configured backups properly

This commit is contained in:
Adrien Luxey 2020-05-05 11:08:24 +02:00
parent 03dd23ca92
commit 9e4d992f62
4 changed files with 126 additions and 48 deletions

View file

@ -0,0 +1,67 @@
---
# Needs variables:
# - item: dict describing the site install (cf group_vars/all/vars.yml)
# - site_data_path: path of the site's data
- name: "Site's data backups"
block:
- name: "Setup weekly backup of site's data"
cron:
name: "backup {{ item.slug }} data"
# hour: "{{ 24 | random }}"
# minute: "{{ 60 | random }}"
special_time: weekly
user: "root"
job: "tar czf {{ backups_path }}/{{ item.slug }}.tar.gz {{ site_data_path }}"
become: yes
- name: "Setup data backup rotation with logrotate"
blockinfile:
path: "/etc/logrotate.d/{{ item.slug }}"
marker: "# {mark} DATA BACKUP"
create: yes
block: |
{{ backups_path }}/{{ item.slug }}.tar.gz {
weekly
rotate 4
nocompress
dateext
dateformat _%Y-%m-%d
extension .tar.gz
missingok
}
become: yes
when: site_data_path is defined
- name: "Site's database backups"
block:
# You need your root MySQL password stored in /root/.my.cnf to avoid
# putting the password in the crontab
- name: "Setup weekly backup of database"
cron:
name: "backup {{ item.slug }} database"
special_time: weekly
user: "root" # need root for passwordless mysqldump
job: "mysqldump {{ item.mysql_database }} | gzip -c > {{ backups_path }}/{{ item.slug }}.sql.gz"
become: yes
- name: "Setup database backup rotation with logrotate"
blockinfile:
path: "/etc/logrotate.d/{{ item.slug }}"
marker: "# {mark} DATABASE BACKUP"
create: yes
block: |
{{ backups_path }}/{{ item.slug }}.sql.gz {
weekly
rotate 4
nocompress
dateext
dateformat _%Y-%m-%d
extension .sql.gz
missingok
}
become: yes
when: item.mysql_database is defined

View file

@ -1,3 +1,12 @@
- name: "Set site_data_path to {{ www_path }}/{{ item.slug }}"
set_fact: site_data_path="{{ www_path }}/{{ item.slug }}"
tags: always
####################
# Render templates #
####################
- name: "Create folder {{ sites_path }}/{{ item.slug }}" - name: "Create folder {{ sites_path }}/{{ item.slug }}"
file: file:
path: "{{ sites_path }}/{{ item.slug }}" path: "{{ sites_path }}/{{ item.slug }}"
@ -24,12 +33,10 @@
become: yes become: yes
tags: nginx tags: nginx
# - name: Create Let's Encrypt certificate
# This seems hard, see: #######################
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module # MySQL configuration #
# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04 #######################
# Maybe using shell directly? e.g.
# certbot certonly --webroot -w /var/www/letsencrypt -d <url>
# MySQL equivalent: # MySQL equivalent:
# create user <user>@<ip> identified by <pass>; # create user <user>@<ip> identified by <pass>;
@ -48,3 +55,24 @@
priv: "{{ item.mysql_database }}.*:all" priv: "{{ item.mysql_database }}.*:all"
state: present state: present
tags: mysql tags: mysql
#################
# Setup backups #
#################
- name: "Setup backups"
import_tasks: backup.yml
tags: backup
###################
# SSL certificate #
###################
# - name: Create Let's Encrypt certificate
# This seems hard, see:
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
# https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-ansible-on-ubuntu-18-04
# Maybe using shell directly? e.g.
# certbot certonly --webroot -w /var/www/letsencrypt -d <url>

View file

@ -1,17 +1,22 @@
##################### - name: "Set site_data_path to {{ www_path }}/{{ item.slug }}_wp-content"
# Create wp-content # set_fact: site_data_path="{{ www_path }}/{{ item.slug }}_wp-content"
##################### tags: always
###############################
# Create wp-content if needed #
###############################
- name: Is it a new install? - name: Is it a new install?
stat: stat:
path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php" path: "{{ site_data_path }}/index.php"
register: wpcontent register: wpcontent
- name: Populate wp-content folder - name: Populate wp-content folder
block: block:
- name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content" - name: "Clear folder {{ site_data_path }}"
file: file:
path: "{{ www_path }}/{{ item.slug }}_wp-content" path: "{{ site_data_path }}"
state: absent state: absent
- name: "Download Wordpress v{{ wordpress.version }} archive" - name: "Download Wordpress v{{ wordpress.version }} archive"
get_url: get_url:
@ -26,14 +31,14 @@
- name: "Copy wp-content folder to destination" - name: "Copy wp-content folder to destination"
copy: copy:
src: /tmp/wordpress/wp-content/ src: /tmp/wordpress/wp-content/
dest: "{{ www_path }}/{{ item.slug }}_wp-content" dest: "{{ site_data_path }}"
remote_src: yes remote_src: yes
# group: www-data # group: www-data
# mode: '0660' # mode: '0660'
# directory_mode: '0770' # directory_mode: '0770'
- name: Set proper access rights to wp-content tree - name: Set proper access rights to wp-content tree
file: file:
path: "{{ www_path }}/{{ item.slug }}_wp-content" path: "{{ site_data_path }}"
state: directory state: directory
recurse: yes recurse: yes
group: www-data group: www-data
@ -52,37 +57,6 @@
when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
tags: [docker, nginx] tags: [docker, nginx]
#################
# Setup backups #
#################
- name: Setup weekly backup of wp-content
cron:
name: "backup {{ item.slug }}_wp-content"
# hour: "17"
# minute: "37"
special_time: weekly
user: "www-data"
job: "tar czf {{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {{ www_path }}/{{ item.slug }}_wp-content"
become: yes
tags: backup
- name: Configure logrotate to rotate backups
blockinfile:
path: "/etc/logrotate.d/{{ item.slug }}"
create: yes
block: |
{{ backups_path }}/{{ item.slug }}_wp-content.tar.gz {
rotate 5
nocompress
dateext
dateformat _%Y-%m-%d
extension .tar.gz
missingok
}
become: yes
tags: backup
#################### ####################
# Render templates # # Render templates #
@ -139,7 +113,16 @@
priv: "{{ item.mysql_database }}.*:all" priv: "{{ item.mysql_database }}.*:all"
state: present state: present
tags: mysql tags: mysql
#################
# Setup backups #
#################
- name: "Setup backups"
import_tasks: backup.yml
tags: backup
################### ###################
# SSL certificate # # SSL certificate #

View file

@ -16,7 +16,7 @@ services:
WORDPRESS_DB_NAME: "{{ item.mysql_database }}" WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
volumes: volumes:
- "html_data:/var/www/html" - "html_data:/var/www/html"
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" - "{{ site_data_path }}:/var/www/html/wp-content"
networks: networks:
net: net:
ipv4_address: "{{ item.subnet_site_ip }}" ipv4_address: "{{ item.subnet_site_ip }}"
@ -28,7 +28,7 @@ services:
- site - site
volumes: volumes:
- "html_data:/var/www/html" - "html_data:/var/www/html"
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content" - "{{ site_data_path }}:/var/www/html/wp-content"
networks: networks:
net: net:
ipv4_address: "{{ item.subnet_nginx_ip }}" ipv4_address: "{{ item.subnet_nginx_ip }}"