Skip to content
Extraits de code Groupes Projets

Comparer les révisions

Les modifications sont affichées comme si la révision source était fusionnée avec la révision cible. En savoir plus sur la comparaison des révisions.

Source

Sélectionner le projet cible
No results found
Sélectionner une révision Git
  • master
  • v1.0.0
  • v1.0.1
  • v1.0.2
  • v1.0.3
  • v1.0.4
  • v1.0.5
  • v1.0.6
  • v1.0.7
  • v1.0.8
  • v1.0.9
11 résultats

Cible

Sélectionner le projet cible
  • lefilament/ansible-roles/backup_server_conf
  • nqb/backup_server_conf
2 résultats
Sélectionner une révision Git
  • master
1 résultat
Afficher les modifications

Commits on Source 11

---
warn_list: # or 'skip_list' to silence them completely
- git-latest # Git checkouts must contain explicit version
- ignore-errors # Use failed_when and specify error conditions instead of using ignore_errors
- no-changed-when # Commands should not change things if nothing needs doing
- no-handler # Tasks that run when changed should likely be handlers
- package-latest # Package installs should not use latest
---
# Based on ansible-lint config
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
# comments enable
comments: enable
comments-indentation: enable
document-start: enable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation:
level: warning
indent-sequences: consistent
spaces: 4
check-multi-line-strings: true
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: enable
new-lines:
type: unix
# trailing-spaces enable
trailing-spaces: enable
truthy: enable
...@@ -42,28 +42,7 @@ This role can be simply executed like follows (gathering facts is not necessary ...@@ -42,28 +42,7 @@ This role can be simply executed like follows (gathering facts is not necessary
become: true become: true
roles: roles:
- { role: backup_server_conf, tags: backup } - { role: backup_server_conf, tags: backup }
vars:
- { swift_cloud_authurl: "https://auth.cloud.ovh.net/v3/" }
- { swift_cloud_authversion: 3 }
- { swift_cloud_tenantid: "12f1e" }
- { swift_cloud_tenantname: "2214534534" }
- { swift_cloud_username: "testuser" }
- { swift_cloud_password: "testpassword" }
- { swift_cloud_regionname: GRA }
- { swift_odoo_authurl: "https://auth.cloud.ovh.net/v3/" }
- { swift_odoo_authversion: 3 }
- { swift_odoo_tenantid: "132e1fa" }
- { swift_odoo_tenantname: "12312534534" }
- { swift_odoo_username: "testuser" }
- { swift_odoo_password: "testpassword" }
- { swift_odoo_regionname: "GRA" }
- { swift_odoo2_authurl: "https://auth.cloud.ovh.net/v3/" }
- { swift_odoo2_authversion: 3 }
- { swift_odoo2_tenantid: "12323534ab" }
- { swift_odoo2_tenantname: "123124235345" }
- { swift_odoo2_username: "testuser" }
- { swift_odoo2_password: "testpassword" }
- { swift_odoo2_regionname: "DE" }
License License
------- -------
......
