From 99c9f19403ac96a05c1f72bb2dcfae11d06fd9a2 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 14 Dec 2020 12:02:36 +0100 Subject: [PATCH] Update restic error handling and install cron --- README.md | 19 +++++++++++++++++-- defaults/main.yml | 11 +++++++++++ tasks/main.yml | 6 ++++++ templates/restic_forget_snapshots.j2 | 19 +++++++++++++++++++ vars/main.yml | 2 +- 5 files changed, 54 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b6191c3..20cc665 100644 --- a/README.md +++ b/README.md @@ -13,10 +13,14 @@ Of course you don't want to give access to others, so you solve the whole thing As a bonus feature, you can optionally transfer the backups to another disk (even with a different password). Which is also a very charming backup concept from a security point of view. +this role does not install restic. For that, we recommend [this ansible role](https://github.com/arillso/ansible.restic.git). +We have had good experience with this role for the [restic rest server](https://github.com/donat-b/ansible-restic-rest.git). + Variables: --------- -```ini -# which repos should we 'cleanup' by default +```yml +--- +# which repos should we cleanup by default restic_archiver__repos: {} # - name: example_server: # location: /srv/restic/example_server_repo @@ -52,6 +56,17 @@ restic_archiver__group: 'root' restic_archiver__hour: '3' restic_archiver__minute: '32' +# validate if disk is mounted +restic_archiver__mount_required: false +# which disk have to be mounted +restic_archiver__mount_disk: '/mnt/' +# umount after use? +restic_archiver__umount_after_usage: false + +# required packages +restic_archiver__package: + - cron + # version check for this playbook (true is recomended) submodules_versioncheck: false ``` diff --git a/defaults/main.yml b/defaults/main.yml index 35b02f7..5d2764c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -35,5 +35,16 @@ restic_archiver__group: 'root' restic_archiver__hour: '3' restic_archiver__minute: '32' +# validate if disk is mounted +restic_archiver__mount_required: false +# which disk have to be mounted +restic_archiver__mount_disk: '/mnt/' +# umount after use? +restic_archiver__umount_after_usage: false + +# required packages +restic_archiver__package: + - cron + # version check for this playbook (true is recomended) submodules_versioncheck: false diff --git a/tasks/main.yml b/tasks/main.yml index 9e4364b..e68fbac 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -11,6 +11,12 @@ mode: 0700 become: true +- name: install cron + become: true + package: + name: "{{ restic_archiver__package }}" + state: present + - name: setup cronjob for restic become: true cron: diff --git a/templates/restic_forget_snapshots.j2 b/templates/restic_forget_snapshots.j2 index eab6195..6f03d38 100644 --- a/templates/restic_forget_snapshots.j2 +++ b/templates/restic_forget_snapshots.j2 @@ -48,7 +48,19 @@ set -euxo pipefail --prune {% endif %} {%- endmacro %} +{% macro validate_mounts %} +{% if restic_archiver__mount_required | bool %} +if mountpoint -q {{ restic_archiver__mount_disk }} +then + echo "{{ restic_archiver__mount_disk }} is mounted" +else + mount -a +fi +{% endif %} +{% endmacro %} + # Settings for Server {{ repo['name'] | string }} +{{ validate_mounts }} export RESTIC_REPOSITORY="{{ repo['location'] }}" export RESTIC_PASSWORD='{{ repo['password'] | regex_replace('\'', '\'\\\'\'') }}' BACKUP_NAME="{{ repo.name }}" @@ -59,6 +71,7 @@ restic check {% if repo.archive|default(false) %} # ARCHIVE Settings for Server "{{ repo['name'] | string }}" +{{ validate_mounts }} export RESTIC_REPOSITORY="{{ repo['archive_location'] }}" export RESTIC_PASSWORD='{{ repo['archive_password'] | regex_replace('\'', '\'\\\'\'') }}' export RESTIC_REPOSITORY2="{{ repo['location'] }}" @@ -71,6 +84,7 @@ if ([ -z "$(restic cat config)" ]) 2>/dev/null; then fi # ARCHIVE Settings for Server "{{ repo['name'] | string }}" +{{ validate_mounts }} export RESTIC_REPOSITORY2="{{ repo['archive_location'] }}" export RESTIC_PASSWORD2='{{ repo['archive_password'] | regex_replace('\'', '\'\\\'\'') }}' export RESTIC_REPOSITORY="{{ repo['location'] }}" @@ -82,6 +96,7 @@ restic copy {% if repo.archive_cleanup %} # ARCHIVE CLEANUP Settings for Server "{{ repo['name'] | string }}" +{{ validate_mounts }} export RESTIC_REPOSITORY="{{ repo['archive_location'] }}" export RESTIC_PASSWORD='{{ repo['archive_password'] | regex_replace('\'', '\'\\\'\'') }}' BACKUP_NAME="{{ repo.name }}_archive" @@ -94,3 +109,7 @@ restic check {% endfor %} +sync +{% if restic_archiver__umount_after_usage %} +umount restic_archiver__mount_disk +{% restic_archiver__mount_disk %} diff --git a/vars/main.yml b/vars/main.yml index ace51d3..a98e5cb 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 24 # should be over ninethousand +playbook_version_number: 25 # should be over ninethousand playbook_version_path: 'role-restic_archiver_roles-ansible_github.com.version'