saibotk-de/infrastructure
saibotk-de/infrastructure
1
0
Fork 0
Code Issues Pull requests Releases 42 Activity

remove!(lvm_self_backup): unused

Browse source
This commit is contained in:
Saibotk 2025-01-20 00:33:55 +01:00
parent 87c004ded6
commit 8d6baf9db6
Signed by: saibotk
GPG key ID: 67585F0065E261D5
11 changed files with 0 additions and 437 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
playbooks/lvm_self_backup.yml
View file

@ -1,22 +0,0 @@
---
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Install & configure LVM self backup
hosts: lvm_self_backup
roles:
- docker
- lvm_self_backup

26
roles/lvm_self_backup/README.md
View file

@ -1,26 +0,0 @@
lvm_self_backup
=========
This will deploy a `backup-lvm` and `backup-lvm-ls` script to backup configured LVM volumes encrypted with GPG using duplicity and list the remote content for verification. A systemd timer is also deployed to schedule automatic backups daily at 4 AM.
Requirements
------------
You will need to have docker installed or declared as a dependency with the respective role.
Role Variables
--------------
**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
Dependencies
------------
- docker
License
-------
GPL-3.0-only

72
roles/lvm_self_backup/defaults/main.yml
View file

@ -1,72 +0,0 @@
---
# Default variables for the lvm_self_backup role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# The directory to put the status flag in
lvm_self_backup_status_directory: "/monitoring"
# Status directory user & group id
# This can be used for example to give telegraf access to the status files.
lvm_self_backup_status_directory_uid: 100
lvm_self_backup_status_directory_gid: 101
# The LVM volumes to backup
# Available fields:
# vg_name - The volume group that the volume resides in
# lv_name - The logical volume name that should be backed up
# fstype - Optional. Set to "xfs" to mount the snapshots with the `nouuid` flag when the XFS filesystem is used.
#
lvm_self_backup_vols: []
# The backup target (see duplicity for valid inputs)
lvm_self_backup_target: ""
# The duplicity image & version
lvm_self_backup_duplicity_image: "quay.io/sheogorath/duplicity"
# renovate: depName=quay.io/sheogorath/duplicity
lvm_self_backup_duplicity_version: "1.2.3"
lvm_self_backup_duplicity_image_version: "{{ lvm_self_backup_duplicity_version }}"
# The GPG options to be used when backing up
# Generate a GPG key as the root user before using this role and enter the details here!
lvm_self_backup_gpg:
id: ""
passphrase: "PASSWORD"
sign_key: "{{ lvm_self_backup_gpg.id }}"
encryption_keys:
- "{{ lvm_self_backup_gpg.id }}"
# Should the systemd timer be enabled to automatically backup every day?
lvm_self_backup_timer_enabled: true
lvm_self_backup_timer_state: "started"
# Management for backup retention if enabled, backups will be dropped.
lvm_self_backup_retention:
# Number of incremental backups to keep.
# Incremental backups require a full backup as base.
# Therefore the incremental count must be lower
# then under full backup if both are enabled.
incremental:
enabled: true
count: 3
# Number of full backups to keep. All additional will be deleted.
# Starting from the oldest.
full:
enabled: true
count: 6

23
roles/lvm_self_backup/handlers/main.yml
View file

@ -1,23 +0,0 @@
---
# Handlers for lvm_self_backup
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Reload systemd config
ansible.builtin.systemd:
daemon_reload: true
become: true

43
roles/lvm_self_backup/meta/main.yml
View file

@ -1,43 +0,0 @@
galaxy_info:
author: saibotk
description: "Deploys a self backup solution using lvm and duplicity."
license: GPL-3.0-only
min_ansible_version: "2.9"
standalone: true
platforms:
- name: EL
versions:
- all
- name: GenericUNIX
versions:
- all
- name: Fedora
versions:
- all
- name: opensuse
versions:
- all
- name: GenericBSD
versions:
- all
- name: FreeBSD
versions:
- all
- name: Ubuntu
versions:
- all
- name: SLES
versions:
- all
- name: GenericLinux
versions:
- all
- name: Debian
versions:
- all
galaxy_tags: []
dependencies:
- role: docker

