saibotk
a47fde9c9c
This patch renames all roles with a `-` to `_`, to comply with the ansible-lint rule 106. As collection roles are now also limited to these symbols and this will make it easier to move them later.
62 lines
2.3 KiB
Bash
62 lines
2.3 KiB
Bash
#!/bin/sh
|
|
|
|
# Infrastructure
|
|
# Ansible instructions to deploy the infrastructure
|
|
# Copyright (C) 2020 Saibotk
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, version 3 of the License.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
echo "LVM backup started:"
|
|
|
|
echo "Creating snapshots:"
|
|
{% for item in backup_vols %}
|
|
lvcreate -L 1G -n {{ item.lv_name }}_snap -s {{ item.vg_name }}/{{ item.lv_name }}
|
|
{% endfor %}
|
|
|
|
echo "Mount snapshots:"
|
|
{% for item in backup_vols %}
|
|
mount -o ro,nosuid,noexec{% if item.fstype is defined and item.fstype == "xfs" %},nouuid{% endif %} -t {{ item.fstype | default("ext4") }} /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap /backup_snapshots/{{ item.vg_name }}-{{ item.lv_name }}
|
|
{% endfor %}
|
|
|
|
echo "Backup data:"
|
|
docker run --name="duplicity-backup-lvm" \
|
|
--security-opt "label=disable" \
|
|
--security-opt "no-new-privileges" \
|
|
--cap-drop=ALL \
|
|
--cap-add=DAC_OVERRIDE \
|
|
--rm \
|
|
-v "$HOME/.cache/duplicity/:/archive" \
|
|
-v "/root/.gnupg/:/root/.gnupg/" \
|
|
-v "/backup_snapshots/:/backup/:ro" \
|
|
-e "PASSPHRASE={{ backup_gpg.passphrase }}" \
|
|
--hostname {{ ansible_fqdn }} \
|
|
{{ backup_duplicity_image }}:{{ backup_duplicity_image_version }} \
|
|
--full-if-older-than 1M \
|
|
--sign-key "{{ backup_gpg.sign_key | default(backup_gpg.id) }}" \
|
|
{% for encryption_key in backup_gpg.encryption_keys | default([backup_gpg.id]) %}
|
|
--encrypt-key "{{ encryption_key }}" \
|
|
{% endfor %}
|
|
/backup/ \
|
|
"{{ backup_target }}"
|
|
|
|
echo "Unmount snapshots:"
|
|
{% for item in backup_vols %}
|
|
umount /dev/{{ item.vg_name }}/{{ item.lv_name }}_snap
|
|
{% endfor %}
|
|
|
|
echo "Remove snapshots:"
|
|
{% for item in backup_vols %}
|
|
lvremove -f {{ item.vg_name }}/{{ item.lv_name }}_snap
|
|
{% endfor %}
|
|
|
|
echo "Backed up LVM volumes successfully"
|