yohan/duplicity_playbooks
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor

Browse Source
This commit is contained in:
yohan 2023-10-15 00:04:39 +02:00
parent 7296c70fc9
commit abe1b669c9
9 changed files with 313 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
down.sh
View File

@ -1,13 +0,0 @@
#!/bin/bash
#Absolute path to this script
SCRIPT=$(readlink -f $0)
#Absolute path this script is in
SCRIPTPATH=$(dirname $SCRIPT)
cd $SCRIPTPATH
USER=$(whoami)
/home/$USER/get_secrets.sh
cd $SCRIPTPATH
sudo docker run --net=host --rm -v $SCRIPTPATH/id_rsa:/root/.ssh/id_rsa -v ~/repository/docker-duplicity-stack:/root/docker-duplicity-stack -v $SCRIPTPATH:/root/duplicity_playbooks -v ~/openrc.sh:/root/openrc.sh -i ansible /root/duplicity_playbooks/script.sh

48
down.yml
View File

@ -1,48 +0,0 @@
---
- name: Shutdown duplicity
hosts: localhost
gather_facts: false
tasks:
- name: Tear down existing services
community.docker.docker_compose:
project_src: /root/docker-duplicity-stack
docker_host: tcp://127.0.0.1:2375
state: absent
- name: unmount /mnt/cloud
ansible.posix.mount:
path: /mnt/cloud
state: unmounted
remote_user: centos
delegate_to: 172.17.0.1
become: true
- name: unmount /mnt/volumes/tmp_duplicity_workdir
ansible.posix.mount:
path: /mnt/volumes/tmp_duplicity_workdir
state: unmounted
remote_user: centos
delegate_to: 172.17.0.1
become: true
- name: Find volume ids for tmp_duplicity_workdir
openstack.cloud.volume_info:
name: tmp_duplicity_workdir
register: output_tmp_duplicity_workdir_info
- name: Detach tmp_duplicity_workdir volume from instance
openstack.cloud.server_volume:
state: absent
server: ovh1.scimetis.net
volume: "{{ item.id }}"
register: output
failed_when: output is failed and output.msg != "No Volume found for tmp_duplicity_workdir"
with_items:
- "{{ output_tmp_duplicity_workdir_info.volumes }}"
- name: remove tmp_duplicity_workdir volume
openstack.cloud.volume:
state: absent
name: "{{ item.id }}"
with_items:
- "{{ output_tmp_duplicity_workdir_info.volumes }}"

12
launch.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
#Absolute path to this script
SCRIPT=$(readlink -f $0)
#Absolute path this script is in
SCRIPTPATH=$(dirname $SCRIPT)
cd $SCRIPTPATH
USER=$(whoami)
/home/$USER/get_secrets.sh
cd $SCRIPTPATH
sudo -E docker run --net=host --rm -e KEY -e SECRETS_ARCHIVE_PASSPHRASE -v ~/repository/docker-duplicity-stack:/root/docker-duplicity-stack -v $SCRIPTPATH:/root/duplicity_playbooks -i ansible /root/duplicity_playbooks/script.sh

11
playbook.yml Executable file
View File

@ -0,0 +1,11 @@
---
- name: duplicity backup
hosts: localhost
gather_facts: false
vars_files: main.yml
tasks:
- name: Include start.yml
ansible.builtin.include_tasks: "tasks/start.yml"
- name: Include down.yml
ansible.builtin.include_tasks: "tasks/down.yml"

3
script.sh
View File

@ -1,5 +1,4 @@
#!/bin/bash
cd /root/duplicity_playbooks
ansible-galaxy collection install -r collections/requirements.yml
source /root/openrc.sh
ansible-playbook down.yml
ansible-playbook playbook.yml

76
tasks/down.yml Executable file
View File

@ -0,0 +1,76 @@
---
- name: Tear down existing services
community.docker.docker_compose:
project_src: /root/docker-duplicity-stack
docker_host: tcp://127.0.0.1:2375
state: absent
- name: unmount /mnt/cloud
ansible.posix.mount:
path: /mnt/cloud
state: unmounted
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: unmount /mnt/volumes/tmp_duplicity_workdir
ansible.posix.mount:
path: /mnt/volumes/tmp_duplicity_workdir
state: unmounted
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Find volume ids for tmp_duplicity_workdir
openstack.cloud.volume_info:
name: tmp_duplicity_workdir
register: output_tmp_duplicity_workdir_info
environment:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_REGION_NAME }}"
- name: Detach tmp_duplicity_workdir volume from instance
openstack.cloud.server_volume:
state: absent
server: ovh1.scimetis.net
volume: "{{ item.id }}"
register: output
failed_when: output is failed and output.msg != "No Volume found for tmp_duplicity_workdir"
with_items:
- "{{ output_tmp_duplicity_workdir_info.volumes }}"
environment:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_REGION_NAME }}"
- name: remove tmp_duplicity_workdir volume
openstack.cloud.volume:
state: absent
name: "{{ item.id }}"
with_items:
- "{{ output_tmp_duplicity_workdir_info.volumes }}"
environment:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_REGION_NAME }}"

8
tasks/source_vars.yml Executable file
View File

@ -0,0 +1,8 @@
---
- name: Register variable {{ item }}
shell: . {{ shell_script }} && echo ${{ item }}
register: output_var
- name: Set variable {{ item }}
set_fact:
"{{ item }}": "{{ output_var.stdout }}"

