forked from AFPy/infra
Configuring rsnapshot.
This commit is contained in:
parent
52e19a2712
commit
81aa288709
|
@ -142,3 +142,10 @@ backup root@rainette.afpy.org:/usr/jails/static/usr/local/www/ rainette.afpy.or
|
|||
backup root@rainette.afpy.org:/usr/jails/supervision/usr/local/www/ rainette.afpy.org
|
||||
backup root@rainette.afpy.org:/usr/jails/web/usr/local/www/ rainette.afpy.org
|
||||
```
|
||||
|
||||
## Passbolt
|
||||
|
||||
See [passbolt backup documentation](https://help.passbolt.com/hosting/backup).
|
||||
|
||||
We're having a cron dumping mysql to /srv/backups/passbolt.sql on the
|
||||
passbolt host so we can rsnapshot it (we rely on rsnapshot to keep historic versions).
|
||||
|
|
|
@ -3,3 +3,9 @@
|
|||
|
||||
[pycons]
|
||||
163.172.45.2
|
||||
|
||||
[rsnapshoters]
|
||||
10.0.0.2 # Yes it's on my lan, I'm just testing.
|
||||
|
||||
[rsnapshotted]
|
||||
163.172.45.2
|
||||
|
|
16
playbook.yml
16
playbook.yml
|
@ -37,6 +37,22 @@
|
|||
static_domain: 2012.pycon.fr
|
||||
static_repo: https://github.com/AFPy/pyconfr_2012
|
||||
|
||||
- hosts: rsnapshoters
|
||||
roles: [rsnapshoter]
|
||||
vars:
|
||||
rsnapshotted_hosts: "{{ groups.rsnapshotted }}"
|
||||
rsnapshot_backups:
|
||||
- remote: passbolt.afpy.org:/srv/backups/
|
||||
path: passbolt.afpy.org/
|
||||
|
||||
- hosts: rsnapshotted
|
||||
tasks:
|
||||
- name: Install rsync
|
||||
package:
|
||||
name: rsync
|
||||
state: present
|
||||
tags: rsnapshot
|
||||
|
||||
- hosts: pycons
|
||||
roles: [tschifftner.exim4_sendonly, passbolt]
|
||||
tasks:
|
||||
|
|
7
roles/rsnapshoter/defaults/main.yml
Normal file
7
roles/rsnapshoter/defaults/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
# Change this if you need multiple rsnapshots configured on the same host:
|
||||
# - One ssh key will be created for each of them
|
||||
# - One cron for each
|
||||
# - One configuration file for each
|
||||
rsnapshot_name: backups
|
41
roles/rsnapshoter/tasks/config.yml
Normal file
41
roles/rsnapshoter/tasks/config.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
|
||||
- name: Create rsnapshot SSH key
|
||||
user:
|
||||
name: root
|
||||
generate_ssh_key: yes
|
||||
ssh_key_file: ".ssh/id_rsa_rsnapshot_{{ rsnapshot_name }}"
|
||||
ssh_key_comment: "rsnapshot {{ rsnapshot_name }} on {{ inventory_hostname }}"
|
||||
|
||||
|
||||
- name: Fetch rsnapshot ssh public key
|
||||
slurp:
|
||||
src: "/root/.ssh/id_rsa_rsnapshot_{{ rsnapshot_name }}.pub"
|
||||
register: rsnapshot_ssh_pub_key
|
||||
|
||||
- name: Propagate rsnapshot ssh public key
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ rsnapshot_ssh_pub_key.content | b64decode | trim }}"
|
||||
key_options: "no-pty,no-agent-forwarding,no-X11-forwarding,no-port-forwarding"
|
||||
state: present
|
||||
delegate_to: "{{ item }}"
|
||||
loop: "{{ rsnapshotted_hosts }}"
|
||||
loop_control:
|
||||
label: "Propagate public key to {{ item }}"
|
||||
|
||||
- name: Configure rsnapshot
|
||||
template:
|
||||
src: rsnapshot.conf.j2
|
||||
dest: "/etc/rsnapshot_{{ rsnapshot_name }}.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
|
||||
- name: Configure rsnapshot cron
|
||||
template:
|
||||
src: rsnapshot.cron.j2
|
||||
dest: "/etc/cron.d/rsnapshot_{{ rsnapshot_name }}"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
22
roles/rsnapshoter/tasks/install.yml
Normal file
22
roles/rsnapshoter/tasks/install.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
|
||||
- name: Install rsnapshot
|
||||
package:
|
||||
name: rsnapshot
|
||||
state: present
|
||||
|
||||
- name: Create rsnapshot directory
|
||||
file:
|
||||
path: "/srv/backups/"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
||||
|
||||
- name: Create rsnapshot directory
|
||||
file:
|
||||
path: "/srv/backups/rsnapshot_{{ rsnapshot_name }}"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0750
|
7
roles/rsnapshoter/tasks/main.yml
Normal file
7
roles/rsnapshoter/tasks/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
|
||||
- include: install.yml
|
||||
tags: [install, rsnapshot]
|
||||
|
||||
- include: config.yml
|
||||
tags: [config, rsnapshot]
|
23
roles/rsnapshoter/templates/rsnapshot.conf.j2
Normal file
23
roles/rsnapshoter/templates/rsnapshot.conf.j2
Normal file
|
@ -0,0 +1,23 @@
|
|||
config_version 1.2
|
||||
snapshot_root /srv/backups/rsnapshot_{{ rsnapshot_name }}/
|
||||
no_create_root 1
|
||||
cmd_cp /bin/cp
|
||||
cmd_rm /bin/rm
|
||||
cmd_rsync /usr/bin/rsync
|
||||
cmd_ssh /usr/bin/ssh
|
||||
ssh_args -i /root/.ssh/id_rsa_rsnapshot_{{ rsnapshot_name }} -o StrictHostKeyChecking=accept-new
|
||||
cmd_logger /usr/bin/logger
|
||||
cmd_du /usr/bin/du
|
||||
one_fs 1
|
||||
retain daily 6
|
||||
retain weekly 4
|
||||
retain monthly 12
|
||||
retain yearly 42
|
||||
verbose 2
|
||||
loglevel 2
|
||||
logfile /var/log/rsnapshot_{{ rsnapshot_name }}.log
|
||||
lockfile /var/run/rsnapshot_{{ rsnapshot_name }}.pid
|
||||
|
||||
{% for line in rsnapshot_backups %}
|
||||
backup {{ line.remote }} {{ line.path }}
|
||||
{% endfor %}
|
4
roles/rsnapshoter/templates/rsnapshot.cron.j2
Normal file
4
roles/rsnapshoter/templates/rsnapshot.cron.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
30 3 * * * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf daily
|
||||
0 3 * * 1 root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf weekly
|
||||
30 2 1 * * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf monthly
|
||||
0 1 1 1 * root /usr/bin/rsnapshot -c /etc/rsnapshot_{{ rsnapshot_name }}.conf yearly
|
Loading…
Reference in New Issue
Block a user