From 1e742cb29c28f4f75257116cd81c3bc1ee1a5686 Mon Sep 17 00:00:00 2001 From: Andrey Sokolovskiy Date: Sun, 3 Mar 2024 05:37:23 +0700 Subject: [PATCH] Init --- .gitignore | 3 + .yamllint | 12 + README.md | 1 + galaxy.yml | 17 + meta/runtime.yml | 2 + requirements.yml | 5 + roles/bareos_console/LICENSE | 202 +++++++++ roles/bareos_console/README.md | 48 +++ roles/bareos_console/defaults/main.yml | 4 + roles/bareos_console/meta/argument_specs.yml | 14 + roles/bareos_console/meta/main.yml | 42 ++ roles/bareos_console/requirements.yml | 4 + roles/bareos_console/tasks/assert.yml | 53 +++ roles/bareos_console/tasks/main.yml | 24 ++ roles/bareos_console/templates/.gitkeep | 0 .../bareos_console/templates/bconsole.conf.j2 | 24 ++ roles/bareos_dir/LICENSE | 202 +++++++++ roles/bareos_dir/README.md | 391 ++++++++++++++++++ roles/bareos_dir/defaults/main.yml | 64 +++ roles/bareos_dir/handlers/main.yml | 23 ++ roles/bareos_dir/meta/argument_specs.yml | 89 ++++ roles/bareos_dir/meta/main.yml | 41 ++ roles/bareos_dir/requirements.yml | 13 + roles/bareos_dir/tasks/assert.yml | 145 +++++++ roles/bareos_dir/tasks/main.yml | 242 +++++++++++ roles/bareos_dir/templates/.gitkeep | 0 roles/bareos_dir/templates/bareos-dir.conf.j2 | 17 + roles/bareos_dir/templates/catalog.conf.j2 | 12 + roles/bareos_dir/templates/client.conf.j2 | 29 ++ roles/bareos_dir/templates/console.conf.j2 | 25 ++ roles/bareos_dir/templates/fileset.conf.j2 | 40 ++ roles/bareos_dir/templates/job.conf.j2 | 51 +++ roles/bareos_dir/templates/message.conf.j2 | 29 ++ roles/bareos_dir/templates/pool.conf.j2 | 28 ++ roles/bareos_dir/templates/profile.conf.j2 | 19 + roles/bareos_dir/templates/schedule.conf.j2 | 15 + roles/bareos_dir/templates/storage.conf.j2 | 22 + roles/bareos_dir/vars/main.yml | 33 ++ roles/bareos_fd/LICENSE | 202 +++++++++ roles/bareos_fd/README.md | 268 ++++++++++++ roles/bareos_fd/defaults/main.yml | 62 +++ roles/bareos_fd/handlers/main.yml | 11 + roles/bareos_fd/meta/argument_specs.yml | 67 +++ roles/bareos_fd/meta/main.yml | 41 ++ roles/bareos_fd/requirements.yml | 7 + roles/bareos_fd/tasks/assert.yml | 100 +++++ roles/bareos_fd/tasks/encryption.yml | 69 ++++ roles/bareos_fd/tasks/main.yml | 72 ++++ roles/bareos_fd/templates/.gitkeep | 0 roles/bareos_fd/templates/director.conf.j2 | 31 ++ roles/bareos_fd/templates/message.conf.j2 | 19 + roles/bareos_fd/templates/myself.conf.j2 | 25 ++ roles/bareos_fd/vars/main.yml | 33 ++ roles/bareos_repository/LICENSE | 202 +++++++++ roles/bareos_repository/README.md | 116 ++++++ roles/bareos_repository/defaults/main.yml | 22 + .../bareos_repository/meta/argument_specs.yml | 41 ++ roles/bareos_repository/meta/main.yml | 42 ++ roles/bareos_repository/requirements.yml | 7 + roles/bareos_repository/tasks/assert.yml | 52 +++ roles/bareos_repository/tasks/main.yml | 150 +++++++ roles/bareos_repository/vars/main.yml | 59 +++ roles/bareos_sd/LICENSE | 202 +++++++++ roles/bareos_sd/README.md | 184 +++++++++ roles/bareos_sd/defaults/main.yml | 37 ++ roles/bareos_sd/handlers/main.yml | 11 + roles/bareos_sd/meta/argument_specs.yml | 53 +++ roles/bareos_sd/meta/main.yml | 41 ++ roles/bareos_sd/requirements.yml | 4 + roles/bareos_sd/tasks/assert.yml | 87 ++++ roles/bareos_sd/tasks/main.yml | 111 +++++ roles/bareos_sd/templates/.gitkeep | 0 roles/bareos_sd/templates/bareos-sd.conf.j2 | 15 + roles/bareos_sd/templates/device.conf.j2 | 28 ++ roles/bareos_sd/templates/director.conf.j2 | 16 + roles/bareos_sd/templates/message.conf.j2 | 19 + roles/bareos_sd/templates/s3.profile.j2 | 10 + roles/bareos_sd/vars/main.yml | 19 + roles/bareos_webui/LICENSE | 202 +++++++++ roles/bareos_webui/README.md | 109 +++++ roles/bareos_webui/defaults/main.yml | 9 + roles/bareos_webui/handlers/main.yml | 7 + roles/bareos_webui/meta/argument_specs.yml | 17 + roles/bareos_webui/meta/main.yml | 38 ++ roles/bareos_webui/requirements.yml | 7 + roles/bareos_webui/tasks/assert.yml | 58 +++ roles/bareos_webui/tasks/main.yml | 67 +++ roles/bareos_webui/vars/main.yml | 17 + 88 files changed, 5051 insertions(+) create mode 100644 .gitignore create mode 100644 .yamllint create mode 100644 README.md create mode 100644 galaxy.yml create mode 100644 meta/runtime.yml create mode 100644 requirements.yml create mode 100644 roles/bareos_console/LICENSE create mode 100644 roles/bareos_console/README.md create mode 100644 roles/bareos_console/defaults/main.yml create mode 100644 roles/bareos_console/meta/argument_specs.yml create mode 100644 roles/bareos_console/meta/main.yml create mode 100644 roles/bareos_console/requirements.yml create mode 100644 roles/bareos_console/tasks/assert.yml create mode 100644 roles/bareos_console/tasks/main.yml create mode 100644 roles/bareos_console/templates/.gitkeep create mode 100644 roles/bareos_console/templates/bconsole.conf.j2 create mode 100644 roles/bareos_dir/LICENSE create mode 100644 roles/bareos_dir/README.md create mode 100644 roles/bareos_dir/defaults/main.yml create mode 100644 roles/bareos_dir/handlers/main.yml create mode 100644 roles/bareos_dir/meta/argument_specs.yml create mode 100644 roles/bareos_dir/meta/main.yml create mode 100644 roles/bareos_dir/requirements.yml create mode 100644 roles/bareos_dir/tasks/assert.yml create mode 100644 roles/bareos_dir/tasks/main.yml create mode 100644 roles/bareos_dir/templates/.gitkeep create mode 100644 roles/bareos_dir/templates/bareos-dir.conf.j2 create mode 100644 roles/bareos_dir/templates/catalog.conf.j2 create mode 100644 roles/bareos_dir/templates/client.conf.j2 create mode 100644 roles/bareos_dir/templates/console.conf.j2 create mode 100644 roles/bareos_dir/templates/fileset.conf.j2 create mode 100644 roles/bareos_dir/templates/job.conf.j2 create mode 100644 roles/bareos_dir/templates/message.conf.j2 create mode 100644 roles/bareos_dir/templates/pool.conf.j2 create mode 100644 roles/bareos_dir/templates/profile.conf.j2 create mode 100644 roles/bareos_dir/templates/schedule.conf.j2 create mode 100644 roles/bareos_dir/templates/storage.conf.j2 create mode 100644 roles/bareos_dir/vars/main.yml create mode 100644 roles/bareos_fd/LICENSE create mode 100644 roles/bareos_fd/README.md create mode 100644 roles/bareos_fd/defaults/main.yml create mode 100644 roles/bareos_fd/handlers/main.yml create mode 100644 roles/bareos_fd/meta/argument_specs.yml create mode 100644 roles/bareos_fd/meta/main.yml create mode 100644 roles/bareos_fd/requirements.yml create mode 100644 roles/bareos_fd/tasks/assert.yml create mode 100644 roles/bareos_fd/tasks/encryption.yml create mode 100644 roles/bareos_fd/tasks/main.yml create mode 100644 roles/bareos_fd/templates/.gitkeep create mode 100644 roles/bareos_fd/templates/director.conf.j2 create mode 100644 roles/bareos_fd/templates/message.conf.j2 create mode 100644 roles/bareos_fd/templates/myself.conf.j2 create mode 100644 roles/bareos_fd/vars/main.yml create mode 100644 roles/bareos_repository/LICENSE create mode 100644 roles/bareos_repository/README.md create mode 100644 roles/bareos_repository/defaults/main.yml create mode 100644 roles/bareos_repository/meta/argument_specs.yml create mode 100644 roles/bareos_repository/meta/main.yml create mode 100644 roles/bareos_repository/requirements.yml create mode 100644 roles/bareos_repository/tasks/assert.yml create mode 100644 roles/bareos_repository/tasks/main.yml