From e191e47b0b4dee5088b448b4475f598b4019b576 Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <elberfeld@web.de>
Date: Tue, 25 Jul 2017 19:42:52 +0200
Subject: [PATCH] =?UTF-8?q?rolle=20f=C3=BCr=20borgbackup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
common/borgbackup/tasks/main.yml | 48 +++++++++++++++++++
.../borgbackup/templates/borgbackup-check.sh | 6 +++
.../borgbackup/templates/borgbackup-create.sh | 19 ++++++++
.../borgbackup/templates/borgbackup-delete.sh | 12 +++++
.../borgbackup/templates/borgbackup-info.sh | 12 +++++
.../borgbackup/templates/borgbackup-init.sh | 7 +++
.../borgbackup/templates/borgbackup-list.sh | 7 +++
.../borgbackup/templates/borgbackup-mount.sh | 8 ++++
common/borgbackup/templates/logrotate | 7 +++
host_vars/webserver | 14 ++++++
webserver/main.yml | 1 +
11 files changed, 141 insertions(+)
create mode 100644 common/borgbackup/tasks/main.yml
create mode 100644 common/borgbackup/templates/borgbackup-check.sh
create mode 100644 common/borgbackup/templates/borgbackup-create.sh
create mode 100644 common/borgbackup/templates/borgbackup-delete.sh
create mode 100644 common/borgbackup/templates/borgbackup-info.sh
create mode 100644 common/borgbackup/templates/borgbackup-init.sh
create mode 100644 common/borgbackup/templates/borgbackup-list.sh
create mode 100644 common/borgbackup/templates/borgbackup-mount.sh
create mode 100644 common/borgbackup/templates/logrotate
diff --git a/common/borgbackup/tasks/main.yml b/common/borgbackup/tasks/main.yml
new file mode 100644
index 00000000..ff7735c2
--- /dev/null
+++ b/common/borgbackup/tasks/main.yml
@@ -0,0 +1,48 @@
+---
+# Pakete installieren
+- name: pakete installieren
+ apt:
+ pkg: "{{ item }}"
+ update_cache: yes
+ state: installed
+ with_items:
+ - borgbackup
+ - logrotate
+ - moreutils
+
+- name: get secrets from server 1
+ slurp: src={{ item }}
+ with_items:
+ - /srv/borgbackup/repo_passphrase
+ - /srv/borgbackup/repo_url
+ register: borgbackup_secrets
+
+- name: get secrets from server 2
+ set_fact:
+ repo_passphrase: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_passphrase') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ repo_url: "{{ borgbackup_secrets.results | selectattr('item', 'equalto', '/srv/borgbackup/repo_url') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+
+# BorgBackup Scripte erstellen
+
+- name: BorgBackup Script erstellen
+ template: src={{ item }} dest=/opt/{{ item }} mode=o+x
+ with_items:
+ - "borgbackup-check.sh"
+ - "borgbackup-create.sh"
+ - "borgbackup-delete.sh"
+ - "borgbackup-info.sh"
+ - "borgbackup-init.sh"
+ - "borgbackup-list.sh"
+ - "borgbackup-mount.sh"
+
+- name: BorgBackup log folder erstellen
+ file:
+ path: "/var/log/borgbackup"
+ state: "directory"
+
+- name: BorgBackup LogRotate config erstellen
+ template: src=logrotate dest=/etc/logrotate.d/borgbackup
+
+- name: Cronjob für BorgBackup
+ cron: name="borgbackup" weekday="{{borgbackup_weekday}}" hour="{{borgbackup_hour}}" minute="{{borgbackup_minute}}" job="/opt/borgbackup-create.sh 2>&1 | ts '[%Y-%m-%d %H:%M:%S]' >> /var/log/borgbackup/borgbackup.log"
\ No newline at end of file
diff --git a/common/borgbackup/templates/borgbackup-check.sh b/common/borgbackup/templates/borgbackup-check.sh
new file mode 100644
index 00000000..dbdfd2f0
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-check.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Überprüfung des Archives
+borg check $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-create.sh b/common/borgbackup/templates/borgbackup-create.sh
new file mode 100644
index 00000000..9185d6de
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-create.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Ausführung des Backups
+# anschließend Bereinigung
