mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
109 lines
3.4 KiB
YAML
109 lines
3.4 KiB
YAML
# This role runs on localhost; use commands like sftp to upload configuration
|
|
|
|
- name: Create the root backup directory at {{ backup_dir }}
|
|
expect:
|
|
command: bash -c "echo 'mkdir {{ backup_dir }}' | sftp -P 23 {{ storagebox_username }}@{{ storagebox_hostname }}"
|
|
responses:
|
|
(?i)password: "{{ storagebox_password }}"
|
|
|
|
- name: Create a home directory for each sub-account
|
|
expect:
|
|
command: |
|
|
bash -c 'sftp -P 23 {{ storagebox_username }}@{{ storagebox_hostname }} <<EOF
|
|
{% for client in backup_clients %}
|
|
mkdir {{ backup_dir }}/{{ client }}
|
|
{% endfor %}
|
|
EOF'
|
|
responses:
|
|
(?i)password: "{{ storagebox_password }}"
|
|
|
|
- name: Fetch ssh keys from each borg client machine
|
|
command: cat /root/.ssh/id_rsa.pub
|
|
check_mode: false
|
|
register: client_ssh_keys
|
|
delegate_to: "{{ item }}"
|
|
loop: "{{ backup_clients }}"
|
|
changed_when: client_ssh_keys.changed
|
|
|
|
- name: Create tempfile
|
|
tempfile: state=file
|
|
check_mode: false
|
|
register: tempfile
|
|
|
|
- name: Fill tempfile
|
|
template: src=authorized_keys.j2 dest={{ tempfile.path }} mode=preserve
|
|
no_log: true
|
|
|
|
- name: Upload authorized_keys for Arch DevOps
|
|
expect:
|
|
command: |
|
|
bash -c 'sftp -P 23 {{ storagebox_username }}@{{ storagebox_hostname }} <<EOF
|
|
mkdir .ssh
|
|
chmod 700 .ssh
|
|
put {{ tempfile.path }} .ssh/authorized_keys
|
|
chmod 600 .ssh/authorized_keys
|
|
EOF'
|
|
responses:
|
|
(?i)password: "{{ storagebox_password }}"
|
|
|
|
- name: Upload authorized_keys for each backup client
|
|
include_tasks: upload_client_authorized_keys.yml
|
|
loop: "{{ client_ssh_keys.results }}"
|
|
loop_control:
|
|
label: "{{ item.item }}"
|
|
|
|
- name: Retrieve sub-account information
|
|
uri:
|
|
url: https://robot-ws.your-server.de/storagebox/{{ storagebox_id }}/subaccount
|
|
user: "{{ hetzner_webservice_username }}"
|
|
password: "{{ hetzner_webservice_password }}"
|
|
check_mode: false
|
|
register: subaccounts_raw
|
|
no_log: true
|
|
|
|
- name: Get list of sub-accounts
|
|
set_fact:
|
|
subaccounts: "{{ subaccounts_raw.json | json_query('[].subaccount') }}"
|
|
|
|
- name: Create missing sub-accounts
|
|
uri:
|
|
timeout: 60
|
|
url: https://robot-ws.your-server.de/storagebox/{{ storagebox_id }}/subaccount
|
|
user: "{{ hetzner_webservice_username }}"
|
|
password: "{{ hetzner_webservice_password }}"
|
|
method: POST
|
|
body_format: form-urlencoded
|
|
body:
|
|
homedirectory: "{{ backup_dir }}/{{ item }}"
|
|
comment: "{{ item }}"
|
|
ssh: "true"
|
|
loop: "{{ backup_clients | difference(subaccounts | json_query('[].comment')) }}"
|
|
register: new_subaccounts_raw
|
|
no_log: true
|
|
|
|
- name: Update list of sub-accounts
|
|
set_fact:
|
|
subaccounts: "{{ subaccounts + [item.json.subaccount | combine({'comment': item.invocation.module_args.body.comment})] }}"
|
|
loop: "{{ new_subaccounts_raw.results }}"
|
|
loop_control:
|
|
label: "{{ item.invocation.module_args.body.comment }}"
|
|
|
|
- name: Match usernames to backup clients
|
|
set_fact:
|
|
backup_client_usernames: "{{ backup_client_usernames | default({}) | combine({item.comment: item.username}) }}"
|
|
loop: "{{ subaccounts }}"
|
|
loop_control:
|
|
label: "{{ {item.comment: item.username} }}"
|
|
|
|
- name: Configure ssh on backup clients
|
|
blockinfile:
|
|
path: /root/.ssh/config
|
|
create: true
|
|
mode: '0600'
|
|
block: |
|
|
Host {{ storagebox_hostname }}
|
|
User {{ backup_client_usernames[item] }}
|
|
marker: '# {mark} HETZNER STORAGE BOX BACKUP CLIENT CONFIG'
|
|
delegate_to: "{{ item }}"
|
|
loop: "{{ backup_clients }}"
|