create mode 100644 roles/bareos_repository/vars/main.yml create mode 100644 roles/bareos_sd/LICENSE create mode 100644 roles/bareos_sd/README.md create mode 100644 roles/bareos_sd/defaults/main.yml create mode 100644 roles/bareos_sd/handlers/main.yml create mode 100644 roles/bareos_sd/meta/argument_specs.yml create mode 100644 roles/bareos_sd/meta/main.yml create mode 100644 roles/bareos_sd/requirements.yml create mode 100644 roles/bareos_sd/tasks/assert.yml create mode 100644 roles/bareos_sd/tasks/main.yml create mode 100644 roles/bareos_sd/templates/.gitkeep create mode 100644 roles/bareos_sd/templates/bareos-sd.conf.j2 create mode 100644 roles/bareos_sd/templates/device.conf.j2 create mode 100644 roles/bareos_sd/templates/director.conf.j2 create mode 100644 roles/bareos_sd/templates/message.conf.j2 create mode 100644 roles/bareos_sd/templates/s3.profile.j2 create mode 100644 roles/bareos_sd/vars/main.yml create mode 100644 roles/bareos_webui/LICENSE create mode 100644 roles/bareos_webui/README.md create mode 100644 roles/bareos_webui/defaults/main.yml create mode 100644 roles/bareos_webui/handlers/main.yml create mode 100644 roles/bareos_webui/meta/argument_specs.yml create mode 100644 roles/bareos_webui/meta/main.yml create mode 100644 roles/bareos_webui/requirements.yml create mode 100644 roles/bareos_webui/tasks/assert.yml create mode 100644 roles/bareos_webui/tasks/main.yml create mode 100644 roles/bareos_webui/vars/main.yml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ed67c61 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.cache +.DS_Store +.icloud diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..c5ae64b --- /dev/null +++ b/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/README.md b/README.md new file mode 100644 index 0000000..aa6b762 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +A collection of roles for Bareos diff --git a/galaxy.yml b/galaxy.yml new file mode 100644 index 0000000..9415bd0 --- /dev/null +++ b/galaxy.yml @@ -0,0 +1,17 @@ +--- +namespace: anry +name: bareos +version: 3.0.0 +readme: README.md +authors: + - Anry +description: A collection of roles for Bareos +license_file: 'LICENSE' +tags: + - linux + - bareos + - backup +dependencies: + ansible.posix: "*" +repository: https://git.unbind.ru/ansible-collections/ansible-collection-bareos.git +build_ignore: [] diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..2ee3c9f --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,2 @@ +--- +requires_ansible: '>=2.9.10' diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..bdb12ec --- /dev/null +++ b/requirements.yml @@ -0,0 +1,5 @@ +--- +collections: + - name: ansible.posix + - name: community.crypto + - name: community.general diff --git a/roles/bareos_console/LICENSE b/roles/bareos_console/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_console/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_console/README.md b/roles/bareos_console/README.md new file mode 100644 index 0000000..7a24947 --- /dev/null +++ b/roles/bareos_console/README.md @@ -0,0 +1,48 @@ +# [Ansible role bareos_console](#bareos_console) + +Install and configure [Bareos](https://www.bareos.com/) Console (bconsole) on your system. + +## [Example Playbook](#example-playbook) + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_console + bareos_console_directors: + - name: bareos-dir + address: localhost + password: "MySuperSecretPassword" + description: "Bareos Console credentials for local Director" + tls_enable: yes + tls_verify_peer: no +``` + + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bareos_repository +``` + +## [Role