-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
194 lines (163 loc) · 10.2 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
---
## backuppc_client role's variables to configure a host to backup in a BackupPC server
# FQDN of the BackupPC server we are installing
backuppc_server_name: localhost
# The BackupPC server to configure and to fetch ssh key from. Normally installed with backuppc_server role
# Tipycal definition: backuppc_server_name: backuppc.mydomain.org
## Client to backup access
# Unix user used by the backuppc server to access to the client to backup it
backuppc_client_user: backuppc
backuppc_client_group: backuppc
# The home dir of user backuppc which is used to perform backups in the client
backuppc_client_home: '/var/lib/backuppc'
### Server backuppc package variables
# BackupPC unix user in the server, from which are launched ssh backups to the client.
backuppc_server_user: backuppc
# BackupPC group in the server
backuppc_server_group: www-data
# Home dir of `backuppc_server_user` unix user
backuppc_server_home: /var/lib/backuppc
# BackupPC configuration directory
backuppc_server_config_dir: /etc/backuppc
### Client's backup configuration in the server
# Flag to configure or disable client's periodic backup
backuppc_backup_state: 'present' #present/absent, to configure or erase client host configuration in the server
# Whether automatic backups are enabled and manual ones remain possible
backuppc_BackupsDisable: 0
# By default, backups are enabled and run according to schedule.
# With 1, automatic backups are disabled and maual backups are possible.
# With 2, all backups are disabled
# Flag that defines if the client host is configured by Ansible or not. If false, the role will only configure the server
backuppc_client: true
# If false, ssh access to server must be solved elsewhere. This aparameter may be useful if you don't have Ansible access to a host you need to backup.
### What to backup and when to do it
## Default list of system folders to backup from a client
## See RsyncShareName variable comments in config.pl template (backuppc_server role, templates/etc/backuppc/config.pl.j2, lines 1289 to 1312)
backuppc_RsyncShareName: '{{ backuppc_rsync_share_names }}'
# for backward's compatibility we define this full snake_case version of the variable unfortunatelly introduced in v2.X.Y:
backuppc_rsync_share_names:
- /etc
- /root
- /var
- /usr/local
# This legacy variable may disappear in future versions of the role, update your API!!
# Default list of files, eventually per share, to include in the backup of a client
# List of directories or files to include in backups. This can be set to a string, a list of strings,
# or, in the case of multiple shares, a dict of strings or lists. A dict is used to give a list of directories
# or files to backup for each share (the share name is the key). If a hash is used, a special key `"*"` means
#it applies to all shares that don't have a specific entry.
#
backuppc_BackupFilesOnly: '{{ backuppc_include_files if backuppc_include_files is defined else "" }}'
#
# See README.md for more explenations and example
# backuppc_include_files is a legacy variable name, in v2.X.Y
# List of directories or files to exclude from the backup:
#
backuppc_BackupFilesExclude: '{{ backuppc_exclude_files if backuppc_exclude_files is defined else "" }}'
# backuppc_exclude_files is a legacy variable name, in v2.X.Y
# Syntax is similar than backuppc_BackupFilesOnly
# Backup transfer method. All possibles BackupPC values are valid, but the role is designed and tested only for `rsync` method
backuppc_XferMethod: '{{ backuppc_xfermethod if backuppc_xfermethod is defined else "rsync" }}'
## `backuppc_xfermethod` is a legacy variable name, in v2.X.Y
# BackupPC client host additional parameters
# backuppc_more:
# a dict of parameter: 'value', where `parameter` is a BackupPC config variable that is not directly considered here
# You can, for instant, define longer periods of backups preservation:
#
# backuppc_more:
# ## 105 weeks, 2 years
# FullKeepCnt: 105
# FullKeepCntMin: 10
# FullAgeMax: 730
# ## 183 days, half a year
# IncrKeepCnt: 183
# IncrKeepCntMin: 10
# IncrAgeMax: 730
#
# See defaults/main.yaml and templates/etc/backuppc/config.pl.j2 in backuppc_server role for full list
# of parameters and their documentation
## Shell command to perform backups from the server to the client when transfer method is rsync:
backuppc_RsyncClientCmd: '$sshPath -x -q -l {{ backuppc_client_user }} $host sudo $rsyncPath $argList+'
## shell commands to perform restores when transfer method is rsync:
backuppc_RsyncClientRestoreCmd: '$sshPath -q -x -l {{ backuppc_client_user }} $host sudo $rsyncPath $argList+'
## Pre-dump and post-dump backup scripts and associated configuration parameters
# Those scripts are useful to perform tasks such as databases dumps or snapshots to prepare coherent backups
# Pre-dump script and Post-dump script
# With `backuppc_pre_dump_script` we define a pre dump script, that will executed before rsync dumps
# and with `backuppc_post_dump_script` a post dump script that will be executed after rsync dumps.
# Scripts configuration will be done only if these variables are defined.
# `backuppc_pre_dump_script` and `backuppc_post_dump_script` define the paths of the scripts in the client host.
# These can be absolute or relative paths. If the path is relative, the home dir of backuppc user,
# `backuppc_server_home`, is prependend to the script's path.
#
# For instance, you could define (it used to be the default value up to v2.X.Y of the role):
#
# backuppc_pre_dump_script: scripts/pre_dump.sh
# backuppc_post_dump_script: scripts/post_dump.sh
#
# The pre and post dump scripts will be '{{ backuppc_server_home }}/scripts/pre_dump.sh' and
# '{{ backuppc_server_home }}/scripts/post_dump.sh
#
# Local directory in the Ansible controller where the role finds the previous scripts to upload
backuppc_scripts_local_dir: '{{ playbook_dir }}/host_vars/{{ inventory_hostname }}/files/backuppc/'
# i.e. a folder files/backuppc/ aside the host variables of the playbook
# We should place our backup scripts in this file, with our Ansible code.
# When `backuppc_db_server_type` is 'pgsql' (see hereafter) we can not use our own backuppc_pre_dump_script
# and backuppc_post_dump_script.
# Templates to build the pre and post dump scripts
# backuppc_pre_dump_template:
# backuppc_post_dump_template:
# Scripts can also be templated from the playbooks host variables.
# if any of the two previous variables are defiend, the scripts will be templated instead of uploaded
# form previous directory.
# We must set the variable to the full path of the template from your playbook directory. For instance:
# backuppc_pre_dump_template: '{{ playbook_dir }}/host_vars/{{ inventory_hostname }}/templates/pre_dump.sh.j2'
# backuppc_post_dump_template: '{{ playbook_dir }}/host_vars/{{ inventory_hostname }}/templates/post_dump.sh.j2'
# the role will take its templates from a folder /templates aside host's variables folder.
# Flags to execute pre dump and post dump scripts with sudo, so backuppc user becomes root
# backuppc_scripts_sudo: false/true
# backuppc_script_pre_sudo: false/ture
# backuppc_script_post_sudo: false/true
# The first flag makes both scripts to be executed with sudo, the following ones makes each of the scripts to be executed so.
# If second or third flag is defined differently than first, its configuration prevails
# If `backuppc_pre_dump_script` and/or `backuppc_post_dump_script` are undefined, the corresponding flags have no effect.
# The ssh command for backuppc to execute the pre_dump and post_dump scripts
# `backuppc_DumpPreUserCmd` and `backuppc_DumpPostUserCmd` commands ared automatically defined in the roles tasks, according
# to the previous pre dump and post dump scripts variables definition.
# However you could define yourself any alternative value.
# For instance, if you need boths scriprs with sudo and you define your scripts with an absolute path, you could define these
# these commands as they where in versions 2.X.Y versions of the role:
#
# backuppc_DumpPreUserCmd: '$sshPath -q -x -l {{ backuppc_client_user }} $host {% if backuppc_scripts_sudo %}sudo{% endif %} {{ backuppc_pre_dump_script }}'
# backuppc_DumpPostUserCmd: '$sshPath -q -x -l {{ backuppc_client_user }} $host {% if backuppc_scripts_sudo %}sudo{% endif %} {{ backuppc_post_dump_script }}'
# The commands authorized in the client to the user backuppc. This variable _must_ start with "Cmnd_Alias BACKUPS"
# backuppc_sudoer:
# This variable is defiend in tasks, according to previous parameters. It always start by 'Cmnd_Alias BACKUPS = /usr/bin/rsync',
# eventually followed, separated by commas, by pre and post dump scripts, if they require sudo
# You can eventually overwrite this variable with your own value, for instance:
# backuppc_sudoer: 'Cmnd_Alias BACKUPS = /usr/bin/rsync, /var/lib/backuppc/scripts/pre_dump.sh, /var/lib/backuppc/scripts/post_dump.sh'
## Database dump helpers of the role
# Three states variabale for a mysql or pgsql dump before backups.
# Mysql option defines a mysql user named {{ backuppc_db_dump_user }} with SELECT access to all databases. You must add yourself the
# scripts pre_dump.sh and post_dump.sh hereafter, using this user.
# For Pgsql option, the scripts are constructed from templates. The database to backup is indicated in the backuppc_db_to_dump_name variable
# Three possible values: pgsql, mysql or null
backuppc_db_server_type: ''
# Define this variable if your root mysql password is defined
# (in present default debian mysql install, there is no root password defined)
# backuppc_db_server_root_pass: 'put_it_from_a_vault'
# Define database to backup, as well as user and password
backuppc_db_dump_user: "{{ backuppc_client_user }}"
backuppc_db_dump_user_pass: 'put_it_from_a_vault'
backuppc_db_to_dump_name: 'my_app'
backuppc_db_dump_user_priv: '*.*:PROCESS,SUPER,SELECT'
backuppc_db_dump_group_options: "client"
## BackupPC web interface
# Main user for the client host in BackupPC Web interface
backuppc_server_web_main_user: '{{ backuppc_server_user }}'
## It's good to re-define this variable and to configura an alias mail in the server to be reported backup incidents
# Additional users for the client host in BackupPC Web interface
backuppc_server_web_other_users: ""
# "user1,user2,user3": Users who have access to backups.
# they must be configured in the backuppc server
...