip and key command return 1
|
||||
# if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31
|
||||
- name: 'start jail'
|
||||
command: "bkctld restart {{ evolinux_hostname }}"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
|
||||
- name: 'add ip to jail'
|
||||
command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify: 'jail updated'
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
- name: 'add ip to jail'
|
||||
command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify: 'jail updated'
|
||||
|
||||
- name: 'add key to jail'
|
||||
command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify: 'jail updated'
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
- name: 'add key to jail'
|
||||
command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
notify: 'jail updated'
|
||||
|
||||
- name: 'get jail port'
|
||||
command: "bkctld port {{ evolinux_hostname }}"
|
||||
become: true
|
||||
register: bkctld_port
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
|
||||
- name: 'register jail port'
|
||||
set_fact:
|
||||
evobackup_ssh_port={{ bkctld_port.stdout }}
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
|
|
17
evobackup-client/tasks/jail_port.yml
Normal file
17
evobackup-client/tasks/jail_port.yml
Normal file
|
@ -0,0 +1,17 @@
|
|||
---
|
||||
|
||||
- block:
|
||||
- name: 'get jail port'
|
||||
command: "bkctld port {{ evolinux_hostname }}"
|
||||
become: true
|
||||
register: bkctld_port
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
|
||||
- name: 'register jail port'
|
||||
set_fact:
|
||||
evobackup_ssh_port={{ bkctld_port.stdout }}
|
||||
|
||||
when: evobackup_ssh_port = ''
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_ssh_port
|
|
@ -1,26 +1,11 @@
|
|||
---
|
||||
|
||||
- include: "ssh_key.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_ssh_key
|
||||
- block:
|
||||
- include: "ssh_key.yml"
|
||||
- include: "jail.yml"
|
||||
- include: "upload_scripts.yml"
|
||||
- include: "open_ssh_ports.yml"
|
||||
- include: "verify_ssh.yml"
|
||||
|
||||
- include: "jail.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_jail
|
||||
|
||||
- include: "upload_scripts.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_scripts
|
||||
|
||||
- include: "open_ssh_ports.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_firewall
|
||||
|
||||
- include: "verify_ssh.yml"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_hosts
|
||||
|
|
|
@ -1,22 +1,24 @@
|
|||
---
|
||||
|
||||
- name: Is there a Minifirewall ?
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
register: evobackup_client__minifirewall
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_firewall
|
||||
- block:
|
||||
- name: Is there a Minifirewall ?
|
||||
stat:
|
||||
path: /etc/default/minifirewall
|
||||
register: evobackup_client__minifirewall
|
||||
|
||||
- include: "jail_port.yml"
|
||||
when: evobackup_client__minifirewall.stat.exists
|
||||
|
||||
- name: Add backup SSH port in /etc/default/minifirewall
|
||||
blockinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
marker: "# {mark} {{ item.name }}"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
with_items: "{{ evobackup_client__hosts }}"
|
||||
notify: restart minifirewall
|
||||
when: evobackup_client__minifirewall.stat.exists
|
||||
|
||||
- name: Add backup SSH port in /etc/default/minifirewall
|
||||
blockinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
marker: "# {mark} {{ item.name }}"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
with_items: "{{ evobackup_client__hosts }}"
|
||||
notify: restart minifirewall
|
||||
when: evobackup_client__minifirewall.stat.exists
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_firewall
|
||||
- evobackup_client_firewall
|
||||
|
|
|
@ -1,31 +1,28 @@
|
|||
---
|
||||
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: root
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ evobackup_client__root_key_path }}"
|
||||
ssh_key_type: "{{ evobackup_client__root_key_type }}"
|
||||
register: evobackup_client__root_key
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_ssh_key
|
||||
- block:
|
||||
- name: Create SSH key
|
||||
user:
|
||||
name: root
|
||||
generate_ssh_key: true
|
||||
ssh_key_file: "{{ evobackup_client__root_key_path }}"
|
||||
ssh_key_type: "{{ evobackup_client__root_key_type }}"
|
||||
register: evobackup_client__root_key
|
||||
|
||||
- name: Print SSH key
|
||||
debug:
|
||||
var: evobackup_client__root_key.ssh_public_key
|
||||
when: evobackup_client__root_key.ssh_public_key is defined
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_ssh_key
|
||||
- name: Print SSH key
|
||||
debug:
|
||||
var: evobackup_client__root_key.ssh_public_key
|
||||
when: evobackup_client__root_key.ssh_public_key is defined
|
||||
|
||||
- name: 'copy ssh public key to backup server'
|
||||
copy:
|
||||
content: "{{ evobackup_client__root_key.ssh_public_key }}"
|
||||
dest: "/root/{{ evolinux_hostname }}.pub"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
tags:
|
||||
- evobackup_client_jail
|
||||
|
||||
- name: 'copy ssh public key to backup server'
|
||||
copy:
|
||||
content: "{{ evobackup_client__root_key.ssh_public_key }}"
|
||||
dest: "/root/{{ evolinux_hostname }}.pub"
|
||||
become: true
|
||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_ssh_key
|
||||
- evobackup_client_jail
|
||||
- evobackup_client_ssh_key
|
||||
|
|
|
@ -1,16 +1,20 @@
|
|||
---
|
||||
|
||||
- name: Upload evobackup script
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ evobackup_client__cron_path }}"
|
||||
force: true
|
||||
mode: 0755
|
||||
with_first_found:
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||
- "zzz_evobackup.default.sh.j2"
|
||||
- block:
|
||||
- include: "jail_port.yml"
|
||||
|
||||
- name: Upload evobackup script
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ evobackup_client__cron_path }}"
|
||||
force: true
|
||||
mode: 0755
|
||||
with_first_found:
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||
- "zzz_evobackup.default.sh.j2"
|
||||
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_scripts
|
||||
- evobackup_client_script
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
---
|
||||
|
||||
- name: Verify evolix backup servers
|
||||
known_hosts:
|
||||
path: /root/.ssh/known_hosts
|
||||
name: "[{{ item.name }}]:{{ item.port }}"
|
||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||
with_list: "{{ evobackup_client__hosts }}"
|
||||
- block:
|
||||
- include: "jail_port.yml"
|
||||
|
||||
- name: Verify evolix backup servers
|
||||
known_hosts:
|
||||
path: /root/.ssh/known_hosts
|
||||
name: "[{{ item.name }}]:{{ item.port }}"
|
||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||
with_list: "{{ evobackup_client__hosts }}"
|
||||
|
||||
tags:
|
||||
- evobackup_client
|
||||
- evobackup_client_backup_hosts
|
||||
- evobackup_client_fingerprints
|
||||
|
|
Loading…
Reference in a new issue