[borg] Migration of zephir and omnomnom

2021-05-23 18:10:29 +02:00 · 2021-05-23 18:10:29 +02:00 · 3d528a1891
parent 8d2da87bb0
commit 3d528a1891
20 changed files with 130 additions and 34 deletions
--- a/group_vars/all/borg.yml
+++ b/group_vars/all/borg.yml
@ -15,3 +15,4 @@ glob_borg:
    - make-parent-dirs
  encryption_passphrase: "{{ vault.borgbackup_passwd }}"
  ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}"
+  ssh_options: -4 -p 2223
--- a/host_vars/airbus.cachan-adm.crans.org.yml
+++ b/host_vars/airbus.cachan-adm.crans.org.yml
@ -13,3 +13,8 @@ glob_ntp_client:
    - terenez.cachan-adm.crans.org

 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/daniel.adm.crans.org.yml
+++ b/host_vars/daniel.adm.crans.org.yml
@ -8,3 +8,7 @@ loc_psql:
  version: 11
  replica: yes
  addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
--- a/host_vars/gulp.cachan-adm.crans.org.yml
+++ b/host_vars/gulp.cachan-adm.crans.org.yml
@ -18,3 +18,10 @@ loc_psql:
  hosts:
    - { db: re2o, user: re2o }
  addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  to_exclude:
+    - /var/lib/lxcfs
+  ssh_options: ""
--- a/host_vars/jack.adm.crans.org.yml
+++ b/host_vars/jack.adm.crans.org.yml
@ -8,3 +8,7 @@ loc_psql:
  version: 11
  replica: yes
  addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
--- a/host_vars/omnomnom.cachan-adm.crans.org.yml
+++ b/host_vars/omnomnom.cachan-adm.crans.org.yml
@ -0,0 +1,27 @@
+---
+interfaces:
+  adm: eno1.10
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/re2o-ldap.cachan-adm.crans.org.yml
+++ b/host_vars/re2o-ldap.cachan-adm.crans.org.yml
@ -13,3 +13,8 @@ glob_ntp_client:
    - terenez.cachan-adm.crans.org

 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/re2o.cachan-adm.crans.org.yml
+++ b/host_vars/re2o.cachan-adm.crans.org.yml
@ -14,6 +14,11 @@ glob_ntp_client:

 debian_mirror: http://172.17.10.202/debian

+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
+
 loc_re2o:
  owner: root
  group: _nounou
--- a/host_vars/rodauh.cachan-adm.crans.org.yml
+++ b/host_vars/rodauh.cachan-adm.crans.org.yml
@ -32,3 +32,8 @@ loc_reverseproxy:
    - {from: intranet-cachan.crans.org, to: 172.17.10.203}

  redirect_sites: []
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
+++ b/host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml
@ -17,3 +17,8 @@ debian_mirror: http://172.17.10.202/debian
 loc_mirror:
  name: mirror.cachan-adm.crans.org
  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/sam.adm.crans.org.yml
+++ b/host_vars/sam.adm.crans.org.yml
@ -8,3 +8,7 @@ loc_psql:
  version: 11
  replica: yes
  addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs
--- a/host_vars/terenez.cachan-adm.crans.org.yml
+++ b/host_vars/terenez.cachan-adm.crans.org.yml
@ -13,3 +13,8 @@ glob_ntp_client:
    - terenez.cachan-adm.crans.org

 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/unifi.cachan-adm.crans.org.yml
+++ b/host_vars/unifi.cachan-adm.crans.org.yml
@ -18,3 +18,8 @@ glob_ntp_client:
    - terenez.cachan-adm.crans.org

 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
--- a/host_vars/zephir.adm.crans.org.yml
+++ b/host_vars/zephir.adm.crans.org.yml
@ -1,9 +0,0 @@
---
-interfaces:
-  adm: eno1
-
-loc_borg:
-  to_exclude:
-    - /var/lib/backuppc
-  remote:
-    - /backup/borg/zephir
--- a/host_vars/zephir.cachan-adm.crans.org.yml
+++ b/host_vars/zephir.cachan-adm.crans.org.yml
@ -0,0 +1,29 @@
+---
+interfaces:
+  adm: eno1
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - /backup/borg/zephir
+  ssh_options: ""
+  to_exclude:
+    - /var/lib/backuppc
--- a/16
+++ b/16
@ -7,8 +7,8 @@ zamok.adm.crans.org
 cameron.adm.crans.org

