Shorted backup- to bkp-

2025-08-29 15:06:26 +02:00 · 2025-07-09 03:36:44 +02:00
parent d0bd33fee3
commit 9668e74139
56 changed files with 89 additions and 89 deletions
--- a/roles/bkp-docker-to-local/README.md
+++ b/roles/bkp-docker-to-local/README.md
@@ -0,0 +1,26 @@
+# Backup Docker to Local
+
+## Description
+
+This Ansible role automates the process of backing up Docker volumes to a local folder. It pulls the [bkp-docker-to-local repository](https://github.com/kevinveenbirkenbach/bkp-docker-to-local.git), installs required software, configures systemd services for both standard and "everything" backup modes, and seeds backup database entries as needed.
+
+## Overview
+
+Optimized for Archlinux, this role ensures that Docker volume backups are performed reliably with minimal manual intervention. It integrates with several dependent roles to verify backup success and manage related tasks, including:
+- [bkp-directory-validator](../bkp-directory-validator/) – Validates backup directories.
+- [cleanup-failed-docker-backups](../cleanup-failed-docker-backups/) – Cleans up unsuccessful backup attempts.
+- [generic-timer](../generic-timer/) – Schedules recurring backup tasks.
+- [bkp-provider](../bkp-provider/) – Manages backup sources.
+- [maint-lock](../maint-lock/) – Ensures coordinated maintenance operations.
+
+## Purpose
+
+Backup Docker Volumes to Local is a comprehensive solution that leverages rsync to create incremental backups of Docker volumes, providing seamless recovery for both file and database data. Ideal for ensuring the integrity and security of your container data, this role sets up the necessary environment to safeguard your Docker volumes.
+
+## Features
+
+- **Required Software Installation:** Installs necessary packages (e.g., lsof, python-pandas) via pacman.
+- **Git Repository Pull:** Automatically pulls the latest version of the [bkp-docker-to-local repository](https://github.com/kevinveenbirkenbach/bkp-docker-to-local.git).
+- **Systemd Service Configuration:** Deploys and reloads two systemd service templates to manage backup tasks.
+- **Database Seeding:** Includes tasks to seed and manage a backup database (`databases.csv`) for tracking backup details.
+- **Dependency Integration:** Works in conjunction with the dependent roles listed above to verify and manage backups.
--- a/roles/bkp-docker-to-local/handlers/main.yml
+++ b/roles/bkp-docker-to-local/handlers/main.yml
@@ -0,0 +1,9 @@
+- name: "reload bkp-docker-to-local-everything.cymais.service"
+  systemd:
+    name: bkp-docker-to-local-everything.cymais.service
+    daemon_reload: yes
+
+- name: "reload bkp-docker-to-local.cymais.service"
+  systemd:
+    name: bkp-docker-to-local.cymais.service
+    daemon_reload: yes
--- a/roles/bkp-docker-to-local/meta/main.yml
+++ b/roles/bkp-docker-to-local/meta/main.yml
@@ -0,0 +1,30 @@
+---
+galaxy_info:
+  author: "Kevin Veen-Birkenbach"
+  description: "Automates the backup of Docker volumes to a local folder"
+  license: "CyMaIS NonCommercial License (CNCL)"
+  license_url: "https://s.veen.world/cncl"
+  company: |
+    Kevin Veen-Birkenbach
+    Consulting & Coaching Solutions
+    https://www.veen.world
+  min_ansible_version: "2.9"
+  platforms:
+    - name: Archlinux
+      versions:
+        - rolling
+  galaxy_tags:
+    - backup
+    - docker
+    - local
+    - systemd
+    - automation
+  repository: "https://s.veen.world/cymais"
+  issue_tracker_url: "https://s.veen.world/cymaisissues"
+  documentation: "https://s.veen.world/cymais"
+dependencies:
+  - bkp-provider
+  - alert-compose
+  - cleanup-failed-docker-backups
+  - maint-lock
+  - bkp-directory-validator
--- a/roles/bkp-docker-to-local/tasks/main.yml
+++ b/roles/bkp-docker-to-local/tasks/main.yml
@@ -0,0 +1,58 @@
+- name: "pkgmgr install"
+  include_role:
+    name: pkgmgr-install
+  vars:
+    package_name: bkp-docker-to-local
+  when: run_once_backup_docker_to_local is not defined
+
+- name: Retrieve bkp-docker-to-local path from pkgmgr
+  command: pkgmgr path bkp-docker-to-local
+  register: pkgmgr_output
+  changed_when: false
+  when: run_once_backup_docker_to_local is not defined
+
+- name: Set fact for backup_docker_to_local_folder
+  set_fact:
+    backup_docker_to_local_folder: "{{ pkgmgr_output.stdout }}/"
+  changed_when: false
+  when: run_once_backup_docker_to_local is not defined
+
+- name: configure bkp-docker-to-local-everything.cymais.service
+  template: 
+    src: bkp-docker-to-local-everything.service.j2
+    dest: /etc/systemd/system/bkp-docker-to-local-everything.cymais.service
+  notify: reload bkp-docker-to-local-everything.cymais.service
+  when: run_once_backup_docker_to_local is not defined
+
+- name: configure bkp-docker-to-local.cymais.service
+  template: 
+    src: bkp-docker-to-local.service.j2
+    dest: /etc/systemd/system/bkp-docker-to-local.cymais.service
+  notify: reload bkp-docker-to-local.cymais.service
+  when: run_once_backup_docker_to_local is not defined
