๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible-playbooks/roles/rest-server/tasks/add_repo.yml

121 lines
5.6 KiB

2 years ago
- name: fail if repo parameters are missing
fail:
msg: repo parameters are missing or incorrect
when: (repo is not mapping) or (repo.user is not defined) or
(repo.password is not defined)
- name: protect against malicious repo names
fail:
msg: this backup repo name is reserved
when: (repo.name is string) and (((repo.name | lower) == 'config') or
((repo.name | lower) == 'data') or ((repo.name | lower) == 'index') or
((repo.name | lower) == 'keys') or ((repo.name | lower) == 'locks') or
((repo.name | lower) == 'snapshots'))
- name: get rest server hostname
set_fact:
rest_server_hostname: "{{ repo.server if (repo.server is string and repo.server | length > 0) else services.rest_server.hostname }}"
- name: get rest server parms
set_fact:
rest_server_parms:
conf_dir: "{{ hostvars[rest_server_hostname]['rest_server_conf_dir'] | d(rest_server_conf_dir) }}"
data_dir: "{{ hostvars[rest_server_hostname]['rest_server_data_dir'] | d(rest_server_data_dir) }}"
passwd_dir: "{{ hostvars[rest_server_hostname]['rest_server_passwd_dir'] | d(rest_server_passwd_dir) }}"
user: "{{ hostvars[rest_server_hostname]['rest_server_user'] | d(rest_server_user) }}"
group: "{{ hostvars[rest_server_hostname]['rest_server_group'] | d(rest_server_group) }}"
maintenance_mark: "{{ hostvars[rest_server_hostname]['rest_server_maintenance_mark'] | d(rest_server_maintenance_mark) }}"
- block:
- name: ensure user exists in htpasswd file
htpasswd:
path: "{{ rest_server_parms.data_dir }}/.htpasswd"
create: yes
crypt_scheme: bcrypt
mode: 0400
owner: "{{ rest_server_parms.user }}"
group: "{{ rest_server_parms.group }}"
name: "{{ repo.user }}"
password: "{{ repo.password }}"
- name: set restic repo and password facts
set_fact:
restic_repo: "{{ rest_server_parms.data_dir ~ '/' ~ repo.user ~ (('/' ~ repo.name) if (repo.name is string and repo.name | length > 0) else '') }}"
restic_password: "{{ repo.repo_password if (repo.repo_password is string and repo.repo_password | length > 0) else repo.password }}"
restic_passwd_file: "{{ rest_server_parms.passwd_dir ~ '/' ~ repo.user ~ (('.' ~ repo.name) if (repo.name is string and repo.name | length > 0) else '') }}"
no_log: yes
- name: set restic retention facts
set_fact:
restic_retention: "{{ [
(('--keep-last ' ~ (repo.retention.last | quote)) if (repo.retention.last is defined) else ''),
(('--keep-hourly ' ~ (repo.retention.hourly | quote)) if (repo.retention.hourly is defined) else ''),
(('--keep-daily ' ~ (repo.retention.daily | quote)) if (repo.retention.daily is defined) else ''),
(('--keep-weekly ' ~ (repo.retention.weekly | quote)) if (repo.retention.weekly is defined) else ''),
(('--keep-monthly ' ~ (repo.retention.monthly | quote)) if (repo.retention.monthly is defined) else ''),
(('--keep-yearly ' ~ (repo.retention.yearly | quote)) if (repo.retention.yearly is defined) else ''),
(('--keep-within ' ~ (repo.retention.within | quote)) if (repo.retention.within is defined) else ''),
(('--keep-within-hourly ' ~ (repo.retention.within_hourly | quote)) if (repo.retention.within_hourly is defined) else ''),
(('--keep-within-daily ' ~ (repo.retention.within_daily | quote)) if (repo.retention.within_daily is defined) else ''),
(('--keep-within-weekly ' ~ (repo.retention.within_weekly | quote)) if (repo.retention.within_weekly is defined) else ''),
(('--keep-within-monthly ' ~ (repo.retention.within_monthly | quote)) if (repo.retention.within_monthly is defined) else ''),
(('--keep-within-yearly ' ~ (repo.retention.within_yearly | quote)) if (repo.retention.within_yearly is defined) else '')
] | select() | list | join(' ') }}"
when: repo.retention is defined and repo.retention is mapping
- name: create passwd file for repo
copy:
dest: "{{ restic_passwd_file }}"
content: "{{ restic_password }}"
mode: 0400
owner: "{{ rest_server_parms.user }}"
group: "{{ rest_server_parms.group }}"
- name: create repository
shell:
cmd: /usr/bin/restic init
environment:
RESTIC_REPOSITORY: "{{ restic_repo }}"
RESTIC_PASSWORD: "{{ restic_password }}"
register: result
changed_when: "'created restic repository' in result.stdout"
failed_when: "(result.rc != 0) and not ('config file already exists' in result.stderr)"
become: yes
become_user: "{{ rest_server_parms.user }}"
become_method: su
become_flags: "-s /bin/ash"
- name: edit maintenance script
lineinfile:
path: "{{ rest_server_parms.conf_dir }}/maintenance.sh"
regexp: '^/usr/bin/restic(\s+)--repo(\s+){{ restic_repo | quote | regex_escape }}(\s+)(.*)$'
line: "/usr/bin/restic --repo {{ restic_repo | quote }} --password-file {{ restic_passwd_file | quote }} forget --prune {{ restic_retention | d('--keep-last 14') }}"
insertbefore: "^# {{ rest_server_parms.maintenance_mark }}"
firstmatch: yes
- name: unset restic repo and password facts
set_fact:
restic_repo: "{{ None }}"
restic_password: "{{ None }}"
restic_passwd_file: "{{ None }}"
no_log: yes
delegate_to: "{{ rest_server_hostname }}"
- name: unset facts
set_fact:
rest_server_parms: "{{ None }}"
rest_server_hostname: "{{ None }}"