--- ---
# Parameters for listing backups stored on Object Storage - for Cloud ## Parameters for listing backups stored on Object Storage - for Cloud
swift_cloud_authurl: https://auth.cloud.ovh.net/v3/ swift_cloud_accounts:
swift_cloud_authversion: 3 1:
swift_cloud_tenantid: "12f1e" authurl: https://auth.cloud.ovh.net/v3/
swift_cloud_tenantname: "2214534534" authversion: 3
swift_cloud_username: "testuser" tenantid: "12f1e"
swift_cloud_password: "testpassword" tenantname: "2214534534"
swift_cloud_regionname: GRA regionname: GRA
swift_cloud_credentials:
1:
username: "testuser"
password: "testpassword"
# Parameters for listing backups stored on Object Storage - for Odoo ## Parameters for listing backups stored on Object Storage - for Odoo
swift_odoo_authurl: https://auth.cloud.ovh.net/v3/ swift_odoo_accounts:
swift_odoo_authversion: 3 1:
swift_odoo_tenantid: "132e1fa" authurl: https://auth.cloud.ovh.net/v3/
swift_odoo_tenantname: "12312534534" authversion: 3
swift_odoo_username: "testuser" tenantid: "132e1fa"
swift_odoo_password: "testpassword" tenantname: "12312534534"
swift_odoo_regionname: "GRA" regionname: "GRA"
# Parameters for listing backups stored on Object Storage - for Odoo (2nd backup) 2:
swift_odoo2_authurl: https://auth.cloud.ovh.net/v3/ authurl: https://auth.cloud.ovh.net/v3/
swift_odoo2_authversion: 3 authversion: 3
swift_odoo2_tenantid: "12323534ab" tenantid: "12323534ab"
swift_odoo2_tenantname: "123124235345" tenantname: "123124235345"
swift_odoo2_username: "testuser" regionname: "DE"
swift_odoo2_password: "testpassword"
swift_odoo2_regionname: "DE" swift_odoo_credentials:
1:
username: "testuser"
password: "testpassword"
2:
username: "testuser"
password: "testpassword"
--- ---
- name: restart-sshd - name: Restart SSHD
service: name=sshd state=restarted ansible.builtin.service:
name: sshd
state: restarted
--- ---
galaxy_info: galaxy_info:
author: Rémi author: lefilament
description: Role to configure backup server to allow SFTP connection from all other servers description: Role to configure backup server to allow SFTP connection from all other servers
company: Le Filament (https://le-filament.com) company: Le Filament (https://le-filament.com)
license: AGPL-3.0-or-later license: AGPL-3.0-or-later
min_ansible_version: 2.1 min_ansible_version: "2.1"
platforms: platforms:
- name: CentOS
versions:
- 7
- name: Ubuntu - name: Ubuntu
versions: versions:
- 18.04 - bionic
- 20.04 - focal
galaxy_tags: galaxy_tags:
- backup - backup
- sftp - sftp
--- ---
- name: Create SFTP group - name: Create SFTP group
group: ansible.builtin.group:
name: sftpgroup name: sftpgroup
- name: Create SFTP users - name: Create SFTP users
user: ansible.builtin.user:
name: "{{ hostvars[item].backup_sftp_user }}" name: "{{ hostvars[item].backup_sftp_user }}"
group: sftpgroup group: sftpgroup
password: "!" password: "!"
shell: /sbin/nologin shell: /sbin/nologin
with_items: "{{ groups.all | difference(groups.backup_server) }}" with_items: "{{ groups.all | difference(groups.backup_server) }}"
- name: add SFTP users public key to authorized keys - name: Add SFTP users public key to authorized keys
authorized_key: ansible.posix.authorized_key:
key: "{{ hostvars[item].host_user_public_key }}" key: "{{ hostvars[item].host_user_public_key }}"
user: "{{ hostvars[item].backup_sftp_user }}" user: "{{ hostvars[item].backup_sftp_user }}"
exclusive: true exclusive: true
with_items: "{{ groups.all | difference(groups.backup_server) }}" with_items: "{{ groups.all | difference(groups.backup_server) }}"
