configured backups properly

2020-05-05 11:08:24 +02:00 · 2020-05-05 11:08:24 +02:00 · 9e4d992f62
commit 9e4d992f62
parent 03dd23ca92
4 changed files with 126 additions and 48 deletions
--- a/deployer/roles/build/tasks/backup.yml
+++ b/deployer/roles/build/tasks/backup.yml
@ -0,0 +1,67 @@
+---
+# Needs variables:
+#   - item: dict describing the site install (cf group_vars/all/vars.yml)
+#   - site_data_path: path of the site's data
+
+- name: "Site's data backups"
+  block:
+    - name: "Setup weekly backup of site's data"
+      cron:
+        name: "backup {{ item.slug }} data"
+        # hour: "{{ 24 | random }}"
+        # minute: "{{ 60 | random }}"
+        special_time: weekly
+        user: "root"
+        job: "tar czf {{ backups_path }}/{{ item.slug }}.tar.gz {{ site_data_path }}"
+      become: yes
+    - name: "Setup data backup rotation with logrotate"
+      blockinfile:
+        path: "/etc/logrotate.d/{{ item.slug }}"
+        marker: "# {mark} DATA BACKUP"
+        create: yes
+        block: |
+          {{ backups_path }}/{{ item.slug }}.tar.gz {
+            weekly
+            rotate 4
+            nocompress
+            dateext
+            dateformat _%Y-%m-%d
+            extension .tar.gz
+            missingok
+          }
+      become: yes
+  when: site_data_path is defined
+
+- name: "Site's database backups"
+  block:
+    # You need your root MySQL password stored in /root/.my.cnf to avoid
+    # putting the password in the crontab
+    - name: "Setup weekly backup of database"
+      cron:
+        name: "backup {{ item.slug }} database"
+        special_time: weekly
+        user: "root" # need root for passwordless mysqldump
+        job: "mysqldump {{ item.mysql_database }} | gzip -c > {{ backups_path }}/{{ item.slug }}.sql.gz"
+      become: yes
+    - name: "Setup database backup rotation with logrotate"
+      blockinfile:
+        path: "/etc/logrotate.d/{{ item.slug }}"
+        marker: "# {mark} DATABASE BACKUP"
+        create: yes
+        block: |
+          {{ backups_path }}/{{ item.slug }}.sql.gz {
+            weekly
+            rotate 4
+            nocompress
+            dateext
+            dateformat _%Y-%m-%d
+            extension .sql.gz
+            missingok
+          }
+      become: yes
+  when: item.mysql_database is defined
+
+
+
+
+
--- a/deployer/roles/build/tasks/drupal.yml
+++ b/deployer/roles/build/tasks/drupal.yml
@ -1,3 +1,12 @@
+- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}"
+  set_fact: site_data_path="{{ www_path }}/{{ item.slug }}"
+  tags: always
+
+
+####################
+# Render templates #
+####################
+
 - name: "Create folder {{ sites_path }}/{{ item.slug }}"
  file: 
    path: "{{ sites_path }}/{{ item.slug }}"
@ -24,12 +33,10 @@
  become: yes
  tags: nginx

-# - name: Create Let's Encrypt certificate
-# This seems hard, see:
-# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
-# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
-# Maybe using shell directly? e.g.
-# certbot certonly --webroot -w /var/www/letsencrypt -d <url>
+
+#######################
+# MySQL configuration #
+#######################

 # MySQL equivalent:
 # create user <user>@<ip> identified by <pass>;
@ -48,3 +55,24 @@
    priv: "{{ item.mysql_database }}.*:all"
    state: present
  tags: mysql
+
+
+#################
+# Setup backups #
+#################
+
+- name: "Setup backups"
+  import_tasks: backup.yml
+  tags: backup
+
+
+###################
+# SSL certificate #
+###################
+
+# - name: Create Let's Encrypt certificate
+# This seems hard, see:
+# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
+# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
+# Maybe using shell directly? e.g.
+# certbot certonly --webroot -w /var/www/letsencrypt -d <url>
--- a/deployer/roles/build/tasks/wordpress.yml
+++ b/deployer/roles/build/tasks/wordpress.yml
@ -1,17 +1,22 @@
-#####################
-# Create wp-content #
-#####################
+- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}_wp-content"
+  set_fact: site_data_path="{{ www_path }}/{{ item.slug }}_wp-content"
+  tags: always
+
+
+###############################
+# Create wp-content if needed #
+###############################

 - name: Is it a new install?
  stat:
-    path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php"
+    path: "{{ site_data_path }}/index.php"
  register: wpcontent

 - name: Populate wp-content folder
  block:
-    - name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content"
+    - name: "Clear folder {{ site_data_path }}"
      file:
-        path: "{{ www_path }}/{{ item.slug }}_wp-content"
+        path: "{{ site_data_path }}"
        state: absent
    - name: "Download Wordpress v{{ wordpress.version }} archive"
      get_url:
@ -26,14 +31,14 @@
    - name: "Copy wp-content folder to destination"
      copy:
        src: /tmp/wordpress/wp-content/
-        dest: "{{ www_path }}/{{ item.slug }}_wp-content"
+        dest: "{{ site_data_path }}"
        remote_src: yes
        # group: www-data
        # mode: '0660'
        # directory_mode: '0770'
    - name: Set proper access rights to wp-content tree
      file: 
-        path: "{{ www_path }}/{{ item.slug }}_wp-content"
+        path: "{{ site_data_path }}"
        state: directory 
        recurse: yes
        group: www-data 
@ -52,37 +57,6 @@
  when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
  tags: [docker, nginx]

-#################
-# Setup backups #
-#################
-
- name: Setup weekly backup of wp-content
-  cron:
-    name: "backup {{ item.slug }}_wp-content"
-    # hour: "17"
-    # minute: "37"
-    special_time: weekly
-    user: "www-data"
-    job: "tar czf {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {{ www_path }}/{{ item.slug }}_wp-content"
-  become: yes
-  tags: backup
-
- name: Configure logrotate to rotate backups
-  blockinfile:
-    path: "/etc/logrotate.d/{{ item.slug }}"
-    create: yes
-    block: |
-      {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {
-        rotate 5
-        nocompress
-        dateext
-        dateformat _%Y-%m-%d
-        extension .tar.gz
-        missingok
-      }
-  become: yes
-  tags: backup
-

 ####################
 # Render templates #
@ -139,7 +113,16 @@
    priv: "{{ item.mysql_database }}.*:all"
    state: present
  tags: mysql
-  
+
+
+#################
+# Setup backups #
+#################
+
+- name: "Setup backups"
+  import_tasks: backup.yml
+  tags: backup
+

 ###################
 # SSL certificate #
--- a/deployer/roles/build/templates/wordpress/docker-compose.yml.j2
+++ b/deployer/roles/build/templates/wordpress/docker-compose.yml.j2
@ -16,7 +16,7 @@ services:
      WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
    volumes: 
      - "html_data:/var/www/html"
-      - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
+      - "{{ site_data_path }}:/var/www/html/wp-content"
    networks:
      net:
        ipv4_address: "{{ item.subnet_site_ip }}"
@ -28,7 +28,7 @@ services:
      - site
    volumes:
      - "html_data:/var/www/html"
-      - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
+      - "{{ site_data_path }}:/var/www/html/wp-content"
    networks:
      net:
        ipv4_address: "{{ item.subnet_nginx_ip }}"