From 674210499982eed89ececf79db3bb680d94edfa3 Mon Sep 17 00:00:00 2001 From: LUXEY Adrien Date: Tue, 30 Jun 2020 13:46:59 +0200 Subject: [PATCH] better backps, gitea up to date --- deployer/group_vars/all/vars.yml | 216 +++++++++++++------------- deployer/roles/build/tasks/backup.yml | 120 +++++++------- deployer/roles/build/tasks/main.yml | 8 +- 3 files changed, 176 insertions(+), 168 deletions(-) diff --git a/deployer/group_vars/all/vars.yml b/deployer/group_vars/all/vars.yml index d95614b..54f452a 100644 --- a/deployer/group_vars/all/vars.yml +++ b/deployer/group_vars/all/vars.yml @@ -11,7 +11,7 @@ wordpress: version: 5.4 checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e gitea: - version: 1.11.4 + version: 1.12.1 synapse: version: v1.15.1-py3 @@ -19,118 +19,118 @@ postgres: pg_hba_path: "/etc/postgresql/9.6/main/pg_hba.conf" sites: - # - slug: rdb # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: rennesdesbois.fr - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: yes - # # What kind of site is that? - # type: wordpress - # # Subnet addresses - # subnet_cidr_address: 172.27.1.0/24 - # subnet_gateway_ip: 172.27.1.1 - # subnet_nginx_ip: 172.27.1.2 - # subnet_site_ip: 172.27.1.3 - # # MySQL - # mysql_database: rdb - # mysql_username: rdb - # mysql_password: "{{ vault_rdb_mysql_password }}" + - slug: rdb # Shorthand name to use as directory/file name + # The site URL (without www) + url: rennesdesbois.fr + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: yes + # What kind of site is that? + type: wordpress + # Subnet addresses + subnet_cidr_address: 172.27.1.0/24 + subnet_gateway_ip: 172.27.1.1 + subnet_nginx_ip: 172.27.1.2 + subnet_site_ip: 172.27.1.3 + # MySQL + mysql_database: rdb + mysql_username: rdb + mysql_password: "{{ vault_rdb_mysql_password }}" - # - slug: arvuhez # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: arvuhez.org - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: wordpress - # # Subnet addresses - # subnet_cidr_address: 172.27.2.0/24 - # subnet_gateway_ip: 172.27.2.1 - # subnet_nginx_ip: 172.27.2.2 - # subnet_site_ip: 172.27.2.3 - # # MySQL - # mysql_database: arvuhez - # mysql_username: arvuhez - # mysql_password: "{{ vault_arvuhez_mysql_password }}" + - slug: arvuhez # Shorthand name to use as directory/file name + # The site URL (without www) + url: arvuhez.org + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: wordpress + # Subnet addresses + subnet_cidr_address: 172.27.2.0/24 + subnet_gateway_ip: 172.27.2.1 + subnet_nginx_ip: 172.27.2.2 + subnet_site_ip: 172.27.2.3 + # MySQL + mysql_database: arvuhez + mysql_username: arvuhez + mysql_password: "{{ vault_arvuhez_mysql_password }}" - # - slug: zinzoscope # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: zinz.luxeylab.net - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: wordpress - # # Subnet addresses - # subnet_cidr_address: 172.27.3.0/24 - # subnet_gateway_ip: 172.27.3.1 - # subnet_nginx_ip: 172.27.3.2 - # subnet_site_ip: 172.27.3.3 - # # MySQL - # mysql_database: zinzoscope - # mysql_username: zinzoscope - # mysql_password: "{{ vault_zinzoscope_mysql_password }}" + - slug: zinzoscope # Shorthand name to use as directory/file name + # The site URL (without www) + url: zinz.luxeylab.net + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: wordpress + # Subnet addresses + subnet_cidr_address: 172.27.3.0/24 + subnet_gateway_ip: 172.27.3.1 + subnet_nginx_ip: 172.27.3.2 + subnet_site_ip: 172.27.3.3 + # MySQL + mysql_database: zinzoscope + mysql_username: zinzoscope + mysql_password: "{{ vault_zinzoscope_mysql_password }}" - # - slug: lexperimental # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: