192 lines
8.8 KiB
YAML
192 lines
8.8 KiB
YAML
---
|
|
- name: check available SSH key types
|
|
shell: ssh -Q key 2>/dev/null || echo "ssh-rsa"
|
|
register: borgbackup_register_key_types
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: generate backup ssh-key
|
|
user:
|
|
name: root
|
|
ssh_key_file: "{{ borgbackup_client_ssh_key_file }}"
|
|
ssh_key_type: "{{ borgbackup_client_ssh_key_type }}"
|
|
ssh_key_comment: "{{ borgbackup_client_ssh_key_comment }}"
|
|
ssh_key_bits: 4096
|
|
generate_ssh_key: yes
|
|
|
|
- name: fetch backup ssh-pubkey
|
|
command: "cat {{ borgbackup_client_ssh_key_file }}.pub"
|
|
check_mode: no
|
|
register: borgbackup_client_ssh_pubkey_file
|
|
changed_when: False
|
|
|
|
- name: add ssh-pubkey to backup server
|
|
delegate_to: "{{ borgbackup_client_backup_server }}"
|
|
# Start the delegate from the ansible master to avoid distributing more keys
|
|
connection: local
|
|
authorized_key:
|
|
user: "{{ borgbackup_server_user }}"
|
|
key: "{{ borgbackup_client_ssh_pubkey_file.stdout }}"
|
|
key_options: 'command="cd {{ borgbackup_server_pool }}/{{ inventory_hostname }};borg serve --restrict-to-path {{ borgbackup_server_pool }}/{{ inventory_hostname }}",restrict'
|
|
|
|
- name: create repo path for host
|
|
delegate_to: "{{ borgbackup_client_backup_server }}"
|
|
# Start the delegate from the ansible master to avoid distributing more keys
|
|
connection: local
|
|
file:
|
|
path: "{{ borgbackup_server_pool }}/{{ inventory_hostname }}"
|
|
owner: "{{ borgbackup_server_user }}"
|
|
group: "{{ borgbackup_server_group }}"
|
|
mode: 0700
|
|
state: directory
|
|
|
|
- name: backup scripts dir
|
|
file:
|
|
path: "{{ borgbackup_client_scripts_dir }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0750
|
|
state: directory
|
|
|
|
- name: backup supervision lastlog dir
|
|
file:
|
|
path: "{{ borgbackup_client_lastlog_dir }}"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
state: directory
|
|
|
|
- name: check if the repositories already exist
|
|
command: "{{ borgbackup_binary }} list {{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }}"
|
|
environment:
|
|
- BORG_RSH: "ssh -o StrictHostKeyChecking=no -i {{ borgbackup_client_ssh_key_file }}"
|
|
- BORG_PASSPHRASE: "{{ borgbackup_passphrase }}"
|
|
with_items: "{{ borgbackup_create_jobs }}"
|
|
register: list_repos
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: initialize empty list of initialized repositories
|
|
set_fact:
|
|
initialized_repos: []
|
|
|
|
- name: store only initialized repositories in the list
|
|
set_fact:
|
|
initialized_repos: "{{ initialized_repos }} + [ '{{ item.item.name }}' ]"
|
|
with_items: "{{ list_repos.results }}"
|
|
when: item.rc == 0
|
|
|
|
- name: initialize repositories
|
|
command: "{{ borgbackup_binary }} init --encryption {{ borgbackup_encryption_mode }} {{ borgbackup_server_user }}@{{ borgbackup_client_backup_server_lanfreebackup | default(borgbackup_client_backup_server) }}:{{ item.name }}"
|
|
environment:
|
|
- BORG_RSH: "ssh -o StrictHostKeyChecking=no -i {{ borgbackup_client_ssh_key_file }}"
|
|
- BORG_PASSPHRASE: "{{ borgbackup_passphrase }}"
|
|
with_items: "{{ borgbackup_create_jobs }}"
|
|
register: borgbackup_initialize_result
|
|
failed_when: (borgbackup_initialize_result.rc != 0) and (borgbackup_initialize_result.stderr != "") and ('already exists' not in borgbackup_initialize_result.stderr)
|
|
when: item.name not in initialized_repos
|
|
|
|
- name: generate filename for create / prune / check scripts
|
|
set_fact:
|
|
create_suffix_script_filename: "create_{{ borgbackup_client_backup_server.split('.')[0] }}"
|
|
prune_suffix_script_filename: "prune_{{ borgbackup_client_backup_server.split('.')[0] }}"
|
|
check_suffix_script_filename: "check_{{ borgbackup_client_backup_server.split('.')[0] }}"
|
|
|
|
#
|
|
# borg create scripts
|
|
#
|
|
- name: deploy borg create scripts
|
|
template:
|
|
dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.sh"
|
|
src: create_job.sh.j2
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
with_items: "{{ borgbackup_create_jobs }}"
|
|
|
|
- name: schedule borg create scripts on cron
|
|
cron:
|
|
name: "borg backup {{ item.name }}"
|
|
user: root
|
|
job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup"
|
|
day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default('*') }}"
|
|
hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + create_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(1) }}"
|
|
minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + create_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}"
|
|
state: present
|
|
cron_file: "borgbackup_{{ item.name }}_{{ create_suffix_script_filename }}"
|
|
with_items: "{{ borgbackup_create_jobs }}"
|
|
|
|
- name: deploy borg create fake logs, when no log yet
|
|
shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.lastlog"
|
|
args:
|
|
chdir: "{{ borgbackup_client_lastlog_dir }}"
|
|
creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ create_suffix_script_filename }}.lastlog"
|
|
with_items: "{{ borgbackup_create_jobs }}"
|
|
|
|
#
|
|
# borg prune scripts
|
|
#
|
|
- name: deploy borg prune scripts
|
|
template:
|
|
dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.sh"
|
|
src: prune_job.sh.j2
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
with_items: "{{ borgbackup_prune_jobs }}"
|
|
when: borgbackup_prune_enabled
|
|
|
|
- name: schedule borg prune scripts on cron
|
|
cron:
|
|
name: "borg prune {{ item.name }}"
|
|
user: root
|
|
job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup"
|
|
day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default('*') }}"
|
|
hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + prune_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(2) }}"
|
|
minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + prune_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}"
|
|
state: present
|
|
cron_file: "borgbackup_{{ item.name }}_{{ prune_suffix_script_filename }}"
|
|
with_items: "{{ borgbackup_prune_jobs }}"
|
|
when: borgbackup_prune_enabled
|
|
|
|
- name: deploy borg prune fake logs, when no log yet
|
|
shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.lastlog"
|
|
args:
|
|
chdir: "{{ borgbackup_client_lastlog_dir }}"
|
|
creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ prune_suffix_script_filename }}.lastlog"
|
|
with_items: "{{ borgbackup_prune_jobs }}"
|
|
|
|
#
|
|
# borg check scripts
|
|
#
|
|
- name: deploy borg check scripts
|
|
template:
|
|
dest: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.sh"
|
|
src: check_job.sh.j2
|
|
owner: root
|
|
group: root
|
|
mode: 0700
|
|
with_items: "{{ borgbackup_check_jobs }}"
|
|
when: borgbackup_check_enabled
|
|
|
|
- name: schedule borg check scripts on cron
|
|
cron:
|
|
name: "borg check {{ item.name }}"
|
|
user: root
|
|
job: "{{ borgbackup_client_scripts_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.sh 2>&1 | /usr/bin/logger -t borgbackup"
|
|
day: "{{ (item.day | default(1)) + (item.random_day | random(seed=item.name + check_suffix_script_filename + ansible_host))%28 if item.random_day is defined else item.day | default(1) }}"
|
|
hour: "{{ (item.hour | default(1)) + (item.random_hour | random(seed=item.name + check_suffix_script_filename + ansible_host))%24 if item.random_hour is defined else item.hour | default(3) }}"
|
|
minute: "{{ (item.minute | default(0)) + (item.random_minute | random(seed=ansible_host + item.name + check_suffix_script_filename))%60 if item.random_minute is defined else item.minute | default(0) }}"
|
|
state: present
|
|
cron_file: "borgbackup_{{ item.name }}_{{ check_suffix_script_filename }}"
|
|
with_items: "{{ borgbackup_check_jobs }}"
|
|
when: borgbackup_check_enabled
|
|
|
|
- name: deploy borg check fake logs, when no log yet
|
|
shell: echo -ne "FAKE LOG\nterminating with success status, rc 0\n" | tee "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.lastlog"
|
|
args:
|
|
chdir: "{{ borgbackup_client_lastlog_dir }}"
|
|
creates: "{{ borgbackup_client_lastlog_dir }}/{{ item.name }}_{{ check_suffix_script_filename }}.lastlog"
|
|
with_items: "{{ borgbackup_check_jobs }}"
|