Variables](#role-variables) + +```yaml +--- +# defaults file for bareos_console + +bareos_console_directors: [] +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt] diff --git a/roles/bareos_console/defaults/main.yml b/roles/bareos_console/defaults/main.yml new file mode 100644 index 0000000..fc4bcaf --- /dev/null +++ b/roles/bareos_console/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# defaults file for bareos_console + +bareos_console_directors: [] diff --git a/roles/bareos_console/meta/argument_specs.yml b/roles/bareos_console/meta/argument_specs.yml new file mode 100644 index 0000000..4f47424 --- /dev/null +++ b/roles/bareos_console/meta/argument_specs.yml @@ -0,0 +1,14 @@ +--- + +# # bareos_dir_messages: Daemon + +argument_specs: + main: + short_description: "Install and configure BareOS Console (bconsole) on your system." + description: > + Install and configure BareOS Console (bconsole) on your system. + author: Robert de Bock + options: + bareos_console_directors: + type: "list" + description: "A list of directors to connect to." diff --git a/roles/bareos_console/meta/main.yml b/roles/bareos_console/meta/main.yml new file mode 100644 index 0000000..f1c9786 --- /dev/null +++ b/roles/bareos_console/meta/main.yml @@ -0,0 +1,42 @@ +--- +galaxy_info: + author: anry + role_name: bareos_console + description: Install and configure [Bareos](https://www.bareos.com/) Console (bconsole) on your system. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "7" + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - backup + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_console/requirements.yml b/roles/bareos_console/requirements.yml new file mode 100644 index 0000000..854c2b6 --- /dev/null +++ b/roles/bareos_console/requirements.yml @@ -0,0 +1,4 @@ +--- +roles: + - name: anry.bootstrap + - name: anry.bareos_repository diff --git a/roles/bareos_console/tasks/assert.yml b/roles/bareos_console/tasks/assert.yml new file mode 100644 index 0000000..30c8b5a --- /dev/null +++ b/roles/bareos_console/tasks/assert.yml @@ -0,0 +1,53 @@ +--- + +- name: assert | Test bareos_console_directors + ansible.builtin.assert: + that: + - bareos_console_directors is iterable + quiet: yes + when: + - bareos_console_directors is defined + +- name: assert | Test items in bareos_console_directors are set correctly + ansible.builtin.assert: + that: + - item.name is defined + - item.name is string + - item.name != "" + - item.address is defined + - item.address is string + - item.address != "" + - item.password is defined + - item.password is string + - item.password != "" + - item.description is defined + - item.description is string + - item.description != "" + quiet: yes + loop: "{{ bareos_console_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - bareos_console_directors is defined + +- name: assert | Test item tls_enable in bareos_console_directors + ansible.builtin.assert: + that: + - item.tls_enable is boolean + quiet: yes + loop: "{{ bareos_console_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - item.tls_enable is defined + +- name: assert | Test item tls_verify_peer in bareos_console_directors + ansible.builtin.assert: + that: + - item.tls_verify_peer is boolean + quiet: yes + loop: "{{ bareos_console_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - item.tls_verify_peer is defined diff --git a/roles/bareos_console/tasks/main.yml b/roles/bareos_console/tasks/main.yml new file mode 100644 index 0000000..fd1a76f --- /dev/null +++ b/roles/bareos_console/tasks/main.yml @@ -0,0 +1,24 @@ +--- +# tasks file for bareos_console + +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Install