+# abschließend Integritätscheck
+
+borg create $1 $2 $3 --info --show-rc --stats --compression lzma,2 {{repo_url}}::`date +%Y-%m-%d_%H_%M` \
+{% for directory in borgbackup_directories %}
+{{ directory }} \
+{% endfor %}
+&& \
+borg prune $1 $2 $3 --info --show-rc --list {{repo_url}} \
+{% for prune in borgbackup_prune %}
+{{ prune }} \
+{% endfor %}
+&& \
+borg check $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-delete.sh b/common/borgbackup/templates/borgbackup-delete.sh
new file mode 100644
index 00000000..12d0e11f
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-delete.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Löschen eines Backups
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg delete $1 $2 $3 --info --show-rc {{repo_url}}::$target
diff --git a/common/borgbackup/templates/borgbackup-info.sh b/common/borgbackup/templates/borgbackup-info.sh
new file mode 100644
index 00000000..a3117262
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-info.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
+
+echo "BackupName, followed by [ENTER]:"
+read target
+
+borg info $1 $2 $3 --info --show-rc {{repo_url}}::$target
diff --git a/common/borgbackup/templates/borgbackup-init.sh b/common/borgbackup/templates/borgbackup-init.sh
new file mode 100644
index 00000000..8e97c70c
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-init.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Initialisierung des Borg Backup Archives
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+borg init $1 $2 $3 --info --show-rc --encryption=repokey {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-list.sh b/common/borgbackup/templates/borgbackup-list.sh
new file mode 100644
index 00000000..07bd9086
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-list.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Anzeige des Inhaltes im Borg Backup Archiv
+
+borg list $1 $2 $3 --info --show-rc {{repo_url}}
diff --git a/common/borgbackup/templates/borgbackup-mount.sh b/common/borgbackup/templates/borgbackup-mount.sh
new file mode 100644
index 00000000..7b79b686
--- /dev/null
+++ b/common/borgbackup/templates/borgbackup-mount.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+export BORG_PASSPHRASE="{{repo_passphrase}}"
+
+# Einhängen eines Backups nach /mnt/
+
+echo -n 'Mounting to: /mnt/borbbackupmount'
+borg mount $1 $2 $3 --info --show-rc {{repo_url}} /mnt/borbbackupmount
diff --git a/common/borgbackup/templates/logrotate b/common/borgbackup/templates/logrotate
new file mode 100644
index 00000000..b17a8fe9
--- /dev/null
+++ b/common/borgbackup/templates/logrotate
@@ -0,0 +1,7 @@
+/var/log/borgbackup/borgbackup.log {
+ rotate 12
+ monthly
+ compress
+ missingok
+ notifempty
+}
diff --git a/host_vars/webserver b/host_vars/webserver
index 97248340..efba09cd 100644
--- a/host_vars/webserver
+++ b/host_vars/webserver
@@ -12,6 +12,20 @@ debian_sources:
- "deb http://ftp.halifax.rwth-aachen.de/debian/ jessie-updates main contrib non-free"
- "deb http://apt.dockerproject.org/repo debian-jessie main"
+borgbackup_weekday: "*"
+borgbackup_hour: "4"
+borgbackup_minute: "0"
+
+borgbackup_directories:
+ - "/etc/"
+ - "/srv/"
+
+borgbackup_prune:
+ - "--keep-within=2d"
+ - "--keep-daily=7"
+ - "--keep-weekly=4"
+ - "--keep-monthly=6"
+
letsencrypt_tos_sha256: 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221
letsencrypt_mail: verwaltung@warpzone.ms
diff --git a/webserver/main.yml b/webserver/main.yml
index 67fccb04..7514f84e 100644
--- a/webserver/main.yml
+++ b/webserver/main.yml
@@ -3,6 +3,7 @@
- hosts: webserver
remote_user: root
roles:
+ - { role: ../common/borgbackup, tags: borgbackup }
- { role: nginx, tags: nginx }
- { role: openvpn, tags: openvpn }
- { role: docker, tags: docker }
--
GitLab