From 59f173a018fa6a99de620d8133b09b18c2a47d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Wed, 5 Jun 2019 13:53:19 -0400 Subject: [PATCH] add role files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Jakub SokoĊ‚owski --- README.md | 22 +++++++++++++++ defaults/main.yml | 26 ++++++++++++++++++ tasks/backups.yml | 27 +++++++++++++++++++ tasks/main.yml | 3 +++ tasks/s3cmd.yml | 30 +++++++++++++++++++++ templates/backup.sh | 12 +++++++++ templates/s3cfg.j2 | 65 +++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 185 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 tasks/backups.yml create mode 100644 tasks/main.yml create mode 100644 tasks/s3cmd.yml create mode 100644 templates/backup.sh create mode 100644 templates/s3cfg.j2 diff --git a/README.md b/README.md new file mode 100644 index 0000000..f5ff81a --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# Description + +This role is intended for uploading backups to DigitalOcean Spaces using the [`s3cmd`]() script. + +# Usage + +This role should be included by anothe role and ran with certain variables: +```yaml +- name: Configure Ghost backups + include_role: + name: s3cmd-backup + vars: + backup_name: my-app-backups + backup_number: 1 + backup_hour: 4 + backup_day: '*/4' + backup_directory: '/var/tmp/backups' + backup_base_domain: 'ams3.digitaloceanspaces.com' + backup_bucket_name: 'my-app-backups' + backup_access_key: 'ACCESS_KEY' + backup_secret_key: 'SECRET_KEY' +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..c26df60 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,26 @@ +--- +# For uploading backups +s3cmd_version: '2.0.1' +s3cmd_name: 's3cmd-{{ s3cmd_version }}' +s3cmd_archive: '{{ s3cmd_name }}.tar.gz' +s3cmd_checksum: 'md5:ef525ec3bd2d430b10130de54f85e8bc' +s3cmd_url: 'https://github.com/s3tools/s3cmd/releases/download/v{{ s3cmd_version }}/{{ s3cmd_archive }}' + +# Backup timing +backup_hour: 2 +backup_minute: 0 +backup_day: '*' +backup_month: '*' +# Number of most recent files to backup +backup_number: 1 + +# Digital Ocean Spaces configuration +backup_name: 'default' +backup_directory: ~ +backup_script: '/var/lib/backups/{{ backup_name }}_backup.sh' +backup_base_domain: ams3.digitaloceanspaces.com +# example: s3://discourse-backups +backup_bucket_name: ~ +backup_encryption_pass: ~ +backup_access_key: ~ +backup_secret_key: ~ diff --git a/tasks/backups.yml b/tasks/backups.yml new file mode 100644 index 0000000..05f8ed0 --- /dev/null +++ b/tasks/backups.yml @@ -0,0 +1,27 @@ +--- +- name: Create directory for backup script + file: + path: '{{ item }}' + state: directory + group: adm + mode: 0775 + with_items: + - /var/tmp/backups + - /var/lib/backups + +- name: Create backup script + template: + src: backup.sh + dest: '{{ backup_script }}' + mode: 0755 + +- name: Configure a cron job for backups + cron: + name: Upload Discourse Backups + # backup happens at 03:30 UTC + hour: '{{ backup_hour }}' + minute: '{{ backup_minute }}' + day: '{{ backup_day }}' + month: '{{ backup_month }}' + job: '{{ backup_script }}' + user: root diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..551be4e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- include_tasks: s3cmd.yml +- include_tasks: backups.yml diff --git a/tasks/s3cmd.yml b/tasks/s3cmd.yml new file mode 100644 index 0000000..b7c2de8 --- /dev/null +++ b/tasks/s3cmd.yml @@ -0,0 +1,30 @@ +--- +- name: Check if s3cmd is installed + stat: + path: /usr/local/bin/s3cmd + register: s3cmd + +- name: Download s3cmd archive + get_url: + url: '{{ s3cmd_url }}' + dest: /tmp + when: not s3cmd.stat.exists + +- name: Extract s3cmd archive + unarchive: + src: '/tmp/{{ s3cmd_archive }}' + dest: /tmp + remote_src: yes + when: not s3cmd.stat.exists + +- name: Install s3cmd + command: python setup.py install + args: + chdir: '/tmp/{{ s3cmd_name }}' + when: not s3cmd.stat.exists + +- name: Create s3cmd config + template: + src: s3cfg.j2 + dest: /root/.s3cfg + mode: 0400 diff --git a/templates/backup.sh b/templates/backup.sh new file mode 100644 index 0000000..39d17c6 --- /dev/null +++ b/templates/backup.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +BACKUPS_NUM='{{ backup_number }}' +BACKUPS_DIR='{{ backup_directory }}' +BUCKET_NAME='{{ backup_bucket_name }}' +# Find most recent archive +ARCHIVES=$(ls -Art ${BACKUPS_DIR} | tail -n ${BACKUPS_NUM}) + +for ARCHIVE in ${ARCHIVES}; do + echo "Uploading: ${ARCHIVE} >> ${BUCKET_NAME}" + /usr/local/bin/s3cmd put "${BACKUPS_DIR}/${ARCHIVE}" "${BUCKET_NAME}" +done diff --git a/templates/s3cfg.j2 b/templates/s3cfg.j2 new file mode 100644 index 0000000..14c52e7 --- /dev/null +++ b/templates/s3cfg.j2 @@ -0,0 +1,65 @@ +[default] +host_base = {{ backup_base_domain }} +host_bucket = %(bucket)s.{{ backup_base_domain }} +access_key = {{ backup_access_key }} +secret_key = {{ backup_secret_key }} +{% if backup_encryption_pass %} +encrypt = True +gpg_passphrase = {{ backup_encryption_pass }} +{% else %} +encrypt = False +{% endif %} +bucket_location = US +check_ssl_certificate = True +check_ssl_hostname = True +default_mime_type = binary/octet-stream +delay_updates = False +delete_after = False +delete_after_fetch = False +delete_removed = False +dry_run = False +enable_multipart = True +follow_symlinks = False +force = False +get_continue = False +gpg_command = /usr/bin/gpg +gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s +guess_mime_type = True +human_readable_sizes = False +invalidate_default_index_on_cf = False +invalidate_default_index_root_on_cf = True +invalidate_on_cf = False +limit = -1 +limitrate = 0 +list_md5 = False +long_listing = False +max_delete = -1 +multipart_chunk_size_mb = 15 +multipart_max_chunks = 10000 +preserve_attrs = True +progress_meter = True +proxy_port = 0 +put_continue = False +recursive = False +recv_chunk = 65536 +reduced_redundancy = False +requester_pays = False +restore_days = 1 +restore_priority = Standard +send_chunk = 65536 +server_side_encryption = False +signature_v2 = False +signurl_use_https = False +skip_existing = False +socket_timeout = 300 +stats = False +stop_on_error = False +throttle_max = 100 +urlencoding_mode = normal +use_http_expect = False +use_https = True +use_mime_magic = True +verbosity = WARNING +website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/ +website_index = index.html