78
roles/lvm_self_backup/tasks/main.yml
View file

@ -1,78 +0,0 @@
---
# Tasks file for the lvm_self_backup role
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
- name: Create backup mount directories
ansible.builtin.file:
path: "/lvm_self_backup_snapshots/{{ item.vg_name }}-{{ item.lv_name }}"
state: directory
mode: "0700"
owner: "root"
group: "root"
recurse: true
with_items:
- "{{ lvm_self_backup_vols }}"
become: true
- name: Create backup status directory
ansible.builtin.file:
path: "{{ item }}"
state: directory
mode: "0700"
owner: "{{ lvm_self_backup_status_directory_uid }}"
group: "{{ lvm_self_backup_status_directory_gid }}"
recurse: true
with_items:
- "{{ lvm_self_backup_status_directory }}"
become: true
- name: Install backup scripts.
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
mode: "0700"
owner: "root"
group: "root"
with_items:
- src: "backup-lvm.sh"
dest: "/usr/local/bin/backup-lvm"
- src: "backup-lvm-ls.sh"
dest: "/usr/local/bin/backup-lvm-ls"
become: true
- name: Install backup services & timer.
ansible.builtin.template:
src: "{{ item }}"
dest: /etc/systemd/system/
mode: "0600"
owner: "root"
group: "root"
with_items:
- "backup-error.service"
- "backup-lvm.service"
- "backup-lvm.timer"
notify: Reload systemd config
become: true
- name: Start & enable backup service timer.
ansible.builtin.systemd:
daemon_reload: true
name: backup-lvm.timer
enabled: "{{ lvm_self_backup_timer_enabled | bool }}"
state: "{{ lvm_self_backup_timer_state }}"
become: true

6
roles/lvm_self_backup/templates/backup-error.service
View file

@ -1,6 +0,0 @@
[Unit]
Description=Writes the error for the monitoring to pick the failure up.
[Service]
Type=oneshot
ExecStart=/usr/bin/bash -c 'echo 1337 > {{ lvm_self_backup_status_directory }}/backup.status && chown {{ lvm_self_backup_status_directory_uid }}:{{ lvm_self_backup_status_directory_gid }} {{ lvm_self_backup_status_directory }}/backup.status'

37
roles/lvm_self_backup/templates/backup-lvm-ls.sh
View file

@ -1,37 +0,0 @@
#!/bin/sh
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
echo "Listing backed up data:"
docker run --name="duplicity-backup-lvm" \
--security-opt "label=disable" \
--security-opt "no-new-privileges" \
--cap-drop=ALL \
--cap-add=DAC_OVERRIDE \
--rm \
-v "$HOME/.cache/duplicity/:/archive" \
-v "/root/.gnupg/:/root/.gnupg/" \
-v "/lvm_self_backup_snapshots/:/backup/:ro" \
-e "PASSPHRASE={{ lvm_self_backup_gpg.passphrase }}" \
--hostname {{ ansible_fqdn }} \
{{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
list-current-files \
--sign-key "{{ lvm_self_backup_gpg.sign_key | default(lvm_self_backup_gpg.id) }}" \
{% for encryption_key in lvm_self_backup_gpg.encryption_keys | default([lvm_self_backup_gpg.id]) %}
--encrypt-key "{{ encryption_key }}" \
{% endfor %}
"{{ lvm_self_backup_target }}"

