Allow heterogeneous ports
This makes it a bit more annoying to define default hosts for multiple machines, but it's not that bad and it's better than not being able to define heterogeous ports.
This commit is contained in:
parent
c773c901f2
commit
0f7d9e9f24
5 changed files with 8 additions and 19 deletions
|
@ -2,11 +2,10 @@
|
|||
|
||||
Allows the configuration of backups to one or more remote filesystems.
|
||||
|
||||
The backup hosts in use need to be defined in evobackup-client__hosts
|
||||
and the bkctld jail ssh port has to be defined in
|
||||
evobackup-client__ssh_port before running it.
|
||||
The backup hosts and the ports in use need to be defined in
|
||||
evobackup-client__hosts before running it.
|
||||
|
||||
The default zzz_evobackup.sh configures a system backup, but the
|
||||
The default zzz_evobackup.sh configures a system only backup, but the
|
||||
template can be overriden to configure a full backup instead. If
|
||||
you change the variables in defaults/main.yml you can easily run
|
||||
this again and configure backups to a second set of hosts.
|
||||
|
|
|
@ -6,8 +6,8 @@ evobackup-client__mail: null
|
|||
evobackup-client__pid_path: "/var/run/evobackup.pid"
|
||||
evobackup-client__log_path: "/var/log/evobackup.log"
|
||||
evobackup-client__backup_path: "/home/backup"
|
||||
evobackup-client__ssh_port: null
|
||||
evobackup-client__hosts: null
|
||||
# - name: "backups.example.org"
|
||||
# ip: "xxx.xxx.xxx.xxx"
|
||||
# fingerprint: "ecdsa-sha2-nistp256 ..."
|
||||
# port: xxxx
|
||||
|
|
|
@ -8,22 +8,12 @@
|
|||
- evobackup-client
|
||||
- evobackup-client-backup-firewall
|
||||
|
||||
- name: backup ssh port
|
||||
blockinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
marker: "# evobackup ssh port"
|
||||
block: "evobackup_port={{ evobackup-client__ssh_port }}"
|
||||
when: evobackup-client__minifirewall.stat.exists
|
||||
tags:
|
||||
- evobackup-client
|
||||
- evobackup-client-backup-firewall
|
||||
|
||||
- name: Add backup SSH port in /etc/default/minifirewall
|
||||
blockinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
marker: "# {{ item.name }}"
|
||||
block: |
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ evobackup-client__ssh_port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
with_items: "{{ evobackup-client__hosts }}"
|
||||
when: evobackup-client__minifirewall.stat.exists
|
||||
tags:
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
- name: Verify evolix backup servers
|
||||
known_hosts:
|
||||
path: /root/.ssh/known_hosts
|
||||
name: "[{{ item.name }}]:{{ evobackup-client__ssh_port }}"
|
||||
key: "[{{ item.name }}]:{{ evobackup-client__ssh_port }} {{ item.fingerprint }}"
|
||||
name: "[{{ item.name }}]:{{ item.port }}"
|
||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||
with_list: "{{ evobackup-client__hosts }}"
|
||||
tags:
|
||||
- evobackup-client
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
MAIL={{ evobackup-client__mail }}
|
||||
|
||||
# list of hosts (hostname or IP) and SSH port for Rsync
|
||||
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ evobackup-client__ssh_port }} {% endfor %}"
|
||||
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ host.port }} {% endfor %}"
|
||||
|
||||
# timeout (in seconds) for SSH connections
|
||||
SSH_CONNECT_TIMEOUT=30
|
||||
|
|
Loading…
Reference in a new issue