diff --git a/roles/kde-backup/tasks/main.yml b/roles/kde-backup/tasks/main.yml index 1d41ab3..2cfffc0 100644 --- a/roles/kde-backup/tasks/main.yml +++ b/roles/kde-backup/tasks/main.yml @@ -1,145 +1,144 @@ --- - name: ensure bin directory exists file: path: /root/bin state: directory owner: root group: root - name: ensure backup directory exists file: path: /root/{{backup_directory}} state: directory owner: root group: root mode: 0700 - name: ensure lftp is installed apt: name: lftp state: present when: hetzner_backup_host is defined - name: install Hetzner ftp script template: src: backup-options.j2 dest: /root/bin/backup-options owner: root group: root mode: 0600 when: hetzner_backup_host is defined - name: ensure host has a ssh key user: name: root generate_ssh_key: yes register: root_user when: gohma_backup_user is defined - name: ensure a backup account exists in micrea delegate_to: micrea.kde.org user: name: "{{gohma_backup_user}}" home: "/home/{{gohma_backup_home}}/" createhome: no when: gohma_backup_user is defined - name: create micrea home directory delegate_to: micrea.kde.org file: state: directory dest: "/home/{{gohma_backup_home}}" owner: root group: root mode: 0755 when: gohma_backup_user is defined - name: create backup directory on micrea delegate_to: micrea.kde.org file: state: directory dest: "/home/{{gohma_backup_home}}/{{backup_directory}}" owner: "{{gohma_backup_user}}" group: "{{gohma_backup_user}}" mode: 0700 when: gohma_backup_user is defined - name: create .ssh in micrea account delegate_to: micrea.kde.org file: state: directory dest: "/home/{{gohma_backup_home}}/.ssh" owner: root group: root mode: 0755 when: gohma_backup_user is defined - name: assign authorized keys delegate_to: micrea.kde.org copy: dest: "/home/{{gohma_backup_home}}/.ssh/authorized_keys" owner: root group: root mode: 0644 content: "no-pty,no-x11-forwarding,no-port-forwarding,no-agent-forwarding {{root_user.ssh_public_key}}\n" when: gohma_backup_user is defined # This will *fail* if micrea is not present in known_hosts, # and will need manual intervention to add it. # A better solution might need a custom Ansible module. - name: ensure micrea is in known_hosts command: ssh-keygen -F micrea.kde.org check_mode: no changed_when: False when: gohma_backup_user is defined - name: install other dependencies of backup script apt: - name: "{{item}}" + name: "{{backup_apt_dependencies}}" state: present - with_items: "{{backup_apt_dependencies}}" - name: install backup script template: src: backup-{{inventory_hostname_short}}.sh dest: /root/bin/run-backup.sh owner: root group: root mode: 0740 - name: ensure cronjob messages are emailed to sysadmin cron: user: root env: yes name: MAILTO value: sysadmin-systems@kde.org - name: configure backup cronjob cron: hour: "{{backup_cron.hour}}" minute: "{{backup_cron.minute}}" weekday: "{{backup_cron.weekday | default('*')}}" user: root job: /root/bin/run-backup.sh name: "run backup" - block: - name: install Hetzner ftp script for gitolite logs template: src: backup-options-logs.j2 dest: /root/bin/backup-options-logs owner: root group: root mode: 0600 - name: configure cronjob for gitolite log backups cron: hour: "{{backup_logs_cron.hour}}" minute: "{{backup_logs_cron.minute}}" weekday: "{{backup_logs_cron.weekday | default('*')}}" user: root job: "lftp -f ~/bin/backup-options-logs" name: "backup gitolite logs" when: inventory_hostname == 'code.kde.org'