...
 
Commits (3)
---
- name: Install djcli
shell: docker exec --user root {{ project_instance }} pip3 install --upgrade djcli
- name: Create super users
register: django_createsuperuser
with_items: '{{ users|default([]) }}'
tags: users
when: item['name']|vaulted_password(false) and ('superuser' in item.get('roles', {}).get(project_instance, []) or project_instance in item.get('roles', {}).get('superuser', {}))
shell: docker exec {{ project_instance }} djcli save settings.AUTH_USER_MODEL username username={{ item['name'] }} email={{ item['email'] }}
shell: docker exec {{ project_instance }} djcli save settings.AUTH_USER_MODEL +username={{ item['name'] }} email={{ item['email'] }} is_superuser=1
- name: Update passwords
tags: users
......
mv $restore/media media
mv $restore/{{ project_django_media_home }} media
......@@ -4,7 +4,7 @@ until test -S {{ project_postgres_run_home }}/.s.PGSQL.5432; do
sleep 1
done
sleep 3 # ugly wait until db starts up, socket waiting aint enough
mv $restore/data.dump {{ project_postgres_data_home }}/data.dump
mv $restore{{ project_postgres_data_home }}/data.dump {{ project_postgres_data_home }}/data.dump
docker exec {{ project_postgres_host }} psql -d {{ project_postgres_db }} -U {{ project_postgres_user }} -f {{ project_postgres_data_mount }}/data.dump
echo Restore happy, clearing $postgres_current and $restore/data.dump
rm -rf $postgres_current $restore/data.dump
......@@ -30,17 +30,21 @@
- name: Upload backup password
copy:
dest: '{{ project_home }}/.backup_password'
content: '{{ restic_password }}'
content: '{{ backup_passphrase }}'
owner: deploy
group: root
mode: 0700
- name: Init restic repository
register: backup_init
shell: 'RESTIC_REPOSITORY={{ project_backup_repo }} RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password restic init --repo {{ project_backup_repo }}'
args:
executable: /bin/bash
creates: '{{ project_backup_repo }}'
- name: Install duplicity role
include_role: name=duplicity
# from when we used restic. Shall tat be revived one day when restic progresses
# - name: Init restic repository
# register: backup_init
# shell: 'RESTIC_REPOSITORY={{ project_backup_repo }} RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password restic init --repo {{ project_backup_repo }}'
# args:
# executable: /bin/bash
# creates: '{{ project_backup_repo }}'
- name: Create backup unit
notify: backup unit
......
......@@ -23,16 +23,30 @@ EOF
exit $retcode
fi
# restic code commented for posterity
set -eu
export RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password
#export RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password
export backup=""
export PASSPHRASE="$(<{{ project_home }}/.backup_password)"
set -x
export RESTIC_REPOSITORY={{ repo }}
backup_type="${BACKUP_TYPE-}"
#export RESTIC_REPOSITORY={{ repo }}
pushd {{ project_home }}
{{ script_content_pre }}
restic backup $backup
# build the line for duplicity ...
include_line=""
for name in $backup; do
if [[ ! $name =~ ^/ ]]; then
name="$(pwd)/$name"
fi
include_line="$include_line --include $name"
done
{% if backup_lftp_dsn|default(False) %}
lftp -c 'set ssl:check-hostname false;connect {{ backup_lftp_dsn }}; mkdir -p {{ project_instance }}; mirror -Rv {{ project_home }}/restic {{ project_instance }}/restic'
duplicity $backup_type $include_line --exclude '**' / {{ backup_lftp_dsn }}/duplicity-{{ project_instance }}
# connect manually with
# lftp -c 'set ssl:check-hostname false;connect {{ backup_lftp_dsn }}'
{% endif %}
{{ script_content_post }}
popd
#!/bin/bash
set -eu
export RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password
#export RESTIC_PASSWORD_FILE={{ project_home }}/.backup_password
set -x
export RESTIC_REPOSITORY={{ repo }}
#export RESTIC_REPOSITORY={{ repo }}
pushd {{ project_home }}
export PASSPHRASE="$(<{{ project_home }}/.backup_password)"
{% if backup_lftp_dsn|default(False) %}
if [ ! -d $RESTIC_REPOSITORY ]; then
echo 'Repository not found ! geting from ftp'
lftp -c 'set ssl:check-hostname false;connect {{ backup_lftp_dsn }}; mirror -v {{ project_instance }}/restic {{ project_home }}/restic'
fi
{% else %}
echo 'FTP not available: backup_lftp_dsn inventory variable not set'
echo 'Do NOT rm the restic directory'
{% endif %}
if [ -z "${1-}" ]; then
restic snapshots
duplicity collection-status {{ backup_lftp_dsn }}/duplicity-{{ project_instance }}
exit 0
fi
export restore={{ project_home }}/restore
rm -rf $restore
{{ restore_content_pre }}
restic restore $1 --target $restore
duplicity restore --time "$1" {{ backup_lftp_dsn }}/duplicity-{{ project_instance }} $restore
{{ restore_content_post }}
popd
{% else %}
echo 'FTP not available: backup_lftp_dsn inventory variable not set'
{% endif %}
---
- name: install restic
package: name=restic
- name: Install backup scripts
when: project_backup_password != False
vars:
repo: '{{ project_backup_repo }}'
backup_lftp_dsn: '{{ project_backup_lftp_dsn }}'
restic_password: '{{ project_backup_password }}'
backup_passphrase: '{{ project_backup_password }}'
unit_name: 'backup-{{ project_instance }}'
unit_description: '{{ project_instance }} backup'
script_path: '{{ project_home }}/backup.sh'
......@@ -16,13 +13,13 @@
getcommit="docker inspect --format='{{ '{{' }}.Config.Env{{ '}}' }}' {{ project_image }} | grep -o 'GIT_COMMIT=[a-z0-9]*'"
if $getcommit; then
export $($getcommit)
backup="$backup --tag $GIT_COMMIT"
echo $GIT_COMMIT > commit
backup="$backup commit"
fi
image="$(docker inspect --format='{{ '{{' }}.Config.Image{{ '}}' }}' {{ project_instance }} || echo {{ project_image }})"
backup="$backup --tag $image"
echo Image this will restore with is "$image"
echo $image > image
docker inspect --format='{{ '{{' }}.Config.Image{{ '}}' }}' {{ project_instance }} || echo {{ project_image }} > image
backup="$backup image"
echo Image this will restore with is "$(<image)"
echo Backing-up container logs as docker will shoot them
docker logs {{ project_instance }} &> {{ project_log_home }}/docker.log || echo "Couldn't get logs from instance"
......@@ -57,7 +54,7 @@
{%- if loop.last %}# last plugin end: {{ plugin }}{% endif %}
{%- endfor %}
mv $restore/docker-run.sh .
mv $restore{{ project_home }}/docker-run.sh .
bash -eux {{ project_home }}/docker-run.sh
prune_path: '{{ project_home }}/prune.sh'
......
---
- name: Install packages to add user
package: name={{ item }}
with_items:
- '{{ "shadow" if ansible_os_family in ("Alpine", "Archlinux") else "passwd" }}'
- sudo
- bash
- name: Passwordless sudo for sudo group
lineinfile:
path: /etc/sudoers.d/passwordless
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
create: yes
owner: root
group: root
mode: 0600
- name: Set ssh service name for Arch
when: ansible_os_family in ('Alpine', 'Archlinux', 'RedHat')
set_fact:
......