Added evobackup-client role #83
|
@ -2,11 +2,10 @@
|
||||||
|
|
||||||
Allows the configuration of backups to one or more remote filesystems.
|
Allows the configuration of backups to one or more remote filesystems.
|
||||||
|
|
||||||
The backup hosts in use need to be defined in evobackup-client__hosts
|
The backup hosts and the ports in use need to be defined in
|
||||||
and the bkctld jail ssh port has to be defined in
|
evobackup-client__hosts before running it.
|
||||||
evobackup-client__ssh_port before running it.
|
|
||||||
|
|
||||||
The default zzz_evobackup.sh configures a system backup, but the
|
The default zzz_evobackup.sh configures a system only backup, but the
|
||||||
template can be overriden to configure a full backup instead. If
|
template can be overriden to configure a full backup instead. If
|
||||||
|
|||||||
you change the variables in defaults/main.yml you can easily run
|
you change the variables in defaults/main.yml you can easily run
|
||||||
this again and configure backups to a second set of hosts.
|
this again and configure backups to a second set of hosts.
|
||||||
|
|
|
@ -6,8 +6,8 @@ evobackup-client__mail: null
|
||||||
evobackup-client__pid_path: "/var/run/evobackup.pid"
|
evobackup-client__pid_path: "/var/run/evobackup.pid"
|
||||||
evobackup-client__log_path: "/var/log/evobackup.log"
|
evobackup-client__log_path: "/var/log/evobackup.log"
|
||||||
evobackup-client__backup_path: "/home/backup"
|
evobackup-client__backup_path: "/home/backup"
|
||||||
evobackup-client__ssh_port: null
|
|
||||||
evobackup-client__hosts: null
|
evobackup-client__hosts: null
|
||||||
# - name: "backups.example.org"
|
# - name: "backups.example.org"
|
||||||
# ip: "xxx.xxx.xxx.xxx"
|
# ip: "xxx.xxx.xxx.xxx"
|
||||||
# fingerprint: "ecdsa-sha2-nistp256 ..."
|
# fingerprint: "ecdsa-sha2-nistp256 ..."
|
||||||
|
# port: xxxx
|
||||||
|
|
|
@ -8,22 +8,12 @@
|
||||||
- evobackup-client
|
- evobackup-client
|
||||||
- evobackup-client-backup-firewall
|
- evobackup-client-backup-firewall
|
||||||
|
|
||||||
- name: backup ssh port
|
|
||||||
blockinfile:
|
|
||||||
dest: /etc/default/minifirewall
|
|
||||||
marker: "# evobackup ssh port"
|
|
||||||
block: "evobackup_port={{ evobackup-client__ssh_port }}"
|
|
||||||
when: evobackup-client__minifirewall.stat.exists
|
|
||||||
tags:
|
|
||||||
- evobackup-client
|
|
||||||
- evobackup-client-backup-firewall
|
|
||||||
|
|
||||||
- name: Add backup SSH port in /etc/default/minifirewall
|
- name: Add backup SSH port in /etc/default/minifirewall
|
||||||
jlecour
commented
We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace. We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.
Ghost
commented
Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore. Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.
Ghost
commented
So I removed this task, instead setting the port directly in the rule. So I removed this task, instead setting the port directly in the rule.
|
|||||||
blockinfile:
|
blockinfile:
|
||||||
dest: /etc/default/minifirewall
|
dest: /etc/default/minifirewall
|
||||||
marker: "# {{ item.name }}"
|
marker: "# {{ item.name }}"
|
||||||
block: |
|
block: |
|
||||||
/sbin/iptables -A INPUT -p tcp --sport {{ evobackup-client__ssh_port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||||
with_items: "{{ evobackup-client__hosts }}"
|
with_items: "{{ evobackup-client__hosts }}"
|
||||||
when: evobackup-client__minifirewall.stat.exists
|
when: evobackup-client__minifirewall.stat.exists
|
||||||
tags:
|
tags:
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
- name: Verify evolix backup servers
|
- name: Verify evolix backup servers
|
||||||
known_hosts:
|
known_hosts:
|
||||||
path: /root/.ssh/known_hosts
|
path: /root/.ssh/known_hosts
|
||||||
name: "[{{ item.name }}]:{{ evobackup-client__ssh_port }}"
|
name: "[{{ item.name }}]:{{ item.port }}"
|
||||||
key: "[{{ item.name }}]:{{ evobackup-client__ssh_port }} {{ item.fingerprint }}"
|
key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
|
||||||
with_list: "{{ evobackup-client__hosts }}"
|
with_list: "{{ evobackup-client__hosts }}"
|
||||||
tags:
|
tags:
|
||||||
- evobackup-client
|
- evobackup-client
|
||||||
|
|
|
@ -21,7 +21,7 @@
|
||||||
MAIL={{ evobackup-client__mail }}
|
MAIL={{ evobackup-client__mail }}
|
||||||
|
|
||||||
# list of hosts (hostname or IP) and SSH port for Rsync
|
# list of hosts (hostname or IP) and SSH port for Rsync
|
||||||
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ evobackup-client__ssh_port }} {% endfor %}"
|
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ host.port }} {% endfor %}"
|
||||||
|
|
||||||
# timeout (in seconds) for SSH connections
|
# timeout (in seconds) for SSH connections
|
||||||
SSH_CONNECT_TIMEOUT=30
|
SSH_CONNECT_TIMEOUT=30
|
||||||
|
|
Loading…
Reference in a new issue
s/system/"system only"/
This is fixed, not sure why it's not marked as outdated.