- name: Create templates directory
ansible.builtin.file:
name: templates
state: directory
mode: '0755'
connection: local
become: false
delegate_to: localhost
tags: sshd
- name: Get sshd_config file from init_server role locally
ansible.builtin.get_url:
url: "https://sources.le-filament.com/lefilament/ansible-roles/init_server/-/raw/master/templates/sshd_config.j2"
dest: templates/sshd_config.j2
mode: '0644'
connection: local
become: false
delegate_to: localhost
tags: sshd
- name: Copy sshd_config file - name: Copy sshd_config file
template: ansible.builtin.template:
src: ../init_server/templates/sshd_config.j2 src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
owner: root owner: root
group: root group: root
mode: '0644' mode: '0644'
notify: restart-sshd notify: Restart SSHD
tags: sshd tags: sshd
- name: add pip package - name: Add pip package
apt: ansible.builtin.apt:
name: "{{ python_apt_packages }}" name: "{{ python_apt_packages }}"
force: true force: true
install_recommends: false install_recommends: false
- name: check that chroot directory for SFTP users exist - name: Check that chroot directory for SFTP users exist
file: ansible.builtin.file:
name: /backup/sftp name: /backup/sftp
state: directory state: directory
owner: root owner: root
group: root group: root
mode: '0755' mode: '0755'
- name: check that directories for SFTP for all servers exist - name: Check that directories for SFTP for all servers exist
file: ansible.builtin.file:
name: /backup/sftp/{{ hostvars[item].inventory_hostname | lower }} name: /backup/sftp/{{ hostvars[item].inventory_hostname | lower }}
state: directory state: directory
owner: "{{ hostvars[item].backup_sftp_user }}" owner: "{{ hostvars[item].backup_sftp_user }}"
...@@ -52,8 +72,8 @@ ...@@ -52,8 +72,8 @@
mode: '0755' mode: '0755'
with_items: "{{ groups.all | difference(groups.backup_server) }}" with_items: "{{ groups.all | difference(groups.backup_server) }}"
- name: check that directory for collecting openstack Cloud facts exists - name: Check that directory for collecting openstack Cloud facts exists
file: ansible.builtin.file:
name: /backup/{{ item }} name: /backup/{{ item }}
state: directory state: directory
owner: lefilament owner: lefilament
...@@ -64,14 +84,16 @@ ...@@ -64,14 +84,16 @@
- odoo - odoo
- odoo2 - odoo2
- versions - versions
- versions/apt
- versions/pip3
- name: install swift client - name: Install swift client
pip: ansible.builtin.pip:
name: "{{ swift_pip_packages }}" name: "{{ swift_pip_packages }}"
- name: Copy OpenStack Fact Collection scripts on server - name: Copy OpenStack Fact Collection scripts on server
template: ansible.builtin.template:
src: "{{ item.script }}.j2" src: "{{ item.template }}"
dest: /root/{{ item.script }} dest: /root/{{ item.script }}
owner: root owner: root
group: root group: root
...@@ -80,8 +102,8 @@ ...@@ -80,8 +102,8 @@
loop_control: loop_control:
label: '{{ item.name }}' label: '{{ item.name }}'
- name: add cron job to retrieve backup list every day - name: Add cron job to retrieve backup list every day
cron: ansible.builtin.cron:
name: "{{ item.name }}" name: "{{ item.name }}"
minute: "{{ item.minute }}" minute: "{{ item.minute }}"
hour: "{{ item.hour }}" hour: "{{ item.hour }}"
......
...@@ -10,6 +10,22 @@ if [ -f /backup/sftp/{{ host|lower }}/{{ host|lower }}.$TODAY ] ...@@ -10,6 +10,22 @@ if [ -f /backup/sftp/{{ host|lower }}/{{ host|lower }}.$TODAY ]
then then
