diff --git a/host_vars/ange.kde.org.yml b/host_vars/ange.kde.org.yml index 70180dd..d1d4a44 100644 --- a/host_vars/ange.kde.org.yml +++ b/host_vars/ange.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: angebackup +gohma_backup_home: BACKUP.ange.kde.org diff --git a/host_vars/bluemchen.kde.org.yml b/host_vars/bluemchen.kde.org.yml new file mode 100644 index 0000000..48168d2 --- /dev/null +++ b/host_vars/bluemchen.kde.org.yml @@ -0,0 +1,3 @@ +--- +gohma_backup_user: bluemchenbackup +gohma_backup_home: BACKUP.bluemchen.kde.org diff --git a/host_vars/cano.kde.org.yml b/host_vars/cano.kde.org.yml new file mode 100644 index 0000000..fb0e246 --- /dev/null +++ b/host_vars/cano.kde.org.yml @@ -0,0 +1,3 @@ +--- +gohma_backup_user: canobackup +gohma_backup_home: BACKUP.cano.kde.org diff --git a/host_vars/elder.kde.org.yml b/host_vars/elder.kde.org.yml index 70180dd..d6eb71d 100644 --- a/host_vars/elder.kde.org.yml +++ b/host_vars/elder.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: elderbackup +gohma_backup_home: BACKUP.elder.kde.org diff --git a/host_vars/fiesta.kde.org.yml b/host_vars/fiesta.kde.org.yml index 0f9ad2d..4df1a55 100644 --- a/host_vars/fiesta.kde.org.yml +++ b/host_vars/fiesta.kde.org.yml @@ -1,4 +1,7 @@ --- backup_cron: hour: 5 minute: 10 + +gohma_backup_user: fiestabackup +gohma_backup_home: BACKUP.fiesta.kde.org diff --git a/host_vars/kater.kde.org.yml b/host_vars/kater.kde.org.yml index 70180dd..f7cb7ee 100644 --- a/host_vars/kater.kde.org.yml +++ b/host_vars/kater.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: katerbackup +gohma_backup_home: BACKUP.kater.kde.org diff --git a/host_vars/library.kde.org.yml b/host_vars/library.kde.org.yml index 70180dd..190530e 100644 --- a/host_vars/library.kde.org.yml +++ b/host_vars/library.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: librarybackup +gohma_backup_home: BACKUP.library.kde.org diff --git a/host_vars/mason.kde.org.yml b/host_vars/mason.kde.org.yml new file mode 100644 index 0000000..0add7e6 --- /dev/null +++ b/host_vars/mason.kde.org.yml @@ -0,0 +1,3 @@ +--- +gohma_backup_user: masonbackup +gohma_backup_home: BACKUP.mason.kde.org diff --git a/host_vars/olios.kde.org/vars.yml b/host_vars/olios.kde.org/vars.yml index c8be7c3..192a14e 100644 --- a/host_vars/olios.kde.org/vars.yml +++ b/host_vars/olios.kde.org/vars.yml @@ -1,4 +1,7 @@ mysql_passwords: "{{vault_mysql_passwords}}" # Security advisories are .txt files in kde.org/info/security so they need to be allowed. apache_allow_txt: true + +gohma_backup_user: oliosbackup +gohma_backup_home: BACKUP.olios.kde.org diff --git a/host_vars/orbi.kde.org.yml b/host_vars/orbi.kde.org.yml index 70180dd..bb962a0 100644 --- a/host_vars/orbi.kde.org.yml +++ b/host_vars/orbi.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: orbibackup +gohma_backup_home: BACKUP.orbi.kde.org diff --git a/host_vars/overwatch.kde.org.yml b/host_vars/overwatch.kde.org.yml index ac947a0..e1bfb29 100644 --- a/host_vars/overwatch.kde.org.yml +++ b/host_vars/overwatch.kde.org.yml @@ -1,2 +1,4 @@ --- extra_backup_dependencies: [rdiff-backup] +gohma_backup_user: overwatchbackup +gohma_backup_home: BACKUP.overwatch.kde.org diff --git a/host_vars/rosetta.kde.org.yml b/host_vars/rosetta.kde.org.yml index 70180dd..9db8c6a 100644 --- a/host_vars/rosetta.kde.org.yml +++ b/host_vars/rosetta.kde.org.yml @@ -1,2 +1,4 @@ --- backup_directory: backups +gohma_backup_user: rosettabackup +gohma_backup_home: BACKUP.rosetta.kde.org diff --git a/host_vars/shrek.kde.org.yml b/host_vars/shrek.kde.org.yml new file mode 100644 index 0000000..a88f56c --- /dev/null +++ b/host_vars/shrek.kde.org.yml @@ -0,0 +1,3 @@ +--- +gohma_backup_user: shrekbackup +gohma_backup_home: BACKUP.shrek.kde.org diff --git a/host_vars/stumptown.kde.org.yml b/host_vars/stumptown.kde.org.yml index de8901d..76b35dd 100644 --- a/host_vars/stumptown.kde.org.yml +++ b/host_vars/stumptown.kde.org.yml @@ -1,6 +1,9 @@ --- backup_directory: backups backup_cron: hour: 5 minute: 10 weekday: sun + +gohma_backup_user: stumptownbackup +gohma_backup_home: BACKUP.stumptown.kde.org diff --git a/roles/kde-backup/tasks/main.yml b/roles/kde-backup/tasks/main.yml index c084f3a..9ae981a 100644 --- a/roles/kde-backup/tasks/main.yml +++ b/roles/kde-backup/tasks/main.yml @@ -1,74 +1,117 @@ --- - name: ensure bin directory exists file: path: /root/bin state: directory owner: root group: root - name: ensure backup directory exists file: path: /root/{{backup_directory}} state: directory owner: root group: root mode: 0700 - name: ensure lftp is installed apt: name: lftp state: present when: hetzner_backup_host is defined - name: install Hetzner ftp script template: src: backup-options.j2 dest: /root/bin/backup-options owner: root group: root mode: 0600 when: hetzner_backup_host is defined +- name: ensure host has a ssh key + user: + name: root + generate_ssh_key: yes + register: root_user + when: gohma_backup_user is defined + +- name: ensure a backup account exists in gohma + delegate_to: gohma.kde.org + user: + name: "{{gohma_backup_user}}" + home: "/home/{{gohma_backup_home}}/" + when: gohma_backup_user is defined + +- name: create .ssh in gohma account + delegate_to: gohma.kde.org + file: + state: directory + dest: "/home/{{gohma_backup_home}}/.ssh" + owner: root + group: root + mode: 0755 + when: gohma_backup_user is defined + +- name: assign authorized keys + delegate_to: gohma.kde.org + file: + dest: "/home/{{gohma_backup_home}}/.ssh/authorized_keys" + owner: root + group: root + mode: 0644 + content: "no-pty,no-x11-forwarding,no-port-forwarding,no-agent-forwarding {{root_user.ssh_public_key}}\n" + when: gohma_backup_user is defined + +# This will *fail* if gohma is not present in known_hosts, +# and will need manual intervention to add it. +# A better solution might need a custom Ansible module. +- name: ensure gohma is in known_hosts + command: ssh-keygen -F gohma.kde.org + check_mode: no + changed_when: False + when: gohma_backup_user is defined + - name: install other dependencies of backup script apt: name: "{{item}}" state: present with_items: "{{extra_backup_dependencies}}" - name: install backup script template: src: backup-{{inventory_hostname_short}}.sh dest: /root/bin/run-backup.sh owner: root group: root mode: 0744 - name: configure backup cronjob cron: hour: "{{backup_cron.hour}}" minute: "{{backup_cron.minute}}" weekday: "{{backup_cron.weekday | default('*')}}" user: root job: /root/bin/run-backup.sh name: "run backup" - block: - name: install Hetzner ftp script for gitolite logs template: src: backup-options-logs.j2 dest: /root/bin/backup-options-logs owner: root group: root mode: 0600 - name: configure cronjob for gitolite log backups cron: hour: "{{backup_logs_cron.hour}}" minute: "{{backup_logs_cron.minute}}" weekday: "{{backup_logs_cron.weekday | default('*')}}" user: root job: "lftp -f ~/bin/backup-options-logs" name: "backup gitolite logs" when: inventory_hostname == 'code.kde.org'