200
tasks/start.yml Executable file
View File

@ -0,0 +1,200 @@
---
- name: Assert KEY variable is set
ansible.builtin.assert:
that:
- KEY | length > 0
msg: "KEY environment variable must be set"
- name: Assert SECRETS_ARCHIVE_PASSPHRASE variable is set
ansible.builtin.assert:
that:
- lookup('env','SECRETS_ARCHIVE_PASSPHRASE') | length > 0
msg: "SECRETS_ARCHIVE_PASSPHRASE environment variable must be set"
- name: Download secrets.tar.gz.enc
ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ KEY }}/download?path=%2F&files=secrets.tar.gz.enc"
dest: /root/secrets.tar.gz.enc
- name: Create /root/.ssh directory
ansible.builtin.file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
with_items:
- name: secrets/docker-duplicity-stack/mail_credentials.json
dir: /root
- name: secrets/bootstrap/id_rsa
dir: /root/.ssh
- name: secrets/docker-duplicity-stack/nextcloud_password.sh
dir: /root
- name: secrets/bootstrap/openrc.sh
dir: /root
- name: Change SSH private key permissions
ansible.builtin.file:
path: /root/.ssh/id_rsa
mode: '0400'
- name: Set Nextcloud credentials
ansible.builtin.include_tasks: "tasks/source_vars.yml"
with_items:
- NEXTCLOUD_USER
- NEXTCLOUD_PASSWORD
vars:
shell_script: /root/nextcloud_password.sh
- name: Create /mnt/cloud directory if it does not exist
ansible.builtin.file:
path: /mnt/cloud
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Create /etc/davfs2 directory
ansible.builtin.file:
path: /etc/davfs2
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Copy using inline content
ansible.builtin.copy:
content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'
dest: /etc/davfs2/secrets
mode: '0600'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: mount /mnt/cloud
ansible.posix.mount:
path: /mnt/cloud
src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"
fstype: davfs
opts: "uid={{ user }},gid={{ user }}"
state: mounted
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Create /mnt/volumes/tmp_duplicity_workdir directory if it does not exist
ansible.builtin.file:
path: /mnt/volumes/tmp_duplicity_workdir
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Set OpenStack credentials
ansible.builtin.include_tasks: "tasks/source_vars.yml"
with_items:
- OS_AUTH_URL
- OS_IDENTITY_API_VERSION
- OS_USER_DOMAIN_NAME
- OS_PROJECT_DOMAIN_NAME
- OS_TENANT_ID
- OS_TENANT_NAME
- OS_USERNAME
- OS_PASSWORD
- OS_REGION_NAME
vars:
shell_script: /root/openrc.sh
- name: Create tmp_duplicity_workdir volume
openstack.cloud.volume:
state: present
size: 20
volume_type: high-speed
name: tmp_duplicity_workdir
environment:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_REGION_NAME }}"
- name: Attach tmp_duplicity_workdir volume to instance
openstack.cloud.server_volume:
state: present
server: ovh1.scimetis.net
volume: tmp_duplicity_workdir
environment:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_REGION_NAME }}"
register: volume_output
- name: Create a ext4 filesystem on tmp_duplicity_workdir volume
community.general.filesystem:
fstype: ext4
dev: "{{ volume_output.volume.attachments[0].device }}"
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: mount /mnt/volumes/tmp_duplicity_workdir
ansible.posix.mount:
path: /mnt/volumes/tmp_duplicity_workdir
src: "{{ volume_output.volume.attachments[0].device }}"
fstype: ext4
state: mounted
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Create /mnt/volumes/tmp_duplicity_workdir/data directory if it does not exist
ansible.builtin.file:
path: /mnt/volumes/tmp_duplicity_workdir/data
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
#cd $SCRIPTPATH
#source vars
#test -z $1 || SCRIPT="$1"
#USER=$(whoami)
#sudo chown root:root mail_credentials.json
#sudo chown $USER:$USER nextcloud_password.sh
#sudo chmod 400 nextcloud_password.sh mail_credentials.json
#VOLUME=duplicity_cache
#sudo mkdir -p /mnt/volumes/${VOLUME}
#if ! mountpoint -q /mnt/volumes/${VOLUME}
#then
# ~/env_py3/bin/openstack volume create ${VOLUME} --size 5 --type high-speed
# VOLUME_ID=$(~/env_py3/bin/openstack volume show ${VOLUME} -c id --format value)
# test -e /dev/disk/by-id/*${VOLUME_ID:0:20} || nova volume-attach $INSTANCE_OPENSTACK $VOLUME_ID auto
# sleep 3
# sudo mount /dev/disk/by-id/*${VOLUME_ID:0:20} /mnt/volumes/${VOLUME} \
# || sudo mkfs.ext4 -F /dev/disk/by-id/*${VOLUME_ID:0:20}
# mountpoint -q /mnt/volumes/${VOLUME} || sudo mount /dev/disk/by-id/*${VOLUME_ID:0:20} /mnt/volumes/${VOLUME} || exit 1
# sudo mkdir -p /mnt/volumes/${VOLUME}/data
#fi
#- name: Tear down existing services
# community.docker.docker_compose:
# project_src: /root/docker-duplicity-stack
# docker_host: tcp://127.0.0.1:2375
# state: absent
#

5
vars/main.yml Normal file
View File

@ -0,0 +1,5 @@
user: centos
CLOUD_SERVER: cloud.scimetis.net
GIT_SERVER: git.scimetis.net
KEY: "{{ lookup('env','KEY') }}"