Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
infra
ansible-shared
databases
Commits
9590bf6f
Commit
9590bf6f
authored
Aug 12, 2021
by
Robin Sonnabend
Browse files
Only setup backup when rsnapshot is configured, don't use password for root auth
parent
ee8cddd9
Pipeline
#3421
failed with stage
in 27 seconds
Changes
4
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
mysql/defaults/main.yml
View file @
9590bf6f
...
@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
...
@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
mysql_backup_user
:
"
backup"
mysql_backup_user
:
"
backup"
# yamllint disable-line rule:line-length
# yamllint disable-line rule:line-length
mysql_backup_password
:
"
{{
lookup('passwordstore',
'db/{{
ansible_hostname
}}-mysql-backup
create=true
length=20')
}}"
mysql_backup_password
:
"
{{
lookup('passwordstore',
'db/{{
ansible_hostname
}}-mysql-backup
create=true
length=20')
}}"
mysql_rsnapshot
:
false
mysql/tasks/main.yml
View file @
9590bf6f
...
@@ -24,56 +24,41 @@
...
@@ -24,56 +24,41 @@
state
:
started
state
:
started
enabled
:
true
enabled
:
true
-
name
:
ensure the mysql root user exists and has the correct password
-
name
:
setup mysql backups with rsnapshot
mysql_user
:
when
:
'
{{mysql_rsnapshot}}'
name
:
root
block
:
password
:
"
{{
mysql_root_password
}}"
-
name
:
ensure a read-only mysql user for backups exists
login
_user
:
root
mysql
_user
:
login_password
:
"
{{
mysql_root_password
}}"
name
:
"
{{
mysql_backup_user
}}"
register
:
mysql_root_creation_result
password
:
"
{{
mysql_backup_password
}}"
no_log
:
true
priv
:
"
*.*:SELECT,LOCK
TABLES"
ignore_errors
:
true
no_log
:
true
-
name
:
initialize the mysql root user
-
name
:
ensure the backup procedure can access the backup password
mysql_user
:
template
:
name
:
root
src
:
my.cnf
password
:
"
{{
mysql_root_password
}}"
dest
:
"
/root/.mysql-{{
mysql_backup_user
}}.cnf"
no_log
:
true
owner
:
root
when
:
mysql_root_creation_result is failed
group
:
root
mode
:
'
0600'
-
name
:
ensure a read-only mysql user for backups exists
-
name
:
deploy the mysql backup script
mysql_user
:
template
:
name
:
"
{{
mysql
_
backup
_user
}}"
src
:
mysqlbackup
.sh
password
:
"
{{
mysql_backup_password
}}"
dest
:
/usr/local/bin/
login_us
er
:
root
own
er
:
root
login_password
:
"
{{
mysql_root_password
}}"
group
:
root
priv
:
"
*.*:SELECT,LOCK
TABLES"
mode
:
'
0755'
-
name
:
ensure
th
e backup
procedure can access the backup password
-
name
:
ensure
w
e backup
all the mysql databases with rsnapshot
template
:
copy
:
src
:
my
.cnf
src
:
rsnapshot
.c
o
nf
dest
:
"
/root/.mysql-{{
mysql_backup_user
}}
.cnf
"
dest
:
/etc/rsnapshot.d/mysql
.c
o
nf
owner
:
root
owner
:
root
group
:
root
group
:
root
mode
:
'
06
00
'
mode
:
'
06
44
'
-
name
:
deploy the mysql backup script
-
name
:
remove obsolete crontab
template
:
file
:
src
:
mysqlbackup.sh
path
:
/etc/cron.d/mysql-snapshot
dest
:
/usr/local/bin/
state
:
absent
owner
:
root
group
:
root
mode
:
'
0755'
-
name
:
ensure we backup all the mysql databases with rsnapshot
copy
:
src
:
rsnapshot.conf
dest
:
/etc/rsnapshot.d/mysql.conf
owner
:
root
group
:
root
mode
:
'
0644'
-
name
:
remove obsolete crontab
file
:
path
:
/etc/cron.d/mysql-snapshot
state
:
absent
postgres/defaults/main.yml
View file @
9590bf6f
---
---
postgres_pgdg_repo
:
false
postgres_pgdg_repo
:
false
postgres_rsnapshot
:
false
postgres/tasks/main.yml
View file @
9590bf6f
...
@@ -36,23 +36,26 @@
...
@@ -36,23 +36,26 @@
state
:
started
state
:
started
enabled
:
true
enabled
:
true
-
name
:
ensure we have our postgres backup script
-
name
:
configure snapshots
copy
:
when
:
'
{{postgres_rsnapshot}}'
src
:
"
pgbackup{{
'-bullseye'
if
ansible_distribution_major_version|int(default=99)
>
10
else
''
}}.sh"
block
:
dest
:
/usr/local/bin/pgbackup.sh
-
name
:
ensure we have our postgres backup script
owner
:
root
copy
:
group
:
root
src
:
"
pgbackup{{
'-bullseye'
if
ansible_distribution_major_version|int(default=99)
>
10
else
''
}}.sh"
mode
:
'
0755'
dest
:
/usr/local/bin/pgbackup.sh
owner
:
root
group
:
root
mode
:
'
0755'
-
name
:
ensure we have our rsnapshot config
-
name
:
ensure we have our rsnapshot config
copy
:
copy
:
src
:
rsnapshot.conf
src
:
rsnapshot.conf
dest
:
/etc/rsnapshot.d/postgres.conf
dest
:
/etc/rsnapshot.d/postgres.conf
owner
:
root
owner
:
root
group
:
root
group
:
root
mode
:
'
0644'
mode
:
'
0644'
-
name
:
remove obsolete crontab
-
name
:
remove obsolete crontab
file
:
file
:
path
:
/etc/cron.d/postgres-snapshot
path
:
/etc/cron.d/postgres-snapshot
state
:
absent
state
:
absent
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment