ansible-borgbackup/tasks/management.yml

---
- name: management | put management station prune script
  template:
    src: prune.sh.j2
    dest: "~{{ borgbackup_management_user }}/prune.sh"
    owner: "{{ borgbackup_management_user }}"
    group: "{{ borgbackup_management_user }}"
    mode: 0700

- name: management | put management sshpubkey on the normal backupserver
  authorized_key:
    user: "{{ item.user }}"
    key: "{{ borgbackup_management_ssh_pubkey }}"
  delegate_to: "{{ item.fqdn }}"
  when: item.type == 'normal'
  with_items: "{{ borgbackup_servers }}"


# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file
- name: management | get rsync.net authorized_keys file
  raw: scp {{ item.user }}@{{ item.fqdn }}:.ssh/authorized_keys /tmp/rsync.net-{{ item.fqdn }}-authkeys
  delegate_to: localhost
  become: false
  when: item.type == 'rsync.net'
  with_items: "{{ borgbackup_servers }}"
  changed_when: false

- name: management | modify local rsync.net authorized_keys
  authorized_key:
    user: "{{ ansible_user_id }}"
    key: "{{ borgbackup_management_ssh_pubkey }}"
    path: "/tmp/rsync.net-{{ item.fqdn }}-authkeys"
    manage_dir: false
  delegate_to: localhost
  become: false
  when: item.type == 'rsync.net'
  with_items: "{{ borgbackup_servers }}"
  register: authkeys

- name: management | upload local authorized_keys to rsync.net
  raw: scp /tmp/rsync.net-{{ item.fqdn }}-authkeys {{ item.user }}@{{ item.fqdn }}:.ssh/authorized_keys
  delegate_to: localhost
  become: false
  when: item.type == 'rsync.net' and authkeys.changed
  with_items: "{{ borgbackup_servers }}"

- name: management | remove tmp authorized_keys files
  file:
    path: /tmp/rsync.net-{{ item.fqdn }}-authkeys
    state: absent
  delegate_to: localhost
  become: false
  with_items: "{{ borgbackup_servers }}"
  when: authkeys.changed
  changed_when: false
support append_only mode 2017-10-01 17:24:50 +00:00			`---`
			`- name: management \| put management station prune script`
			`template:`
			`src: prune.sh.j2`
			`dest: "~{{ borgbackup_management_user }}/prune.sh"`
			`owner: "{{ borgbackup_management_user }}"`
			`group: "{{ borgbackup_management_user }}"`
			`mode: 0700`

			`- name: management \| put management sshpubkey on the normal backupserver`
			`authorized_key:`
			`user: "{{ item.user }}"`
general improvements 2017-11-12 14:02:50 +00:00			`key: "{{ borgbackup_management_ssh_pubkey }}"`
support append_only mode 2017-10-01 17:24:50 +00:00			`delegate_to: "{{ item.fqdn }}"`
			`when: item.type == 'normal'`
rename server group 2017-10-01 17:51:38 +00:00			`with_items: "{{ borgbackup_servers }}"`
support append_only mode 2017-10-01 17:24:50 +00:00

			`# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file`
			`- name: management \| get rsync.net authorized_keys file`
			`raw: scp {{ item.user }}@{{ item.fqdn }}:.ssh/authorized_keys /tmp/rsync.net-{{ item.fqdn }}-authkeys`
			`delegate_to: localhost`
Styleguide improvements 2018-08-30 21:37:26 +00:00			`become: false`
support append_only mode 2017-10-01 17:24:50 +00:00			`when: item.type == 'rsync.net'`
rename server group 2017-10-01 17:51:38 +00:00			`with_items: "{{ borgbackup_servers }}"`
support append_only mode 2017-10-01 17:24:50 +00:00			`changed_when: false`

			`- name: management \| modify local rsync.net authorized_keys`
			`authorized_key:`
			`user: "{{ ansible_user_id }}"`
general improvements 2017-11-12 14:02:50 +00:00			`key: "{{ borgbackup_management_ssh_pubkey }}"`
support append_only mode 2017-10-01 17:24:50 +00:00			`path: "/tmp/rsync.net-{{ item.fqdn }}-authkeys"`
Styleguide improvements 2018-08-30 21:37:26 +00:00			`manage_dir: false`
support append_only mode 2017-10-01 17:24:50 +00:00			`delegate_to: localhost`
Styleguide improvements 2018-08-30 21:37:26 +00:00			`become: false`
support append_only mode 2017-10-01 17:24:50 +00:00			`when: item.type == 'rsync.net'`
rename server group 2017-10-01 17:51:38 +00:00			`with_items: "{{ borgbackup_servers }}"`
support append_only mode 2017-10-01 17:24:50 +00:00			`register: authkeys`

			`- name: management \| upload local authorized_keys to rsync.net`
			`raw: scp /tmp/rsync.net-{{ item.fqdn }}-authkeys {{ item.user }}@{{ item.fqdn }}:.ssh/authorized_keys`
			`delegate_to: localhost`
Styleguide improvements 2018-08-30 21:37:26 +00:00			`become: false`
support append_only mode 2017-10-01 17:24:50 +00:00			`when: item.type == 'rsync.net' and authkeys.changed`
rename server group 2017-10-01 17:51:38 +00:00			`with_items: "{{ borgbackup_servers }}"`
support append_only mode 2017-10-01 17:24:50 +00:00
			`- name: management \| remove tmp authorized_keys files`
			`file:`
			`path: /tmp/rsync.net-{{ item.fqdn }}-authkeys`
			`state: absent`
			`delegate_to: localhost`
Styleguide improvements 2018-08-30 21:37:26 +00:00			`become: false`
rename server group 2017-10-01 17:51:38 +00:00			`with_items: "{{ borgbackup_servers }}"`
support append_only mode 2017-10-01 17:24:50 +00:00			`when: authkeys.changed`
			`changed_when: false`