Commit 05fa3484 authored by HgO's avatar HgO
Browse files

create borgmatic config for each application

parent 3798b0ec
Pipeline #824 passed with stage
in 14 minutes and 39 seconds
......@@ -16,6 +16,8 @@ haproxy:
healthcheck_url: GET /-/healthy
username: "{{ prometheus_username }}"
password: "{{ prometheus_password }}"
deny_paths:
- /api/v1/admin
haproxy_redirect: []
haproxy_postgresql: []
......
......@@ -13,4 +13,5 @@ alertmanager_matrix_host: matrix.domainepublic.net
alertmanager_matrix_room: "!wjECRmYYmDbBJcebBt:matrix.domainepublic.net"
alertmanager_matrix_service: alertmanager_service
alertmanager_prometheus_remote_hosts: "{{ groups.all }}"
alertmanager_prometheus_remote_hosts:
- prometheus.example.com
......@@ -20,4 +20,5 @@
roles:
- telegraf
- borgmatic
- prometheus
......@@ -13,3 +13,18 @@
- name: Installation de matrix-goneb
import_tasks: matrix-goneb.yml
tags: ['matrix_goneb']
- name: Configuration des backups Borgmatic
template:
src: borgmatic/{{ config }}.yml.j2
dest: /etc/borgmatic.d/{{ config }}.yml
owner: root
group: root
mode: "u=rw,go="
validate: /opt/borgmatic/bin/validate-borgmatic-config -c %s
loop:
- alertmanager
- matrix-goneb
loop_control:
loop_var: config
tags: ['borgmatic_config']
......@@ -43,7 +43,7 @@
name: libolm-dev
state: present
- name: Compilation de matrix-goneb # noqa no-handler
- name: Compilation de matrix-goneb # noqa no-handler
command:
cmd: "go{{ go_version }} build github.com/matrix-org/go-neb"
chdir: /opt/matrix-goneb/src
......
{{ ansible_managed | comment }}
<<: !include /etc/borgmatic/template.yml
location:
source_directories:
- "/opt/alertmanager/{{ alertmanager_version }}"
- "/etc/alertmanager"
- "/var/lib/alertmanager"
- "/etc/systemd/system/alertmanager.service"
- "/etc/prometheus/conf.d/alertmanager.yml"
- "/etc/prometheus/rules.d"
storage:
archive_name_format: alertmanager_{hostname}-{now}
retention:
prefix: alertmanager_
consistency:
prefix: alertmanager_
{{ ansible_managed | comment }}
<<: !include /etc/borgmatic/template.yml
location:
source_directories:
- "/opt/matrix-goneb"
- "/etc/systemd/system/matrix-goneb.service"
storage:
archive_name_format: matrix-goneb_{hostname}-{now}
retention:
prefix: matrix-goneb_
consistency:
prefix: matrix-goneb_
......@@ -15,4 +15,5 @@
roles:
- telegraf
- borgmatic
- postgres_standalone
......@@ -34,3 +34,13 @@
- name: Installation de Backoffice
import_tasks: backoffice.yml
tags: ['backoffice']
- name: Configuration des backups Borgmatic
template:
src: borgmatic/backoffice.yml.j2
dest: /etc/borgmatic.d/backoffice-{{ web_app_owner }}.yml
owner: root
group: root
mode: "u=rw,go="
validate: /opt/borgmatic/bin/validate-borgmatic-config -c %s
tags: ['borgmatic_config']
{{ ansible_managed | comment }}
<<: !include /etc/borgmatic/template.yml
location:
source_directories:
- "/etc/caddy/conf.d/{{ web_app_owner }}.conf"
- "/etc/caddy/conf.d/{{ backoffice_ffdnapi_domain | replace('.', '-') }}.conf"
- "{{ web_app_dist_dir }}"
- "/etc/systemd/system/backoffice.service"
storage:
archive_name_format: backoffice-{{ web_app_owner }}_{hostname}-{now}
retention:
prefix: backoffice-{{ web_app_owner }}_
consistency:
prefix: backoffice-{{ web_app_owner }}_
hooks:
postgresql_databases:
- name: "{{ postgresql_db_name }}"
username: "{{ postgresql_db_name }}"
password: {{ postgresql_db_password | string | to_json }}
hostname: "{{ postgresql_host }}"
- name: init borgmatic
command: /opt/borgmatic/bin/borgmatic init -e keyfile
changed_when: _borgmatic_init.stderr
register: _borgmatic_init
---
- name: Installation de Borg et Borgmatic
- name: Installation de Borg
package:
name: borgbackup
