rename server group

This commit is contained in:
Luc Stroobant 2017-10-01 19:51:38 +02:00
parent dc72e03bb3
commit a1209ca8c2
8 changed files with 37 additions and 33 deletions

View File

@ -1,23 +1,22 @@
# Borg backup role
This role installs Borg backup on backupservers and clients. The role contains a wrapper-script 'borg-backup' to ease the usage on the client. Supported options include borg-backup info | init | list | backup | mount. Automysqlbackup will run as pre-backup command if it's installed.
This role installs Borg backup on borgbackup\_servers and clients. The role contains a wrapper-script 'borg-backup' to ease the usage on the client. Supported options include borg-backup info | init | list | backup | mount. Automysqlbackup will run as pre-backup command if it's installed.
The role supports both self hosted and rsync.net as Borg server.
It's possible to configure append-only repositories to secure the backups against deletion from the client.
## Required variables
Define a group backupservers in your inventory with one or multiple hosts.
Define a group borgbackup\_servers in your inventory with one or multiple hosts. The group borgbackup\_management is only necessary if you want to enable append-only mode and prune the backups from a secured hosts.
```
infra:
[backupservers]
[borgbackup_servers]
backup1.fiaas.co
[borgbackup_management]
supersecurehost
```
group\_vars/all.yml:
Define group- or hostvars for your backup endpoints and retention:
```
backupservers:
borgbackup_servers:
- fqdn: backup1.fiaas.co
user: borgbackup
type: normal
@ -30,9 +29,14 @@ backupservers:
home: ""
pool: repos
options: "--remote-path=borg1"
borgbackup_retention:
hourly: 12
daily: 7
weekly: 4
monthly: 6
yearly: 1
```
Contains the list of server you want to use on a certain client.
Allows to override backup servers on group or host level.
*WARNING: the trailing / in item.home is required.*
Define a borg\_passphrase for every host.

View File

@ -28,7 +28,7 @@
key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve {% if borgbackup_appendonly %}--append-only {% endif %}--restrict-to-path {{ item.home }}/{{ item.pool }}/{{ inventory_hostname }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
delegate_to: "{{ item.fqdn }}"
when: item.type == 'normal'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file
- name: client | get rsync.net authorized_keys file
@ -36,7 +36,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
changed_when: false
- name: client | modify local rsync.net authorized_keys
@ -49,7 +49,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
register: authkeys
- name: client | upload local authorized_keys to rsync.net
@ -57,7 +57,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net' and authkeys.changed
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
- name: client | remove tmp authorized_keys files
file:
@ -65,7 +65,7 @@
state: absent
delegate_to: localhost
become: no
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
when: authkeys.changed
changed_when: false

View File

@ -8,7 +8,7 @@
mode: "0755"
url: "{{ borgbackup_download_url }}"
delegate_to: "{{ item.fqdn }}"
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
when: item.type == 'normal'
- name: server | create user
@ -18,7 +18,7 @@
home: "{{ item.home }}"
createhome: "yes"
delegate_to: "{{ item.fqdn }}"
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
when: item.type == 'normal'
- name: server | create directories
@ -28,4 +28,4 @@
owner: "{{ item.user }}"
group: "{{ item.user }}"
mode: "0770"
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"

View File

@ -2,17 +2,17 @@
- include: install.yml
when: >
borgbackup_required == True or
inventory_hostname in groups.backupservers
inventory_hostname in groups.borgbackup_servers
- include: borg-server.yml
when: inventory_hostname in groups.backupservers
when: inventory_hostname in groups.borgbackup_servers
- include: borg-client.yml
when: >
borgbackup_required == True and
inventory_hostname not in groups.backupservers
inventory_hostname not in groups.borgbackup_servers
- include: management.yml
when: >
inventory_hostname in groups.borgbackup_management and
inventory_hostname not in groups.backupservers
inventory_hostname not in groups.borgbackup_servers

View File

@ -13,7 +13,7 @@
key: "{{ borgbackup_management_sshkey }}"
delegate_to: "{{ item.fqdn }}"
when: item.type == 'normal'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file
@ -22,7 +22,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
changed_when: false
- name: management | modify local rsync.net authorized_keys
@ -34,7 +34,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net'
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
register: authkeys
- name: management | upload local authorized_keys to rsync.net
@ -42,7 +42,7 @@
delegate_to: localhost
become: no
when: item.type == 'rsync.net' and authkeys.changed
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
- name: management | remove tmp authorized_keys files
file:
@ -50,6 +50,6 @@
state: absent
delegate_to: localhost
become: no
with_items: "{{ backupservers }}"
with_items: "{{ borgbackup_servers }}"
when: authkeys.changed
changed_when: false

View File

@ -14,7 +14,7 @@ fi
if [ "$1" = "info" ]
then
if [ -z "$2" ]; then printf "run $0 with list and use the backup-tag to request information\n"; exit 1; fi
{% for b in backupservers %}
{% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
/usr/local/bin/borg info $REPOSITORY::$2 {{ b.options }}
{% endfor %}
@ -26,7 +26,7 @@ if [ "$1" = "mount" ]
if [ -z "$2" ]; then printf "Select the backup-server\n"; exit 1; fi
if [ -z "$3" ]; then printf "Select the backup to mount\n"; exit 1; fi
if [ -z "$4" ]; then printf "Select the path to mount the backup on\n"; exit 1; fi
{% for b in backupservers %}
{% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
/usr/local/bin/borg mount $REPOSITORY::$3 $4 {{ b.options }}
if [ "$?" = "0" ]; then printf "Backup mounted on $4, do not forget to unmount!\n"; fi
@ -36,7 +36,7 @@ fi
if [ "$1" = "list" ]
then
{% for b in backupservers %}
{% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
printf "Archives on {{ b.fqdn }} :\n"
/usr/local/bin/borg list -v $REPOSITORY {{ b.options }}
@ -46,7 +46,7 @@ fi
if [ "$1" = "init" ]
then
{% for b in backupservers %}
{% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
borg init $REPOSITORY {{ b.options }}
{% endfor %}
@ -62,7 +62,7 @@ if [ "$1" = "backup" ]
{{ precommand }}
{% endfor %}
{% for b in backupservers %}
{% for b in borgbackup_servers %}
printf "Backing up to {{ b.fqdn }} :\n"
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}

View File

@ -5,9 +5,9 @@
# Don't put it on the backup server, it contains all borg secrets!
{% for h in groups['all'] %}
{% if hostvars[h].borgbackup_required is defined and hostvars[h].borgbackup_required %}
{% if hostvars[h].borgbackup_required | default(True) %}
# Host: {{ h }}
{% for b in hostvars[h].backupservers %}
{% for b in hostvars[h].borgbackup_servers %}
{% if hostvars[h].borgbackup_managementstation is defined and inventory_hostname == hostvars[h].borgbackup_managementstation %}
export BORG_PASSPHRASE={{ hostvars[h].borgbackup_passphrase }}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ h }}

View File

@ -1,5 +1,5 @@
# backup hosts
{% for b in backupservers %}
{% for b in borgbackup_servers %}
Host {{ b.fqdn }}
StrictHostKeyChecking no
{% if b.port is defined %}