mv /backup/sftp/{{ host|lower }}/{{ host|lower }}.$TODAY /backup/versions/ mv /backup/sftp/{{ host|lower }}/{{ host|lower }}.$TODAY /backup/versions/
fi fi
if [ -f /backup/sftp/{{ host|lower }}/apt_{{ host|lower }}.$TODAY ]
then
mv /backup/sftp/{{ host|lower }}/apt_{{ host|lower }}.$TODAY /backup/versions/
fi
if [ -f /backup/sftp/{{ host|lower }}/apt-hr_{{ host|lower }}.$TODAY ]
then
mv /backup/sftp/{{ host|lower }}/apt-hr_{{ host|lower }}.$TODAY /backup/versions/
fi
if [ -f /backup/sftp/{{ host|lower }}/pip3_{{ host|lower }}.$TODAY ]
then
mv /backup/sftp/{{ host|lower }}/pip3_{{ host|lower }}.$TODAY /backup/versions/
fi
if [ -f /backup/sftp/{{ host|lower }}/pip3-hr_{{ host|lower }}.$TODAY ]
then
mv /backup/sftp/{{ host|lower }}/pip3-hr_{{ host|lower }}.$TODAY /backup/versions/
fi
{% if host in groups['docker'] %} {% if host in groups['docker'] %}
if [ -f /backup/sftp/{{ host|lower }}/{{ host|lower }}-docker.$TODAY ] if [ -f /backup/sftp/{{ host|lower }}/{{ host|lower }}-docker.$TODAY ]
then then
...@@ -21,3 +37,19 @@ if [ -f /home/{{ host_user }}/versions/{{ inventory_hostname|lower }}.$TODAY ] ...@@ -21,3 +37,19 @@ if [ -f /home/{{ host_user }}/versions/{{ inventory_hostname|lower }}.$TODAY ]
then then
cp -a /home/{{ host_user }}/versions/{{ inventory_hostname|lower }}.$TODAY /backup/versions/ cp -a /home/{{ host_user }}/versions/{{ inventory_hostname|lower }}.$TODAY /backup/versions/
fi fi
if [ -f /home/{{ host_user }}/versions/apt_{{ inventory_hostname|lower }}.$TODAY ]
then
cp -a /home/{{ host_user }}/versions/apt_{{ inventory_hostname|lower }}.$TODAY /backup/versions/
fi
if [ -f /home/{{ host_user }}/versions/pip3_{{ inventory_hostname|lower }}.$TODAY ]
then
cp -a /home/{{ host_user }}/versions/pip3_{{ inventory_hostname|lower }}.$TODAY /backup/versions/
fi
if [ -f /home/{{ host_user }}/versions/apt-hr_{{ inventory_hostname|lower }}.$TODAY ]
then
cp -a /home/{{ host_user }}/versions/apt-hr_{{ inventory_hostname|lower }}.$TODAY /backup/versions/
fi
if [ -f /home/{{ host_user }}/versions/pip3-hr_{{ inventory_hostname|lower }}.$TODAY ]
then
cp -a /home/{{ host_user }}/versions/pip3-hr_{{ inventory_hostname|lower }}.$TODAY /backup/versions/
fi
...@@ -5,24 +5,27 @@ ...@@ -5,24 +5,27 @@
# Configure variables # Configure variables
export OS_AUTH_URL="{{ swift_cloud_authurl }}" export OS_AUTH_URL="{{ item.account.authurl }}"
export OS_IDENTITY_API_VERSION={{ swift_cloud_authversion }} export OS_IDENTITY_API_VERSION={{ item.account.authversion }}
export OS_TENANT_ID="{{ swift_cloud_tenantid }}" export OS_TENANT_ID="{{ item.account.tenantid }}"
export OS_TENANT_NAME="{{ swift_cloud_tenantname }}" export OS_TENANT_NAME="{{ item.account.tenantname }}"
export OS_USERNAME="{{ swift_cloud_username }}" export OS_USERNAME="{{ item.credential.username }}"
export OS_PASSWORD="{{ swift_cloud_password }}" export OS_PASSWORD="{{ item.credential.password }}"
export OS_REGION_NAME="{{ swift_cloud_regionname }}" export OS_REGION_NAME="{{ item.account.regionname }}"
TODAY=`date +%F` TODAY=`date --utc +%F`
for container in `/usr/local/bin/swift list` for container in `/usr/local/bin/swift list`
do do
file="/backup/cloud/$container.$TODAY" {% if item.type == "cloud" %}
[[ "$container" == *'_segments' ]] && continue
{% endif %}
file="/backup/{{ item.type }}/$container.$TODAY"
printf "DATE = $TODAY" > $file printf "DATE = $TODAY" > $file
printf "\n\n-- STATS --\n" >> $file printf "\n\n-- STATS --\n" >> $file
/usr/local/bin/swift stat --lh $container >> $file /usr/local/bin/swift stat --lh $container >> $file
printf "\n\n-- LIST FILES --\n" >> $file printf "\n\n-- LIST FILES --\n" >> $file
/usr/local/bin/swift list --lh $container >> $file /usr/local/bin/swift list --lh $container >> $file
cp $file /backup/cloud/$container.latest cp $file /backup/{{ item.type }}/$container.latest
chmod 644 $file /backup/cloud/$container.latest chmod 644 $file /backup/{{ item.type }}/$container.latest
done done
#!/bin/bash
# Copyright © 2019 Le Filament (<http://www.le-filament.com>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
# Configure variables
export OS_AUTH_URL="{{ swift_odoo2_authurl }}"
export OS_IDENTITY_API_VERSION={{ swift_odoo2_authversion }}
export OS_TENANT_ID="{{ swift_odoo2_tenantid }}"
export OS_TENANT_NAME="{{ swift_odoo2_tenantname }}"
export OS_USERNAME="{{ swift_odoo2_username }}"
export OS_PASSWORD="{{ swift_odoo2_password }}"
export OS_REGION_NAME="{{ swift_odoo2_regionname }}"
TODAY=`date +%F`
for container in `/usr/local/bin/swift list`
do
file="/backup/odoo2/$container.$TODAY"
printf "DATE = $TODAY" > $file
printf "\n\n-- STATS --\n" >> $file
/usr/local/bin/swift stat --lh $container >> $file
printf "\n\n-- LIST FILES --\n" >> $file
/usr/local/bin/swift list --lh $container >> $file
cp $file /backup/odoo2/$container.latest
chmod 644 $file /backup/odoo2/$container.latest
done
#!/bin/bash
# Copyright © 2019 Le Filament (<http://www.le-filament.com>)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl.html).
# Configure variables
export OS_AUTH_URL="{{ swift_odoo_authurl }}"
export OS_IDENTITY_API_VERSION={{ swift_odoo_authversion }}
export OS_TENANT_ID="{{ swift_odoo_tenantid }}"
export OS_TENANT_NAME="{{ swift_odoo_tenantname }}"
export OS_USERNAME="{{ swift_odoo_username }}"
export OS_PASSWORD="{{ swift_odoo_password }}"
export OS_REGION_NAME="{{ swift_odoo_regionname }}"
TODAY=`date +%F`
for container in `/usr/local/bin/swift list`
do
file="/backup/odoo/$container.$TODAY"
printf "DATE = $TODAY" > $file
printf "\n\n-- STATS --\n" >> $file
/usr/local/bin/swift stat --lh $container >> $file
printf "\n\n-- LIST FILES --\n" >> $file
/usr/local/bin/swift list --lh $container >> $file
cp $file /backup/odoo/$container.latest
chmod 644 $file /backup/odoo/$container.latest
done
...@@ -11,18 +11,31 @@ swift_pip_packages: ...@@ -11,18 +11,31 @@ swift_pip_packages:
collect_backups: collect_backups:
- name: "check openstack cloud facts" - name: "check openstack cloud facts"
template: retrieve_openstack_facts.sh.j2
script: retrieve_openstack_cloud_facts.sh script: retrieve_openstack_cloud_facts.sh
hour: 6 type: "cloud"
minute: 43 account: "{{ swift_cloud_accounts.1 }}"
credential: "{{ swift_cloud_credentials.1 }}"
hour: 4
minute: 30
- name: "check openstack odoo facts" - name: "check openstack odoo facts"
template: retrieve_openstack_facts.sh.j2
script: retrieve_openstack_odoo_facts.sh script: retrieve_openstack_odoo_facts.sh
hour: 6 type: "odoo"
minute: 13 account: "{{ swift_odoo_accounts.1 }}"
credential: "{{ swift_odoo_credentials.1 }}"
hour: 4
minute: 45
- name: "check openstack odoo2 facts" - name: "check openstack odoo2 facts"
template: retrieve_openstack_facts.sh.j2
script: retrieve_openstack_odoo2_facts.sh script: retrieve_openstack_odoo2_facts.sh
hour: 8 type: "odoo2"
minute: 33 account: "{{ swift_odoo_accounts.2 }}"
credential: "{{ swift_odoo_credentials.2 }}"
hour: 2
minute: 0
- name: "move versioned files" - name: "move versioned files"
template: move_versioned_files.sh.j2
script: move_versioned_files.sh script: move_versioned_files.sh
hour: 3 hour: 7
minute: 43 minute: 0