Improve gen_bootstrap.yml.

This commit is contained in:
yohan 2023-10-22 09:42:40 +02:00
parent f20115f513
commit 8306314aad
2 changed files with 35 additions and 53 deletions

View File

@ -4,30 +4,13 @@
gather_facts: false gather_facts: false
vars_files: main.yml vars_files: main.yml
tasks: tasks:
- name: Assert extra-vars are set
ansible.builtin.assert:
that:
- item | length > 0
msg: "{{ item }} environment variable must be set"
with_items:
- KEY
- DOC_KEY
- name: Assert environment variable is not empty - name: Assert environment variable is not empty
ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml" ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"
with_items: with_items: "{{ BOOTSTRAP_REQUIRED_ENV_VARS }}"
- OS_AUTH_URL
- OS_IDENTITY_API_VERSION
- OS_TENANT_NAME
- OS_USERNAME
- OS_PASSWORD
- OS_REGION_NAME
- SECRETS_ARCHIVE_PASSPHRASE
- DUPLICITY_PASSPHRASE
- name: Download secrets.tar.gz.enc - name: Download secrets.tar.gz.enc
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc" url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"
dest: "{{ WORKDIR }}/secrets.tar.gz.enc" dest: "{{ WORKDIR }}/secrets.tar.gz.enc"
- name: Install openssh-client - name: Install openssh-client
@ -51,7 +34,7 @@
- name: Retrieve documentation - name: Retrieve documentation
ansible.builtin.get_url: ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ DOC_KEY }}/download" url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','DOC_KEY') }}/download"
dest: "{{ WORKDIR }}/Documentation.md" dest: "{{ WORKDIR }}/Documentation.md"
- name: Copy new documentation - name: Copy new documentation
@ -115,14 +98,7 @@
ansible.builtin.git: ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/{{ item }}.git' repo: 'https://{{ GIT_SERVER }}/yohan/{{ item }}.git'
dest: "{{ WORKDIR }}/{{ item }}" dest: "{{ WORKDIR }}/{{ item }}"
with_items: with_items: "{{ BOOTSTRAP_REPOS }}"
- docker-nextcloud-stack
- docker-reverse-proxy-stack
- docker-reverse-proxy
- docker-gogs-stack
- docker-mysql-stack
- docker-mysql
- systemd-mount-cinder-volume
- name: Create backup directory - name: Create backup directory
ansible.builtin.file: ansible.builtin.file:
@ -131,14 +107,7 @@
- name: Archive Git repository - name: Archive Git repository
ansible.builtin.command: "tar -czf {{ WORKDIR }}/backup/{{ item }}.tar.gz -C {{ WORKDIR }} {{ item }}" ansible.builtin.command: "tar -czf {{ WORKDIR }}/backup/{{ item }}.tar.gz -C {{ WORKDIR }} {{ item }}"
with_items: with_items: "{{ BOOTSTRAP_REPOS }}"
- docker-nextcloud-stack
- docker-reverse-proxy-stack
- docker-reverse-proxy
- docker-gogs-stack
- docker-mysql-stack
- docker-mysql
- systemd-mount-cinder-volume
- name: Copy secrets in backup directory - name: Copy secrets in backup directory
ansible.builtin.copy: ansible.builtin.copy:
@ -153,23 +122,8 @@
- name: Backup with duplicity - name: Backup with duplicity
ansible.builtin.command: "duplicity --num-retries 3 --full-if-older-than 1M --progress --archive-dir {{ ARCHIVE_DIR }} --name bootstrap --allow-source-mismatch '{{ WORKDIR }}/backup' swift://bootstrap" ansible.builtin.command: "duplicity --num-retries 3 --full-if-older-than 1M --progress --archive-dir {{ ARCHIVE_DIR }} --name bootstrap --allow-source-mismatch '{{ WORKDIR }}/backup' swift://bootstrap"
environment: environment: "{{ DUPLICITY_ENVIRONMENT }}"
SWIFT_AUTHURL: "{{ lookup('env','OS_AUTH_URL') }}"
SWIFT_AUTHVERSION: "{{ lookup('env','OS_IDENTITY_API_VERSION') }}"
SWIFT_TENANTNAME: "{{ lookup('env','OS_TENANT_NAME') }}"
SWIFT_USERNAME: "{{ lookup('env','OS_USERNAME') }}"
SWIFT_PASSWORD: "{{ lookup('env','OS_PASSWORD') }}"
SWIFT_REGION_NAME: "{{ lookup('env','OS_REGION_NAME') }}"
PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"
- name: Clean old duplicity backups - name: Clean old duplicity backups
ansible.builtin.command: "duplicity remove-older-than 2M --archive-dir {{ ARCHIVE_DIR }} --name bootstrap --allow-source-mismatch --force swift://bootstrap" ansible.builtin.command: "duplicity remove-older-than 2M --archive-dir {{ ARCHIVE_DIR }} --name bootstrap --allow-source-mismatch --force swift://bootstrap"
environment: environment: "{{ DUPLICITY_ENVIRONMENT }}"
SWIFT_AUTHURL: "{{ lookup('env','OS_AUTH_URL') }}"
SWIFT_AUTHVERSION: "{{ lookup('env','OS_IDENTITY_API_VERSION') }}"
SWIFT_TENANTNAME: "{{ lookup('env','OS_TENANT_NAME') }}"
SWIFT_USERNAME: "{{ lookup('env','OS_USERNAME') }}"
SWIFT_PASSWORD: "{{ lookup('env','OS_PASSWORD') }}"
SWIFT_REGION_NAME: "{{ lookup('env','OS_REGION_NAME') }}"
PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"

View File

@ -8,3 +8,31 @@ SCRIPT: "{{ lookup('env','SCRIPT') }}"
OS_SWIFT_REGION_NAME: GRA OS_SWIFT_REGION_NAME: GRA
WORKDIR: /mnt/volumes/tmp_duplicity_workdir/data WORKDIR: /mnt/volumes/tmp_duplicity_workdir/data
ARCHIVE_DIR: /mnt/volumes/duplicity_cache/data ARCHIVE_DIR: /mnt/volumes/duplicity_cache/data
BOOTSTRAP_REPOS:
- docker-nextcloud-stack
- docker-reverse-proxy-stack
- docker-reverse-proxy
- docker-gogs-stack
- docker-mysql-stack
- docker-mysql
- systemd-mount-cinder-volume
BOOTSTRAP_REQUIRED_ENV_VARS:
- OS_AUTH_URL
- OS_IDENTITY_API_VERSION
- OS_TENANT_NAME
- OS_USERNAME
- OS_PASSWORD
- OS_REGION_NAME
- SECRETS_ARCHIVE_PASSPHRASE
- DUPLICITY_PASSPHRASE
- KEY
- DOC_KEY
DUPLICITY_ENVIRONMENT:
SWIFT_AUTHURL: "{{ lookup('env','OS_AUTH_URL') }}"
SWIFT_AUTHVERSION: "{{ lookup('env','OS_IDENTITY_API_VERSION') }}"
SWIFT_TENANTNAME: "{{ lookup('env','OS_TENANT_NAME') }}"
SWIFT_USERNAME: "{{ lookup('env','OS_USERNAME') }}"
SWIFT_PASSWORD: "{{ lookup('env','OS_PASSWORD') }}"
SWIFT_REGION_NAME: "{{ lookup('env','OS_REGION_NAME') }}"
PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"