280 lines
8.2 KiB
YAML
Executable File
280 lines
8.2 KiB
YAML
Executable File
---
|
|
- name: Assert environment variable is not empty
|
|
ansible.builtin.include_tasks: "tasks/assert_env_var_not_empty.yml"
|
|
with_items: "{{ PLAYBOOK_REQUIRED_ENV_VARS }}"
|
|
|
|
- name: Download secrets.tar.gz.enc
|
|
ansible.builtin.get_url:
|
|
url: "https://{{ CLOUD_SERVER }}/s/{{ lookup('env','KEY') }}/download?path=%2F&files=secrets.tar.gz.enc"
|
|
dest: /root/secrets.tar.gz.enc
|
|
|
|
- name: Install openssh-client
|
|
ansible.builtin.package:
|
|
name: openssh-client
|
|
state: present
|
|
|
|
- name: Create /root/.ssh directory
|
|
ansible.builtin.file:
|
|
path: /root/.ssh
|
|
state: directory
|
|
mode: '0700'
|
|
|
|
- name: Extract from secrets.tar.gz.enc
|
|
shell: "openssl enc -aes-256-cbc -md md5 -pass env:SECRETS_ARCHIVE_PASSPHRASE -d -in /root/secrets.tar.gz.enc | tar -zxv -C {{ item.dir }} --strip 2 {{ item.name }}"
|
|
with_items:
|
|
- name: secrets/docker-duplicity-stack/mail_credentials.json
|
|
dir: /root/
|
|
- name: secrets/bootstrap/id_rsa
|
|
dir: /root/.ssh
|
|
- name: secrets/docker-duplicity-stack/nextcloud_password.sh
|
|
dir: /root
|
|
- name: secrets/bootstrap/openrc.sh
|
|
dir: /root
|
|
|
|
- name: Change SSH private key permissions
|
|
ansible.builtin.file:
|
|
path: /root/.ssh/id_rsa
|
|
mode: '0400'
|
|
|
|
- name: Remove docker-duplicity-stack directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ user }}/repository/docker-duplicity-stack"
|
|
state: absent
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Clone docker-duplicity-stack repo
|
|
ansible.builtin.git:
|
|
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity-stack.git'
|
|
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
|
|
clone: yes
|
|
force: true
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Copy files
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/home/{{ user }}/repository/docker-duplicity-stack"
|
|
mode: '0400'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
with_items:
|
|
- /root/mail_credentials.json
|
|
- /root/.ssh/id_rsa
|
|
|
|
- name: Set Nextcloud credentials
|
|
ansible.builtin.include_tasks: "tasks/source_vars.yml"
|
|
with_items:
|
|
- NEXTCLOUD_USER
|
|
- NEXTCLOUD_PASSWORD
|
|
vars:
|
|
shell_script: /root/nextcloud_password.sh
|
|
|
|
- name: Create /mnt/cloud directory if it does not exist
|
|
ansible.builtin.file:
|
|
path: /mnt/cloud
|
|
state: directory
|
|
mode: '0755'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Create /etc/davfs2 directory
|
|
ansible.builtin.file:
|
|
path: /etc/davfs2
|
|
state: directory
|
|
mode: '0755'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Copy using inline content
|
|
ansible.builtin.copy:
|
|
content: '/mnt/cloud {{ NEXTCLOUD_USER }} {{ NEXTCLOUD_PASSWORD }}'
|
|
dest: /etc/davfs2/secrets
|
|
mode: '0600'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: mount /mnt/cloud
|
|
ansible.posix.mount:
|
|
path: /mnt/cloud
|
|
src: "https://{{ CLOUD_SERVER }}/remote.php/webdav/"
|
|
fstype: davfs
|
|
opts: "uid={{ user }},gid={{ user }}"
|
|
state: mounted
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Set OpenStack credentials
|
|
ansible.builtin.include_tasks: "tasks/source_vars.yml"
|
|
with_items:
|
|
- OS_AUTH_URL
|
|
- OS_IDENTITY_API_VERSION
|
|
- OS_USER_DOMAIN_NAME
|
|
- OS_PROJECT_DOMAIN_NAME
|
|
- OS_TENANT_ID
|
|
- OS_TENANT_NAME
|
|
- OS_USERNAME
|
|
- OS_PASSWORD
|
|
- OS_REGION_NAME
|
|
vars:
|
|
shell_script: /root/openrc.sh
|
|
|
|
- name: Setup volume
|
|
ansible.builtin.include_tasks: "tasks/setup_volume.yml"
|
|
with_items:
|
|
- name: tmp_duplicity_workdir
|
|
size: 20
|
|
- name: duplicity_cache
|
|
size: 5
|
|
|
|
- name: Install git
|
|
ansible.builtin.package:
|
|
name: git
|
|
state: present
|
|
|
|
- name: Get docker-duplicity repo's last commit
|
|
ansible.builtin.git:
|
|
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git'
|
|
clone: no
|
|
update: no
|
|
version: master
|
|
register: git
|
|
|
|
- name: Set fact tag
|
|
set_fact:
|
|
tag: "{{ git.after[0:10] }}"
|
|
|
|
- name: Search for image
|
|
community.docker.docker_image:
|
|
name: duplicity
|
|
tag: "{{ tag }}"
|
|
source: local
|
|
docker_host: tcp://127.0.0.1:2375
|
|
register: local_duplicity_image
|
|
failed_when: false
|
|
|
|
- name: Create image build directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ user }}/build_docker-duplicity"
|
|
state: directory
|
|
when:
|
|
- local_duplicity_image.msg is defined
|
|
- '"Cannot find the image" in local_duplicity_image.msg'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
|
|
- name: Clone docker-duplicity repo
|
|
ansible.builtin.git:
|
|
repo: 'https://{{ GIT_SERVER }}/yohan/docker-duplicity.git'
|
|
dest: "/home/{{ user }}/build_docker-duplicity"
|
|
clone: yes
|
|
version: master
|
|
when:
|
|
- local_duplicity_image.msg is defined
|
|
- '"Cannot find the image" in local_duplicity_image.msg'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
|
|
- name: Build duplicity image
|
|
community.docker.docker_image:
|
|
name: duplicity
|
|
tag: "{{ tag }}"
|
|
build:
|
|
path: "/home/{{ user }}/build_docker-duplicity"
|
|
source: build
|
|
when:
|
|
- local_duplicity_image.msg is defined
|
|
- '"Cannot find the image" in local_duplicity_image.msg'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Remove image build directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ user }}/build_docker-duplicity"
|
|
state: absent
|
|
when:
|
|
- local_duplicity_image.msg is defined
|
|
- '"Cannot find the image" in local_duplicity_image.msg'
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
|
|
- name: Install jsondiff from pip
|
|
ansible.builtin.pip:
|
|
name: jsondiff
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
|
|
- name: Clone duplicity_playbooks repo
|
|
ansible.builtin.git:
|
|
repo: 'https://{{ GIT_SERVER }}/yohan/duplicity_playbooks.git'
|
|
dest: "/home/{{ user }}/repository/duplicity_playbooks_temp"
|
|
clone: yes
|
|
version: master
|
|
force: true
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
|
|
# We are forced to use another container because mounts done on the hosts after current container start will not be visible
|
|
- name: Start duplicity container
|
|
community.docker.docker_container:
|
|
name: duplicity
|
|
image: "duplicity:{{ tag }}"
|
|
entrypoint:
|
|
- "ansible-playbook"
|
|
- "/root/duplicity_playbooks/{{ lookup('env','BACKUP_WORKFLOW') }}.yml"
|
|
output_logs: true
|
|
detach: false
|
|
network_mode: host
|
|
working_dir: "/home/{{ user }}/repository/docker-duplicity-stack"
|
|
volumes:
|
|
- /mnt/volumes:/mnt/volumes:z
|
|
- /mnt/cloud:/mnt/cloud:z
|
|
- /home/{{ user }}/repository/docker-duplicity-stack/backup_scripts:/mnt/scripts:z
|
|
- /home/{{ user }}/repository/docker-duplicity-stack/sendmail.py:/root/sendmail.py:z
|
|
- /home/{{ user }}/repository/docker-duplicity-stack/mail_credentials.json:/root/mail_credentials.json:z
|
|
- /home/{{ user }}/repository/docker-duplicity-stack/id_rsa:/root/.ssh/id_rsa:Z
|
|
- /home/{{ user }}/repository/docker-duplicity-stack/config:/root/.ssh/config:Z
|
|
- /home/{{ user }}/repository/duplicity_playbooks_temp:/root/duplicity_playbooks:Z
|
|
env:
|
|
OS_AUTH_URL: "{{ OS_AUTH_URL }}"
|
|
OS_IDENTITY_API_VERSION: "{{ OS_IDENTITY_API_VERSION }}"
|
|
OS_USER_DOMAIN_NAME: "{{ OS_USER_DOMAIN_NAME }}"
|
|
OS_PROJECT_DOMAIN_NAME: "{{ OS_PROJECT_DOMAIN_NAME }}"
|
|
OS_TENANT_ID: "{{ OS_TENANT_ID }}"
|
|
OS_TENANT_NAME: "{{ OS_TENANT_NAME }}"
|
|
OS_USERNAME: "{{ OS_USERNAME }}"
|
|
OS_PASSWORD: "{{ OS_PASSWORD }}"
|
|
OS_REGION_NAME: "{{ OS_SWIFT_REGION_NAME }}"
|
|
KEY: "{{ lookup('env','KEY') }}"
|
|
DOC_KEY: "{{ lookup('env','DOC_KEY') }}"
|
|
SECRETS_ARCHIVE_PASSPHRASE: "{{ lookup('env','SECRETS_ARCHIVE_PASSPHRASE') }}"
|
|
DUPLICITY_PASSPHRASE: "{{ lookup('env','DUPLICITY_PASSPHRASE') }}"
|
|
BACKUP_WORKFLOW: "{{ lookup('env','BACKUP_WORKFLOW') }}"
|
|
remote_user: "{{ user }}"
|
|
delegate_to: 172.17.0.1
|
|
become: true
|
|
register: container_output
|
|
|
|
- debug:
|
|
msg: "{{ container_output.container.Output.split('\n') }}"
|
|
|
|
# docker_compose collection version will not work on Centos 7
|
|
#- name: Start duplicity stack
|
|
# community.docker.docker_compose:
|
|
# project_src: /home/{{ user }}/repository/docker-duplicity-stack
|
|
# state: present
|
|
# remote_user: "{{ user }}"
|
|
# delegate_to: 172.17.0.1
|
|
# become: true
|
|
|