Commit 9590bf6f authored by Robin Sonnabend's avatar Robin Sonnabend
Browse files

Only setup backup when rsnapshot is configured, don't use password for root auth

parent ee8cddd9
Pipeline #3421 failed with stage
in 27 seconds
...@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq ...@@ -6,3 +6,5 @@ mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysq
mysql_backup_user: "backup" mysql_backup_user: "backup"
# yamllint disable-line rule:line-length # yamllint disable-line rule:line-length
mysql_backup_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql-backup create=true length=20') }}" mysql_backup_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql-backup create=true length=20') }}"
mysql_rsnapshot: false
...@@ -24,32 +24,17 @@ ...@@ -24,32 +24,17 @@
state: started state: started
enabled: true enabled: true
- name: ensure the mysql root user exists and has the correct password - name: setup mysql backups with rsnapshot
mysql_user: when: '{{mysql_rsnapshot}}'
name: root block:
password: "{{ mysql_root_password }}" - name: ensure a read-only mysql user for backups exists
login_user: root
login_password: "{{ mysql_root_password }}"
register: mysql_root_creation_result
no_log: true
ignore_errors: true
- name: initialize the mysql root user
mysql_user:
name: root
password: "{{ mysql_root_password }}"
no_log: true
when: mysql_root_creation_result is failed
- name: ensure a read-only mysql user for backups exists
mysql_user: mysql_user:
name: "{{ mysql_backup_user }}" name: "{{ mysql_backup_user }}"
password: "{{ mysql_backup_password }}" password: "{{ mysql_backup_password }}"
login_user: root
login_password: "{{ mysql_root_password }}"
priv: "*.*:SELECT,LOCK TABLES" priv: "*.*:SELECT,LOCK TABLES"
no_log: true
- name: ensure the backup procedure can access the backup password - name: ensure the backup procedure can access the backup password
template: template:
src: my.cnf src: my.cnf
dest: "/root/.mysql-{{ mysql_backup_user }}.cnf" dest: "/root/.mysql-{{ mysql_backup_user }}.cnf"
...@@ -57,7 +42,7 @@ ...@@ -57,7 +42,7 @@
group: root group: root
mode: '0600' mode: '0600'
- name: deploy the mysql backup script - name: deploy the mysql backup script
template: template:
src: mysqlbackup.sh src: mysqlbackup.sh
dest: /usr/local/bin/ dest: /usr/local/bin/
...@@ -65,7 +50,7 @@ ...@@ -65,7 +50,7 @@
group: root group: root
mode: '0755' mode: '0755'
- name: ensure we backup all the mysql databases with rsnapshot - name: ensure we backup all the mysql databases with rsnapshot
copy: copy:
src: rsnapshot.conf src: rsnapshot.conf
dest: /etc/rsnapshot.d/mysql.conf dest: /etc/rsnapshot.d/mysql.conf
...@@ -73,7 +58,7 @@ ...@@ -73,7 +58,7 @@
group: root group: root
mode: '0644' mode: '0644'
- name: remove obsolete crontab - name: remove obsolete crontab
file: file:
path: /etc/cron.d/mysql-snapshot path: /etc/cron.d/mysql-snapshot
state: absent state: absent
--- ---
postgres_pgdg_repo: false postgres_pgdg_repo: false
postgres_rsnapshot: false
...@@ -36,7 +36,10 @@ ...@@ -36,7 +36,10 @@
state: started state: started
enabled: true enabled: true
- name: ensure we have our postgres backup script - name: configure snapshots
when: '{{postgres_rsnapshot}}'
block:
- name: ensure we have our postgres backup script
copy: copy:
src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh" src: "pgbackup{{ '-bullseye' if ansible_distribution_major_version|int(default=99) > 10 else '' }}.sh"
dest: /usr/local/bin/pgbackup.sh dest: /usr/local/bin/pgbackup.sh
...@@ -44,7 +47,7 @@ ...@@ -44,7 +47,7 @@
group: root group: root
mode: '0755' mode: '0755'
- name: ensure we have our rsnapshot config - name: ensure we have our rsnapshot config
copy: copy:
src: rsnapshot.conf src: rsnapshot.conf
dest: /etc/rsnapshot.d/postgres.conf dest: /etc/rsnapshot.d/postgres.conf
...@@ -52,7 +55,7 @@ ...@@ -52,7 +55,7 @@
group: root group: root
mode: '0644' mode: '0644'
- name: remove obsolete crontab - name: remove obsolete crontab
file: file:
path: /etc/cron.d/postgres-snapshot path: /etc/cron.d/postgres-snapshot
state: absent state: absent
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment