the-nine-worlds/ansible-edda
the-nine-worlds/ansible-edda
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Seprate snapshots/restic backups roles

Browse Source
This commit is contained in:
Wojciech Kozlowski 2023-02-12 16:37:48 +01:00
parent 730b616640
commit 226bd0369f
26 changed files with 130 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
group_vars/all/vars.yml → inventory/group_vars/all/vars.yml
View File

0
group_vars/asgard/vars.yml → inventory/group_vars/asgard/vars.yml
View File

0
group_vars/bifrost/vars.yml → inventory/group_vars/bifrost/vars.yml
View File

0
group_vars/home/vars.yml → inventory/group_vars/home/vars.yml
View File

0
group_vars/remote/vars.yml → inventory/group_vars/remote/vars.yml
View File

28
inventory/group_vars/restic/vars.yml Normal file
View File

@ -0,0 +1,28 @@
---
# --------------------------------------------------------------------------------------------------
# services:backups
# --------------------------------------------------------------------------------------------------
services_backups_restic_restic_password: "{{ vault_services_backups_restic_restic_password }}"
services_backups_restic_aws_access_key_id: "{{ vault_services_backups_restic_aws_access_key_id }}"
services_backups_restic_aws_secret_access_key: "\
{{ vault_services_backups_restic_aws_secret_access_key }}"
services_backups_restic_aws_bucket_endpoint: "\
{{ vault_services_backups_restic_aws_bucket_endpoint }}"
services_backups_restic_services: "\
{% set services_backups_restic_service = {} %}\
{% for service in services_host_services.keys() %}\
{{ services_backups_restic_service.update(
{ service: {
'aws_access_key_id': services_backups_restic_aws_access_key_id,
'aws_secret_access_key': services_backups_restic_aws_secret_access_key,
'aws_keys_file': '/etc/restic-aws-keys.yml',
'aws_bucket_endpoint': services_backups_restic_aws_bucket_endpoint,
'aws_bucket_prefix': ( 'the-nine-worlds---pod-' ~ service ),
'restic_password': services_backups_restic_restic_password,
'restic_password_file': '/etc/restic.password',
'restic_keep_daily': 30,
'restic_keep_monthly': 3,
}}
) }}\
{% endfor %}\
{{ services_backups_restic_service }}"

0
host_vars/heimdall/vars.yml → inventory/host_vars/heimdall/vars.yml
View File

0
host_vars/valkyrie/vars.yml → inventory/host_vars/valkyrie/vars.yml
View File

25
host_vars/yggdrasil/vars.yml → inventory/host_vars/yggdrasil/vars.yml
View File

@ -96,28 +96,3 @@ services_backups_snapshots_services: "\
) }}\
{% endfor %}\
{{ services_backups_snapshots_service }}"
services_backups_restic_restic_password: "{{ vault_services_backups_restic_restic_password }}"
services_backups_restic_aws_access_key_id: "{{ vault_services_backups_restic_aws_access_key_id }}"
services_backups_restic_aws_secret_access_key: "\
{{ vault_services_backups_restic_aws_secret_access_key }}"
services_backups_restic_aws_bucket_endpoint: "\
{{ vault_services_backups_restic_aws_bucket_endpoint }}"
services_backups_restic_services: "\
{% set services_backups_restic_service = {} %}\
{% for service in services_host_services.keys() %}\
{{ services_backups_restic_service.update(
{ service: {
'aws_access_key_id': services_backups_restic_aws_access_key_id,
'aws_secret_access_key': services_backups_restic_aws_secret_access_key,
'aws_keys_file': '/etc/restic-aws-keys.yml',
'aws_bucket_endpoint': services_backups_restic_aws_bucket_endpoint,
'aws_bucket_prefix': ( 'the-nine-worlds---pod-' ~ service ),
'restic_password': services_backups_restic_restic_password,
'restic_password_file': '/etc/restic.password',
'restic_keep_daily': 30,
'restic_keep_monthly': 3,
}}
) }}\
{% endfor %}\
{{ services_backups_restic_service }}"

4
production → inventory/production
View File

@ -14,6 +14,10 @@ heimdall
valkyrie
yggdrasil
# Hosts with restic backups.
[restic]
yggdrasil
# --------------------------------------------------------------------------------------------------
# Network.
# --------------------------------------------------------------------------------------------------

4
testing → inventory/testing
View File

@ -18,6 +18,10 @@ heimdall
valkyrie
yggdrasil
# Hosts with restic backups.
[restic]
yggdrasil
# --------------------------------------------------------------------------------------------------
# Network.
# --------------------------------------------------------------------------------------------------

4
playbooks/backups.yml
View File

@ -4,5 +4,9 @@
roles:
- role: "backups/snapshots/setup"
tags: "backups:snapshots:setup"
- name: "backups : restic"
hosts: "restic"
roles:
- role: "backups/restic/setup"
tags: "backups:restic:setup"

4
playbooks/backups_start.yml
View File

@ -4,5 +4,9 @@
roles:
- role: "backups/snapshots/start"
tags: "backups:snapshots:start"
- name: "backups : restic"
hosts: "restic"
roles:
- role: "backups/restic/start"
tags: "backups:restic:start"

4
playbooks/backups_stop.yml
View File

@ -4,5 +4,9 @@
roles:
- role: "backups/snapshots/stop"
tags: "backups:snapshots:stop"
- name: "backups : restic"
hosts: "restic"
roles:
- role: "backups/restic/stop"
tags: "backups:restic:stop"

0
playbooks/roles/services/backups/vars/main.yml → playbooks/roles/services/backups/include/vars/main.yml
View File

17
playbooks/roles/services/backups/restic/meta/argument_specs.yml Normal file
View File

@ -0,0 +1,17 @@
---
argument_specs:
main:
options:
ansible_hostname:
type: "str"
required: true
services_service_name:
type: "str"
required: true
services_data_dataset:
type: "str"
required: true
services_backups_restic_services:
type: "dict"
elem: "dict"
required: true

28
playbooks/roles/services/backups/restic/tasks/main.yml Normal file
View File

@ -0,0 +1,28 @@
---
- name: "{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "services/include"
vars_from: "user"
- name: "{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "services/backups/include"
vars_from: "main"
- name: "{{ services_service_name }} : create restic password file"
ansible.builtin.template:
src: "./restic.password.j2"
dest: "{{ services_backups_restic_services[services_service_name].restic_password_file }}"
mode: 0600
- name: "{{ services_service_name }} : create aws key file"
ansible.builtin.template:
src: "./restic-aws-keys.yml.j2"
dest: "{{ services_backups_restic_services[services_service_name].aws_keys_file }}"
mode: 0600
- name: "{{ services_service_name }} : configure service restic backups"
ansible.builtin.template:
src: "./restic-volumes-service.yml.j2"
dest: "/etc/restic-batch.d/restic-volumes-{{ services_service_name }}.yml"
mode: 0644

0
playbooks/roles/services/backups/templates/restic/restic-aws-keys.yml.j2 → playbooks/roles/services/backups/restic/templates/restic-aws-keys.yml.j2
View File

0
playbooks/roles/services/backups/templates/restic/restic-volumes-service.yml.j2 → playbooks/roles/services/backups/restic/templates/restic-volumes-service.yml.j2
View File

0
playbooks/roles/services/backups/templates/restic/restic.password.j2 → playbooks/roles/services/backups/restic/templates/restic.password.j2
View File

4
playbooks/roles/services/backups/meta/argument_specs.yml → playbooks/roles/services/backups/snapshots/meta/argument_specs.yml
View File

@ -15,7 +15,3 @@ argument_specs:
type: "dict"
elem: "dict"
required: true
services_backups_restic_services:
type: "dict"
elem: "dict"
required: true

16
playbooks/roles/services/backups/tasks/include/snapshots.yml → playbooks/roles/services/backups/snapshots/tasks/main.yml
View File

