Autoconfiguration of backup servers.

apollo13 · Jun 24, 2019 · a4f7bf1 · a4f7bf1
1 parent 4bc2258
commit a4f7bf1
Show file tree

Hide file tree

Showing 13 changed files with 133 additions and 131 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -6,3 +6,6 @@ indent_size = 2
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
+
+[*.py]
+indent_size = 4
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -15,3 +15,9 @@ borgbackup_ssh_package:
   debian: openssh-client
 
 borgbackup_path: /usr/{% if borgbackup_install_method == "upstream" %}local/{% endif %}bin/borg
+
+# borgbackup_config:
+#   calendar_spec: "*-*-* 2:00:00" # default
+#   repository: ssh://test@borg-srv-ubuntu/./ # autodetected if repository_server is set
+#   passphrase: test
+#   repository_server: borg-srv-ubuntu
diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2
@@ -21,7 +21,7 @@ RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y pyth
     elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
 
 RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
-  rm -f /lib/systemd/system/multi-user.target.wants/*;\
+  (cd /lib/systemd/system/multi-user.target.wants/; for i in *; do [ $i == systemd-user-sessions.service ] || rm -f $i; done); \
   rm -f /etc/systemd/system/*.wants/*; \
   rm -f /lib/systemd/system/local-fs.target.wants/*; \
   rm -f /lib/systemd/system/sockets.target.wants/*udev*; \

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -12,39 +12,43 @@ driver:
 lint:
   name: yamllint
 platforms:
-  - name: centos-borgbackup-system
+  - name: borg
     image: centos:7
     command: /sbin/init
     groups:
       - client
     <<: *platform_defaults
-  - name: centos-borgbackup-upstream
+  - name: borg-centos-system
     image: centos:7
     command: /sbin/init
     groups:
-      - upstream
       - client
     <<: *platform_defaults
-  - name: ubuntu-borgbackup-system
+  - name: borg-centos-upstream
+    image: centos:7
+    command: /sbin/init
+    groups:
+      - client
+    <<: *platform_defaults
+  - name: borg-ubuntu-system
     image: ubuntu:18.04
     command: /sbin/init
     groups:
       - client
     <<: *platform_defaults
-  - name: ubuntu-borgbackup-upstream
+  - name: borg-ubuntu-upstream
     image: ubuntu:18.04
     command: /sbin/init
     groups:
-      - upstream
       - client
     <<: *platform_defaults
-  - name: centos-server
+  - name: borg-srv-centos
     image: centos:7
     command: /sbin/init
     groups:
       - server
     <<: *platform_defaults
-  - name: ubuntu-server
+  - name: borg-srv-ubuntu
     image: ubuntu:18.04
     command: /sbin/init
     groups:
@@ -55,21 +59,53 @@ provisioner:
   lint:
     name: ansible-lint
   inventory:
-    group_vars:
-      upstream:
-        borgbackup_install_method: upstream
-      client:
+    host_vars:
+      borg:
         borgbackup_config:
-          calendar_spec: "*-*-* 2:00:00"
-          repository: file:///home/backup/test_repo
+          calendar_spec: "*-*-* 8:00:00"
+          repository: ssh://backup@borg-srv-centos/./
           passphrase: test
           known_hosts:
             - "dummy ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElvcKplWycItag/MP7gYUCy95WIhMM1OFKbZ/j/ykFE"
-          repository_server: centos-server
-      server:
+          autoinit: no
+        borgbackup_user: test
+
+      borg-centos-system:
+        borgbackup_config:
+          repository: ssh://backup@borg-srv-centos/./
+          passphrase: test
+          repository_server: borg-srv-centos
+        borgbackup_user: centos
+
+      borg-centos-upstream:
+        borgbackup_config:
+          repository: ssh://backup@borg-srv-centos/./
+          passphrase: test
+          repository_server: borg-srv-centos
+        borgbackup_install_method: upstream
+        borgbackup_user: centos
+
+      borg-ubuntu-system:
+        borgbackup_config:
+          repository: ssh://test@borg-srv-ubuntu/./
+          passphrase: test
+          repository_server: borg-srv-ubuntu
+
+      borg-ubuntu-upstream:
+        borgbackup_config:
+          repository: ssh://test@borg-srv-ubuntu/./
+          passphrase: test
+          repository_server: borg-srv-ubuntu
+        borgbackup_install_method: upstream
+
+      borg-srv-centos:
         borgbackup_repository_storage: /var/borg
 
+      borg-srv-ubuntu:
+        borgbackup_install_method: upstream
+        borgbackup_user: test
+        borgbackup_repository_storage: /var/borg
 verifier:
-  name: goss
+  name: testinfra
   lint:
-    name: yamllint
+    name: flake8
diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -15,4 +15,3 @@
         name: sshd
         state: started
         enabled: yes
-
diff --git a/molecule/default/tests/test_backup_centos.py b/molecule/default/tests/test_backup_centos.py
@@ -0,0 +1,6 @@
+testinfra_hosts = ["borg-centos-upstream", "borg-centos-system"]
+
+
+def test_backup(host):
+    assert host.run("systemctl start borgbackup").rc == 0
+    assert host.run("systemctl is-failed borgbackup").rc == 1
diff --git a/molecule/default/tests/test_backup_ubuntu.py b/molecule/default/tests/test_backup_ubuntu.py
@@ -0,0 +1,6 @@
+testinfra_hosts = ["borg-ubuntu-upstream", "borg-ubuntu-system"]
+
+
+def test_backup(host):
+    assert host.run("systemctl --wait start borgbackup").rc == 0
+    assert host.run("systemctl is-failed borgbackup").rc == 1
diff --git a/molecule/default/tests/test_host_centos-borgbackup-system.yml b/molecule/default/tests/test_host_centos-borgbackup-system.yml
diff --git a/molecule/default/tests/test_host_centos-server.yml b/molecule/default/tests/test_host_centos-server.yml
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
diff --git a/tasks/client.yml b/tasks/client.yml
@@ -21,17 +21,6 @@
     group: "{{ borgbackup_user }}"
     mode: 0600
 
-- name: Upload environment file for repository & passphrase
-  copy:
-    content: |
-      BORG_REPO={{ borgbackup_config.repository }}
-      BORG_PASSPHRASE={{ borgbackup_config.passphrase }}
-    dest: "{{ borgbackup_home }}/config/environment"
-    owner: "{{ borgbackup_user }}"
-    group: "{{ borgbackup_user }}"
-    mode: 0600
-  no_log: yes
-
 - name: Install borg service files
   template:
     src: "{{ item }}.j2"
@@ -47,6 +36,20 @@
     enabled: yes
     state: started
 
+- include_tasks: configure_server.yml
+  when: borgbackup_config.repository_server is defined
+
+- name: Upload environment file for repository & passphrase
+  copy:
+    content: |
+      BORG_REPO={{ _repo_url|default(borgbackup_config.repository) }}
+      BORG_PASSPHRASE={{ borgbackup_config.passphrase }}
+    dest: "{{ borgbackup_home }}/config/environment"
+    owner: "{{ borgbackup_user }}"
+    group: "{{ borgbackup_user }}"
+    mode: 0600
+  no_log: yes
+
 - name: Configure and possibly prepare repository
   become: yes
   become_user: "{{ borgbackup_user }}"
@@ -62,24 +65,17 @@
         label: "{{ ' '.join(item.split()[:2]) }} ..."
       when: borgbackup_config.known_hosts is defined
 
