add export service

2021-06-06 01:37:01 +02:00 · 2021-06-06 01:37:01 +02:00 · dbb78ed37f
commit dbb78ed37f
parent d01de238a7
7 changed files with 86 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -5,6 +5,29 @@
 All configuration is to be placed inside the `backups` dict.
 ```
 # Settings for all backup related timers.
 jobs:
 	retention:
 		# Can be used to enable/disable the job
 		enabled: true
 		# Time this job runs on, random by default
 		OnCalendar: "hh:mm"
 	run:
 		# Can be used to enable/disable the job
 		enabled: true
 		# Time this job runs on, random by default
 		OnCalendar: "hh:mm"
 	check:
 		# Can be used to enable/disable the job
 		enabled: true
 		# Time this job runs on, random by default
 		OnCalendar: "hh:mm"
 	export:
 		# Can be used to enable/disable the job
 		enabled: false
 		# Time this job runs on, random by default
 		OnCalendar: "hh:mm"
 # backend specific settings
 backends:
 	# restic specific settings
@ -33,6 +56,18 @@ retention:
 	months: 12
 	years: 3
 # Settings for the export task
 export:
 	# list of all remote destinations the backup should be exported to
 	destinations: []
 	# every element of this list describes an export target
 #	- user: root
 #	  host: localhost
 #	  remotepath: /
 #	  type: rsync
 #	  port: 22
 #	  key: "/etc/backup-client/id_ed25519"
 # keys are strings with glob patterns of files to be excluded. Value musst be true to enable the exclude, false to disable it
 # Only supportet in restic based backups
 exclude_files: {}
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -9,6 +9,9 @@ backups:
    check:
      enabled: true
      OnCalendar: "monday 5:{{ 60|random(seed=(inventory_hostname + 'backups_jobs')) }}"
    export:
      enabled: false
      OnCalendar: "{{ [21,22,23]|random(seed=(inventory_hostname + 'backups_export_h')) }}:{{ 60|random(seed=(inventory_hostname + 'backups_export_m')) }}"
  backends:
    restic:
      url: /var/backup-client/restic
@ -21,6 +24,8 @@ backups:
    weeks: 16
    months: 12
    years: 3
  export:
    destinations: []
  exclude_files:
    '/tmp': true
    '/var/tmp': true
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -7,6 +7,7 @@
    - check
    - retention
    - run
    - export
  systemd:
    name: "backup-{{ item }}.timer"
    enabled: "{{ backups.jobs[item].enabled }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -3,9 +3,6 @@
    backup_backend: "{% if backups.mode in ['standalone-restic', 'hypervisor-restic'] %}restic{% else %}False{% endif %}"
    backup_executor: "{% if backups.mode in ['vm-via-hypervisor'] %}False{% else %}True{% endif %}"
 - debug:
    var: backup_backend
 - name: create config folder
  file:
    path: /etc/backup-client/
@ -17,6 +14,10 @@
 - name: setup hosts that actualy run backup code (not vms for example)
  when: backup_executor
  block:
  - name: generate ssh key
    community.crypto.openssh_keypair:
      path: /etc/backup-client/id_ed25519
      type: ed25519
  - name: create retention file
    copy:
      dest: /etc/backup-client/retention.env
@ -48,6 +49,7 @@
      - backup-full
      - backup-cronjob
      - backup-check
      - backup-export
      - status-email-root
    template:
      src: "{{ item }}.j2"
@ -63,6 +65,7 @@
      - backup-check
      - backup-retention
      - backup-run
      - backup-export
      - status-email-root@
    template:
      src: "{{ item }}.service.j2"
@ -79,6 +82,7 @@
      - check
      - retention
      - run
      - export
    template:
      src: "timer.j2"
      dest: "/etc/systemd/system/backup-{{ item }}.timer"
@ -116,9 +120,15 @@
      mode: 0600
      content: "{{ backups.include_files|filterEnabled|join('\n') }}"
  - name: create repo key for restic
-    command: "dd if=/dev/urandom of=/etc/backup-client/restic.key bs=1k count=16"
+    shell: "umask 177; dd if=/dev/urandom of=/etc/backup-client/restic.key bs=1k count=16"
    args:
      creates: "/etc/backup-client/restic.key"
  - name: set repo key permissions
    file:
      path: /etc/backup-client/restic.key
      owner: root
      group: root
      mode: 0600
  - name: create restic env file
    copy:
      dest: /etc/backup-client/restic.env
--- a/templates/backup-export.
+++ b/templates/backup-export.
--- a/templates/backup-export.j2
+++ b/templates/backup-export.j2
@ -0,0 +1,21 @@
 #!/bin/bash
 set -euo pipefail
 echo "Starting to export backups..."
 {% if backup_backend == 'restic' %}
 # restic backend
 source /etc/backup-client/restic.env
 {% for i in backups.export.destinations if i.type == "rsync" %}
 echo "exporting to {{ i.host }}"
 rsync -h -r -a --append-verify --delete --stats  -e "ssh -p {{ i.port|d(22) }} -i {{ i.key|d('/etc/backup-client/id_ed25519') }}" "${RESTIC_REPOSITORY}/" "{{ i.user }}@{{ i.host }}:{{ i.remotepath }}"
 {% endfor %}
 {% endif %}
 {% if not backup_backend %}
 echo "Noop, backup is handled external"
 {% endif %}
 echo "done!"
--- a/templates/backup-export.service.j2
+++ b/templates/backup-export.service.j2
@ -0,0 +1,10 @@
 [Unit]
 Description=Export backups to an external host
 OnFailure=status-email-root@%n.service
 [Service]
 Nice=19
 IOSchedulingClass=idle
 Type=simple
 ExecStart=/usr/local/bin/backup-export