kuba/ansible-setup-backups
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-setup-backups/tasks/main.yml

170 lines
4.2 KiB
YAML
Raw Blame History

- name: create the /backup-dirs file # this also runs on main in case someone doesn't run the backup.yml
file:
path: "/backup-dirs"
state: "touch"
mode: "0400"
changed_when: "true" # we always want ti give roles a chance to register dirs
- name: Ensure file contains lines from array # this also runs on main in case someone doesn't run the backup.yml
lineinfile:
path: /backup-dirs
line: "{{ item }}"
create: yes
state: present
loop: "{{ extra_backup_paths }}"
- name: make sure restic is installed
apt: state=latest pkg=restic
- name: make sure fuse is installed (for mounting backups)
apt: state=latest pkg=fuse
- name: save backup password
copy:
dest: "/backup-pwd"
content: "{{ BACKUP_PASSWORD }}"
mode: "0400"
- name: Install rclone
become: yes
apt:
name:
- rclone
state: present
update_cache: yes
- name: Install boto3 and botocore using apt
become: yes
apt:
name:
- python3-boto3
- python3-botocore
state: present
- name: Ensure rclone directory exists
file:
path: "/root/.config/rclone/"
state: directory
recurse: yes
mode: "0700"
- name: Create rclone config
template:
src: "rclone.conf.j2"
dest: /root/.config/rclone/rclone.conf
mode: "0400"
force: yes
backup: yes
- name: "Create a bucket for the backups"
amazon.aws.s3_bucket:
name: "{{ backup_bucket_prefix }}-{{ inventory_hostname }}"
state: present
endpoint_url: "{{ cloudflare_r2_endpoint }}"
access_key: "{{ cloudflare_r2_access_key }}"
secret_key: "{{ cloudflare_r2_secret_key }}"
- name: initiate restic repository
command: "restic init --password-file=/backup-pwd"
register: command_result
retries: 3
delay: 3
until: "command_result.rc==0 or 'repository master key and config already initialized' in command_result.stderr"
failed_when: "command_result.rc!=0 and 'repository master key and config already initialized' not in command_result.stderr"
changed_when: "false"
environment:
RESTIC_REPOSITORY: "s3:{{ cloudflare_r2_endpoint }}/{{ backup_bucket_prefix }}-{{ inventory_hostname }}"
AWS_ACCESS_KEY_ID: "{{ cloudflare_r2_access_key }}"
AWS_SECRET_ACCESS_KEY: "{{ cloudflare_r2_secret_key }}"
tags:
- initiate
- connection_sanity
- name: Create the backup scripts direct
file:
path: /root/backup-scripts
state: directory
- name: Create the backup vars script
template:
src: "backup-vars.sh.j2"
dest: /root/backup-scripts/vars.sh
mode: "0400"
force: yes
backup: yes
- name: Create the backup send script
template:
src: "backup-send.sh.j2"
dest: /root/backup-scripts/send.sh
mode: u+rwx
force: yes
backup: yes
- name: Create the backup mount script
template:
src: "backup-mount.sh.j2"
dest: /root/backup-scripts/mount.sh
mode: u+rwx
force: yes
backup: yes
tags:
- mount-script
- name: Create the backup restore script
template:
src: "backup-restore.sh.j2"
dest: /root/backup-scripts/restore.sh
mode: u+rwx
force: yes
backup: yes
- name: Create the backup prepare script
ansible.builtin.template:
src: "backup-scripts/{{inventory_hostname}}.sh.j2"
dest: /root/backup-scripts/prepare.sh
mode: u+rwx
backup: yes
force: yes
- name: Create is-restore-needed script
ansible.builtin.template:
src: "backup-is-restore-needed.sh.j2"
dest: /root/backup-scripts/is-restore-needed.sh
mode: u+rwx
backup: yes
force: yes
- name: Create the backup run script
ansible.builtin.template:
src: "backup-run.sh.j2"
dest: /root/backup-scripts/run.sh
mode: u+rwx
backup: yes
force: yes
- name: Create the restore-if-needed script
ansible.builtin.template:
src: "backup-restore-if-necessary.sh.j2"
dest: /root/backup-scripts/restore-if-necessary.sh
mode: u+rwx
backup: yes
force: yes
- name: setup CRON
ansible.builtin.cron:
name: "nightly backup for {{ inventory_hostname }}"
minute: 15
hour: 4
job: "/root/backup-scripts/run.sh"
- name: "Restore backup if necessary"
command: /root/backup-scripts/restore-if-necessary.sh
register: command_output
args:
chdir: /root/backup-scripts
- name: "Print command output"
debug:
var: command_output
Reference in New Issue View Git Blame Copy Permalink