Allow heterogeneous ports

This makes it a bit more annoying to define default hosts for
multiple machines, but it's not that bad and it's better than not
being able to define heterogeous ports.
pull/83/head
Patrick Marchand 3 years ago
parent c773c901f2
commit 0f7d9e9f24
  1. 7
      evobackup-client/README.md
  2. 2
      evobackup-client/defaults/main.yml
  3. 12
      evobackup-client/tasks/open_ssh_ports.yml
  4. 4
      evobackup-client/tasks/verify_ssh.yml
  5. 2
      evobackup-client/templates/zzz_evobackup.default.sh.j2

@ -2,11 +2,10 @@
Allows the configuration of backups to one or more remote filesystems.
The backup hosts in use need to be defined in evobackup-client__hosts
and the bkctld jail ssh port has to be defined in
evobackup-client__ssh_port before running it.
The backup hosts and the ports in use need to be defined in
evobackup-client__hosts before running it.
The default zzz_evobackup.sh configures a system backup, but the
The default zzz_evobackup.sh configures a system only backup, but the
template can be overriden to configure a full backup instead. If
you change the variables in defaults/main.yml you can easily run
this again and configure backups to a second set of hosts.

@ -6,8 +6,8 @@ evobackup-client__mail: null
evobackup-client__pid_path: "/var/run/evobackup.pid"
evobackup-client__log_path: "/var/log/evobackup.log"
evobackup-client__backup_path: "/home/backup"
evobackup-client__ssh_port: null
evobackup-client__hosts: null
# - name: "backups.example.org"
# ip: "xxx.xxx.xxx.xxx"
# fingerprint: "ecdsa-sha2-nistp256 ..."
# port: xxxx

@ -8,22 +8,12 @@
- evobackup-client
- evobackup-client-backup-firewall
- name: backup ssh port
blockinfile:
dest: /etc/default/minifirewall
marker: "# evobackup ssh port"
block: "evobackup_port={{ evobackup-client__ssh_port }}"
when: evobackup-client__minifirewall.stat.exists
tags:
- evobackup-client
- evobackup-client-backup-firewall
- name: Add backup SSH port in /etc/default/minifirewall
blockinfile:
dest: /etc/default/minifirewall
marker: "# {{ item.name }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ evobackup-client__ssh_port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup-client__hosts }}"
when: evobackup-client__minifirewall.stat.exists
tags:

@ -3,8 +3,8 @@
- name: Verify evolix backup servers
known_hosts:
path: /root/.ssh/known_hosts
name: "[{{ item.name }}]:{{ evobackup-client__ssh_port }}"
key: "[{{ item.name }}]:{{ evobackup-client__ssh_port }} {{ item.fingerprint }}"
name: "[{{ item.name }}]:{{ item.port }}"
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
with_list: "{{ evobackup-client__hosts }}"
tags:
- evobackup-client

@ -21,7 +21,7 @@
MAIL={{ evobackup-client__mail }}
# list of hosts (hostname or IP) and SSH port for Rsync
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ evobackup-client__ssh_port }} {% endfor %}"
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ host.port }} {% endfor %}"
# timeout (in seconds) for SSH connections
SSH_CONNECT_TIMEOUT=30

Loading…
Cancel
Save