Verified Commit a8eedf8e authored by Robin Sonnabend's avatar Robin Sonnabend
Browse files

Make backups of mysql databases with rsnapshot

parent ed371d45
......@@ -2,3 +2,6 @@
# yamllint disable-line rule:line-length
mysql_root_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql create=true length=20') }}"
mysql_backup_user: "backup"
mysql_backup_password: "{{ lookup('passwordstore', 'db/{{ ansible_hostname }}-mysql-backup create=true length=20') }}"
3 * * * * root /usr/bin/rsnapshot -c /etc/rsnapshot.d/mysql.conf hourly
55 23 * * * root /usr/bin/rsnapshot -c /etc/rsnapshot.d/mysql.conf daily
45 23 * * 6 root /usr/bin/rsnapshot -c /etc/rsnapshot.d/mysql.conf weekly
35 23 3 * * root /usr/bin/rsnapshot -c /etc/rsnapshot.d/mysql.conf monthly
config_version 1.2
snapshot_root /var/backups/
cmd_cp /bin/cp
cmd_rm /bin/rm
cmd_rsync /usr/bin/rsync
cmd_logger /usr/bin/logger
cmd_du /usr/bin/du
retain hourly 6
retain daily 7
retain weekly 4
retain monthly 6
verbose 2
loglevel 3
lockfile /var/run/rsnapshot-mysql.pid
backup_script /usr/local/bin/mysqlbackup.sh mysql/
---
# file: roles/mysql/tasks/main.yml
- name: ensure mysql packages are installed for jessie
apt:
name:
- mysql-server
- python-mysqldb
state: present
when:
- debian_version == "jessie"
tags:
- packages
- mysql
- name: ensure mysql packages are installed for stretch
- name: ensure mysql packages are installed
apt:
name:
- mariadb-server
- python-mysqldb
state: present
when:
- debian_version != "jessie"
tags:
- packages
- mysql
......@@ -30,9 +16,6 @@
name: mysql
state: started
enabled: true
tags:
- service
- mysql
- name: ensure the mysql root user exists and has the correct password
mysql_user:
......@@ -43,9 +26,6 @@
register: mysql_root_creation_result
no_log: true
ignore_errors: true
tags:
- mysql
- config
- name: initialize the mysql root user
mysql_user:
......@@ -53,6 +33,56 @@
password: "{{ mysql_root_password }}"
no_log: true
when: mysql_root_creation_result is failed
tags:
- mysql
- config
- name: ensure a read-only mysql user for backups exists
mysql_user:
name: "{{ mysql_backup_user }}"
password: "{{ mysql_backup_password }}"
login_user: root
login_password: "{{ mysql_root_password }}"
priv: "*.*:SELECT,LOCK TABLES"
- name: ensure the backup procedure can access the backup password
template:
src: my.cnf
dest: "/root/.mysql-{{mysql_backup_user}}.cnf"
owner: root
group: root
mode: '0600'
- name: deploy the mysql backup script
template:
src: mysqlbackup.sh
dest: /usr/local/bin/
owner: root
group: root
mode: '0755'
- name: ensure we have rsnapshot
apt:
name: rsnapshot
state: present
- name: ensure we have a directory for rsnapshot configuration
file:
path: /etc/rsnapshot.d
state: directory
owner: root
group: root
mode: '0755'
- name: ensure we backup all the mysql databases with rsnapshot
copy:
src: rsnapshot.conf
dest: /etc/rsnapshot.d/mysql.conf
owner: root
group: root
mode: '0644'
- name: make rsnapshot run regularly
copy:
src: crontab
dest: /etc/cron.d/mysql-snapshot
owner: root
group: root
mode: '0644'
[client]
user = {{ mysql_backup_user }}
password = {{mysql_backup_password }}
host = localhost
#!/bin/sh
umask 0077
/usr/bin/mysqldump --defaults-extra-file=/root/.mysql-{{mysql_backup_user}}.cnf --all-databases | gzip -c -- > mysqldump_all_databases.sql.gz
/bin/chmod 600 mysqldump_all_databases.sql.gz
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment