coopdevs.backups_role

backups_role

=========

Backup and restore plans for Coopdevs projects.

Requirements

This role uses Restic with the help of restic-ansible.

Role Variables

# Restic version
backups_role_restic_version: '0.16.4'

# Location of the backup scripts
backups_role_path: '/opt/backup'
backups_role_script_dir: "{{ backups_role_path }}/bin"

# Name of the template for the "prepare" script inside
backups_role_script_prepare_template: "cron-prepare.sh.j2"

# If you change backups_role_script_prepare_template, we won't create postgres roles and may not need sudo permissions. To enable related tasks, set these to true:
backups_role_postgresql_enabled:
backups_role_sudoers_enabled:

# Full path to the final backup script
backups_role_script_path:    "{{ backups_role_script_dir }}/backup.sh"

# Location of files created by cron jobs
backups_role_tmp_path: '/tmp/backups'

# List of paths to backup
backups_role_assets_paths: []

# User details for running scripts and owning files
backups_role_user_name: 'backups'
backups_role_user_group: 'backups'
backups_role_user_groups: ''

# Postgresql read-only backup user
backups_role_postgresql_user_name: "{{ backups_role_user_name }}"
# Postgres admin user
postgresql_user: "postgres"
backups_role_db_names: [ "postgres" ]

# Name of the Restic repository, used to identify repos
backups_role_restic_repo_name: {{ escaped_inventory_hostname }}

#########################################
### WARNING! Sensitive variables below ###
#########################################
###  Store these in an  ###
###  ansible-vault to keep them safe. ###
#########################################

# Password for the PostgreSQL backup user
backups_role_postgresql_user_password:

# Password for the Restic repository
backups_role_restic_repo_password:

# URL of the remote backup bucket in Restic format
# Example: for Backblaze, "b2:bucketname:path/to/repo". You might use "b2:bucketname:/".
# For local repo: "/var/backups/repo"
backups_role_restic_repo_url:

# Backblaze "application" key for the above bucket
backups_role_b2_app_key_id:
backups_role_b2_app_key:

Dependencies

coopdevs.ansible_restic

Usage

You need to prepare an inventory for your hosts with the above variables. For example, in inventory/hosts.

Example Playbook for PostgreSQL with Backups

# playbooks/main.yml
---
- name: Install PostgreSQL with automatic backups
  hosts: servers
  become: yes
  roles:
    - role: geerlingguy.postgresql
    - role: coopdevs.backups_role

Playbook to Restore a Backup Locally

# playbooks/restore.yml
---
- name: Restore backup locally
  hosts: servers
  connection: local
  tasks:
  - import_role:
      name: coopdevs.backups_role
      tasks_from: restore-to-controller.yml

Playbook to Restore a Backup to the Host

# playbooks/restore-in-situ.yml
---
- name: Restore backup to the host
  hosts: servers
  tasks:
  - import_role:
      name: coopdevs.backups_role
      tasks_from: restore-to-host.yml

Restore Snapshot Using the Above Playbook

ansible-playbook playbooks/restore.yml -i inventory/hosts -l servers

This playbook won’t install anything globally but needs root access. You might need to provide a sudo password:

ansible-playbook playbooks/restore.yml -i inventory/hosts -l servers --ask-become-pass

By default, it makes a directory with Restic and a helper script and restores the latest snapshot. It removes the helper script securely to avoid exposing credentials. If you want to keep the helper script, run the playbook with the install tag:

ansible-playbook playbooks/restore.yml -i inventory/hosts -l servers --tags install

Custom Backup Script

If your application doesn't use PostgreSQL or you need a different backup script, you can create one by setting backups_role_script_prepare_template. You can use helper methods like log and run. For the paths to backup files, use backups_role_assets_paths.

Be careful as this variable is also used in a different context in the scripts, which might be confusing.

See these examples for how to implement in production.

Sensitive Variables

Please protect the sensitive variables mentioned above. Use Ansible Vault to encrypt the file containing these variables.

Backblaze

Backblaze offers two types of keys: master (account) key and app keys. The account key has control over everything and should not be used to access buckets. Use app keys for specific buckets to limit access.

For credential management, set b2_account_key with backups_role_b2_app_key settings.

Restic

Restic will create a "repository" during configuration. This is like a directory in your Backblaze bucket. If you need to restore specific snapshots, use commands like restic restore or restic dump for individual files.

Make sure to provide the correct repository path and credentials via environment variables, like this:

export RESTIC_REPOSITORY="b2:mybucketname:/"
export RESTIC_PASSWORD="your-encryption-password"
export B2_ACCOUNT_ID="your_app_key_id"
export B2_ACCOUNT_KEY="your_app_key_value"

License

GPLv3

Informazioni sul progetto

Backups strategy for Coopdevs projects.

role backups

Installa

ansible-galaxy install coopdevs.backups_role

GitHub repository

1 stelle

1 fork

1 problemi aperti

Licenza

Unknown

Download

22.6k

Proprietario

coopdevs

Coopdevs, Free and Open Source Software for Social and Solidarity Economy.