@ -1,5 +1,15 @@
---
- name: "{{ services_service_name }} : snapshots : configure service sanoid snapshots"
- name: "{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "services/include"
vars_from: "user"
- name: "{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "services/backups/include"
vars_from: "main"
- name: "{{ services_service_name }} : configure service sanoid snapshots"
ansible.builtin.blockinfile:
path: "/etc/sanoid/sanoid.conf"
insertbefore: "# BEGIN ANSIBLE MANAGED BLOCK TEMPLATES #"
@ -15,8 +25,8 @@
recursive = yes
process_children_only = yes
- name: "{{ services_service_name }} : snapshots : configure service syncoid snapshots"
- name: "{{ services_service_name }} : configure service syncoid snapshots"
ansible.builtin.template:
src: "./snapshots/syncoid-volumes-service.yml.j2"
src: "./syncoid-volumes-service.yml.j2"
dest: "/etc/syncoid-batch.d/syncoid-volumes-{{ services_service_name }}.yml"
mode: 0644

0
playbooks/roles/services/backups/templates/snapshots/syncoid-volumes-service.yml.j2 → playbooks/roles/services/backups/snapshots/templates/syncoid-volumes-service.yml.j2
View File

18
playbooks/roles/services/backups/tasks/include/restic.yml
View File

@ -1,18 +0,0 @@
---
- name: "{{ services_service_name }} : restic : create restic password file"
ansible.builtin.template:
src: "./restic/restic.password.j2"
dest: "{{ services_backups_restic_services[services_service_name].restic_password_file }}"
mode: 0600
- name: "{{ services_service_name }} : restic : create aws key file"
ansible.builtin.template:
src: "./restic/restic-aws-keys.yml.j2"
dest: "{{ services_backups_restic_services[services_service_name].aws_keys_file }}"
mode: 0600
- name: "{{ services_service_name }} : restic : configure service restic backups"
ansible.builtin.template:
src: "./restic/restic-volumes-service.yml.j2"
dest: "/etc/restic-batch.d/restic-volumes-{{ services_service_name }}.yml"
mode: 0644

26
playbooks/roles/services/backups/tasks/main.yml
View File

@ -1,26 +0,0 @@
---
- name: "play:services : role:backups:{{ services_service_name }} : tasks:vars"
ansible.builtin.import_role:
name: "services/include"
vars_from: "user"
tags:
- "services:backups:snapshots"
- "services:backups:{{ services_service_name }}:snapshots"
- "services:{{ services_service_name }}:backups:snapshots"
- "services:backups:restic"
- "services:backups:{{ services_service_name }}:restic"
- "services:{{ services_service_name }}:backups:restic"
- name: "play:services : role:backups : tasks:snapshots"
ansible.builtin.import_tasks: "include/snapshots.yml"
tags:
- "services:backups:snapshots"
- "services:backups:{{ services_service_name }}:snapshots"
- "services:{{ services_service_name }}:backups:snapshots"
- name: "play:services : role:backups : tasks:restic"
ansible.builtin.import_tasks: "include/restic.yml"
tags:
- "services:backups:restic"
- "services:backups:{{ services_service_name }}:restic"
- "services:{{ services_service_name }}:backups:restic"

28
playbooks/services.yml
View File

@ -91,15 +91,35 @@
loop_var: "services_service_name"
tags: "always"
- name: "backups"
- name: "backups : snapshots"
ansible.builtin.include_role:
name: "services/backups"
name: "services/backups/snapshots"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:backups"
- "services:backups:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups"
- "services:backups:snapshots"
- "services:backups:snapshots:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups:snapshots"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"
tags: "always"
- name: "services : restic"
hosts: "restic"
tasks:
- name: "backups : restic"
ansible.builtin.include_role:
name: "services/backups/restic"
apply:
tags:
- "services:{{ services_service_name }}"
- "services:backups"
- "services:backups:restic"
- "services:backups:restic:{{ services_service_name }}"
- "services:{{ services_service_name }}:backups:restic"
loop: "{{ services_host_services | dict2items | map(attribute='key') }}"
loop_control:
loop_var: "services_service_name"