Added evobackup-client role #83

Manually merged
Ghost merged 17 commits from evobackup-client into unstable 2020-02-06 22:31:45 +01:00
7 changed files with 45 additions and 45 deletions
Showing only changes of commit d226ce594a - Show all commits

View file

@ -1,12 +1,12 @@
evobackup-client__root_key_path: "/root/.ssh/evobackup_id"
evobackup-client__cron_path: "/etc/cron.daily/zzz_evobackup"
evobackup-client__cron_template_name: "zzz_evobackup"
evobackup-client__mail: null
evobackup-client__pid_path: "/var/run/"
evobackup-client__log_path: "/var/log/evobackup.log"
evobackup-client__backup_path: "/home/backup"
evobackup-client__hosts: null
evobackup_client__root_key_path: "/root/.ssh/evobackup_id"

I like the idea, but I'm not sure if we need a separate key for backups only

I like the idea, but I'm not sure if we need a separate key for backups only

This idea was brought up by @jlecour I can let him expand on it.

This idea was brought up by @jlecour I can let him expand on it.
evobackup_client__cron_path: "/etc/cron.daily/zzz_evobackup"
evobackup_client__cron_template_name: "zzz_evobackup"
evobackup_client__mail: null
evobackup_client__pid_path: "/var/run/"
evobackup_client__log_path: "/var/log/evobackup.log"
evobackup_client__backup_path: "/home/backup"
evobackup_client__hosts: null

each backup server can have a different ssh port. Itr should be in the evobackup-client___hosts dictionary.

each backup server can have a different ssh port. Itr should be in the `evobackup-client___hosts` dictionary.

I havent met that case in the wild. It would be annoying to have to define the full dict for every host though. Not sure there is a clean way around this.

I havent met that case in the wild. It would be annoying to have to define the full dict for every host though. Not sure there is a clean way around this.
# - name: ""
# ip: ""
# fingerprint: "ecdsa-sha2-nistp256 ..."

View file

@ -2,20 +2,20 @@
- include: "ssh_key.yml"
- evobackup-client
- evobackup-client-backup-ssh_key
- evobackup_client
- evobackup_client_backup_ssh_key
- include: "upload_scripts.yml"
- evobackup-client
- evobackup-client-backup-scripts
- evobackup_client
- evobackup_client_backup_scripts
- include: "open_ssh_ports.yml"
- evobackup-client
- evobackup-client-backup-firewall
- evobackup_client
- evobackup_client_backup_firewall
- include: "verify_ssh.yml"
- evobackup-client
- evobackup-client-backup-hosts
- evobackup_client
- evobackup_client_backup_hosts

View file

@ -3,10 +3,10 @@
- name: Is there a Minifirewall ?
path: /etc/default/minifirewall
register: evobackup-client__minifirewall
register: evobackup_client__minifirewall
- evobackup-client
- evobackup-client-backup-firewall
- evobackup_client
- evobackup_client_backup_firewall
- name: Add backup SSH port in /etc/default/minifirewall

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.

So I removed this task, instead setting the port directly in the rule.

So I removed this task, instead setting the port directly in the rule.
@ -14,8 +14,8 @@
marker: "# {{ }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup-client__hosts }}"
when: evobackup-client__minifirewall.stat.exists
with_items: "{{ evobackup_client__hosts }}"
when: evobackup_client__minifirewall.stat.exists
- evobackup-client
- evobackup-client-backup-firewall
- evobackup_client
- evobackup_client_backup_firewall

View file

@ -4,17 +4,17 @@
name: root
generate_ssh_key: true
ssh_key_file: "{{ evobackup-client__root_key_path }}"
ssh_key_file: "{{ evobackup_client__root_key_path }}"
ssh_key_type: rsa

I do have a preference for ed25519 over rsa. But this isn't mandatory :)

I do have a preference for ed25519 over rsa. But this isn't mandatory :)

It's what we used up till now, but I have no problem with changing it.

It's what we used up till now, but I have no problem with changing it.
register: evobackup-client__root_key
register: evobackup_client__root_key
- evobackup-client
- evobackup-client-backup-ssh_key
- evobackup_client
- evobackup_client_backup_ssh_key
- name: Print SSH key
var: evobackup-client__root_key.ssh_public_key
when: evobackup-client__root_key.ssh_public_key is defined
var: evobackup_client__root_key.ssh_public_key
when: evobackup_client__root_key.ssh_public_key is defined
- evobackup-client
- evobackup-client-backup-ssh_key
- evobackup_client
- evobackup_client_backup_ssh_key

View file

@ -3,14 +3,14 @@
- name: Upload evobackup script
src: "{{ item }}"
dest: "{{ evobackup-client__cron_path }}"
dest: "{{ evobackup_client__cron_path }}"
force: true
mode: 0755
- "templates/evobackup-client/{{ evobackup-client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
- "templates/evobackup-client/{{ evobackup-client__cron_template_name }}.{{ host_group }}.sh.j2"
- "templates/evobackup-client/{{ evobackup-client__cron_template_name }}.sh.j2"
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ inventory_hostname }}.sh.j2"
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.{{ host_group }}.sh.j2"
- "templates/evobackup-client/{{ evobackup_client__cron_template_name }}.sh.j2"
- ""
- evobackup-client
- evobackup-client-backup-scripts
- evobackup_client
- evobackup_client_backup_scripts

View file

@ -5,7 +5,7 @@
path: /root/.ssh/known_hosts
name: "[{{ }}]:{{ item.port }}"
key: "[{{ }}]:{{ item.port }} {{ item.fingerprint }}"
with_list: "{{ evobackup-client__hosts }}"
with_list: "{{ evobackup_client__hosts }}"
- evobackup-client
- evobackup-client-backup-hosts
- evobackup_client
- evobackup_client_backup_hosts

View file

@ -18,23 +18,23 @@
##### Configuration ###################################################
# email adress for notifications
MAIL={{ evobackup-client__mail }}
MAIL={{ evobackup_client__mail }}

This probably is a bad copy/paste.

This probably is a bad copy/paste.

Damnit, thought I had erased that.

Damnit, thought I had erased that.
# list of hosts (hostname or IP) and SSH port for Rsync
SERVERS="{% for host in evobackup-client__hosts %}{{ }}:{{ host.port }}{% if loop.index != loop.length %} {% endif %}{% endfor %}"
SERVERS="{% for host in evobackup_client__hosts %}{{ }}:{{ host.port }}{% if loop.index != loop.length %} {% endif %}{% endfor %}"

i'm not sure this loop produces the intended output.

i'm not sure this loop produces the intended output.

It produces:

SERVERS="hostname:port hostname:port "

The extra space at the end is not the cleanest, but it does not break the script.

It produces: ``` SERVERS="hostname:port hostname:port " ``` The extra space at the end is not the cleanest, but it does not break the script.

But this is kind of reason why it's a pull request and not a straight merge.

But this is kind of reason why it's a pull request and not a straight merge.

This should not be marked as outdated, this conversation is still open.

This should not be marked as outdated, this conversation is still open.
# timeout (in seconds) for SSH connections
## We use /home/backup : feel free to use your own dir
LOCAL_BACKUP_DIR="{{ evobackup-client__backup_path }}"
LOCAL_BACKUP_DIR="{{ evobackup_client__backup_path }}"
# You can set "linux" or "bsd" manually or let it choose automatically
SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
# Change these 2 variables if you have more than one backup cron
PIDFILE="{{ evobackup-client__pid_path }}"
LOGFILE="{{ evobackup-client__log_path }}"
PIDFILE="{{ evobackup_client__pid_path }}"
LOGFILE="{{ evobackup_client__log_path }}"
## Enable/Disable tasks