Commit 3798b0ec authored by HgO's avatar HgO
Browse files

create playbook borgmatic

parent ac93da5e
Pipeline #823 passed with stage
in 14 minutes and 19 seconds
borgmatic_repositories:
- host: storage-01.htz.neutri.net
path: /media/backups
user: backup-borg
borgmatic_encryption_passphrase: "{{ vault_borgmatic_encryption_passphrase }}"
borgmatic_encryption_mode: keyfile
$ANSIBLE_VAULT;1.1;AES256
39393637363535346237366631616631663565336163646432313830656132613834323237666566
3861646237623431376565623964653434356133303733630a313963626236653566336563326661
64393631333861313536383535333466653263346439333530366662646662633331383862663362
6537363564663462660a363461313632636439656266313239323364356464363065363832646536
31383134373239346663336438663065343865323466326534333264383639303965633539663066
31376138666535636638343364653762306665346564663631353363613934313139313436633939
35393362656433663833653261633165653432616339353963633530613731343831326433396364
35653363333965353130356433373964336665323561633832613836623966313538376139343636
34666633353130366663663138383766353932613031383434316632663466623933
......@@ -177,3 +177,6 @@ storage-01.ovh.neutri.net
runner.patata.louise.neutri.net
[promscale]
[borgmatic:children]
louise
- hosts: borgmatic
become: true
pre_tasks:
- name: Mise à jour du cache APT
apt:
update_cache: true
roles:
- borgmatic
---
- import_playbook: apps/debian_commun.yml
- import_playbook: apps/borgmatic.yml
- import_playbook: apps/keepalived.yml
- import_playbook: apps/haproxy.yml
- import_playbook: apps/postgres_patroni.yml
......
borgmatic_repositories:
- host: "{{ inventory_hostname }}"
path: /media/backups
user: backup-borg
borgmatic_encryption_passphrase: neutrinet
borgmatic_encryption_mode: keyfile
*********************************
Vagrant driver installation guide
*********************************
Requirements
============
* Vagrant
* Virtualbox
Install
=======
Please refer to the `Virtual environment`_ documentation for installation best
practices. If not using a virtual environment, please consider passing the
widely recommended `'--user' flag`_ when invoking ``pip``.
.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
.. code-block:: bash
$ pip install 'molecule_vagrant'
---
- name: Converge
hosts: all
become: true
pre_tasks:
- name: Mise à jour du cache APT
apt:
update_cache: true
roles:
- borgmatic
dependency:
name: galaxy
driver:
name: vagrant
provider:
name: virtualbox
platforms:
- name: bullseye-borgmatic-molecule
box: debian/bullseye64
cpu: 2
memory: 512
provisioner:
name: ansible
config_options:
defaults:
interpreter_python: /usr/bin/python3
ssh_connection:
pipelining: true
verifier:
name: ansible
---
- name: Prepare
hosts: all
become: true
pre_tasks:
- name: Mise à jour du cache APT
apt:
update_cache: true
---
- name: Installation de Borg et Borgmatic
package:
name:
- borgbackup
- borgmatic
state: present
- name: Création du dossier pour le client SSH
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: u=rwx,go=
- name: Configuration des repos Borg
include_tasks:
file: repo.yml
loop: "{{ borgmatic_repositories }}"
loop_control:
loop_var: repo
label: "{{ repo.host }}"
- name: Création du dossier de config Borgmatic
file:
path: /etc/borgmatic
state: directory
owner: root
group: root
mode: u=rwx,g=rx,o=
- name: Configuration de Borgmatic
template:
src: borgmatic/config.yml.j2
dest: /etc/borgmatic/config.yaml
owner: root
group: root
mode: u=rw,go=
- name: Initialisation de Borgmatic
command: borgmatic init -e {{ borgmatic_encryption_mode }}
changed_when: _borgmatic_init.stderr
register: _borgmatic_init
- name: Création d'un cron job pour créer un backup chaque jour
cron:
name: borgmatic-create
cron_file: borgmatic
state: present
minute: 0
hour: 3
user: root
job: sleep $((RANDOM \% 3600)) && borgmatic create prune
- name: Création d'un cron job pour vérifier les backups chaque semaine
cron:
name: borgmatic-check
cron_file: borgmatic
state: present
minute: 0
hour: 2
weekday: 0
user: root
job: borgmatic check
- name: Définition de la variable d'environnement SHELL pour les cron jobs
cron:
name: SHELL
cron_file: borgmatic
state: present
user: root
env: true
value: /bin/bash
- name: Génération de la clé SSH pour le serveur de backup {{ repo.host }}
openssh_keypair:
path: "/root/.ssh/{{ repo.host | replace('.', '-') }}"
type: ed25519
comment: root@{{ ansible_fqdn }}
- name: Récupération de la clé publique du client SSH
slurp:
path: /root/.ssh/{{ repo.host | replace('.', '-') }}.pub
register: _borgmatic_ssh_public_key
- name: Création de l'utilisateur {{ repo.user }} sur le serveur de backup {{ repo.host }}
user:
name: "{{ repo.user }}"
home: "{{ repo.path }}"
shell: /bin/bash
state: present
delegate_to: "{{ repo.host }}"
run_once: true
- name: Ajout de la clé publique du client SSH sur le serveur de backup {{ repo.host }}
authorized_key:
user: "{{ repo.user }}"
key: "{{ _borgmatic_ssh_public_key.content | b64decode }}"
delegate_to: "{{ repo.host }}"
run_once: true
- name: Création du dossier des données sur le serveur de backup {{ repo.host }}
file:
path: "{{ repo.path }}/{{ inventory_hostname | replace('.', '-') }}"
state: directory
owner: "{{ repo.user }}"
group: "{{ repo.user }}"
mode: u=rwx,go=
delegate_to: "{{ repo.host }}"
run_once: true
- name: Configuration du client SSH pour le serveur de backup {{ repo.host }}
blockinfile:
path: /root/.ssh/config
state: present
create: true
owner: root
group: root
mode: u=rw,go=
block: |
Host {{ repo.host }}
User {{ repo.user }}
IdentityFile /root/.ssh/{{ repo.host | replace('.', '-') }}
PreferredAuthentications publickey,password
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ repo.host }}"
- name: Scan de la clé publique du serveur de backup {{ repo.host }}
command: ssh-keyscan -H {{ repo.host }}
changed_when: false
register: _borgmatic_ssh_keyscan
- name: Ajout de {{ repo.host }} dans la liste des serveurs connus
known_hosts:
name: "{{ repo.host }}"
key: "{{ _borgmatic_ssh_keyscan.stdout }}"
path: /root/.ssh/known_hosts
hash_host: true
state: present
{{ ansible_managed | comment }}
location:
source_directories:
- /
repositories:
{% for repo in borgmatic_repositories %}
- {{ repo.host }}:{{ repo.path }}/{{ inventory_hostname | replace('.', '-') }}
{% endfor %}
exclude_caches: true
exclude_patterns:
- /boot
- /dev
- /home/*/.cache
- /root/.cache
- /lib*
- /media
- /mnt
- /proc
- /run
- /sys
- /tmp
- /usr/src
- /usr/local/src
- /var/backups
- /var/cache
- /var/lib
- /var/log
- /var/run
- /var/tmp
storage:
compression: zlib,7
encryption_passphrase: {{ borgmatic_encryption_passphrase | string | to_json }}
retention:
keep_daily: 7
keep_monthly: 6
keep_weekly: 4
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment