Dried up the tags for evobackup-client
blocks allow us to assign multiple tags to multiple tasks without repeating ourselves. This also simplifies other logic like conditional includes.
This commit is contained in:
parent
8caca4c711
commit
de4ba88790
|
@ -1,41 +1,34 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: 'create jail'
|
- block:
|
||||||
command: "bkctld init {{ evolinux_hostname }}"
|
- name: 'create jail'
|
||||||
args:
|
command: "bkctld init {{ evolinux_hostname }}"
|
||||||
creates: "/backup/jails/{{ evolinux_hostname }}/"
|
args:
|
||||||
become: true
|
creates: "/backup/jails/{{ evolinux_hostname }}/"
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
become: true
|
||||||
notify:
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
- 'created new jail'
|
notify:
|
||||||
tags:
|
- 'created new jail'
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_jail
|
|
||||||
|
|
||||||
# temp fix for bkctld 2.x because the ip and key command return 1
|
# temp fix for bkctld 2.x because the ip and key command return 1
|
||||||
# if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31
|
# if the jail is not started, see https://gitea.evolix.org/evolix/evobackup/issues/31
|
||||||
- name: 'start jail'
|
- name: 'start jail'
|
||||||
command: "bkctld restart {{ evolinux_hostname }}"
|
command: "bkctld restart {{ evolinux_hostname }}"
|
||||||
become: true
|
become: true
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
tags:
|
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_jail
|
|
||||||
|
|
||||||
- name: 'add ip to jail'
|
- name: 'add ip to jail'
|
||||||
command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
|
command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
|
||||||
become: true
|
become: true
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
notify: 'jail updated'
|
notify: 'jail updated'
|
||||||
tags:
|
|
||||||
- evobackup_client
|
- name: 'add key to jail'
|
||||||
- evobackup_client_jail
|
command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
|
||||||
|
become: true
|
||||||
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
|
notify: 'jail updated'
|
||||||
|
|
||||||
- name: 'add key to jail'
|
|
||||||
command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
|
|
||||||
become: true
|
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
|
||||||
notify: 'jail updated'
|
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_jail
|
- evobackup_client_jail
|
||||||
|
|
|
@ -1,11 +1,17 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: 'get jail port'
|
- block:
|
||||||
command: "bkctld port {{ evolinux_hostname }}"
|
- name: 'get jail port'
|
||||||
become: true
|
command: "bkctld port {{ evolinux_hostname }}"
|
||||||
register: bkctld_port
|
become: true
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
register: bkctld_port
|
||||||
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
|
|
||||||
- name: 'register jail port'
|
- name: 'register jail port'
|
||||||
set_fact:
|
set_fact:
|
||||||
evobackup_ssh_port={{ bkctld_port.stdout }}
|
evobackup_ssh_port={{ bkctld_port.stdout }}
|
||||||
|
|
||||||
|
when: evobackup_ssh_port = ''
|
||||||
|
tags:
|
||||||
|
- evobackup_client
|
||||||
|
- evobackup_client_ssh_port
|
||||||
|
|
|
@ -1,26 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: "ssh_key.yml"
|
- block:
|
||||||
tags:
|
- include: "ssh_key.yml"
|
||||||
- evobackup_client
|
- include: "jail.yml"
|
||||||
- evobackup_client_backup_ssh_key
|
- include: "upload_scripts.yml"
|
||||||
|
- include: "open_ssh_ports.yml"
|
||||||
|
- include: "verify_ssh.yml"
|
||||||
|
|
||||||
- include: "jail.yml"
|
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_jail
|
|
||||||
|
|
||||||
- include: "upload_scripts.yml"
|
|
||||||
tags:
|
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_backup_scripts
|
|
||||||
|
|
||||||
- include: "open_ssh_ports.yml"
|
|
||||||
tags:
|
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_backup_firewall
|
|
||||||
|
|
||||||
- include: "verify_ssh.yml"
|
|
||||||
tags:
|
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_backup_hosts
|
|
||||||
|
|
|
@ -1,25 +1,24 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Is there a Minifirewall ?
|
- block:
|
||||||
stat:
|
- name: Is there a Minifirewall ?