+
+- name: set service_name to the name of the current role
+  set_fact:
+    service_name: "{{ role_name }}"
+  when: run_once_backup_docker_to_local is not defined
+
+- name: "include role for generic-timer for {{service_name}}"
+  include_role:
+    name: generic-timer
+  vars:
+    on_calendar:  "{{on_calendar_backup_docker_to_local}}"
+  when: run_once_backup_docker_to_local is not defined
+
+- name: "reset {{ backup_docker_to_local_folder }}databases.csv"
+  file:
+    path: "{{ backup_docker_to_local_folder }}databases.csv"
+    state: absent
+  when: mode_reset | bool and run_once_backup_docker_to_local is not defined
+
+- name: "include seed-database-to-backup.yml"
+  include_tasks: seed-database-to-backup.yml
+
+- name: run the backup_docker_to_local tasks once
+  set_fact:
+    run_once_backup_docker_to_local: true
+  when: run_once_backup_docker_to_local is not defined
--- a/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml
+++ b/roles/bkp-docker-to-local/tasks/seed-database-to-backup.yml
@@ -0,0 +1,60 @@
+# This file is also used by web-app-matrix
+
+- name: "Display all database variables"
+  debug:
+    msg: |
+      database_application_id: "{{ database_application_id | default('undefined') }}"
+      database_instance: "{{ database_instance | default('undefined') }}"
+      database_name: "{{ database_name | default('undefined') }}"
+      database_type: "{{ database_type | default('undefined') }}"
+      database_host: "{{ database_host | default('undefined') }}"
+      database_username: "{{ database_username | default('undefined') }}"
+      database_password: "{{ database_password | default('undefined') }}"
+  when: enable_debug | bool
+
+- name: "fail if not all required database variables are defined"
+  fail:
+    msg: "You must define all of the following variables: database_instance, database_name, database_username, database_password"
+  when: >
+    (database_instance is defined or
+     database_name is defined or
+     database_username is defined or
+     database_password is defined) and not
+    (database_instance is defined and
+     database_name is defined and
+     database_username is defined and
+     database_password is defined)
+
+- name: "seed database values in directory {{ backup_docker_to_local_folder }}"
+  command: >
+    python database_entry_seeder.py databases.csv
+    "{{ database_instance }}"
+    "{{ database_name }}"
+    "{{ database_username }}"
+    "{{ database_password }}"
+  args:
+    chdir: "{{ backup_docker_to_local_folder }}"
+  when:
+    - database_instance is defined
+    - database_name is defined
+    - database_username is defined
+    - database_password is defined
+
+- name: Set file permissions for databases.csv to be readable, writable, and executable by root only
+  ansible.builtin.file:
+    path: "{{ backup_docker_to_local_folder }}databases.csv"
+    mode: '0700'
+    owner: root
+    group: root
+  when: >
+    (database_instance is defined and
+    database_name is defined and
+    database_username is defined and
+    database_password is defined) and
+    run_once_backup_docker_to_local_file_permission is not defined
+  register: file_permission_result
+
+- name: run the backup_docker_to_local_file_permission tasks once
+  set_fact:
+    run_once_backup_docker_to_local_file_permission: true
+  when: run_once_backup_docker_to_local_file_permission is not defined and file_permission_result is defined and file_permission_result.changed
--- a/roles/bkp-docker-to-local/templates/bkp-docker-to-local-everything.service.j2
+++ b/roles/bkp-docker-to-local/templates/bkp-docker-to-local-everything.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=backup docker volumes to local folder
+OnFailure=alert-compose.cymais@%n.service cleanup-failed-docker-backups.cymais.service
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'bkp-docker-to-local') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
+ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}} --everything'
+ExecStartPost=/bin/sh -c '/bin/systemctl start maint-docker-heal.cymais.service &'
--- a/roles/bkp-docker-to-local/templates/bkp-docker-to-local.service.j2
+++ b/roles/bkp-docker-to-local/templates/bkp-docker-to-local.service.j2
@@ -0,0 +1,9 @@
+[Unit]
+Description=backup docker volumes to local folder
+OnFailure=alert-compose.cymais@%n.service cleanup-failed-docker-backups.cymais.service
+
+[Service]
+Type=oneshot
+ExecStartPre=/bin/sh -c '/usr/bin/python {{ path_system_lock_script }} {{ system_maintenance_services | join(' ')  }} --ignore {{ system_maintenance_backup_services | reject('equalto', 'bkp-docker-to-local-everything') | join(' ') }} --timeout "{{system_maintenance_lock_timeout_backup_services}}"'
+ExecStart=/bin/sh -c '/usr/bin/python {{backup_docker_to_local_folder}}backup-docker-to-local.py --compose-dir {{path_docker_compose_instances}}'
+ExecStartPost=/bin/sh -c '/bin/systemctl start maint-docker-heal.cymais.service &'