mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

Script user für restic erstellt (#260)

Browse source 
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#260
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2022-02-09 10:06:37 +01:00
parent 316632ac90
commit ffd264e3ec
8 changed files with 90 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
playbooks/on-off/remove_old_restic_cronjob.yml Normal file
View file

@ -0,0 +1,12 @@
---
- hosts: all
tasks:
- name: remove restic cronjob
become: yes
ansible.builtin.cron:
name: restic
state: absent
job: "/usr/local/bin/restic_backup.sh"
minute: "{{ 59|random(seed=inventory_hostname) }}"
hour: "{{ restic_cron_hours }}"
# siehe: https://stackoverflow.com/questions/33379378/idempotence-and-random-variables-in-ansible

3
roles/mgrote.restic/defaults/main.yml
View file

@ -16,3 +16,6 @@
**/**Cache***/** **/**Cache***/**
**/**AppData***/** **/**AppData***/**
restic_enable_role: true restic_enable_role: true
### under which user the script is run
restic_user_group: "root"
restic_user: "restic"

27
roles/mgrote.restic/tasks/config.yml
View file

@ -4,16 +4,18 @@
ansible.builtin.template: ansible.builtin.template:
src: "smb_password.txt" src: "smb_password.txt"
dest: "/etc/restic/smb_password.txt" dest: "/etc/restic/smb_password.txt"
owner: root owner: "{{ restic_user }}"
group: root group: "{{ restic_user_group }}"
mode: 0700 mode: 0600
- name: copy restic_backup.sh - name: copy restic_backup.sh
become: yes become: yes
ansible.builtin.template: ansible.builtin.template:
src: "restic_backup.sh" src: "restic_backup.sh"
dest: "/usr/local/bin/restic_backup.sh" dest: "/usr/local/bin/restic_backup.sh"
mode: a+x mode: 0744
owner: "{{ restic_user }}"
group: "{{ restic_user_group }}"
- name: create exclude.txt - name: create exclude.txt
become: yes become: yes
@ -28,9 +30,9 @@
ansible.builtin.template: ansible.builtin.template:
src: "password.txt" src: "password.txt"
dest: "/etc/restic/password.txt" dest: "/etc/restic/password.txt"
owner: root owner: "{{ restic_user }}"
group: root group: "{{ restic_user_group }}"
mode: 0700 mode: 0600
- name: create restic cronjob - name: create restic cronjob
become: yes become: yes
@ -41,15 +43,16 @@
minute: "{{ 59|random(seed=inventory_hostname) }}" minute: "{{ 59|random(seed=inventory_hostname) }}"
hour: "{{ restic_cron_hours }}" hour: "{{ restic_cron_hours }}"
# siehe: https://stackoverflow.com/questions/33379378/idempotence-and-random-variables-in-ansible # siehe: https://stackoverflow.com/questions/33379378/idempotence-and-random-variables-in-ansible
user: "{{ restic_user }}"
- name: Create restic log - name: Create restic log
become: true become: true
ansible.builtin.file: ansible.builtin.file:
path: /var/log/restic.log path: /var/log/restic.log
state: touch state: touch
owner: root owner: "{{ restic_user }}"
group: root group: "{{ restic_user_group }}"
mode: 0640 mode: 0644
access_time: preserve access_time: preserve
modification_time: preserve modification_time: preserve
@ -58,6 +61,6 @@
ansible.builtin.template: ansible.builtin.template:
src: logrotate_restic src: logrotate_restic
dest: /etc/logrotate.d/restic dest: /etc/logrotate.d/restic
owner: root owner: "{{ restic_user }}"
group: root group: "{{ restic_user_group }}"
mode: 0644 mode: 0644

6
roles/mgrote.restic/tasks/folders.yml → roles/mgrote.restic/tasks/dir.yml
View file

@ -10,6 +10,6 @@
ansible.builtin.file: ansible.builtin.file:
path: "{{ restic_mount }}" path: "{{ restic_mount }}"
state: directory state: directory
owner: root owner: "{{ restic_user }}"
group: root group: "{{ restic_user_group }}"
mode: 0777 mode: 0755

1
roles/mgrote.restic/tasks/install.yml
View file

@ -6,4 +6,5 @@
- restic - restic
- logrotate - logrotate
- cifs-utils - cifs-utils
- sudo
state: present state: present

