Daily backup of db zipped and signed
Cette révision appartient à :
Parent
aa91d89bce
révision
7456fc8a03
6 fichiers modifiés avec 55 ajouts et 0 suppressions
|
@ -1,3 +1,5 @@
|
||||||
nyaapantsu_dbname: nyaapantsu
|
nyaapantsu_dbname: nyaapantsu
|
||||||
nyaapantsu_user: nyaapantsu
|
nyaapantsu_user: nyaapantsu
|
||||||
nyaapantsu_password: nyaapantsu
|
nyaapantsu_password: nyaapantsu
|
||||||
|
nyaapantsu_gpg_passphrase_file: ~/passphrase
|
||||||
|
# vim: ft=yaml
|
21
deploy/ansible/roles/backup/files/backup.sh
Fichier normal
21
deploy/ansible/roles/backup/files/backup.sh
Fichier normal
|
@ -0,0 +1,21 @@
|
||||||
|
# Create a backup from the database
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
NYAAPANTSU_USERNAME="$1"
|
||||||
|
NYAAPANTSU_PASSWORD="$2"
|
||||||
|
NYAAPANTSU_DB="$3"
|
||||||
|
NYAAPANTSU_PASSPHRASE_FILE="$4"
|
||||||
|
|
||||||
|
dump_file="${NYAAPANTSU_DB}_$(date +'%Y_%m_%d_%H_%M').backup"
|
||||||
|
|
||||||
|
pg_dump -U "${NYAAPANTSU_USERNAME}" -f "${dump_file}"
|
||||||
|
|
||||||
|
xz -z "${dump_file}"
|
||||||
|
|
||||||
|
compressed_dump_file="${dump_file}.xz"
|
||||||
|
|
||||||
|
gpg2 --batch --yes --passphrase-fd 0 \
|
||||||
|
--output "${compressed_dump_file}.sig" \
|
||||||
|
--detach-sig "${compressed_dump_file}" < "${NYAAPANTSU_PASSPHRASE_FILE}"
|
27
deploy/ansible/roles/backup/tasks/main.yml
Fichier normal
27
deploy/ansible/roles/backup/tasks/main.yml
Fichier normal
|
@ -0,0 +1,27 @@
|
||||||
|
# TODO Allow autogenerating of GPG keys
|
||||||
|
- name: Make sure there is a passphrase file
|
||||||
|
stat:
|
||||||
|
path: "{{ nyaapantsu_gpg_passphrase_file }}"
|
||||||
|
register: pass_file
|
||||||
|
|
||||||
|
- name: Copy backup script
|
||||||
|
copy:
|
||||||
|
src: backup.sh
|
||||||
|
dest: "{{ backup_script }}"
|
||||||
|
mode: 0755
|
||||||
|
become: true
|
||||||
|
when: pass_file.stat.exists == true
|
||||||
|
|
||||||
|
- name: Create (if not exists) cronjob
|
||||||
|
file:
|
||||||
|
path: "{{ backup_cron_job }}"
|
||||||
|
state: touch
|
||||||
|
become: true
|
||||||
|
when: pass_file.stat.exists == true
|
||||||
|
|
||||||
|
- name: Setup backup cron
|
||||||
|
template:
|
||||||
|
src: backup_cron.j2
|
||||||
|
dest: "{{ backup_cron_job }}"
|
||||||
|
become: true
|
||||||
|
when: pass_file.stat.exists == true
|
1
deploy/ansible/roles/backup/templates/backup_cron.j2
Fichier normal
1
deploy/ansible/roles/backup/templates/backup_cron.j2
Fichier normal
|
@ -0,0 +1 @@
|
||||||
|
0 {{ backup_cron_hours }} * * * {{ backup_script }} {{ nyaapantsu_user }} {{ nyaapantsu_password }} {{ nyaapantsu_dbname }} {{ nyaapantsu_gpg_passphrase_file }}
|
3
deploy/ansible/roles/backup/vars/main.yml
Fichier normal
3
deploy/ansible/roles/backup/vars/main.yml
Fichier normal
|
@ -0,0 +1,3 @@
|
||||||
|
backup_script: /usr/bin/nyaapantsu_backup.sh
|
||||||
|
backup_cron_hours: 0
|
||||||
|
backup_cron_job: /etc/cron.d/nyaapantsu_backup
|
|
@ -6,4 +6,5 @@
|
||||||
- name: Set up databases
|
- name: Set up databases
|
||||||
hosts: dbs
|
hosts: dbs
|
||||||
roles:
|
roles:
|
||||||
|
- backup
|
||||||
- postgresql
|
- postgresql
|
||||||
|
|
Référencer dans un nouveau ticket