From daad12fdeb892c3025b0d075af234eedd1fc0ed8 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Mon, 7 Oct 2019 12:28:25 -0400 Subject: [PATCH] Handle backup jail creation Does not handle sync step yet --- evobackup-client/handlers/main.yml | 4 ++++ evobackup-client/tasks/create_jail.yml | 29 +++++++++++++++++++++++ evobackup-client/tasks/main.yml | 5 ++++ evobackup-client/tasks/open_ssh_ports.yml | 2 +- evobackup-client/tasks/ssh_key.yml | 11 +++++++++ 5 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 evobackup-client/tasks/create_jail.yml diff --git a/evobackup-client/handlers/main.yml b/evobackup-client/handlers/main.yml index 4ddd1f53..9d0e022f 100644 --- a/evobackup-client/handlers/main.yml +++ b/evobackup-client/handlers/main.yml @@ -4,3 +4,7 @@ register: minifirewall_init_restart failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout" changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout" + +- name: 'created new jail' + command: "bkctld start {{ evolinux_hostname }}" + delegate_to: "{{ evobackup_client__hosts[0].ip }}" diff --git a/evobackup-client/tasks/create_jail.yml b/evobackup-client/tasks/create_jail.yml new file mode 100644 index 00000000..df5902e4 --- /dev/null +++ b/evobackup-client/tasks/create_jail.yml @@ -0,0 +1,29 @@ +--- + +- name: 'create jail' + command: "bkctld init {{ evolinux_hostname }}" + args: + creates: "/backup/jails/{{ evolinux_hostname }}/" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + notify: 'created new jail' + +- name: 'add ssh key to jail' + command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + +- name: 'add ip to jail' + command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + +- name: 'get jail port' + command: "bkctld port {{ evolinux_hostname }}" + become: true + register: bkctld_port + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + +- name: 'register jail port' + set_fact: + evobackup_ssh_port={{ bkctld_port.stdout }} diff --git a/evobackup-client/tasks/main.yml b/evobackup-client/tasks/main.yml index 8240a595..69bcd16e 100644 --- a/evobackup-client/tasks/main.yml +++ b/evobackup-client/tasks/main.yml @@ -5,6 +5,11 @@ - evobackup_client - evobackup_client_backup_ssh_key +- include: "create_jail.yml" + tags: + - evobackup_client + - evobackup_client_jail + - include: "upload_scripts.yml" tags: - evobackup_client diff --git a/evobackup-client/tasks/open_ssh_ports.yml b/evobackup-client/tasks/open_ssh_ports.yml index 0f8b0cda..be96c161 100644 --- a/evobackup-client/tasks/open_ssh_ports.yml +++ b/evobackup-client/tasks/open_ssh_ports.yml @@ -11,7 +11,7 @@ - name: Add backup SSH port in /etc/default/minifirewall blockinfile: dest: /etc/default/minifirewall - marker: "# {{ item.name }}" + marker: "# {mark} {{ item.name }}" block: | /sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT with_items: "{{ evobackup_client__hosts }}" diff --git a/evobackup-client/tasks/ssh_key.yml b/evobackup-client/tasks/ssh_key.yml index 2d629500..6327dd74 100644 --- a/evobackup-client/tasks/ssh_key.yml +++ b/evobackup-client/tasks/ssh_key.yml @@ -18,3 +18,14 @@ tags: - evobackup_client - evobackup_client_backup_ssh_key + +- name: 'copy ssh public key to backup server' + copy: + content: "{{ evobackup_client__root_key.ssh_public_key }}" + dest: "/root/{{ evolinux_hostname }}.pub" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + tags: + - evobackup_client + - evobackup_client_backup_ssh_key + - evobackup_client_jail