10
roles/mgrote.restic/tasks/main.yml
View file

@ -1,10 +1,16 @@
--- ---
- name: include user tasks
include_tasks: user.yml
when: restic_enable_role
- name: include install tasks - name: include install tasks
include_tasks: install.yml include_tasks: install.yml
when: restic_enable_role when: restic_enable_role
- name: include folder tasks
include_tasks: folders.yml - name: include directories tasks
include_tasks: dir.yml
when: restic_enable_role when: restic_enable_role
- name: include config tasks - name: include config tasks
include_tasks: config.yml include_tasks: config.yml
when: restic_enable_role when: restic_enable_role

33
roles/mgrote.restic/tasks/user.yml Normal file
View file

@ -0,0 +1,33 @@
---
- name: ensure group exists
become: true
ansible.builtin.group:
name: "{{ restic_user_group }}"
state: present
when:
- restic_user_group is defined
- name: ensure user exists
become: true
ansible.builtin.user:
name: "{{ restic_user }}"
group: "{{ restic_user_group }}"
shell: /usr/sbin/nologin
when:
- restic_user_group is defined
- restic_user is defined
- name: add user to sudoers
become: true
ansible.builtin.blockinfile:
path: /etc/sudoers
state: present
block: |
{{ restic_user }} ALL=(ALL) NOPASSWD:ALL
validate: '/usr/sbin/visudo -cf %s'
backup: yes
marker_begin: restic-sudoers BEGIN
marker_end: restic-sudoers END
when:
- restic_user_group is defined
- restic_user is defined

33
roles/mgrote.restic/templates/restic_backup.sh
View file

@ -1,23 +1,22 @@
#!/bin/bash #!/bin/bash
{{ file_header | default () }} {{ file_header | default () }}
LOCKDIR=${HOME}/.cache # set lockdir
function exlock() { # define Function for setting lock; stops the script i a lock exists
exec {lock_fd}>${LOCKDIR}/$(basename $0).lock
flock -nx "$lock_fd"
if [[ $? == 1 ]]; then
exit 1
fi
}
function unlock() { # define function for removing lock
rm "${LOCKDIR}/$(basename $0).lock"
[[ -n $1 ]] && exit $1
exit
}
exlock # set lock # source functions
if [[ -f "/usr/local/bin/functions.sh" ]]; then
source /usr/local/bin/functions.sh
else
echo "[ERROR] Could not find: /usr/local/bin/functions.sh"
exit 3
fi
# set lock
## call function
## lock gets set and released if the script terminates
set_lock
abbruch_restic=0 # set counter for error abbruch_restic=0 # set counter for error
mount -t cifs -o credentials="/etc/restic/smb_password.txt",vers=3.0 {{ restic_repository }} {{ restic_mount }} # mount share sudo mount -t cifs -o credentials="/etc/restic/smb_password.txt",vers=3.0,uid=$UID {{ restic_repository }} {{ restic_mount }} # mount share
mount_return_value=$? # schreib Exit Code in Variable mount_return_value=$? # schreib Exit Code in Variable
if ( [ "$mount_return_value" -ne 0 ] ); then if ( [ "$mount_return_value" -ne 0 ] ); then
{ {
@ -55,11 +54,9 @@ do
} >> /var/log/restic.log 2>&1; # leite die komplette Ausgabe in logfile um } >> /var/log/restic.log 2>&1; # leite die komplette Ausgabe in logfile um
done done
umount {{ restic_mount }} >> /var/log/restic.log 2>&1; # unmount sudo umount {{ restic_mount }} >> /var/log/restic.log 2>&1; # unmount
if ( [[ "$restic_return_value" -ne 0 ]] ); then # sende eMail wenn Restic Fehler ungleich 0, also Fehler; #https://stackoverflow.com/a/45817972 if ( [[ "$restic_return_value" -ne 0 ]] ); then # sende eMail wenn Restic Fehler ungleich 0, also Fehler; #https://stackoverflow.com/a/45817972
tail --lines=50 "/var/log/restic.log" | mail -s "Backup-Error - restic - $HOSTNAME" {{ empfaenger_mail }} # schreibe die letzten 50 Zeilen aus dem Logfile in den Body der Mail tail --lines=50 "/var/log/restic.log" | mail -s "Backup-Error - restic - $HOSTNAME" {{ empfaenger_mail }} # schreibe die letzten 50 Zeilen aus dem Logfile in den Body der Mail
fi fi
unlock # entferne lock