evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 34 Wiki Activity

Added evobackup-client role #83

Manually merged
Ghost merged 17 commits from evobackup-client into unstable 2020-02-06 22:31:45 +01:00
Conversation 5 Commits 17 Files changed 11 +8 -19
5 changed files with 8 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 0f7d9e9f24 - Show all commits

7
evobackup-client/README.md
View file

@ -2,11 +2,10 @@
Allows the configuration of backups to one or more remote filesystems. Allows the configuration of backups to one or more remote filesystems.
The backup hosts in use need to be defined in evobackup-client__hosts The backup hosts and the ports in use need to be defined in
and the bkctld jail ssh port has to be defined in evobackup-client__hosts before running it.
evobackup-client__ssh_port before running it.
The default zzz_evobackup.sh configures a system backup, but the The default zzz_evobackup.sh configures a system only backup, but the
template can be overriden to configure a full backup instead. If template can be overriden to configure a full backup instead. If
jlecour commented 2019-09-02 08:58:44 +02:00
Review
Copy link

s/system/"system only"/

s/system/"system only"/
Ghost commented 2019-09-03 15:53:41 +02:00
Review
Copy link

This is fixed, not sure why it's not marked as outdated.

This is fixed, not sure why it's not marked as outdated.
you change the variables in defaults/main.yml you can easily run you change the variables in defaults/main.yml you can easily run
this again and configure backups to a second set of hosts. this again and configure backups to a second set of hosts.

2
evobackup-client/defaults/main.yml
View file

@ -6,8 +6,8 @@ evobackup-client__mail: null
evobackup-client__pid_path: "/var/run/evobackup.pid" evobackup-client__pid_path: "/var/run/evobackup.pid"
evobackup-client__log_path: "/var/log/evobackup.log" evobackup-client__log_path: "/var/log/evobackup.log"
evobackup-client__backup_path: "/home/backup" evobackup-client__backup_path: "/home/backup"
evobackup-client__ssh_port: null
evobackup-client__hosts: null evobackup-client__hosts: null
# - name: "backups.example.org" # - name: "backups.example.org"
# ip: "xxx.xxx.xxx.xxx" # ip: "xxx.xxx.xxx.xxx"
# fingerprint: "ecdsa-sha2-nistp256 ..." # fingerprint: "ecdsa-sha2-nistp256 ..."
# port: xxxx

12
evobackup-client/tasks/open_ssh_ports.yml
View file

@ -8,22 +8,12 @@
- evobackup-client - evobackup-client
- evobackup-client-backup-firewall - evobackup-client-backup-firewall
- name: backup ssh port
blockinfile:
dest: /etc/default/minifirewall
marker: "# evobackup ssh port"
block: "evobackup_port={{ evobackup-client__ssh_port }}"
when: evobackup-client__minifirewall.stat.exists
tags:
- evobackup-client
- evobackup-client-backup-firewall
- name: Add backup SSH port in /etc/default/minifirewall - name: Add backup SSH port in /etc/default/minifirewall
jlecour commented 2019-09-02 09:00:55 +02:00
Review
Copy link

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.
Ghost commented 2019-09-03 15:48:40 +02:00
Review
Copy link

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.
Ghost commented 2019-09-03 17:17:53 +02:00
Review
Copy link

So I removed this task, instead setting the port directly in the rule.

So I removed this task, instead setting the port directly in the rule.
blockinfile: blockinfile:
dest: /etc/default/minifirewall dest: /etc/default/minifirewall
marker: "# {{ item.name }}" marker: "# {{ item.name }}"
block: | block: |
/sbin/iptables -A INPUT -p tcp --sport {{ evobackup-client__ssh_port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup-client__hosts }}" with_items: "{{ evobackup-client__hosts }}"
when: evobackup-client__minifirewall.stat.exists when: evobackup-client__minifirewall.stat.exists
tags: tags:

4
evobackup-client/tasks/verify_ssh.yml
View file

@ -3,8 +3,8 @@
- name: Verify evolix backup servers - name: Verify evolix backup servers
known_hosts: known_hosts:
path: /root/.ssh/known_hosts path: /root/.ssh/known_hosts
name: "[{{ item.name }}]:{{ evobackup-client__ssh_port }}" name: "[{{ item.name }}]:{{ item.port }}"
key: "[{{ item.name }}]:{{ evobackup-client__ssh_port }} {{ item.fingerprint }}" key: "[{{ item.name }}]:{{ item.port }} {{ item.fingerprint }}"
with_list: "{{ evobackup-client__hosts }}" with_list: "{{ evobackup-client__hosts }}"
tags: tags:
- evobackup-client - evobackup-client

2
evobackup-client/templates/zzz_evobackup.default.sh.j2
View file

@ -21,7 +21,7 @@
MAIL={{ evobackup-client__mail }} MAIL={{ evobackup-client__mail }}
# list of hosts (hostname or IP) and SSH port for Rsync # list of hosts (hostname or IP) and SSH port for Rsync
SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ evobackup-client__ssh_port }} {% endfor %}" SERVERS="{% for host in evobackup-client__hosts %}{{ host.name }}:{{ host.port }} {% endfor %}"
# timeout (in seconds) for SSH connections # timeout (in seconds) for SSH connections
SSH_CONNECT_TIMEOUT=30 SSH_CONNECT_TIMEOUT=30