Daily backup of db zipped and signed
Cette révision appartient à :
Parent
aa91d89bce
révision
7456fc8a03
6 fichiers modifiés avec 55 ajouts et 0 suppressions
|
@ -1,3 +1,5 @@
|
|||
nyaapantsu_dbname: nyaapantsu
|
||||
nyaapantsu_user: nyaapantsu
|
||||
nyaapantsu_password: nyaapantsu
|
||||
nyaapantsu_gpg_passphrase_file: ~/passphrase
|
||||
# vim: ft=yaml
|
21
deploy/ansible/roles/backup/files/backup.sh
Fichier normal
21
deploy/ansible/roles/backup/files/backup.sh
Fichier normal
|
@ -0,0 +1,21 @@
|
|||
# Create a backup from the database
|
||||
#!/bin/bash
|
||||
|
||||
set -eu
|
||||
|
||||
NYAAPANTSU_USERNAME="$1"
|
||||
NYAAPANTSU_PASSWORD="$2"
|
||||
NYAAPANTSU_DB="$3"
|
||||
NYAAPANTSU_PASSPHRASE_FILE="$4"
|
||||
|
||||
dump_file="${NYAAPANTSU_DB}_$(date +'%Y_%m_%d_%H_%M').backup"
|
||||
|
||||
pg_dump -U "${NYAAPANTSU_USERNAME}" -f "${dump_file}"
|
||||
|
||||
xz -z "${dump_file}"
|
||||
|
||||
compressed_dump_file="${dump_file}.xz"
|
||||
|
||||
gpg2 --batch --yes --passphrase-fd 0 \
|
||||
--output "${compressed_dump_file}.sig" \
|
||||
--detach-sig "${compressed_dump_file}" < "${NYAAPANTSU_PASSPHRASE_FILE}"
|
27
deploy/ansible/roles/backup/tasks/main.yml
Fichier normal
27
deploy/ansible/roles/backup/tasks/main.yml
Fichier normal
|
@ -0,0 +1,27 @@
|
|||
# TODO Allow autogenerating of GPG keys
|
||||
- name: Make sure there is a passphrase file
|
||||
stat:
|
||||
path: "{{ nyaapantsu_gpg_passphrase_file }}"
|
||||
register: pass_file
|
||||
|
||||
- name: Copy backup script
|
||||
copy:
|
||||
src: backup.sh
|
||||
dest: "{{ backup_script }}"
|
||||
mode: 0755
|
||||
become: true
|
||||
when: pass_file.stat.exists == true
|
||||
|
||||
- name: Create (if not exists) cronjob
|
||||
file:
|
||||
path: "{{ backup_cron_job }}"
|
||||
state: touch
|
||||
become: true
|
||||
when: pass_file.stat.exists == true
|
||||
|
||||
- name: Setup backup cron
|
||||
template:
|
||||
src: backup_cron.j2
|
||||
dest: "{{ backup_cron_job }}"
|
||||
become: true
|
||||
when: pass_file.stat.exists == true
|
1
deploy/ansible/roles/backup/templates/backup_cron.j2
Fichier normal
1
deploy/ansible/roles/backup/templates/backup_cron.j2
Fichier normal
|
@ -0,0 +1 @@
|
|||
0 {{ backup_cron_hours }} * * * {{ backup_script }} {{ nyaapantsu_user }} {{ nyaapantsu_password }} {{ nyaapantsu_dbname }} {{ nyaapantsu_gpg_passphrase_file }}
|
3
deploy/ansible/roles/backup/vars/main.yml
Fichier normal
3
deploy/ansible/roles/backup/vars/main.yml
Fichier normal
|
@ -0,0 +1,3 @@
|
|||
backup_script: /usr/bin/nyaapantsu_backup.sh
|
||||
backup_cron_hours: 0
|
||||
backup_cron_job: /etc/cron.d/nyaapantsu_backup
|
|
@ -6,4 +6,5 @@
|
|||
- name: Set up databases
|
||||
hosts: dbs
|
||||
roles:
|
||||
- backup
|
||||
- postgresql
|
||||
|
|
Référencer dans un nouveau ticket