summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRiku Voipio <riku.voipio@linaro.org>2017-11-29 16:30:47 +0200
committerBenjamin Copeland <ben.copeland@linaro.org>2017-12-07 10:16:48 +0000
commit30db7d9bbb2e52eb3dcf75caff7dbd465fe03c40 (patch)
treedb0b22383d5c013d4a29fd747f1efcdae7d62a7d
parent8a82d3a452bc41946e0b7b54663d25d0e1b8efb1 (diff)
downloadansible-playbooks-30db7d9bbb2e52eb3dcf75caff7dbd465fe03c40.tar.gz
restic: new role
Role for backing up with https://restic.github.io/ Typical usage: - role: restic backup_host: backup-host backup_user: remote-backup-user backup_db: - dbname backup_dirs: - /srv/obs - /etc Change-Id: Ia0b93b67d7e442dc7aee746a9c20500dfd5ee1a7 Reviewed-on: https://review.linaro.org/22761 Reviewed-by: Benjamin Copeland <ben.copeland@linaro.org>
-rw-r--r--roles/restic/files/backup.sh8
-rw-r--r--roles/restic/tasks/main.yml59
-rw-r--r--roles/restic/templates/backup.env.j215
3 files changed, 82 insertions, 0 deletions
diff --git a/roles/restic/files/backup.sh b/roles/restic/files/backup.sh
new file mode 100644
index 0000000..5c30463
--- /dev/null
+++ b/roles/restic/files/backup.sh
@@ -0,0 +1,8 @@
+#!/bin/sh -e
+
+source /root/restic.env
+
+restic backup -q --hostname=obs $BACKUP_DIRS
+for DB in $BACKUP_DBS; do
+ mysqldump $DB|restic backup -q --hostname=obs --stdin-filename=$DB --stdin
+done
diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml
new file mode 100644
index 0000000..bb59d91
--- /dev/null
+++ b/roles/restic/tasks/main.yml
@@ -0,0 +1,59 @@
+- name: Install restic requirements
+ apt: pkg={{item}} state=installed
+ with_items:
+ - ca-certificates
+ - openssh-client
+ - bzip2
+ tags:
+ - update
+
+- name: Download restic
+ get_url:
+ url: https://github.com/restic/restic/releases/download/v0.8.0/restic_0.8.0_linux_arm64.bz2
+ dest: /srv/restic.bz2
+ checksum: sha256:b095c8ae34961ed96ebd2cfb8d99d0aae0c9194beee50efcb55743a56a3f2527
+
+- name: Install restic
+ shell: "bzcat /srv/restic.bz2 > /usr/local/bin/restic && chmod a+x /usr/local/bin/restic"
+ args:
+ creates: /usr/local/bin/restic
+
+- name: Set up backup env
+ template:
+ src: backup.env.j2
+ dest: /srv/backup.env
+ owner: root
+ group: root
+ mode: 0700
+
+- name: Install backup script
+ copy:
+ src: backup.sh
+ dest: /srv/backup.sh
+ owner: root
+ group: root
+ mode: 0700
+
+- name: set up .ssh for backups
+ file:
+ path: /root/.ssh
+ state: directory
+ owner: root
+ group: root
+ mode: 0700
+
+- name: set up restic password
+ copy:
+ src: "{{secrets_dir}}/files/obs/restic"
+ dest: /root/restic-password
+ owner: root
+ group: root
+ mode: 0600
+
+- name: install ssh key for backups
+ copy:
+ src: "{{secrets_dir}}/files/obs/id_rsa"
+ dest: /root/.ssh/id_rsa
+ owner: root
+ group: root
+ mode: 0600
diff --git a/roles/restic/templates/backup.env.j2 b/roles/restic/templates/backup.env.j2
new file mode 100644
index 0000000..28f2877
--- /dev/null
+++ b/roles/restic/templates/backup.env.j2
@@ -0,0 +1,15 @@
+#!/bin/sh -e
+
+export RESTIC_PASSWORD_FILE=/root/restic-password
+export RESTIC_REPOSITORY=sftp:{{backup_user}}@{{backup_host}}:obs
+
+export BACKUP_DIRS="\
+{% for directory in backup_dirs %}
+ {{directory}} \
+{% endfor %}"
+
+export BACKUP_DBS=" \
+{% for db in backup_db %}
+ db \
+{% endfor %}"
+