33
roles/lvm_self_backup/templates/backup-lvm.service
View file

@ -1,33 +0,0 @@
[Unit]
Description=Start lvm backup using duplicity.
[Service]
Type=oneshot
TimeoutSec=20h
# Creating snapshots
{% for item in lvm_self_backup_vols %}
ExecStartPre=/usr/sbin/lvcreate -L 1G -n {{ item.lv_name }}_snap -s {{ item.vg_name }}/{{ item.lv_name }}
{% endfor %}
# Mounting snapshots
{% for item in lvm_self_backup_vols %}
ExecStartPre=/usr/bin/mount -o ro,nosuid,noexec{% if item.fstype is defined and item.fstype == "xfs" %},nouuid{% endif %} -t {{ item.fstype | default("ext4") }} /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap /lvm_self_backup_snapshots/{{ item.vg_name }}-{{ item.lv_name }}
{% endfor %}
ExecStart=/usr/local/bin/backup-lvm
# Make sure duplicity container is gone
ExecStopPost=/usr/bin/docker rm --force duplicity-backup-lvm
# Unmount snapshots
{% for item in lvm_self_backup_vols %}
ExecStopPost=/usr/bin/umount /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap
{% endfor %}
# Remove snapshots
{% for item in lvm_self_backup_vols %}
ExecStopPost=/usr/sbin/lvremove -f {{ item.vg_name }}/{{ item.lv_name }}_snap
{% endfor %}

89
roles/lvm_self_backup/templates/backup-lvm.sh
View file

@ -1,89 +0,0 @@
#!/bin/bash
# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2020 Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function backup () {(
set -e
echo "Starting data backup:"
docker run --name="duplicity-backup-lvm" \
--security-opt "label=disable" \
--security-opt "no-new-privileges" \
--cap-drop=ALL \
--cap-add=DAC_OVERRIDE \
--rm \
-v "$HOME/.cache/duplicity/:/archive" \
-v "/root/.gnupg/:/root/.gnupg/" \
-v "/lvm_self_backup_snapshots/:/backup/:ro" \
-e "PASSPHRASE={{ lvm_self_backup_gpg.passphrase }}" \
--hostname {{ ansible_fqdn }} \
{{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
--full-if-older-than 1M \
--progress \
--progress-rate 60 \
--sign-key "{{ lvm_self_backup_gpg.sign_key | default(lvm_self_backup_gpg.id) }}" \
{% for encryption_key in lvm_self_backup_gpg.encryption_keys | default([lvm_self_backup_gpg.id]) %}
--encrypt-key "{{ encryption_key }}" \
{% endfor %}
/backup/ \
"{{ lvm_self_backup_target }}"
{% if lvm_self_backup_retention.incremental.enabled %}
echo "Remove old incremental backups"
docker run --name="duplicity-backup-lvm" \
--security-opt "label=disable" \
--security-opt "no-new-privileges" \
--cap-drop=ALL \
--cap-add=DAC_OVERRIDE \
--rm \
-v "$HOME/.cache/duplicity/:/archive" \
--hostname {{ ansible_fqdn }} \
{{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
remove-all-inc-of-but-n-full {{ lvm_self_backup_retention.incremental.count }} --force \
"{{ lvm_self_backup_target }}"
{% endif %}
{% if lvm_self_backup_retention.full.enabled %}
echo "Remove old full backups"
docker run --name="duplicity-backup-lvm" \
--security-opt "label=disable" \
--security-opt "no-new-privileges" \
--cap-drop=ALL \
--cap-add=DAC_OVERRIDE \
--rm \
-v "$HOME/.cache/duplicity/:/archive" \
--hostname {{ ansible_fqdn }} \
{{ lvm_self_backup_duplicity_image }}:{{ lvm_self_backup_duplicity_image_version }} \
remove-all-but-n-full {{ lvm_self_backup_retention.full.count }} --force \
"{{ lvm_self_backup_target }}"
{% endif %}
)}
echo "LVM backup started:"
backup
success=$?
if [ $success -gt 0 ]; then
echo "ERROR: An error occured during backup! $success"
fi
echo $success > {{ lvm_self_backup_status_directory }}/backup.status
chown {{ lvm_self_backup_status_directory_uid }}:{{ lvm_self_backup_status_directory_gid }} {{ lvm_self_backup_status_directory }}/backup.status
exit $success

8
roles/lvm_self_backup/templates/backup-lvm.timer
View file

@ -1,8 +0,0 @@
[Unit]
Description=Schedule regular lvm backups.
[Timer]
OnCalendar=*-*-* 4:00:00
[Install]
WantedBy=multi-user.target