-    - name: Regather facts to get SSH host keys
-      setup:
-        gather_subset: "!all"
-      delegate_to: "{{ borgbackup_config.repository_server }}"
-      delegate_facts: True
-      when: borgbackup_config.repository_server is defined
-
     - name: Configure known_hosts from inventory server
       known_hosts:
-        name: "{{ borgbackup_config.repository_server }}"
-        key: "{{ borgbackup_config.repository_server }} {{ item.ssh_algo }} {{ hostvars[borgbackup_config.repository_server]['ansible_facts'][item.fact] }}"
+        name: "{{ hostvars[borgbackup_config.repository_server].ansible_facts.fqdn }}"
+        key: "{{ hostvars[borgbackup_config.repository_server].ansible_facts.fqdn }} {{ item.ssh_algo }} {{ hostvars[borgbackup_config.repository_server]['ansible_facts'][item.fact] }}"  # noqa 204
         state: present
       loop:
         - {fact: ssh_host_key_ecdsa_public, ssh_algo: ecdsa-sha2-nistp256}
         - {fact: ssh_host_key_ed25519_public, ssh_algo: ssh-ed25519}
         - {fact: ssh_host_key_rsa_public, ssh_algo: ssh-rsa}
       loop_control:
-        label: "{{ borgbackup_config.repository_server }} {{ item.ssh_algo }} ..."
+        label: "{{ borgbackup_config.repository_server|default('undefined') }} {{ item.ssh_algo }} ..."
       when: borgbackup_config.repository_server is defined
 
     - name: Check if we already created a repository

diff --git a/tasks/configure_server.yml b/tasks/configure_server.yml
@@ -0,0 +1,39 @@
+---
+
+- name: Simplify variables
+  set_fact:
+    _repository_server: "{{ borgbackup_config.repository_server }}"
+    _user: "{{ hostvars[borgbackup_config.repository_server].borgbackup_user|default('backup') }}"
+    _repo_path: "{{ hostvars[borgbackup_config.repository_server].borgbackup_repository_storage.rstrip('/') }}/{{ inventory_hostname }}"
+    _borg_executable: "{{ hostvars[borgbackup_config.repository_server].borgbackup_path|default('/usr/' + ('' if hostvars[borgbackup_config.repository_server].borgbackup_install_method|default('system') == 'system' else 'local/') + 'bin/borg') }}"  # noqa 204
+    _repo_url: "ssh://{{ hostvars[borgbackup_config.repository_server].borgbackup_user|default('backup') }}@{{ hostvars[borgbackup_config.repository_server].ansible_facts.fqdn }}/./"  # noqa 204
+
+- name: Get public key
+  slurp:
+    src: "{{ borgbackup_home }}/.ssh/id_rsa.pub"
+  register: slurped_key_b64
+
+- name: Regather facts to get SSH host keys
+  setup:
+    gather_subset: "!all"
+  delegate_to: "{{ _repository_server }}"
+  delegate_facts: True
+
+- name: Create borg repository folder
+  file:
+    path: "{{ _repo_path }}"
+    state: directory
+    owner: "{{ _user }}"
+    group: "{{ _user }}"
+    mode: 0700
+  delegate_to: "{{ _repository_server }}"
+  become: yes
+
+- name: Configure SSH to allow the clients to access
+  authorized_key:
+    user: "{{ _user }}"
+    state: present
+    key: "{{ slurped_key_b64.content|b64decode }}"
+    key_options: 'command="cd {{ _repo_path }}; {{ _borg_executable }} serve --append-only --restrict-to-repository {{ _repo_path }}",restrict'
+  delegate_to: "{{ _repository_server }}"
+  become: yes
diff --git a/templates/borgbackup.timer.j2 b/templates/borgbackup.timer.j2
@@ -2,7 +2,7 @@
 Description=Borgbackup timer
 
 [Timer]
-OnCalendar={{ borgbackup_config.calendar_spec }}
+OnCalendar={{ borgbackup_config.calendar_spec|default("*-*-* 2:00:00") }}
 RandomizedDelaySec=300
 
 [Install]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -15,4 +15,3 @@
		name: sshd
		state: started
		enabled: yes