|
||||||
path: /etc/default/minifirewall
|
stat:
|
||||||
register: evobackup_client__minifirewall
|
path: /etc/default/minifirewall
|
||||||
|
register: evobackup_client__minifirewall
|
||||||
|
|
||||||
|
- include: "jail_port.yml"
|
||||||
|
when: evobackup_client__minifirewall.stat.exists
|
||||||
|
|
||||||
|
- name: Add backup SSH port in /etc/default/minifirewall
|
||||||
|
blockinfile:
|
||||||
|
dest: /etc/default/minifirewall
|
||||||
|
marker: "# {mark} {{ item.name }}"
|
||||||
|
block: |
|
||||||
|
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
|
with_items: "{{ evobackup_client__hosts }}"
|
||||||
|
notify: restart minifirewall
|
||||||
|
when: evobackup_client__minifirewall.stat.exists
|
||||||
|
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_backup_firewall
|
- evobackup_client_firewall
|
||||||
|
|
||||||
- include: "jail_port.yml"
|
|
||||||
when: evobackup_ssh_port = ''
|
|
||||||
|
|
||||||
- name: Add backup SSH port in /etc/default/minifirewall
|
|
||||||
blockinfile:
|
|
||||||
dest: /etc/default/minifirewall
|
|
||||||
marker: "# {mark} {{ item.name }}"
|
|
||||||
block: |
|
|
||||||
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
|
||||||
with_items: "{{ evobackup_client__hosts }}"
|
|
||||||
notify: restart minifirewall
|
|
||||||
when: evobackup_client__minifirewall.stat.exists
|
|
||||||
tags:
|
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_backup_firewall
|
|
||||||
|
|
|
@ -1,31 +1,28 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: Create SSH key
|
- block:
|
||||||
user:
|
- name: Create SSH key
|
||||||
name: root
|
user:
|
||||||
generate_ssh_key: true
|
name: root
|
||||||
ssh_key_file: "{{ evobackup_client__root_key_path }}"
|
generate_ssh_key: true
|
||||||
ssh_key_type: "{{ evobackup_client__root_key_type }}"
|
ssh_key_file: "{{ evobackup_client__root_key_path }}"
|
||||||
register: evobackup_client__root_key
|
ssh_key_type: "{{ evobackup_client__root_key_type }}"
|
||||||
tags:
|
register: evobackup_client__root_key
|
||||||
- evobackup_client
|
|
||||||
- evobackup_client_backup_ssh_key
|
|
||||||
|
|
||||||
- name: Print SSH key
|
- name: Print SSH key
|
||||||
debug:
|
debug:
|
||||||
var: evobackup_client__root_key.ssh_public_key
|
var: evobackup_client__root_key.ssh_public_key
|
||||||
when: evobackup_client__root_key.ssh_public_key is defined
|
when: evobackup_client__root_key.ssh_public_key is defined
|
||||||
tags:
|
|
||||||
- evobackup_client
|
- name: 'copy ssh public key to backup server'
|
||||||
- evobackup_client_backup_ssh_key
|
copy:
|
||||||
|
content: "{{ evobackup_client__root_key.ssh_public_key }}"
|
||||||
|
dest: "/root/{{ evolinux_hostname }}.pub"
|
||||||
|
become: true
|
||||||
|
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
||||||
|
tags:
|
||||||
|
- evobackup_client_jail
|
||||||
|
|
||||||
- name: 'copy ssh public key to backup server'
|
|
||||||
copy:
|
|
||||||
content: "{{ evobackup_client__root_key.ssh_public_key }}"
|
|
||||||
dest: "/root/{{ evolinux_hostname }}.pub"
|
|
||||||
become: true
|
|
||||||
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
|
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_backup_ssh_key
|
- evobackup_client_ssh_key
|
||||||
- evobackup_client_jail
|
|
||||||
|
|
|
@ -1,16 +1,20 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: "jail_port.yml"
|
- block:
|
||||||
when: evobackup_ssh_port = ''
|
- include: "jail_port.yml"
|
||||||
|
|
||||||
- name: Upload evobackup script
|
- name: Upload evobackup script
|
||||||
template:
|
template:
|
||||||
src: "{{ item }}"
|
src: "{{ item }}"
|
||||||
dest: "{{ evobackup_client__cron_path }}"
|
dest: "{{ evobackup_client__cron_path }}"
|
||||||
force: true
|
force: true
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_first_found:
|
with_first_found:
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
|
||||||
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
|
||||||
- "zzz_evobackup.default.sh.j2"
|
- "zzz_evobackup.default.sh.j2"
|
||||||
|
|
||||||
|
tags:
|
||||||
|
- evobackup_client
|
||||||
|
- evobackup_client_script
|
||||||
|
|
|
@ -1,14 +1,15 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- include: "jail_port.yml"
|
- block:
|
||||||
when: evobackup_ssh_port = ''
|
- include: "jail_port.yml"
|
||||||
|
|
||||||
|
- name: Verify evolix backup servers
|
||||||
|
known_hosts:
|
||||||
|
path: /root/.ssh/known_hosts
|
||||||
|
name: "[{{ item.name }}]:{{ item.port }}"
|
||||||
|
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||||
|
with_list: "{{ evobackup_client__hosts }}"
|
||||||
|
|
||||||
- name: Verify evolix backup servers
|
|
||||||
known_hosts:
|
|
||||||
path: /root/.ssh/known_hosts
|
|
||||||
name: "[{{ item.name }}]:{{ item.port }}"
|
|
||||||
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
|
||||||
with_list: "{{ evobackup_client__hosts }}"
|
|
||||||
tags:
|
tags:
|
||||||
- evobackup_client
|
- evobackup_client
|
||||||
- evobackup_client_backup_hosts
|
- evobackup_client_fingerprints
|
||||||
|
|
Loading…
Reference in a new issue