 [backups]
-zephir.adm.crans.org
-omnomnom.adm.crans.org
+zephir.cachan-adm.crans.org
+omnomnom.cachan-adm.crans.org

 [baie]
 cameron.adm.crans.org
@ -119,7 +119,6 @@ wiki
 [ntp_server]
 charybde.adm.crans.org
 terenez.cachan-adm.crans.org
-# silice.adm.crans.org

 [opendkim:children]
 mailman
@ -190,15 +189,14 @@ kiwi.adm.crans.org
 sputnik.adm.crans.org

 [crans_routeurs:children]
-# dhcp  TODO: Really needed ?
-# keepalived
 routeurs_vm

 [crans_physical]
 charybde.adm.crans.org
 #cochon.adm.crans.org
-omnomnom.adm.crans.org
+omnomnom.cachan-adm.crans.org
 zamok.adm.crans.org
+zephir.cachan-adm.crans.org

 [crans_physical:children]
 backups
@ -208,7 +206,6 @@ virtu
 [crans_vm]
 airbus.cachan-adm.crans.org
 belenios.adm.crans.org
-#bigbluebutton.adm.crans.org
 boeing.adm.crans.org
 c3po.adm.crans.org
 cas.adm.crans.org
@ -223,7 +220,6 @@ irc.adm.crans.org
 jitsi.adm.crans.org
 kenobi.adm.crans.org
 kiwi.adm.crans.org
-#kiwijuice.adm.crans.org
 linx.adm.crans.org
 mailman.adm.crans.org
 monitoring.adm.crans.org
@ -232,7 +228,6 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 re2o.adm.crans.org
 re2o.cachan-adm.crans.org
-#re2o-dev.adm.crans.org
 re2o-ldap.adm.crans.org
 re2o-ldap.cachan-adm.crans.org
 redisdead.adm.crans.org
@ -241,10 +236,9 @@ roundcube.adm.crans.org
 silice.adm.crans.org
 terenez.cachan-adm.crans.org
 tracker.adm.crans.org
+# unifi.cachan-adm.crans.org <- PROBLÈME WITH APT
 vol447.adm.crans.org
 voyager.adm.crans.org
-#unifi.adm.crans.org
-unifi.cachan-adm.crans.org

 [crans_vm:children]
 routeurs_vm
--- a/plays/borgbackup_client.yml
+++ b/plays/borgbackup_client.yml
@ -1,15 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---
- hosts: server,!stretch
+
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
+
+- hosts: server
  vars:
    borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
  roles:
    - borgbackup-client

- hosts: backup_data
-  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-  roles:
-    - borgbackup-client
+#- hosts: backup_data
+#  vars:
+#    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
+#    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
+#  roles:
+#    - borgbackup-client
--- a/roles/borgbackup-client/handlers/main.yml
+++ b/roles/borgbackup-client/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: restart cron
-  service:
-    name: cron
-    state: restarted
--- a/roles/borgbackup-client/tasks/main.yml
+++ b/roles/borgbackup-client/tasks/main.yml
@ -65,7 +65,6 @@
  template:
    src: "cron.d/borg.j2"
    dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
-  notify: restart cron

 - name: Indicate role in motd
  template:
--- a/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
+++ b/roles/borgbackup-client/templates/borgmatic/config.yaml.j2
@ -27,8 +27,9 @@ location:
    borgmatic_source_directory: /tmp/borgmatic

 storage:
+    relocated_repo_access_is_ok: true
    encryption_passphrase: {{ borg.encryption_passphrase }}
-    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg
+    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg {{ borg.ssh_options | default("") }}
    borg_base_directory: /etc/borgmatic
    borg_config_directory: /etc/borgmatic/config/
    borg_cache_directory: /etc/borgmatic/cache