Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
databases
Commits
9590bf6f
Commit
9590bf6f
authored
Aug 12, 2021
by
Robin Sonnabend
Browse files
Only setup backup when rsnapshot is configured, don't use password for root auth
parent
ee8cddd9
Pipeline
#3421
failed with stage
in 27 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
mysql/defaults/main.yml
View file @
9590bf6f
...
...
@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
mysql_backup_user
:
"
backup"
# yamllint disable-line rule:line-length
mysql_backup_password
:
"
{{
lookup('passwordstore',
'db/{{
ansible_hostname
}}-mysql-backup
create=true
length=20')
}}"
mysql_rsnapshot
:
false
mysql/tasks/main.yml
View file @
9590bf6f
...
...
@@ -24,56 +24,41 @@
state
:
started
enabled
:
true
-
name
:
ensure the mysql root user exists and has the correct password
mysql_user
:
name
:
root
password
:
"
{{
mysql_root_password
}}"
login
_user
:
root
login_password
:
"
{{
mysql_root_password
}}"
register
:
mysql_root_creation_result
no_log
:
true
ignore_errors
:
true
-
name
:
setup mysql backups with rsnapshot
when
:
'
{{mysql_rsnapshot}}'
block
:
-
name
:
ensure a read-only mysql user for backups exists
mysql
_user
:
name
:
"
{{
mysql_backup_user
}}"
password
:
"
{{
mysql_backup_password
}}"
priv
:
"
*.*:SELECT,LOCK
TABLES"
no_log
:
true
-
name
:
initialize the mysql root user
mysql_user
:
name
:
root
password
:
"
{{
mysql_root_password
}}"
no_log
:
true
when
:
mysql_root_creation_result is failed
-
name
:
ensure the backup procedure can access the backup password
template
:
src
:
my.cnf
dest
:
"
/root/.mysql-{{
mysql_backup_user
}}.cnf"
owner
:
root
group
:
root
mode
:
'
0600'
-
name
:
ensure a read-only mysql user for backups exists
mysql_user
:
name
:
"
{{
mysql
_
backup
_user
}}"
password
:
"
{{
mysql_backup_password
}}"
login_us
er
:
root
login_password
:
"
{{
mysql_root_password
}}"
priv
:
"
*.*:SELECT,LOCK
TABLES"
-
name
:
deploy the mysql backup script
template
:
src
:
mysqlbackup
.sh
dest
:
/usr/local/bin/
own
er
:
root
group
:
root
mode
:
'
0755'
-
name
:
ensure
th
e backup
procedure can access the backup password
template
:
src
:
my
.cnf
dest
:
"
/root/.mysql-{{
mysql_backup_user
}}
.cnf
"
owner
:
root
group
:
root
mode
:
'
06
00
'
-
name
:
ensure
w
e backup
all the mysql databases with rsnapshot
copy
:
src
:
rsnapshot
.c
o
nf
dest
:
/etc/rsnapshot.d/mysql
.c
o
nf
owner
:
root
group
:
root
mode
:
'
06
44
'
-
name
:
deploy the mysql backup script
template
:
src
:
mysqlbackup.sh
dest
:
/usr/local/bin/
owner
:
root
group
:
root
mode
:
'
0755'
-
name
:
ensure we backup all the mysql databases with rsnapshot
copy
:
src
:
rsnapshot.conf
dest
:
/etc/rsnapshot.d/mysql.conf
owner
:
root
group
:
root
mode
:
'
0644'
-
name
:
remove obsolete crontab
file
:
path
:
/etc/cron.d/mysql-snapshot
state
:
absent
-
name
:
remove obsolete crontab
file
:
path
:
/etc/cron.d/mysql-snapshot
state
:
absent
postgres/defaults/main.yml
View file @
9590bf6f
---
postgres_pgdg_repo
:
false
postgres_rsnapshot
:
false
postgres/tasks/main.yml
View file @
9590bf6f
...
...
@@ -36,23 +36,26 @@
state
:
started
enabled
:
true
-
name
:
ensure we have our postgres backup script
copy
:
src
:
"
pgbackup{{
'-bullseye'
if
ansible_distribution_major_version|int(default=99)
>
10
else
''
}}.sh"
dest
:
/usr/local/bin/pgbackup.sh
owner
:
root
group
:
root
mode
:
'
0755'
-
name
:
configure snapshots
when
:
'
{{postgres_rsnapshot}}'
block
:
-
name
:
ensure we have our postgres backup script
copy
:
src
:
"
pgbackup{{
'-bullseye'
if
ansible_distribution_major_version|int(default=99)
>
10
else
''
}}.sh"
dest
:
/usr/local/bin/pgbackup.sh
owner
:
root
group
:
root
mode
:
'
0755'
-
name
:
ensure we have our rsnapshot config
copy
:
src
:
rsnapshot.conf
dest
:
/etc/rsnapshot.d/postgres.conf
owner
:
root
group
:
root
mode
:
'
0644'
-
name
:
ensure we have our rsnapshot config
copy
:
src
:
rsnapshot.conf
dest
:
/etc/rsnapshot.d/postgres.conf
owner
:
root
group
:
root
mode
:
'
0644'
-
name
:
remove obsolete crontab
file
:
path
:
/etc/cron.d/postgres-snapshot
state
:
absent
-
name
:
remove obsolete crontab
file
:
path
:
/etc/cron.d/postgres-snapshot
state
:
absent
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment