merwyn/infra
1
0
Fork 0
forked from AFPy/infra
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Configuring rsnapshot.

Browse Source
This commit is contained in:
Julien Palard 2019-04-03 23:00:30 +02:00
parent 52e19a2712
commit 81aa288709
9 changed files with 133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -142,3 +142,10 @@ backup root@rainette.afpy.org:/usr/jails/static/usr/local/www/ rainette.afpy.or
backup root@rainette.afpy.org:/usr/jails/supervision/usr/local/www/ rainette.afpy.org
backup root@rainette.afpy.org:/usr/jails/web/usr/local/www/ rainette.afpy.org
```
## Passbolt
See [passbolt backup documentation](https://help.passbolt.com/hosting/backup).
We're having a cron dumping mysql to /srv/backups/passbolt.sql on the
passbolt host so we can rsnapshot it (we rely on rsnapshot to keep historic versions).

6
inventory
View File

@ -3,3 +3,9 @@
[pycons]
163.172.45.2
[rsnapshoters]
10.0.0.2 # Yes it's on my lan, I'm just testing.
[rsnapshotted]
163.172.45.2

16
playbook.yml
View File

@ -37,6 +37,22 @@
static_domain: 2012.pycon.fr
static_repo: https://github.com/AFPy/pyconfr_2012
- hosts: rsnapshoters
roles: [rsnapshoter]
vars:
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
rsnapshot_backups:
- remote: passbolt.afpy.org:/srv/backups/
path: passbolt.afpy.org/
- hosts: rsnapshotted
tasks:
- name: Install rsync
package:
name: rsync
state: present
tags: rsnapshot
- hosts: pycons
roles: [tschifftner.exim4_sendonly, passbolt]
tasks:

7
roles/rsnapshoter/defaults/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
# Change this if you need multiple rsnapshots configured on the same host:
# - One ssh key will be created for each of them
# - One cron for each
# - One configuration file for each
rsnapshot_name: backups

41
roles/rsnapshoter/tasks/config.yml Normal file
View File

@ -0,0 +1,41 @@
---
- name: Create rsnapshot SSH key
user:
name: root
generate_ssh_key: yes
ssh_key_file: ".ssh/id_rsa_rsnapshot_{{ rsnapshot_name }}"
ssh_key_comment: "rsnapshot {{ rsnapshot_name }} on {{ inventory_hostname }}"
- name: Fetch rsnapshot ssh public key
slurp:
src: "/root/.ssh/id_rsa_rsnapshot_{{ rsnapshot_name }}.pub"
register: rsnapshot_ssh_pub_key
- name: Propagate rsnapshot ssh public key
authorized_key:
user: root
key: "{{ rsnapshot_ssh_pub_key.content | b64decode | trim }}"
key_options: "no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding"
state: present
delegate_to: "{{ item }}"
loop: "{{ rsnapshotted_hosts }}"
loop_control:
label: "Propagate public key to {{ item }}"
- name: Configure rsnapshot
template:
src: rsnapshot.conf.j2
dest: "/etc/rsnapshot_{{ rsnapshot_name }}.conf"
owner: root
group: root
mode: 0644
- name: Configure rsnapshot cron
template:
src: rsnapshot.cron.j2
dest: "/etc/cron.d/rsnapshot_{{ rsnapshot_name }}"
owner: root
group: root
mode: 0644

22
roles/rsnapshoter/tasks/install.yml Normal file
View File

@ -0,0 +1,22 @@
---
- name: Install rsnapshot
package:
name: rsnapshot
state: present
- name: Create rsnapshot directory
file:
path: "/srv/backups/"
state: directory
owner: root
group: root
mode: 0750
- name: Create rsnapshot directory
file:
path: "/srv/backups/rsnapshot_{{ rsnapshot_name }}"
state: directory
owner: root
group: root
mode: 0750

7
roles/rsnapshoter/tasks/main.yml Normal file
View File

@ -0,0 +1,7 @@
---
- include: install.yml
tags: [install, rsnapshot]
- include: config.yml
tags: [config, rsnapshot]

23
roles/rsnapshoter/templates/rsnapshot.conf.j2 Normal file
View File

@ -0,0 +1,23 @@
config_version 1.2
snapshot_root /srv/backups/rsnapshot_{{ rsnapshot_name }}/
no_create_root 1
cmd_cp /bin/cp
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_ssh /usr/bin/ssh
ssh_args -i /root/.ssh/id_rsa_rsnapshot_{{ rsnapshot_name }} -o StrictHostKeyChecking=accept-new
cmd_logger /usr/bin/logger
cmd_du /usr/bin/du
one_fs 1
retain daily 6
retain weekly 4
retain monthly 12
retain yearly 42
verbose 2
loglevel 2
logfile /var/log/rsnapshot_{{ rsnapshot_name }}.log
lockfile /var/run/rsnapshot_{{ rsnapshot_name }}.pid
{% for line in rsnapshot_backups %}
backup {{ line.remote }} {{ line.path }}
{% endfor %}

4
roles/rsnapshoter/templates/rsnapshot.cron.j2 Normal file
View File

@ -0,0 +1,4 @@
30 3 * * * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf daily
0 3 * * 1 root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf weekly
30 2 1 * * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf monthly
0 1 1 1 * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf yearly