From de4ba88790d812e5d980a0e2dcf3f94af480f08a Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Tue, 23 Jun 2020 12:07:51 -0400 Subject: [PATCH] Dried up the tags for evobackup-client blocks allow us to assign multiple tags to multiple tasks without repeating ourselves. This also simplifies other logic like conditional includes. --- evobackup-client/tasks/jail.yml | 59 ++++++++++------------- evobackup-client/tasks/jail_port.yml | 22 ++++++--- evobackup-client/tasks/main.yml | 27 +++-------- evobackup-client/tasks/open_ssh_ports.yml | 41 ++++++++-------- evobackup-client/tasks/ssh_key.yml | 47 +++++++++--------- evobackup-client/tasks/upload_scripts.yml | 30 +++++++----- evobackup-client/tasks/verify_ssh.yml | 19 ++++---- 7 files changed, 115 insertions(+), 130 deletions(-) diff --git a/evobackup-client/tasks/jail.yml b/evobackup-client/tasks/jail.yml index 8218fd35..4549fcb0 100644 --- a/evobackup-client/tasks/jail.yml +++ b/evobackup-client/tasks/jail.yml @@ -1,41 +1,34 @@ --- -- name: 'create jail' - command: "bkctld init {{ evolinux_hostname }}" - args: - creates: "/backup/jails/{{ evolinux_hostname }}/" - become: true - delegate_to: "{{ evobackup_client__hosts[0].ip }}" - notify: - - 'created new jail' - tags: - - evobackup_client - - evobackup_client_jail +- block: + - name: 'create jail' + command: "bkctld init {{ evolinux_hostname }}" + args: + creates: "/backup/jails/{{ evolinux_hostname }}/" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + notify: + - 'created new jail' -# temp fix for bkctld 2.x because the ip and key command return 1 -# if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31 -- name: 'start jail' - command: "bkctld restart {{ evolinux_hostname }}" - become: true - delegate_to: "{{ evobackup_client__hosts[0].ip }}" - tags: - - evobackup_client - - evobackup_client_jail + # temp fix for bkctld 2.x because the ip and key command return 1 + # if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31 + - name: 'start jail' + command: "bkctld restart {{ evolinux_hostname }}" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" -- name: 'add ip to jail' - command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}" - become: true - delegate_to: "{{ evobackup_client__hosts[0].ip }}" - notify: 'jail updated' - tags: - - evobackup_client - - evobackup_client_jail + - name: 'add ip to jail' + command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + notify: 'jail updated' + + - name: 'add key to jail' + command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + notify: 'jail updated' -- name: 'add key to jail' - command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub" - become: true - delegate_to: "{{ evobackup_client__hosts[0].ip }}" - notify: 'jail updated' tags: - evobackup_client - evobackup_client_jail diff --git a/evobackup-client/tasks/jail_port.yml b/evobackup-client/tasks/jail_port.yml index 16ebdea9..370b7c9c 100644 --- a/evobackup-client/tasks/jail_port.yml +++ b/evobackup-client/tasks/jail_port.yml @@ -1,11 +1,17 @@ --- -- name: 'get jail port' - command: "bkctld port {{ evolinux_hostname }}" - become: true - register: bkctld_port - delegate_to: "{{ evobackup_client__hosts[0].ip }}" +- block: + - name: 'get jail port' + command: "bkctld port {{ evolinux_hostname }}" + become: true + register: bkctld_port + delegate_to: "{{ evobackup_client__hosts[0].ip }}" -- name: 'register jail port' - set_fact: - evobackup_ssh_port={{ bkctld_port.stdout }} + - name: 'register jail port' + set_fact: + evobackup_ssh_port={{ bkctld_port.stdout }} + + when: evobackup_ssh_port = '' + tags: + - evobackup_client + - evobackup_client_ssh_port diff --git a/evobackup-client/tasks/main.yml b/evobackup-client/tasks/main.yml index a2dd4405..d9a2ed8e 100644 --- a/evobackup-client/tasks/main.yml +++ b/evobackup-client/tasks/main.yml @@ -1,26 +1,11 @@ --- -- include: "ssh_key.yml" - tags: - - evobackup_client - - evobackup_client_backup_ssh_key +- block: + - include: "ssh_key.yml" + - include: "jail.yml" + - include: "upload_scripts.yml" + - include: "open_ssh_ports.yml" + - include: "verify_ssh.yml" -- include: "jail.yml" tags: - evobackup_client - - evobackup_client_jail - -- include: "upload_scripts.yml" - tags: - - evobackup_client - - evobackup_client_backup_scripts - -- include: "open_ssh_ports.yml" - tags: - - evobackup_client - - evobackup_client_backup_firewall - -- include: "verify_ssh.yml" - tags: - - evobackup_client - - evobackup_client_backup_hosts diff --git a/evobackup-client/tasks/open_ssh_ports.yml b/evobackup-client/tasks/open_ssh_ports.yml index 31ce3862..ffee5f22 100644 --- a/evobackup-client/tasks/open_ssh_ports.yml +++ b/evobackup-client/tasks/open_ssh_ports.yml @@ -1,25 +1,24 @@ --- -- name: Is there a Minifirewall ? - stat: - path: /etc/default/minifirewall - register: evobackup_client__minifirewall +- block: + - name: Is there a Minifirewall ? + stat: + path: /etc/default/minifirewall + register: evobackup_client__minifirewall + + - include: "jail_port.yml" + when: evobackup_client__minifirewall.stat.exists + + - name: Add backup SSH port in /etc/default/minifirewall + blockinfile: + dest: /etc/default/minifirewall + marker: "# {mark} {{ item.name }}" + block: | + /sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT + with_items: "{{ evobackup_client__hosts }}" + notify: restart minifirewall + when: evobackup_client__minifirewall.stat.exists + tags: - evobackup_client - - evobackup_client_backup_firewall - -- include: "jail_port.yml" - when: evobackup_ssh_port = '' - -- name: Add backup SSH port in /etc/default/minifirewall - blockinfile: - dest: /etc/default/minifirewall - marker: "# {mark} {{ item.name }}" - block: | - /sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT - with_items: "{{ evobackup_client__hosts }}" - notify: restart minifirewall - when: evobackup_client__minifirewall.stat.exists - tags: - - evobackup_client - - evobackup_client_backup_firewall + - evobackup_client_firewall diff --git a/evobackup-client/tasks/ssh_key.yml b/evobackup-client/tasks/ssh_key.yml index 6438634e..22061b1f 100644 --- a/evobackup-client/tasks/ssh_key.yml +++ b/evobackup-client/tasks/ssh_key.yml @@ -1,31 +1,28 @@ --- -- name: Create SSH key - user: - name: root - generate_ssh_key: true - ssh_key_file: "{{ evobackup_client__root_key_path }}" - ssh_key_type: "{{ evobackup_client__root_key_type }}" - register: evobackup_client__root_key - tags: - - evobackup_client - - evobackup_client_backup_ssh_key +- block: + - name: Create SSH key + user: + name: root + generate_ssh_key: true + ssh_key_file: "{{ evobackup_client__root_key_path }}" + ssh_key_type: "{{ evobackup_client__root_key_type }}" + register: evobackup_client__root_key -- name: Print SSH key - debug: - var: evobackup_client__root_key.ssh_public_key - when: evobackup_client__root_key.ssh_public_key is defined - tags: - - evobackup_client - - evobackup_client_backup_ssh_key + - name: Print SSH key + debug: + var: evobackup_client__root_key.ssh_public_key + when: evobackup_client__root_key.ssh_public_key is defined + + - name: 'copy ssh public key to backup server' + copy: + content: "{{ evobackup_client__root_key.ssh_public_key }}" + dest: "/root/{{ evolinux_hostname }}.pub" + become: true + delegate_to: "{{ evobackup_client__hosts[0].ip }}" + tags: + - evobackup_client_jail -- name: 'copy ssh public key to backup server' - copy: - content: "{{ evobackup_client__root_key.ssh_public_key }}" - dest: "/root/{{ evolinux_hostname }}.pub" - become: true - delegate_to: "{{ evobackup_client__hosts[0].ip }}" tags: - evobackup_client - - evobackup_client_backup_ssh_key - - evobackup_client_jail + - evobackup_client_ssh_key diff --git a/evobackup-client/tasks/upload_scripts.yml b/evobackup-client/tasks/upload_scripts.yml index 0502118c..8b56ad19 100644 --- a/evobackup-client/tasks/upload_scripts.yml +++ b/evobackup-client/tasks/upload_scripts.yml @@ -1,16 +1,20 @@ --- -- include: "jail_port.yml" - when: evobackup_ssh_port = '' +- block: + - include: "jail_port.yml" -- name: Upload evobackup script - template: - src: "{{ item }}" - dest: "{{ evobackup_client__cron_path }}" - force: true - mode: 0755 - with_first_found: - - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2" - - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2" - - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2" - - "zzz_evobackup.default.sh.j2" + - name: Upload evobackup script + template: + src: "{{ item }}" + dest: "{{ evobackup_client__cron_path }}" + force: true + mode: 0755 + with_first_found: + - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2" + - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2" + - "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2" + - "zzz_evobackup.default.sh.j2" + + tags: + - evobackup_client + - evobackup_client_script diff --git a/evobackup-client/tasks/verify_ssh.yml b/evobackup-client/tasks/verify_ssh.yml index 2d097a87..a113a79d 100644 --- a/evobackup-client/tasks/verify_ssh.yml +++ b/evobackup-client/tasks/verify_ssh.yml @@ -1,14 +1,15 @@ --- -- include: "jail_port.yml" - when: evobackup_ssh_port = '' +- block: + - include: "jail_port.yml" + + - name: Verify evolix backup servers + known_hosts: + path: /root/.ssh/known_hosts + name: "[{{ item.name }}]:{{ item.port }}" + key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}" + with_list: "{{ evobackup_client__hosts }}" -- name: Verify evolix backup servers - known_hosts: - path: /root/.ssh/known_hosts - name: "[{{ item.name }}]:{{ item.port }}" - key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}" - with_list: "{{ evobackup_client__hosts }}" tags: - evobackup_client - - evobackup_client_backup_hosts + - evobackup_client_fingerprints