lexperimental.fr - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: wordpress - # # Subnet addresses - # subnet_cidr_address: 172.27.4.0/24 - # subnet_gateway_ip: 172.27.4.1 - # subnet_nginx_ip: 172.27.4.2 - # subnet_site_ip: 172.27.4.3 - # # MySQL - # mysql_database: lexperimental - # mysql_username: lexperimental - # mysql_password: "{{ vault_lexperimental_mysql_password }}" + - slug: lexperimental # Shorthand name to use as directory/file name + # The site URL (without www) + url: lexperimental.fr + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: wordpress + # Subnet addresses + subnet_cidr_address: 172.27.4.0/24 + subnet_gateway_ip: 172.27.4.1 + subnet_nginx_ip: 172.27.4.2 + subnet_site_ip: 172.27.4.3 + # MySQL + mysql_database: lexperimental + mysql_username: lexperimental + mysql_password: "{{ vault_lexperimental_mysql_password }}" - # - slug: mts # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: editionsmangetasoupe.fr - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: drupal - # # Subnet addresses - # subnet_cidr_address: 172.27.5.0/24 - # subnet_gateway_ip: 172.27.5.1 - # subnet_site_ip: 172.27.5.2 - # # This will allow setting up MySQL - # # Configuration on Drupal's side must be done by hand: - # # Edit your /sites/default/settings.php - # mysql_database: mts8 - # mysql_username: mts - # mysql_password: "{{ vault_mts_mysql_password }}" + - slug: mts # Shorthand name to use as directory/file name + # The site URL (without www) + url: editionsmangetasoupe.fr + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: drupal + # Subnet addresses + subnet_cidr_address: 172.27.5.0/24 + subnet_gateway_ip: 172.27.5.1 + subnet_site_ip: 172.27.5.2 + # This will allow setting up MySQL + # Configuration on Drupal's side must be done by hand: + # Edit your /sites/default/settings.php + mysql_database: mts8 + mysql_username: mts + mysql_password: "{{ vault_mts_mysql_password }}" - # - slug: gitea # Shorthand name to use as directory/file name - # # The site URL (without www) - # url: git.deuxfleurs.fr - # # Ask nginx to redirect url to www - # # Else, we redirect www to url - # redirect_to_www: no - # # What kind of site is that? - # type: gitea - # # Subnet addresses - # subnet_cidr_address: 172.27.6.0/24 - # subnet_gateway_ip: 172.27.6.1 - # subnet_site_ip: 172.27.6.2 - # # User IDs - # user_name: git - # user_uid: 1007 - # user_group: git - # user_gid: 1006 - # # MySQL - # mysql_database: gitea - # mysql_username: gitea - # mysql_password: "{{ vault_gitea_mysql_password }}" + - slug: gitea # Shorthand name to use as directory/file name + # The site URL (without www) + url: git.deuxfleurs.fr + # Ask nginx to redirect url to www + # Else, we redirect www to url + redirect_to_www: no + # What kind of site is that? + type: gitea + # Subnet addresses + subnet_cidr_address: 172.27.6.0/24 + subnet_gateway_ip: 172.27.6.1 + subnet_site_ip: 172.27.6.2 + # User IDs + user_name: git + user_uid: 1007 + user_group: git + user_gid: 1006 + # MySQL + mysql_database: gitea + mysql_username: gitea + mysql_password: "{{ vault_gitea_mysql_password }}" - slug: synapse # Shorthand name to use as directory/file name # The site URL (without www) diff --git a/deployer/roles/build/tasks/backup.yml b/deployer/roles/build/tasks/backup.yml index 43e0c28..fd4aefb 100644 --- a/deployer/roles/build/tasks/backup.yml +++ b/deployer/roles/build/tasks/backup.yml @@ -3,64 +3,72 @@ # - site: dict describing the site install (cf group_vars/all/vars.yml) # - site_data_path: path of the site's data -- name: "Data backups" - block: - - name: "Setup weekly backup of site's data" - cron: - name: "backup {{ site.slug }} data" - # hour: "{{ 24 | random }}" - # minute: "{{ 60 | random }}" - special_time: weekly - user: "root" - job: "tar czf {{ backups_path }}/{{ site.slug }}.tar.gz {{ site_data_path }}" - become: yes - - name: "Setup data backup rotation with logrotate" - blockinfile: - path: "/etc/logrotate.d/{{ site.slug }}" - marker: "# {mark} DATA BACKUP" - create: yes - block: | - {{ backups_path }}/{{ site.slug }}.tar.gz { - weekly - rotate 4 - nocompress - dateext - dateformat _%Y-%m-%d - extension .tar.gz - missingok - } - become: yes + +- name: "Setup periodic site files backup" + blockinfile: + path: "/etc/logrotate.d/{{ site.slug }}" + marker: "# {mark} DATA BACKUP" + create: yes + block: | + {{ backups_path }}/{{ site.slug }}.tar.gz { + prerotate + tar czf {{ backups_path }}/{{ site.slug }}.tar.gz {{ site_data_path }} + endscript + weekly + rotate 4 + nocompress + dateext + dateformat _%Y-%m-%d + extension .tar.gz + missingok + su www-data www-data + nocreate + } + become: yes when: site_data_path is defined -- name: "MySQL Database backups" - block: - # You need your root MySQL password stored in /root/.my.cnf to avoid - # putting the password in the crontab - - name: "Setup weekly backup of database" - cron: - name: "backup {{ site.slug }} database" - special_time: weekly - user: "root" # need root for passwordless mysqldump - job: "mysqldump {{ site.mysql_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz" - become: yes - - name: "Setup database backup rotation with logrotate" - blockinfile: - path: "/etc/logrotate.d/{{ site.slug }}" - marker: "# {mark} DATABASE BACKUP" - create: yes - block: | - {{ backups_path }}/{{ site.slug }}.sql.gz { - weekly - rotate 4 - nocompress - dateext - dateformat _%Y-%m-%d - extension .sql.gz - missingok - } - become: yes +- name: "Setup periodic MySQL database backup" + blockinfile: + path: "/etc/logrotate.d/{{ site.slug }}" + marker: "# {mark} DATABASE BACKUP" + create: yes + block: | + {{ backups_path }}/{{ site.slug }}.sql.gz { + prerotate + mysqldump {{ site.mysql_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz + endscript + weekly + rotate 4 + nocompress + dateext + dateformat _%Y-%m-%d + extension .sql.gz + missingok + su www-data www-data + nocreate + } + become: yes when: site.mysql_database is defined -- name: "PostgreSQL Database backups" - debug: msg="TODO PUTAIN BOSSE LÀ" +- name: "Setup periodic PostgreSQL database backup" + blockinfile: + path: "/etc/logrotate.d/{{ site.slug }}" + marker: "# {mark} DATABASE BACKUP" + create: yes + block: | + {{ backups_path }}/{{ site.slug }}.sql.gz { + prerotate + sudo -u postgres pg_dump {{ site.postgres_database }} | gzip -c > {{ backups_path }}/{{ site.slug }}.sql.gz + endscript + weekly + rotate 4 + nocompress + dateext + dateformat _%Y-%m-%d + extension .sql.gz + missingok + su www-data www-data + nocreate + } + become: yes when: site.postgres_database is defined \ No newline at end of file diff --git a/deployer/roles/build/tasks/main.yml b/deployer/roles/build/tasks/main.yml index 057339c..01c7d58 100644 --- a/deployer/roles/build/tasks/main.yml +++ b/deployer/roles/build/tasks/main.yml @@ -6,7 +6,7 @@ loop_control: loop_var: site when: site.type == "wordpress" - tags: wordpress + tags: wordpress,sites - name: Build Drupal sites include_tasks: drupal.yml @@ -14,7 +14,7 @@ loop_control: loop_var: site when: site.type == "drupal" - tags: drupal + tags: drupal,sites - name: Build Gitea sites include_tasks: gitea.yml @@ -22,7 +22,7 @@ loop_control: loop_var: site when: site.type == "gitea" - tags: gitea + tags: gitea,sites - name: Build Synapse sites include_tasks: synapse.yml @@ -30,4 +30,4 @@ loop_control: loop_var: site when: site.type == "synapse" - tags: synapse + tags: synapse,sites