evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 19 Releases 33 Wiki Activity

Added evobackup-client role #83

Manually merged
Ghost merged 17 commits from evobackup-client into unstable 2020-02-06 22:31:45 +01:00
Conversation 5 Commits 17 Files changed 11 +50 -1
5 changed files with 50 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit daad12fdeb - Show all commits

4
evobackup-client/handlers/main.yml
View file

@ -4,3 +4,7 @@
register: minifirewall_init_restart
failed_when: "'starting IPTables rules is now finish : OK' not in minifirewall_init_restart.stdout"
changed_when: "'starting IPTables rules is now finish : OK' in minifirewall_init_restart.stdout"
- name: 'created new jail'
command: "bkctld start {{ evolinux_hostname }}"
delegate_to: "{{ evobackup_client__hosts[0].ip }}"

29
evobackup-client/tasks/create_jail.yml Normal file
View file

@ -0,0 +1,29 @@
---
- name: 'create jail'
command: "bkctld init {{ evolinux_hostname }}"
args:
creates: "/backup/jails/{{ evolinux_hostname }}/"
become: true
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
notify: 'created new jail'
- name: 'add ssh key to jail'
command: "bkctld key {{ evolinux_hostname }} /root/{{ evolinux_hostname }}.pub"
become: true
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
- name: 'add ip to jail'
command: "bkctld ip {{ evolinux_hostname }} {{ ansible_host }}"
become: true
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
- name: 'get jail port'
command: "bkctld port {{ evolinux_hostname }}"
become: true
register: bkctld_port
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
- name: 'register jail port'
set_fact:
evobackup_ssh_port={{ bkctld_port.stdout }}

5
evobackup-client/tasks/main.yml
View file

@ -5,6 +5,11 @@
- evobackup_client
- evobackup_client_backup_ssh_key
- include: "create_jail.yml"
tags:
- evobackup_client
- evobackup_client_jail
- include: "upload_scripts.yml"
tags:
- evobackup_client

2
evobackup-client/tasks/open_ssh_ports.yml
View file

@ -11,7 +11,7 @@
- name: Add backup SSH port in /etc/default/minifirewall
jlecour commented 2019-09-02 09:00:55 +02:00
Review
Copy link

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.

We can have multiple backup sections (with heterogenous ssh ports) in the minifirewall file. Let's be extra careful with what we insert and/ore replace.
Ghost commented 2019-09-03 15:48:40 +02:00
Review
Copy link

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.

Again, heterogeneous ports is kind of an outlier case. But the main question is how to define it without it being a chore.
Ghost commented 2019-09-03 17:17:53 +02:00
Review
Copy link

So I removed this task, instead setting the port directly in the rule.

So I removed this task, instead setting the port directly in the rule.
blockinfile:
dest: /etc/default/minifirewall
marker: "# {{ item.name }}"
marker: "# {mark} {{ item.name }}"
block: |
/sbin/iptables -A INPUT -p tcp --sport {{ item.port }} --dport 1024:65535 -s {{ item.ip }} -m state --state ESTABLISHED,RELATED -j ACCEPT
with_items: "{{ evobackup_client__hosts }}"

11
evobackup-client/tasks/ssh_key.yml
View file

@ -18,3 +18,14 @@
tags:
- evobackup_client
- evobackup_client_backup_ssh_key
- name: 'copy ssh public key to backup server'
copy:
content: "{{ evobackup_client__root_key.ssh_public_key }}"
dest: "/root/{{ evolinux_hostname }}.pub"
become: true
delegate_to: "{{ evobackup_client__hosts[0].ip }}"
tags:
- evobackup_client
- evobackup_client_backup_ssh_key
- evobackup_client_jail