diff --git a/roles/kde-backup/tasks/main.yml b/roles/kde-backup/tasks/main.yml index c9ca665..a97bfb1 100644 --- a/roles/kde-backup/tasks/main.yml +++ b/roles/kde-backup/tasks/main.yml @@ -1,135 +1,145 @@ --- - name: ensure bin directory exists file: path: /root/bin state: directory owner: root group: root - name: ensure backup directory exists file: path: /root/{{backup_directory}} state: directory owner: root group: root mode: 0700 - name: ensure lftp is installed apt: name: lftp state: present when: hetzner_backup_host is defined - name: install Hetzner ftp script template: src: backup-options.j2 dest: /root/bin/backup-options owner: root group: root mode: 0600 when: hetzner_backup_host is defined - name: ensure host has a ssh key user: name: root generate_ssh_key: yes register: root_user when: gohma_backup_user is defined - name: ensure a backup account exists in gohma delegate_to: gohma.kde.org user: name: "{{gohma_backup_user}}" home: "/home/{{gohma_backup_home}}/" createhome: no when: gohma_backup_user is defined - name: create gohma home directory delegate_to: gohma.kde.org file: state: directory dest: "/home/{{gohma_backup_home}}" owner: root group: root mode: 0755 when: gohma_backup_user is defined +- name: create backup directory on gohma + delegate_to: gohma.kde.org + file: + state: directory + dest: "/home/{{gohma_backup_home}}/{{backup_directory}}" + owner: "{{gohma_backup_user}}" + group: "{{gohma_backup_user}}" + mode: 0700 + when: gohma_backup_user is defined + - name: create .ssh in gohma account delegate_to: gohma.kde.org file: state: directory dest: "/home/{{gohma_backup_home}}/.ssh" owner: root group: root mode: 0755 when: gohma_backup_user is defined - name: assign authorized keys delegate_to: gohma.kde.org copy: dest: "/home/{{gohma_backup_home}}/.ssh/authorized_keys" owner: root group: root mode: 0644 content: "no-pty,no-x11-forwarding,no-port-forwarding,no-agent-forwarding {{root_user.ssh_public_key}}\n" when: gohma_backup_user is defined # This will *fail* if gohma is not present in known_hosts, # and will need manual intervention to add it. # A better solution might need a custom Ansible module. - name: ensure gohma is in known_hosts command: ssh-keygen -F gohma.kde.org check_mode: no changed_when: False when: gohma_backup_user is defined - name: install other dependencies of backup script apt: name: "{{item}}" state: present with_items: "{{backup_apt_dependencies}}" - name: install backup script template: src: backup-{{inventory_hostname_short}}.sh dest: /root/bin/run-backup.sh owner: root group: root mode: 0740 - name: ensure cronjob messages are emailed to sysadmin cron: user: root env: yes name: MAILTO value: sysadmin-systems@kde.org - name: configure backup cronjob cron: hour: "{{backup_cron.hour}}" minute: "{{backup_cron.minute}}" weekday: "{{backup_cron.weekday | default('*')}}" user: root job: /root/bin/run-backup.sh name: "run backup" - block: - name: install Hetzner ftp script for gitolite logs template: src: backup-options-logs.j2 dest: /root/bin/backup-options-logs owner: root group: root mode: 0600 - name: configure cronjob for gitolite log backups cron: hour: "{{backup_logs_cron.hour}}" minute: "{{backup_logs_cron.minute}}" weekday: "{{backup_logs_cron.weekday | default('*')}}" user: root job: "lftp -f ~/bin/backup-options-logs" name: "backup gitolite logs" when: inventory_hostname == 'code.kde.org'