Skip to content
Snippets Groups Projects
Commit 9590bf6f authored by Robin Sonnabend's avatar Robin Sonnabend
Browse files

Only setup backup when rsnapshot is configured, don't use password for root auth

parent ee8cddd9
No related branches found
No related tags found
No related merge requests found
Pipeline #3421 failed
......@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
mysql_backup_user: "backup"
# yamllint disable-line rule:line-length
mysql_backup_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql-backup create=true length=20') }}"
mysql_rsnapshot: false
......@@ -24,30 +24,15 @@
state: started
enabled: true
- name: ensure the mysql root user exists and has the correct password
mysql_user:
name: root
password: "{{ mysql_root_password }}"
login_user: root
login_password: "{{ mysql_root_password }}"
register: mysql_root_creation_result
no_log: true
ignore_errors: true
- name: initialize the mysql root user
mysql_user:
name: root
password: "{{ mysql_root_password }}"
no_log: true
when: mysql_root_creation_result is failed
- name: setup mysql backups with rsnapshot
when: '{{mysql_rsnapshot}}'
block:
- name: ensure a read-only mysql user for backups exists
mysql_user:
name: "{{ mysql_backup_user }}"
password: "{{ mysql_backup_password }}"
login_user: root
login_password: "{{ mysql_root_password }}"
priv: "*.*:SELECT,LOCK TABLES"
no_log: true
- name: ensure the backup procedure can access the backup password
template:
......
---
postgres_pgdg_repo: false
postgres_rsnapshot: false
......@@ -36,6 +36,9 @@
state: started
enabled: true
- name: configure snapshots
when: '{{postgres_rsnapshot}}'
block:
- name: ensure we have our postgres backup script
copy:
src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment