[borg] Migration of zephir and omnomnom

group_vars/all/borg.yml

@@ -15,3 +15,4 @@ glob_borg:
     - make-parent-dirs
   encryption_passphrase: "{{ vault.borgbackup_passwd }}"
   ssh_privkey: "{{ vault.borgbackup_ssh_privkey }}"
+  ssh_options: -4 -p 2223

host_vars/airbus.cachan-adm.crans.org.yml

@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/daniel.adm.crans.org.yml

@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['daniel.adm.crans.org'] + {{ query('ldap', 'ip', 'daniel', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs

host_vars/gulp.cachan-adm.crans.org.yml

@@ -18,3 +18,10 @@ loc_psql:
   hosts:
     - { db: re2o, user: re2o }
   addresses: "['gulp.cachan-adm.crans.org'] + {{ query('ldap', 'ip', 'gulp', 'cachan-adm') | ipaddr('address') }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  to_exclude:
+    - /var/lib/lxcfs
+  ssh_options: ""

host_vars/jack.adm.crans.org.yml

@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['jack.adm.crans.org'] + {{ query('ldap', 'ip', 'jack', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs

host_vars/omnomnom.cachan-adm.crans.org.yml

@@ -0,0 +1,27 @@
+---
+interfaces:
+  adm: eno1.10
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/re2o-ldap.cachan-adm.crans.org.yml

@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/re2o.cachan-adm.crans.org.yml

@@ -14,6 +14,11 @@ glob_ntp_client:
 
 debian_mirror: http://172.17.10.202/debian
 
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""
+
 loc_re2o:
   owner: root
   group: _nounou

host_vars/rodauh.cachan-adm.crans.org.yml

@@ -32,3 +32,8 @@ loc_reverseproxy:
     - {from: intranet-cachan.crans.org, to: 172.17.10.203}
 
   redirect_sites: []
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/routeur-gulp.cachan-adm.crans.org/cachan.yml

@@ -17,3 +17,8 @@ debian_mirror: http://172.17.10.202/debian
 loc_mirror:
   name: mirror.cachan-adm.crans.org
   ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/sam.adm.crans.org.yml

@@ -8,3 +8,7 @@ loc_psql:
   version: 11
   replica: yes
   addresses: "['sam.adm.crans.org'] + {{ query('ldap', 'ip', 'sam', 'adm') | ipaddr('address') }}"
+
+loc_borg:
+  to_exclude:
+    - /var/lib/lxcfs

host_vars/terenez.cachan-adm.crans.org.yml

@@ -13,3 +13,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/unifi.cachan-adm.crans.org.yml

@@ -18,3 +18,8 @@ glob_ntp_client:
     - terenez.cachan-adm.crans.org
 
 debian_mirror: http://172.17.10.202/debian
+
+loc_borg:
+  remote:
+    - borg@zephir.cachan-adm.crans.org:/backup/borg/{{ ansible_hostname }}
+  ssh_options: ""

host_vars/zephir.adm.crans.org.yml

@@ -1,9 +0,0 @@
----
-interfaces:
-  adm: eno1
-
-loc_borg:
-  to_exclude:
-    - /var/lib/backuppc
-  remote:
-    - /backup/borg/zephir

host_vars/zephir.cachan-adm.crans.org.yml

@@ -0,0 +1,29 @@
+---
+interfaces:
+  adm: eno1
+
+loc_home_nounou:
+  ip: 172.17.10.9
+  mountpoint: /rpool/home
+
+loc_ldap:
+  servers:
+    - 172.17.10.9
+  base: 'dc=crans,dc=org'
+
+loc_ntp_client:
+  servers:
+    - terenez.cachan-adm.crans.org
+
+debian_mirror: http://172.17.10.202/debian
+
+loc_mirror:
+  name: mirror.cachan-adm.crans.org
+  ip: "{{ query('ldap','ip','mirror','cachan.adm') | ipv4 | first }}"
+
+loc_borg:
+  remote:
+    - /backup/borg/zephir
+  ssh_options: ""
+  to_exclude:
+    - /var/lib/backuppc

hosts

@@ -7,8 +7,8 @@ zamok.adm.crans.org
 cameron.adm.crans.org
 
 [backups]
-zephir.adm.crans.org
+zephir.cachan-adm.crans.org
-omnomnom.adm.crans.org
+omnomnom.cachan-adm.crans.org
 
 [baie]
 cameron.adm.crans.org
@@ -119,7 +119,6 @@ wiki
 [ntp_server]
 charybde.adm.crans.org
 terenez.cachan-adm.crans.org
-# silice.adm.crans.org
 
 [opendkim:children]
 mailman
@@ -190,15 +189,14 @@ kiwi.adm.crans.org
 sputnik.adm.crans.org
 
 [crans_routeurs:children]
-# dhcp  TODO: Really needed ?
-# keepalived
 routeurs_vm
 
 [crans_physical]
 charybde.adm.crans.org
 #cochon.adm.crans.org
-omnomnom.adm.crans.org
+omnomnom.cachan-adm.crans.org
 zamok.adm.crans.org
+zephir.cachan-adm.crans.org
 
 [crans_physical:children]
 backups
@@ -208,7 +206,6 @@ virtu
 [crans_vm]
 airbus.cachan-adm.crans.org
 belenios.adm.crans.org
-#bigbluebutton.adm.crans.org
 boeing.adm.crans.org
 c3po.adm.crans.org
 cas.adm.crans.org
@@ -223,7 +220,6 @@ irc.adm.crans.org
 jitsi.adm.crans.org
 kenobi.adm.crans.org
 kiwi.adm.crans.org
-#kiwijuice.adm.crans.org
 linx.adm.crans.org
 mailman.adm.crans.org
 monitoring.adm.crans.org
@@ -232,7 +228,6 @@ owl.adm.crans.org
 owncloud.adm.crans.org
 re2o.adm.crans.org
 re2o.cachan-adm.crans.org
-#re2o-dev.adm.crans.org
 re2o-ldap.adm.crans.org
 re2o-ldap.cachan-adm.crans.org
 redisdead.adm.crans.org
@@ -241,10 +236,9 @@ roundcube.adm.crans.org
 silice.adm.crans.org
 terenez.cachan-adm.crans.org
 tracker.adm.crans.org
+# unifi.cachan-adm.crans.org <- PROBLÈME WITH APT
 vol447.adm.crans.org
 voyager.adm.crans.org
-#unifi.adm.crans.org
-unifi.cachan-adm.crans.org
 
 [crans_vm:children]
 routeurs_vm

plays/borgbackup_client.yml

@@ -1,15 +1,20 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: server,!stretch
+
+- hosts: crans_server
+  roles:
+    - ssh_known_hosts
+
+- hosts: server
   vars:
     borg: '{{ glob_borg | default({}) | combine(loc_borg | default({})) }}'
     mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
   roles:
     - borgbackup-client
 
-- hosts: backup_data
+#- hosts: backup_data
-  vars:
+#  vars:
-    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
+#    borg: '{{ glob_borg | default({}) | combine(loc_borg_data | default({})) }}'
-    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
+#    mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
-  roles:
+#  roles:
-    - borgbackup-client
+#    - borgbackup-client

roles/borgbackup-client/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: restart cron
-  service:
-    name: cron
-    state: restarted

roles/borgbackup-client/tasks/main.yml

@@ -65,7 +65,6 @@
   template:
     src: "cron.d/borg.j2"
     dest: "/etc/cron.d/borg{{ borg.path_suffix | default('') }}"
-  notify: restart cron
 
 - name: Indicate role in motd
   template:

roles/borgbackup-client/templates/borgmatic/config.yaml.j2

@@ -27,8 +27,9 @@ location:
     borgmatic_source_directory: /tmp/borgmatic
 
 storage:
+    relocated_repo_access_is_ok: true
     encryption_passphrase: {{ borg.encryption_passphrase }}
-    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg
+    ssh_command: ssh -i /etc/borgmatic/id_ed25519_borg {{ borg.ssh_options | default("") }}
     borg_base_directory: /etc/borgmatic
     borg_config_directory: /etc/borgmatic/config/
     borg_cache_directory: /etc/borgmatic/cache