state: present
- name: Création du dossier d'install de Borgmatic
file:
path: /opt/borgmatic
state: directory
owner: root
group: root
mode: u=rwx,go=rx
- name: Installation des dépendances python
ansible.builtin.package:
name:
- borgbackup
- borgmatic
- python3-virtualenv
- virtualenv
state: present
- name: Installation de Borgmatic # noqa package-latest
pip:
name: borgmatic
state: latest
virtualenv: /opt/borgmatic
virtualenv_python: python3
chdir: /opt/borgmatic
- name: Création du dossier pour le client SSH
file:
path: /root/.ssh
......@@ -22,26 +43,37 @@
loop_var: repo
label: "{{ repo.host }}"
- name: Création du dossier de config Borgmatic
- name: Création des dossiers de config de Borgmatic
file:
path: /etc/borgmatic
path: "{{ config_dir }}"
state: directory
owner: root
group: root
mode: u=rwx,g=rx,o=
loop:
- /etc/borgmatic
- /etc/borgmatic.d
loop_control:
loop_var: config_dir
- name: Configuration de Borgmatic
- name: Configuration du template des backups Borgmatic
template:
src: borgmatic/config.yml.j2
dest: /etc/borgmatic/config.yaml
src: borgmatic/template.yml.j2
dest: /etc/borgmatic/template.yml
owner: root
group: root
mode: u=rw,go=
validate: /opt/borgmatic/bin/validate-borgmatic-config -c %s
- name: Initialisation de Borgmatic
command: borgmatic init -e {{ borgmatic_encryption_mode }}
changed_when: _borgmatic_init.stderr
register: _borgmatic_init
- name: Configuration commune des backups Borgmatic
template:
src: borgmatic/common.yml.j2
dest: /etc/borgmatic.d/common.yml
owner: root
group: root
mode: u=rw,go=
validate: /opt/borgmatic/bin/validate-borgmatic-config -c %s
notify: init borgmatic
- name: Création d'un cron job pour créer un backup chaque jour
cron:
......
{{ ansible_managed | comment }}
<<: !include /etc/borgmatic/template.yml
location:
source_directories:
- "/etc/apt"
- "/etc/motd"
- "/etc/ssh"
- "/etc/zsh"
- "/etc/sudoers"
- "/etc/telegraf"
- "/etc/default/grub"
- "/etc/sysctl.d"
{{ ansible_managed | comment }}
location:
source_directories:
- /
source_directories: []
repositories:
{% for repo in borgmatic_repositories %}
- {{ repo.host }}:{{ repo.path }}/{{ inventory_hostname | replace('.', '-') }}
{% endfor %}
exclude_caches: true
exclude_patterns:
- /boot
- /dev
- /home/*/.cache
- /root/.cache
- /lib*
- /media
- /mnt
- /proc
- /run
- /sys
- /tmp
- /usr/src
- /usr/local/src
- /var/backups
- /var/cache
- /var/lib
- /var/log
- /var/run
- /var/tmp
storage:
compression: zlib,7
encryption_passphrase: {{ borgmatic_encryption_passphrase | string | to_json }}
......
......@@ -10,3 +10,4 @@
roles:
- telegraf
- borgmatic
......@@ -52,3 +52,13 @@
validate: telegraf --config %s --test
notify: restart telegraf
tags: ['telegraf_config']
- name: Configuration des backups Borgmatic
template:
src: borgmatic/ceph.yml.j2
dest: /etc/borgmatic.d/ceph.yml
owner: root
group: root
mode: "u=rw,go="
validate: /opt/borgmatic/bin/validate-borgmatic-config -c %s
tags: ['borgmatic_config']
{{ ansible_managed | comment }}
<<: !include /etc/borgmatic/template.yml
location:
source_directories:
- "/etc/ceph"
storage:
archive_name_format: ceph_{hostname}-{now}
retention:
prefix: ceph_
consistency:
prefix: ceph_
......@@ -32,6 +32,11 @@
name: telegraf
tags: ['telegraf']
- name: Installation de Borgmatic
import_role:
name: borgmatic
tags: ['borgmatic']
- import_tasks: serial.yml
tags: ['serial']
when: ansible_virtualization_type == 'kvm'
......@@ -25,5 +25,5 @@
- dbus
- safe-rm
- bash-completion
- psmisc # provide killall
- psmisc # provide killall
state: present
......@@ -10,3 +10,4 @@
roles:
- telegraf
- borgmatic
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment