From 243ec1fe9d6915516e7ce1818a0484f1031926b4 Mon Sep 17 00:00:00 2001 From: Solal Nathan Date: Mon, 15 Mar 2021 01:04:42 +0100 Subject: [PATCH] [borgbackup_client] VaRi0u5 f1X3s --- group_vars/bdd.yml | 2 + roles/borgbackup_client/tasks/main.yml | 47 +++++++++++++------ .../templates/borgmatic.service.j2 | 2 +- .../templates/config.yaml.j2 | 26 +++++----- 4 files changed, 50 insertions(+), 27 deletions(-) diff --git a/group_vars/bdd.yml b/group_vars/bdd.yml index 8d71e6a..f70b5eb 100644 --- a/group_vars/bdd.yml +++ b/group_vars/bdd.yml @@ -1,3 +1,5 @@ --- borg_keep_hourly: 6 +borg_backup_exclude: + - "/var/lib/postgresql/" ... diff --git a/roles/borgbackup_client/tasks/main.yml b/roles/borgbackup_client/tasks/main.yml index bcb02a6..defe34f 100644 --- a/roles/borgbackup_client/tasks/main.yml +++ b/roles/borgbackup_client/tasks/main.yml @@ -34,13 +34,13 @@ retries: 3 until: apt_result is succeeded -- name: Create configuration direcotory for borgmatic +- name: Create configuration directory for borgmatic file: path: /etc/borgmatic state: directory owner: root group: root - mode: u=rw,g=r,o= + mode: u=rwx,g=rx,o= - name: Add borgmatic configuration file become: true @@ -62,24 +62,43 @@ group: root mode: u=rw,g=,o= register: ssh_key - -- name: Gather server facts + +#- name: Gather server facts +# delegate_to: "{{ borg_server_host }}" +# delegate_facts: true +# setup: +# gather_subset: +# - all +# register: server_facts +# +#- name: Add server key to known hosts +# known_hosts: +# hash_host: true +# host: "{{ hostname }}" +# key: "{{ hostname }} {{ facts['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ facts['ansible_ssh_host_key_' + item + '_public'] }}" +# loop: +# - ecdsa +# - ed25519 +# - rsa +# vars: +# hostname: {{ borg_server_host }} +# facts: {{ server_facts['ansible_facts'] }} + +- name: Gather SSH host keys delegate_to: "{{ borg_server_host }}" - delegate_facts: true - setup: - gather_subset: - - all - register: server_facts + command: "ssh-keyscan {{ borg_server_host }}" + register: keys + +- name: DEBUG + debug: + var: keys.stdout_lines - name: Add server key to known hosts known_hosts: hash_host: true host: "{{ borg_server_host }}" - key: "{{ borg_server_host }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public_keytype'] }} {{ server_facts['ansible_facts']['ansible_ssh_host_key_' + item + '_public'] }}" - loop: - - ecdsa - - ed25519 - - rsa + key: "{{ item }}" + loop: "{{ keys.stdout_lines }}" - name: Add public key to remote delegate_to: "{{ borg_server_host }}" diff --git a/roles/borgbackup_client/templates/borgmatic.service.j2 b/roles/borgbackup_client/templates/borgmatic.service.j2 index 17e9752..0dc140b 100644 --- a/roles/borgbackup_client/templates/borgmatic.service.j2 +++ b/roles/borgbackup_client/templates/borgmatic.service.j2 @@ -7,7 +7,7 @@ After=network-online.target ConditionACPower=true [Service] -Type=oneshot +Type=simple ProtectSystem=full CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW diff --git a/roles/borgbackup_client/templates/config.yaml.j2 b/roles/borgbackup_client/templates/config.yaml.j2 index 396d1f0..a8eb2cb 100644 --- a/roles/borgbackup_client/templates/config.yaml.j2 +++ b/roles/borgbackup_client/templates/config.yaml.j2 @@ -12,6 +12,7 @@ location: {% endfor %} repositories: - {{ borg_server_user }}@{{ borg_server_host }}:{{ borg_host_dir }} + borgmatic_source_directory: /var/backups storage: encryption_passphrase: "{{ borg_encryption_passphrase }}" @@ -23,18 +24,18 @@ storage: retention: - {% if borg_keep_hourly > 0 %} - - keep_hourly: {{ borg_keep_hourly }} - {% endif %} - {% if borg_keep_daily > 0 %} - - keep_hourly: {{ borg_keep_daily }} - {% endif %} - {% if borg_keep_weekly > 0 %} - - keep_hourly: {{ borg_keep_weekly }} - {% endif %} - {% if borg_keep_monthly > 0 %} - - keep_hourly: {{ borg_keep_monthly }} - {% endif %} +{% if borg_keep_hourly > 0 %} + keep_hourly: {{ borg_keep_hourly }} +{% endif %} +{% if borg_keep_daily > 0 %} + keep_daily: {{ borg_keep_daily }} +{% endif %} +{% if borg_keep_weekly > 0 %} + keep_weekly: {{ borg_keep_weekly }} +{% endif %} +{% if borg_keep_monthly > 0 %} + keep_monthly: {{ borg_keep_monthly }} +{% endif %} consistency: checks: @@ -45,5 +46,6 @@ consistency: hooks: postgresql_databases: - name: all + username: postgres {% endif %} ...