dave
/
ansible-playbooks
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
๐Ÿ“— Ansible playbooks and roles for building an idempotent, interconnected and scalable infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
2 Branches
0 Tags
425 KiB
 
 
Tag: Branch: Tree: 5878ef2e31
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5878ef2e31'
${ noResults }
ansible-playbooks/roles/rest-server/tasks/add_repo.yml

120 lines
5.6 KiB
Raw Blame History

- name: fail if repo parameters are missing
fail:
msg: repo parameters are missing or incorrect
when: (repo is not mapping) or (repo.user is not defined) or
(repo.password is not defined)
- name: protect against malicious repo names
fail:
msg: this backup repo name is reserved
when: (repo.name is string) and (((repo.name | lower) == 'config') or
((repo.name | lower) == 'data') or ((repo.name | lower) == 'index') or
((repo.name | lower) == 'keys') or ((repo.name | lower) == 'locks') or
((repo.name | lower) == 'snapshots'))
- name: get rest server hostname
set_fact:
rest_server_hostname: "{{ repo.server if (repo.server is string and repo.server | length > 0) else services.rest_server.hostname }}"
- name: get rest server parms
set_fact:
rest_server_parms:
conf_dir: "{{ hostvars[rest_server_hostname]['rest_server_conf_dir'] | d(rest_server_conf_dir) }}"
data_dir: "{{ hostvars[rest_server_hostname]['rest_server_data_dir'] | d(rest_server_data_dir) }}"
passwd_dir: "{{ hostvars[rest_server_hostname]['rest_server_passwd_dir'] | d(rest_server_passwd_dir) }}"
user: "{{ hostvars[rest_server_hostname]['rest_server_user'] | d(rest_server_user) }}"
group: "{{ hostvars[rest_server_hostname]['rest_server_group'] | d(rest_server_group) }}"
maintenance_mark: "{{ hostvars[rest_server_hostname]['rest_server_maintenance_mark'] | d(rest_server_maintenance_mark) }}"
- block:
- name: ensure user exists in htpasswd file
htpasswd:
path: "{{ rest_server_parms.data_dir }}/.htpasswd"
create: yes
crypt_scheme: bcrypt
mode: 0400
owner: "{{ rest_server_parms.user }}"
group: "{{ rest_server_parms.group }}"
name: "{{ repo.user }}"
password: "{{ repo.password }}"
- name: set restic repo and password facts
set_fact:
restic_repo: "{{ rest_server_parms.data_dir ~ '/' ~ repo.user ~ (('/' ~ repo.name) if (repo.name is string and repo.name | length > 0) else '') }}"
restic_password: "{{ repo.repo_password if (repo.repo_password is string and repo.repo_password | length > 0) else repo.password }}"
restic_passwd_file: "{{ rest_server_parms.passwd_dir ~ '/' ~ repo.user ~ (('.' ~ repo.name) if (repo.name is string and repo.name | length > 0) else '') }}"
no_log: yes
- name: set restic retention facts
set_fact:
restic_retention: "{{ [
(('--keep-last ' ~ (repo.retention.last | quote)) if (repo.retention.last is defined) else ''),
(('--keep-hourly ' ~ (repo.retention.hourly | quote)) if (repo.retention.hourly is defined) else ''),
(('--keep-daily ' ~ (repo.retention.daily | quote)) if (repo.retention.daily is defined) else ''),
(('--keep-weekly ' ~ (repo.retention.weekly | quote)) if (repo.retention.weekly is defined) else ''),
(('--keep-monthly ' ~ (repo.retention.monthly | quote)) if (repo.retention.monthly is defined) else ''),
(('--keep-yearly ' ~ (repo.retention.yearly | quote)) if (repo.retention.yearly is defined) else ''),
(('--keep-within ' ~ (repo.retention.within | quote)) if (repo.retention.within is defined) else ''),
(('--keep-within-hourly ' ~ (repo.retention.within_hourly | quote)) if (repo.retention.within_hourly is defined) else ''),
(('--keep-within-daily ' ~ (repo.retention.within_daily | quote)) if (repo.retention.within_daily is defined) else ''),
(('--keep-within-weekly ' ~ (repo.retention.within_weekly | quote)) if (repo.retention.within_weekly is defined) else ''),
(('--keep-within-monthly ' ~ (repo.retention.within_monthly | quote)) if (repo.retention.within_monthly is defined) else ''),
(('--keep-within-yearly ' ~ (repo.retention.within_yearly | quote)) if (repo.retention.within_yearly is defined) else '')
] | select() | list | join(' ') }}"
when: repo.retention is defined and repo.retention is mapping
- name: create passwd file for repo
copy:
dest: "{{ restic_passwd_file }}"
content: "{{ restic_password }}"
mode: 0400
owner: "{{ rest_server_parms.user }}"
group: "{{ rest_server_parms.group }}"
- name: create repository
shell:
cmd: /usr/bin/restic init
environment:
RESTIC_REPOSITORY: "{{ restic_repo }}"
RESTIC_PASSWORD: "{{ restic_password }}"
register: result
changed_when: "'created restic repository' in result.stdout"
failed_when: "(result.rc != 0) and not ('config file already exists' in result.stderr)"
become: yes
become_user: "{{ rest_server_parms.user }}"
become_method: su
become_flags: "-s /bin/ash"
- name: edit maintenance script
lineinfile:
path: "{{ rest_server_parms.conf_dir }}/maintenance.sh"
regexp: '^/usr/bin/restic(\s+)--repo(\s+){{ restic_repo | quote | regex_escape }}(\s+)(.*)$'
line: "/usr/bin/restic --repo {{ restic_repo | quote }} --password-file {{ restic_passwd_file | quote }} forget --prune {{ restic_retention | d('--keep-last 14') }}"
insertbefore: "^# {{ rest_server_parms.maintenance_mark }}"
firstmatch: yes
- name: unset restic repo and password facts
set_fact:
restic_repo: "{{ None }}"
restic_password: "{{ None }}"
restic_passwd_file: "{{ None }}"
no_log: yes
delegate_to: "{{ rest_server_hostname }}"
- name: unset facts
set_fact:
rest_server_parms: "{{ None }}"
rest_server_hostname: "{{ None }}"