duplicity_playbooks/tasks/start.yml
2023-10-22 10:32:14 +02:00

278 lines
8.0 KiB
YAML
Executable File

---
- name: Assert environment variable is not empty
ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"
with_items: "{{ PLAYBOOK_REQUIRED_ENV_VARS }}"
- name: Download secrets.tar.gz.enc
ansible.builtin.get_url:
url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"
dest: /root/secrets.tar.gz.enc
- name: Install openssh-client
ansible.builtin.package:
name: openssh-client
state: present
- name: Create /root/.ssh directory
ansible.builtin.file:
path: /root/.ssh
state: directory
mode: '0700'
- name: Extract from secrets.tar.gz.enc
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
with_items:
- name: secrets/docker-duplicity-stack/mail_credentials.json
dir: /root/
- name: secrets/bootstrap/id_rsa
dir: /root/.ssh
- name: secrets/docker-duplicity-stack/nextcloud_password.sh
dir: /root
- name: secrets/bootstrap/openrc.sh
dir: /root
- name: Change SSH private key permissions
ansible.builtin.file:
path: /root/.ssh/id_rsa
mode: '0400'
- name: Remove docker-duplicity-stack directory
ansible.builtin.file:
path: "/home/{{ user }}/repository/docker-duplicity-stack"
state: absent
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Clone docker-duplicity-stack repo
ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity-stack.git'
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
clone: yes
force: true
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Copy files
ansible.builtin.copy:
src: "{{ item }}"
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
mode: '0400'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
with_items:
- /root/mail_credentials.json
- /root/.ssh/id_rsa
- name: Set Nextcloud credentials
ansible.builtin.include_tasks: "tasks/source_vars.yml"
with_items:
- NEXTCLOUD_USER
- NEXTCLOUD_PASSWORD
vars:
shell_script: /root/nextcloud_password.sh
- name: Create /mnt/cloud directory if it does not exist
ansible.builtin.file:
path: /mnt/cloud
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Create /etc/davfs2 directory
ansible.builtin.file:
path: /etc/davfs2
state: directory
mode: '0755'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Copy using inline content
ansible.builtin.copy:
content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'
dest: /etc/davfs2/secrets
mode: '0600'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: mount /mnt/cloud
ansible.posix.mount:
path: /mnt/cloud
src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"
fstype: davfs
opts: "uid={{ user }},gid={{ user }}"
state: mounted
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Set OpenStack credentials
ansible.builtin.include_tasks: "tasks/source_vars.yml"
with_items:
- OS_AUTH_URL
- OS_IDENTITY_API_VERSION
- OS_USER_DOMAIN_NAME
- OS_PROJECT_DOMAIN_NAME
- OS_TENANT_ID
- OS_TENANT_NAME
- OS_USERNAME
- OS_PASSWORD
- OS_REGION_NAME
vars:
shell_script: /root/openrc.sh
- name: Setup volume
ansible.builtin.include_tasks: "tasks/setup_volume.yml"
with_items:
- name: tmp_duplicity_workdir
size: 20
- name: duplicity_cache
size: 5
- name: Install git
ansible.builtin.package:
name: git
state: present
- name: Get docker-duplicity repo's last commit
ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git'
clone: no
update: no
version: dev
register: git
- name: Set fact tag
set_fact:
tag: "{{ git.after[0:10] }}"
- name: Search for image
community.docker.docker_image:
name: duplicity
tag: "{{ tag }}"
source: local
docker_host: tcp://127.0.0.1:2375
register: local_duplicity_image
failed_when: false
- name: Create image build directory
ansible.builtin.file:
path: "/home/{{ user }}/build_docker-duplicity"
state: directory
when:
- local_duplicity_image.msg is defined
- '"Cannot find the image" in local_duplicity_image.msg'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
- name: Clone docker-duplicity repo
ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git'
dest: "/home/{{ user }}/build_docker-duplicity"
clone: yes
version: dev
when:
- local_duplicity_image.msg is defined
- '"Cannot find the image" in local_duplicity_image.msg'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
- name: Build duplicity image
community.docker.docker_image:
name: duplicity
tag: "{{ tag }}"
build:
path: "/home/{{ user }}/build_docker-duplicity"
source: build
when:
- local_duplicity_image.msg is defined
- '"Cannot find the image" in local_duplicity_image.msg'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Remove image build directory
ansible.builtin.file:
path: "/home/{{ user }}/build_docker-duplicity"
state: absent
when:
- local_duplicity_image.msg is defined
- '"Cannot find the image" in local_duplicity_image.msg'
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
- name: Install jsondiff from pip
ansible.builtin.pip:
name: jsondiff
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
- name: Clone duplicity_playbooks repo
ansible.builtin.git:
repo: 'https://{{ GIT_SERVER }}/yohan/duplicity_playbooks.git'
dest: "/home/{{ user }}/repository/duplicity_playbooks_temp"
clone: yes
version: dev
force: true
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
- name: Start duplicity container
community.docker.docker_container:
name: duplicity
image: "duplicity:{{ tag }}"
entrypoint:
- "ansible-playbook"
- "/root/duplicity_playbooks/gen_bootstrap.yml"
output_logs: true
detach: false
network_mode: host
working_dir: "/home/{{ user }}/repository/docker-duplicity-stack"
volumes:
- /mnt/volumes:/mnt/volumes:z
- /mnt/cloud:/mnt/cloud:z
- /home/{{ user }}/repository/docker-duplicity-stack/backup_scripts:/mnt/scripts:z
- /home/{{ user }}/repository/docker-duplicity-stack/sendmail.py:/root/sendmail.py:z
- /home/{{ user }}/repository/docker-duplicity-stack/mail_credentials.json:/root/mail_credentials.json:z
- /home/{{ user }}/repository/docker-duplicity-stack/id_rsa:/root/.ssh/id_rsa:Z
- /home/{{ user }}/repository/docker-duplicity-stack/config:/root/.ssh/config:Z
- /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z
env:
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
OS_USERNAME: "{{ OS_USERNAME }}"
OS_PASSWORD: "{{ OS_PASSWORD }}"
OS_REGION_NAME: "{{ OS_SWIFT_REGION_NAME }}"
KEY: "{{ lookup('env','KEY') }}"
DOC_KEY: "{{ lookup('env','DOC_KEY') }}"
SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env','SECRETS_ARCHIVE_PASSPHRASE') }}"
DUPLICITY_PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"
remote_user: "{{ user }}"
delegate_to: 172.17.0.1
become: true
register: container_output
- debug:
msg: "{{ container_output.container.Output.split('\n') }}"
# docker_compose collection version will not work on Centos 7
#- name: Start duplicity stack
# community.docker.docker_compose:
# project_src: /home/{{ user }}/repository/docker-duplicity-stack
# state: present
# remote_user: "{{ user }}"
# delegate_to: 172.17.0.1
# become: true