Ansible Backup Scripts

Author: lkiesow

.github/workflows/molecule.yml

@@ -0,0 +1,27 @@
+---
+
+name: ansible tests
+
+on:  # yamllint disable-line rule:truthy
+  - push
+  - pull_request
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: install dependencies
+        run: >
+          pip3 install
+          ansible
+          ansible-lint
+          yamllint
+
+      - name: run yamllint
+        run: yamllint .
+
+      - name: run ansible-lint
+        run: ansible-lint

LICENSE

@@ -0,0 +1,29 @@
+BSD 3-Clause License
+
+Copyright (c) 2022, virtUOS
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

README.md

@@ -0,0 +1,36 @@
+# Ansible Role for Backups with Samba Share
+
+This ansible role configures autofs to mount a samba share
+and configure a script to run regular backups.
+
+## Role Variables
+
+There are three required variables you need to set:
+
+* `backup_smb_user`: the user that will access the backup cloud
+* `backup_smb_password`: the password for this user
+* `backup_script`: The shell commands to run for creating a backup
+
+Have a look at the [defaults](defaults/main.yml) to see all variables and how to set them.
+
+
+## Example Playbook
+
+Your playbook, could look like this:
+
+```yaml
+- hosts: all
+  become: true
+    - role: uos.smb_backup
+      vars:
+        backup_smb_share: //smb.example.com/backup
+        backup_smb_user: samba_user
+        backup_smb_password: samba_user_password
+        backup_script: |
+          FILENAME="{{ backup_mountpoint }}/$(date '+%Y%m%d-%H%M%S').sql.gz"
+          mysqldump -u root --no-data dbname | gzip > "${FILENAME}"
+```
+
+## License
+
+[BSD-3-Clause](LICENSE)

defaults/main.yml

@@ -0,0 +1,28 @@
+---
+
+## Samba user credentials
+# backup_smb_user:
+# backup_smb_password:
+
+## Samba share and mount location
+# backup_smb_share: //smb.example.com/backup
+backup_mountpoint: /mnt/backup
+
+## This is the 'OnCalendar' variable
+## used in the systemd timer
+backup_timer_string: "*-*-* 03:30:00"
+
+## Days to keep backups before deleting them again
+backup_keep_days: 14
+
+## The user that executes the backup service
+backup_user: root
+backup_group: "{{ backup_user }}"
+
+## Backup and cleanup scripts
+# backup_script: |
+#   FILENAME="{{ backup_mountpoint }}/$(date '+%Y%m%d-%H%M%S').sql.gz"
+#   mysqldump -u root --no-data dbname | gzip > "${FILENAME}"
+
+backup_cleanup: |
+  find "{{ backup_mountpoint }}" -mtime "+{{ backup_keep_days }}" -delete

handlers/main.yml

@@ -0,0 +1,11 @@
+---
+- name: Restart autofs
+  ansible.builtin.service:
+    name: autofs.service
+    state: restarted
+
+- name: Restart backup
+  ansible.builtin.systemd:
+    name: backup.timer
+    state: restarted
+    daemon_reload: true

meta/main.yml

@@ -0,0 +1,21 @@
+---
+galaxy_info:
+  role_name: smb_backup
+  namespace: uos
+  author: Lars Kiesow
+  description: Simple samba based backup
+  company: Osnabrück University
+  license: BSD-3-Clause
+  min_ansible_version: '0.1'
+  platforms:
+    - name: EL
+      versions:
+        - '8'
+        - '9'
+    - name: Debian
+      versions:
+        - all
+    - name: Ubuntu
+      versions:
+        - all
+dependencies: []

tasks/main.yml

@@ -0,0 +1,66 @@
+---
+- name: Install dependencies
+  ansible.builtin.package:
+    name:
+      - autofs
+      - cifs-utils
+
+- name: Configure autofs
+  ansible.builtin.template:
+    src: '{{ item }}'
+    dest: /etc/{{ item }}
+    mode: '0644'
+  loop:
+    - auto.master
+    - auto.samba
+  notify: Restart autofs
+
+- name: Configure samba credentials
+  ansible.builtin.template:
+    src: .samba-credentials
+    dest: /etc/.samba-credentials
+    mode: '0600'
+    owner: root
+    group: root
+  notify: Restart autofs
+
+- name: Start and enable autofs service
+  ansible.builtin.systemd:
+    name: autofs.service
+    state: started
+    enabled: true
+
+- name: Create script folder
+  ansible.builtin.file:
+    path: /opt/backup
+    state: directory
+    mode: '0755'
+    owner: root
+    group: root
+
+- name: Create backup scripts
+  ansible.builtin.template:
+    src: '{{ item }}'
+    dest: /opt/backup/{{ item }}
+    mode: '0755'
+    owner: root
+    group: root
+  loop:
+    - backup
+    - cleanup
+
+- name: Install backup service
+  ansible.builtin.template:
+    src: '{{ item }}'
+    dest: /etc/systemd/system/{{ item }}
+    mode: '0644'
+  loop:
+    - backup.service
+    - backup.timer
+  notify: Restart backup
+
+- name: Start backup timer
+  ansible.builtin.service:
+    name: backup.timer
+    state: started
+    enabled: true

templates/.samba-credentials

@@ -0,0 +1,3 @@
+username={{ backup_smb_user }}
+password={{ backup_smb_password }}
+domain=SAMBA

templates/auto.master

@@ -0,0 +1,40 @@
+#
+# Sample auto.master file
+# This is a 'master' automounter map and it has the following format:
+# mount-point [map-type[,format]:]map [options]
+# For details of the format look at auto.master(5).
+#
+#/misc   /etc/auto.misc
+#
+# NOTE: mounts done from a hosts map will be mounted with the
+#	"nosuid" and "nodev" options unless the "suid" and "dev"
+#	options are explicitly given.
+#
+#/net    -hosts
+#
+# Include /etc/auto.master.d/*.autofs
+# To add an extra map using this mechanism you will need to add
+# two configuration items - one /etc/auto.master.d/extra.autofs file
+# (using the same line format as the auto.master file)
+# and a separate mount map (e.g. /etc/auto.extra or an auto.extra NIS map)
+# that is referred to by the extra.autofs file.
+#
++dir:/etc/auto.master.d
+#
+# If you have fedfs set up and the related binaries, either
+# built as part of autofs or installed from another package,
+# uncomment this line to use the fedfs program map to access
+# your fedfs mounts.
+#/nfs4  /usr/sbin/fedfs-map-nfs4 nobind
+#
+# Include central master map if it can be found using
+# nsswitch sources.
+#
+# Note that if there are entries for /net or /misc (as
+# above) in the included master map any keys that are the
+# same will not be seen as the first read key seen takes
+# precedence.
+#
++auto.master
+
+/-        /etc/auto.samba --ghost

templates/auto.samba

@@ -0,0 +1 @@
+{{ backup_mountpoint }} -fstype=cifs,vers=3.0,noserverino,credentials=/etc/.samba-credentials,dir_mode=0700,file_mode=0700 :{{ backup_smb_share }}

templates/backup

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+set -eu
+
+{{ backup_script }}

templates/backup.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=Backup Service
+
+[Service]
+Type=simple
+ExecStart=/opt/backup/backup
+ExecStartPost=/opt/backup/cleanup
+User={{ backup_user }}
+Group={{ backup_group }}

templates/backup.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Backup Timer
+
+[Timer]
+OnCalendar={{ backup_timer_string }}
+
+[Install]
+WantedBy=multi-user.target

templates/cleanup

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+set -eu
+{{ backup_cleanup }}