diff --git a/group_vars/nas.yml b/group_vars/nas.yml index 332395f..e16c415 100644 --- a/group_vars/nas.yml +++ b/group_vars/nas.yml @@ -11,5 +11,8 @@ firewall_in: - {proto: tcp, port: 2049, from: [172.20.30.0/24]} - {proto: tcp, port: 9100, from: [172.20.20.0/22]} +rsync_backup_dirs: + - /export/home + - /export/roles sssd_allow_groups: - root diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index cf661ed..70705b4 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -67,6 +67,12 @@ loop_control: loop_var: role +- name: Configure rsync backup client + ansible.builtin.include_role: + name: rsync_backup + tasks_from: client + when: "'rsyncbackup' in group_names" + - name: Install roles for physical hardware ansible.builtin.include_role: name: "{{ role }}" diff --git a/roles/rsync_backup/defaults/main.yml b/roles/rsync_backup/defaults/main.yml new file mode 100644 index 0000000..710ec3d --- /dev/null +++ b/roles/rsync_backup/defaults/main.yml @@ -0,0 +1,2 @@ +--- +rsync_backup_client: "{{ inventory_hostname }}" diff --git a/roles/rsync_backup/meta/main.yml b/roles/rsync_backup/meta/main.yml index a6cb84e..e69de29 100644 --- a/roles/rsync_backup/meta/main.yml +++ b/roles/rsync_backup/meta/main.yml @@ -1,4 +0,0 @@ ---- -dependencies: - - {role: backup_base} - - {role: ssh_known_hosts} diff --git a/roles/rsync_backup/tasks/client.yml b/roles/rsync_backup/tasks/client.yml new file mode 100644 index 0000000..2224776 --- /dev/null +++ b/roles/rsync_backup/tasks/client.yml @@ -0,0 +1,15 @@ +--- +- name: Add backup server ssh key + ansible.posix.authorized_key: + user: root + key: "{{ lookup('file', '../../files/ssh/rsync-backup.pub') }}" + delegate_to: "{{ rsync_backup_client }}" + +- name: Create client config + ansible.builtin.template: + dest: "/etc/rsync-backup/{{ rsync_backup_client }}.conf" + src: client.conf.j2 + mode: "0750" + owner: root + group: "{{ hostvars['backup02.home.foo.sh']['ansible_wheel'] }}" + delegate_to: backup02.home.foo.sh diff --git a/roles/rsync_backup/tasks/main.yml b/roles/rsync_backup/tasks/main.yml index d0cfa26..135c596 100644 --- a/roles/rsync_backup/tasks/main.yml +++ b/roles/rsync_backup/tasks/main.yml @@ -1,4 +1,11 @@ --- +- name: Add dependencies + ansible.builtin.include_role: + name: "{{ item }}" + with_items: + - backup_base + - ssh_known_hosts + - name: Copy backup script ansible.builtin.copy: dest: /usr/local/sbin/backup-daily @@ -49,3 +56,12 @@ job: /usr/local/sbin/backup-daily -a -p -r hour: "00" minute: "30" + +- name: Create client configs + ansible.builtin.include_tasks: + file: client.yml + vars: + rsync_backup_client: "{{ item }}" + rsync_backup_dirs: >- + {{ hostvars[item]['rsync_backup_dirs'] | default(['/export']) }} + with_items: "{{ groups['rsyncbackup'] }}" diff --git a/roles/rsync_backup/templates/client.conf.j2 b/roles/rsync_backup/templates/client.conf.j2 new file mode 100644 index 0000000..1a5da11 --- /dev/null +++ b/roles/rsync_backup/templates/client.conf.j2 @@ -0,0 +1 @@ +dirs="{{ rsync_backup_dirs | default(['/export']) | join(' ') }}"