From 9e4d992f62a110876e2ac0c6347a9e2a04bdf4ec Mon Sep 17 00:00:00 2001 From: Adrien Luxey Date: Tue, 5 May 2020 11:08:24 +0200 Subject: [PATCH] configured backups properly --- deployer/roles/build/tasks/backup.yml | 67 +++++++++++++++++++ deployer/roles/build/tasks/drupal.yml | 40 +++++++++-- deployer/roles/build/tasks/wordpress.yml | 63 +++++++---------- .../templates/wordpress/docker-compose.yml.j2 | 4 +- 4 files changed, 126 insertions(+), 48 deletions(-) create mode 100644 deployer/roles/build/tasks/backup.yml diff --git a/deployer/roles/build/tasks/backup.yml b/deployer/roles/build/tasks/backup.yml new file mode 100644 index 0000000..e34f39e --- /dev/null +++ b/deployer/roles/build/tasks/backup.yml @@ -0,0 +1,67 @@ +--- +# Needs variables: +# - item: dict describing the site install (cf group_vars/all/vars.yml) +# - site_data_path: path of the site's data + +- name: "Site's data backups" + block: + - name: "Setup weekly backup of site's data" + cron: + name: "backup {{ item.slug }} data" + # hour: "{{ 24 | random }}" + # minute: "{{ 60 | random }}" + special_time: weekly + user: "root" + job: "tar czf {{ backups_path }}/{{ item.slug }}.tar.gz {{ site_data_path }}" + become: yes + - name: "Setup data backup rotation with logrotate" + blockinfile: + path: "/etc/logrotate.d/{{ item.slug }}" + marker: "# {mark} DATA BACKUP" + create: yes + block: | + {{ backups_path }}/{{ item.slug }}.tar.gz { + weekly + rotate 4 + nocompress + dateext + dateformat _%Y-%m-%d + extension .tar.gz + missingok + } + become: yes + when: site_data_path is defined + +- name: "Site's database backups" + block: + # You need your root MySQL password stored in /root/.my.cnf to avoid + # putting the password in the crontab + - name: "Setup weekly backup of database" + cron: + name: "backup {{ item.slug }} database" + special_time: weekly + user: "root" # need root for passwordless mysqldump + job: "mysqldump {{ item.mysql_database }} | gzip -c > {{ backups_path }}/{{ item.slug }}.sql.gz" + become: yes + - name: "Setup database backup rotation with logrotate" + blockinfile: + path: "/etc/logrotate.d/{{ item.slug }}" + marker: "# {mark} DATABASE BACKUP" + create: yes + block: | + {{ backups_path }}/{{ item.slug }}.sql.gz { + weekly + rotate 4 + nocompress + dateext + dateformat _%Y-%m-%d + extension .sql.gz + missingok + } + become: yes + when: item.mysql_database is defined + + + + + diff --git a/deployer/roles/build/tasks/drupal.yml b/deployer/roles/build/tasks/drupal.yml index bb50fef..eeff023 100644 --- a/deployer/roles/build/tasks/drupal.yml +++ b/deployer/roles/build/tasks/drupal.yml @@ -1,3 +1,12 @@ +- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}" + set_fact: site_data_path="{{ www_path }}/{{ item.slug }}" + tags: always + + +#################### +# Render templates # +#################### + - name: "Create folder {{ sites_path }}/{{ item.slug }}" file: path: "{{ sites_path }}/{{ item.slug }}" @@ -24,12 +33,10 @@ become: yes tags: nginx -# - name: Create Let's Encrypt certificate -# This seems hard, see: -# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module -# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 -# Maybe using shell directly? e.g. -# certbot certonly --webroot -w /var/www/letsencrypt -d + +####################### +# MySQL configuration # +####################### # MySQL equivalent: # create user @ identified by ; @@ -48,3 +55,24 @@ priv: "{{ item.mysql_database }}.*:all" state: present tags: mysql + + +################# +# Setup backups # +################# + +- name: "Setup backups" + import_tasks: backup.yml + tags: backup + + +################### +# SSL certificate # +################### + +# - name: Create Let's Encrypt certificate +# This seems hard, see: +# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module +# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 +# Maybe using shell directly? e.g. +# certbot certonly --webroot -w /var/www/letsencrypt -d \ No newline at end of file diff --git a/deployer/roles/build/tasks/wordpress.yml b/deployer/roles/build/tasks/wordpress.yml index 673fb0e..1daaeb9 100644 --- a/deployer/roles/build/tasks/wordpress.yml +++ b/deployer/roles/build/tasks/wordpress.yml @@ -1,17 +1,22 @@ -##################### -# Create wp-content # -##################### +- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}_wp-content" + set_fact: site_data_path="{{ www_path }}/{{ item.slug }}_wp-content" + tags: always + + +############################### +# Create wp-content if needed # +############################### - name: Is it a new install? stat: - path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php" + path: "{{ site_data_path }}/index.php" register: wpcontent - name: Populate wp-content folder block: - - name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content" + - name: "Clear folder {{ site_data_path }}" file: - path: "{{ www_path }}/{{ item.slug }}_wp-content" + path: "{{ site_data_path }}" state: absent - name: "Download Wordpress v{{ wordpress.version }} archive" get_url: @@ -26,14 +31,14 @@ - name: "Copy wp-content folder to destination" copy: src: /tmp/wordpress/wp-content/ - dest: "{{ www_path }}/{{ item.slug }}_wp-content" + dest: "{{ site_data_path }}" remote_src: yes # group: www-data # mode: '0660' # directory_mode: '0770' - name: Set proper access rights to wp-content tree file: - path: "{{ www_path }}/{{ item.slug }}_wp-content" + path: "{{ site_data_path }}" state: directory recurse: yes group: www-data @@ -52,37 +57,6 @@ when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False tags: [docker, nginx] -################# -# Setup backups # -################# - -- name: Setup weekly backup of wp-content - cron: - name: "backup {{ item.slug }}_wp-content" - # hour: "17" - # minute: "37" - special_time: weekly - user: "www-data" - job: "tar czf {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {{ www_path }}/{{ item.slug }}_wp-content" - become: yes - tags: backup - -- name: Configure logrotate to rotate backups - blockinfile: - path: "/etc/logrotate.d/{{ item.slug }}" - create: yes - block: | - {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz { - rotate 5 - nocompress - dateext - dateformat _%Y-%m-%d - extension .tar.gz - missingok - } - become: yes - tags: backup - #################### # Render templates # @@ -139,7 +113,16 @@ priv: "{{ item.mysql_database }}.*:all" state: present tags: mysql - + + +################# +# Setup backups # +################# + +- name: "Setup backups" + import_tasks: backup.yml + tags: backup + ################### # SSL certificate # diff --git a/deployer/roles/build/templates/wordpress/docker-compose.yml.j2 b/deployer/roles/build/templates/wordpress/docker-compose.yml.j2 index 6e9544b..f3b5c80 100644 --- a/deployer/roles/build/templates/wordpress/docker-compose.yml.j2 +++ b/deployer/roles/build/templates/wordpress/docker-compose.yml.j2 @@ -16,7 +16,7 @@ services: WORDPRESS_DB_NAME: "{{ item.mysql_database }}" volumes: - "html_data:/var/www/html" - - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" + - "{{ site_data_path }}:/var/www/html/wp-content" networks: net: ipv4_address: "{{ item.subnet_site_ip }}" @@ -28,7 +28,7 @@ services: - site volumes: - "html_data:/var/www/html" - - "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" + - "{{ site_data_path }}:/var/www/html/wp-content" networks: net: ipv4_address: "{{ item.subnet_nginx_ip }}"