diff options
Diffstat (limited to '')
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | action_plugins/borg_init.py | 2 | ||||
-rw-r--r-- | tasks/client.yml | 25 | ||||
-rw-r--r-- | tasks/client_init.yml | 12 | ||||
-rw-r--r-- | tasks/main.yml | 3 | ||||
-rw-r--r-- | tasks/server.yml | 7 | ||||
-rw-r--r-- | templates/authorized_keys | 3 | ||||
-rw-r--r-- | templates/backup.sh.j2 | 6 |
8 files changed, 36 insertions, 26 deletions
@@ -39,6 +39,10 @@ julien@yen:~/git/adyxax/ansible$ cat setup.yml ... ``` +## Upgrade notes from version 1.x to 2.x + +Version 2.x changes the repository path: `/srv/borg/repos/<hostname` becomes `/srv/borg/repos/<fqdn>`. You should move org rename the folders manually on your servers, the role will not do it for you. If you don't, running your usual playbook will create new borg repositories with the fqdn and leave the previous ones alone. + ## Configuration First of all you only need to configure hosts that are backup clients. There are several `host_vars` you can define to this effect : diff --git a/action_plugins/borg_init.py b/action_plugins/borg_init.py index ea07f20..ea62145 100644 --- a/action_plugins/borg_init.py +++ b/action_plugins/borg_init.py @@ -29,7 +29,7 @@ class ActionModule(ActionBase): } for hostname, hostvars in task_vars['hostvars'].items() : if 'borg_server' in hostvars.keys() and hostvars['borg_server'] == task_vars['ansible_host']: - server['clients'].append(hostname) + server['clients'].append({'hostname': hostname, 'pubkey': hostvars['ansible_local']['borg']['pubkey']}) ### Borg client variables ############################################ client = { diff --git a/tasks/client.yml b/tasks/client.yml index ef28c53..073cea0 100644 --- a/tasks/client.yml +++ b/tasks/client.yml @@ -1,23 +1,4 @@ --- -- name: generate borg ssh key on client - openssh_keypair: - owner: root - mode: 0400 - path: /root/.ssh/borg - type: ed25519 - register: borg_ssh_key - -- name: reload ansible_local - setup: filter=ansible_local - when: borg_ssh_key.changed - -- name: Enforce borg authorized key on server - authorized_key: - user: borg - key: "{{ ansible_local.borg.pubkey }}" - key_options: 'command="borg serve --restrict-to-path /srv/borg/repos/{{ ansible_hostname }}",restrict' - delegate_to: "{{ borg_server }}" - - name: make the server known to the client lineinfile: line: "{{ borg_server }} ecdsa-sha2-nistp256 {{ hostvars[borg_server]['ansible_ssh_host_key_ecdsa_public'] }}" @@ -25,14 +6,14 @@ create: yes - name: create borg client repo on server - shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}" - when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined + shell: "borg init --rsh \"ssh -i /root/.ssh/borg\" --encryption=none borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }}" + when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined - name: reload ansible_local setup: filter=ansible_local delegate_to: "{{ borg_server }}" delegate_facts: True - when: hostvars[borg_server]['ansible_local']['borg']['repos'][ansible_hostname] is not defined + when: hostvars[borg_server]['ansible_local']['borg']['repos'][inventory_hostname] is not defined - name: deploy borg backup script template: diff --git a/tasks/client_init.yml b/tasks/client_init.yml new file mode 100644 index 0000000..251bee4 --- /dev/null +++ b/tasks/client_init.yml @@ -0,0 +1,12 @@ +--- +- name: generate borg ssh key on client + openssh_keypair: + owner: root + mode: 0400 + path: /root/.ssh/borg + type: ed25519 + register: borg_ssh_key + +- name: reload ansible_local + setup: filter=ansible_local + #when: borg_ssh_key.changed diff --git a/tasks/main.yml b/tasks/main.yml index 8832443..2606ecf 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,7 @@ --- +- import_tasks: client_init.yml + when: borg_server is defined + - action: borg_validate - action: borg_init diff --git a/tasks/server.yml b/tasks/server.yml index 78754a2..ce731f6 100644 --- a/tasks/server.yml +++ b/tasks/server.yml @@ -24,4 +24,11 @@ - /srv/borg - /srv/borg/.ssh - /srv/borg/repos + +- name: deploy borg authorized_keys + template: + dest: /srv/borg/.ssh/authorized_keys + src: authorized_keys + owner: borg + mode: 0400 ... diff --git a/templates/authorized_keys b/templates/authorized_keys new file mode 100644 index 0000000..49c8820 --- /dev/null +++ b/templates/authorized_keys @@ -0,0 +1,3 @@ +{% for client in borg.server.clients %} +command="borg serve --restrict-to-path /srv/borg/repos/{{ client.hostname }}",restrict {{ client.pubkey }} +{% endfor %} diff --git a/templates/backup.sh.j2 b/templates/backup.sh.j2 index 3937dfc..57d1854 100644 --- a/templates/backup.sh.j2 +++ b/templates/backup.sh.j2 @@ -15,13 +15,13 @@ export BORG_RSH="ssh -i /root/.ssh/borg" {{ job.pre_command }} {% endif %} {% if job.command_to_pipe is defined %} -{{ job.command_to_pipe }} | borg create borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} - +{{ job.command_to_pipe }} | borg create borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }}::{{ job.name }}-{now} - {% else %} -borg create {% for exclude in job.exclude|default([]) %} --exclude {{ exclude }}{% endfor %} borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }}::{{ job.name }}-{now} {{ job.path }} +borg create {% for exclude in job.exclude|default([]) %} --exclude {{ exclude }}{% endfor %} borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }}::{{ job.name }}-{now} {{ job.path }} {% endif %} {% if job.post_command is defined %} {{ job.post_command }} {% endif %} {% endfor %} -borg prune borg@{{ borg_server }}:/srv/borg/repos/{{ ansible_hostname }} {{ borg_prune_arguments }} +borg prune borg@{{ borg_server }}:/srv/borg/repos/{{ inventory_hostname }} {{ borg_prune_arguments }} |