bareos-console + ansible.builtin.package: + name: bareos-bconsole + state: present + +- name: Place bconsole.conf + ansible.builtin.template: + src: bconsole.conf.j2 + dest: /etc/bareos/bconsole.conf + owner: root + group: bareos + mode: "0640" + validate: /usr/sbin/bconsole --test-config --config %s + when: + - bareos_console_directors is defined diff --git a/roles/bareos_console/templates/.gitkeep b/roles/bareos_console/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/bareos_console/templates/bconsole.conf.j2 b/roles/bareos_console/templates/bconsole.conf.j2 new file mode 100644 index 0000000..3a3c77d --- /dev/null +++ b/roles/bareos_console/templates/bconsole.conf.j2 @@ -0,0 +1,24 @@ +{{ ansible_managed | comment }} + +{% if bareos_console_directors is defined %} +{% for director in bareos_console_directors %} +Director { + Name = "{{ director.name }}" +{% if director.description is defined %} + Description = "{{ director.description }}" +{% endif %} +{% if director.address is defined %} + Address = "{{ director.address }}" +{% endif %} +{% if director.password is defined %} + Password = "[md5]{{ director.password | md5 }}" +{% endif %} +{% if director.tls_enable is defined %} + TLS Enable = {{ director.tls_enable | ternary('Yes', 'No') }} +{% endif %} +{% if director.tls_verify_peer is defined %} + TLS Verify Peer = {{ director.tls_verify_peer | ternary('Yes', 'No') }} +{% endif %} +} +{% endfor %} +{% endif %} diff --git a/roles/bareos_dir/LICENSE b/roles/bareos_dir/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_dir/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_dir/README.md b/roles/bareos_dir/README.md new file mode 100644 index 0000000..4626b39 --- /dev/null +++ b/roles/bareos_dir/README.md @@ -0,0 +1,391 @@ +# [Ansible role bareos_dir](#bareos_dir) + +Install and configure [Bareos](https://www.bareos.com/) Director. + +|GitHub|GitLab|Downloads|Version| +|------|------|---------|-------| +|[![github](https://github.com/anry/ansible-role-bareos_dir/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_dir/actions)|[![gitlab](https://gitlab.com/anry-iac/ansible-role-bareos_dir/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_dir)|[![downloads](https://img.shields.io/ansible/role/d/anry/bareos_dir)](https://galaxy.ansible.com/anry/bareos_dir)|[![Version](https://img.shields.io/github/release/anry/ansible-role-bareos_dir.svg)](https://github.com/anry/ansible-role-bareos_dir/releases/)| + +## [Example Playbook](#example-playbook) + +This example is taken from [`molecule/default/converge.yml`](https://github.com/anry/ansible-role-bareos_dir/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release. + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_dir + bareos_dir_backup_configurations: yes + bareos_dir_install_debug_packages: yes + bareos_dir_catalogs: + - name: MyCatalog + dbname: bareos + dbuser: bareos + dbpassword: "" + bareos_dir_consoles: + - name: bareos-mon + description: "Restricted console used by tray-monitor to get the status of the director." + password: "MySecretPassword" + commandacl: + - status + - .status + jobacl: + - "*all" + bareos_dir_clients: + - name: bareos-fd + address: 127.0.0.1 + password: "MySecretPassword" + maximum_concurrent_jobs: 3 + heartbeat_interval: 60 + - name: "disabled-client" + enabled: no + bareos_dir_filesets: + - name: LinuxAll + description: "Backup all regular filesystems, determined by filesystem type." + include: + files: + - / + exclude_dirs_containing: nobackup + options: + signature: MD5 + one_fs: no + fs_types: + - btrfs + - ext2 + - ext3 + - ext4 + - reiserfs + - jfs + - vfat + - xfs + - zfs + compression: GZIP + exclude: + files: + - /var/lib/bareos + - /var/lib/bareos/storage + - /proc + - /tmp + - /var/tmp + - /.journal + - /.fsck + - name: disabled-fileset + enabled: no + bareos_dir_jobdefs: + - name: DefaultJob-1 + type: Backup + level: Incremental + fileset: SelfTest + schedule: WeeklyCycle + storage: File-1 + messages: Standard + pool: Full + priority: 10 + write_bootstrap: "/var/lib/bareos/%c.bsr" + full_backup_pool: Full + differential_backup_pool: Differential + incremental_backup_pool: Incremental + - name: "disabled-jobdef" + enabled: no + bareos_dir_jobs: + - name: my_job + description: "My backup job" + pool: Full + type: Backup + client: bareos-fd + fileset: LinuxAll + storage: File-1 + messages: Standard + - name: disabled_job + enabled: no + - name: BackupCatalog + description: "Backup the catalog database (after the nightly save)" + jobdefs: DefaultJob + level: Full + fileset: Catalog + client: bareos-fd + schedule: WeeklyCycleAfterBackup + runbeforejob: "/usr/lib/bareos/scripts/make_catalog_backup MyCatalog" + runafterjob: "/usr/lib/bareos/scripts/delete_catalog_backup MyCatalog" + write_bootstrap: '|/usr/bin/bsmtp -h localhost -f \"\(Bareos\) \" -s \"Bootstrap for Job %j\" root' + priority: 11 + maximum_concurrent_jobs: 2 + bareos_dir_messages: + - name: "Standard" + description: "Send relevant messages to the Director." + append: + - file: "/var/log/bareos/bareos.log" + messages: + - all + - "!skipped" + - "!terminate" + catalog: + - all + - "!skipped" + - "!saved" + - "!audit" + console: + - all + - "!skipped" + - "!saved" + - name: "disabled-message" + enabled: no + - name: Daemon + description: "Message delivery for daemon messages (no job)." + mailcommand: '/usr/bin/bsmtp -h localhost -f \"\(Bareos\) \<%r\>\" -s \"Bareos daemon message\" %r' + mail: + - to: root + messages: + - all + - "!skipped" + - "!audit" + console: + - all + - "!skipped" + - "!saved" + - "!audit" + append: + - file: "/var/log/bareos/bareos.log" + messages: + - all + - "!skipped" + - "!audit" + - file: "/var/log/bareos/bareos-audit.log" + messages: + - audit + - name: RestoreFiles + description: "Standard Restore template. Only one such job is needed for all standard Jobs/Clients/Storage ..." + type: Restore + client: bareos-fd + fileset: LinuxAll + storage: File-1 + pool: Incremental + messages: Standard + where: "/tmp/bareos-restores" + bareos_dir_pools: + - name: Full + pool_type: Backup + recycle: yes + autoprune: yes + volume_retention: 365 days + maximum_volume_bytes: 50G + maximum_volumes: 100 + label_format: "Full-" + - name: "disabled-pool" + enabled: no + bareos_dir_profiles: + - name: webui-admin + jobacl: + - "*all*" + clientacl: + - "*all*" + storageacl: + - "*all*" + scheduleacl: + - "*all*" + poolacl: + - "*all*" + commandacl: + - "!.bvfs_clear_cache" + - "!.exit" + - "!.sql" + - "!configure" + - "!create" + - "!delete" + - "!purge" + - "!prune" + - "!sqlquery" + - "!umount" + - "!unmount" + - "*all*" + filesetacl: + - "*all*" + catalogacl: + - "*all*" + whereacl: + - "*all*" + pluginoptionsacl: + - "*all*" + - name: "disabled-message" + enabled: no + bareos_dir_schedules: + - name: WeeklyCycle + run: + - Full 1st sat at 21:00 + - Differential 2nd-5th sat at 21:00 + - Incremental mon-fri at 21:00 + - name: WeeklyCycleAfterBackup + description: This schedule does the catalog. It starts after the WeeklyCycle. + run: + - Full mon-fri at 21:10 + - name: "disabled-schedule" + enabled: no + bareos_dir_storages: + - name: File-1 + address: dir-1 + password: "MySecretPassword" + device: FileStorage + media_type: File + tls_enable: yes + tls_verify_peer: no + maximum_concurrent_jobs: 3 + - name: "disabled-storage" + enabled: no +``` + +The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/anry/ansible-role-bareos_dir/blob/master/molecule/default/prepare.yml): + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bootstrap + # The roles buildtools, python_pip and postgres are required. + # bareos-dir needs to connect to a database. + - role: anry.roles.buildtools + # EPEL is required for RHEL7. + - role: anry.roles.epel + - role: anry.roles.python_pip + - role: anry.roles.postgres + # The roles core_dependencies and postfix are required for the `bareos_role`: "dir". + # bareos-dir needs to send emails. + # - role: anry.roles.core_dependencies + # - role: anry.roles.postfix + - role: anry.roles.bareos_repository + bareos_repository_enable_tracebacks: yes +``` + +Also see a [full explanation and example](https://anry.nl/how-to-use-these-roles.html) on how to use these roles. + +## [Role Variables](#role-variables) + +The default values for the variables are set in [`defaults/main.yml`](https://github.com/anry/ansible-role-bareos_dir/blob/master/defaults/main.yml): + +```yaml +--- +# defaults file for bareos_dir + +# The director has these configuration parameters. + +# Backup the configuration files. +bareos_dir_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_dir_install_debug_packages: no + +# The hostname of the Director. +bareos_dir_hostname: "{{ inventory_hostname }}" + +# The password for the Director. +bareos_dir_password: "secretpassword" + +# The query file. +bareos_dir_queryfile: "/usr/lib/bareos/scripts/query.sql" + +# The maximum number of concurrent jobs. +bareos_dir_max_concurrent_jobs: 100 + +# The messages configuration to use. +bareos_dir_message: Daemon + +# Enable TLS. +bareos_dir_tls_enable: yes + +# Verify the peer. +bareos_dir_tls_verify_peer: no + +# A list of catalogs to configure. +bareos_dir_catalogs: [] + +# A list of consoled to configure. +bareos_dir_consoles: [] + +# A list of clients to configure. +bareos_dir_clients: [] + +# A list of filesets to configure. +bareos_dir_filesets: [] + +# A list of jobdefs to configure +bareos_dir_jobdefs: [] + +# A list of jobs to configure. +bareos_dir_jobs: [] + +# A list of messages to configure. +bareos_dir_messages: [] + +# A list of pools to configure. +bareos_dir_pools: [] + +# A list of profiles to configure. +bareos_dir_profiles: [] + +# A list of schedules to configure. +bareos_dir_schedules: [] + +# A list of storages to configure. +bareos_dir_storages: [] +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt](https://github.com/anry/ansible-role-bareos_dir/blob/master/requirements.txt). + +## [State of used roles](#state-of-used-roles) + +The following roles are used to prepare a system. You can prepare your system in another way. + +| Requirement | GitHub | GitLab | +|-------------|--------|--------| +|[anry.bootstrap](https://galaxy.ansible.com/anry/bootstrap)|[![Build Status GitHub](https://github.com/anry/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bootstrap)| +|[anry.bareos_repository](https://galaxy.ansible.com/anry/bareos_repository)|[![Build Status GitHub](https://github.com/anry/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_repository)| +|[anry.buildtools](https://galaxy.ansible.com/anry/buildtools)|[![Build Status GitHub](https://github.com/anry/ansible-role-buildtools/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-buildtools/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-buildtools/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-buildtools)| +|[anry.epel](https://galaxy.ansible.com/anry/epel)|[![Build Status GitHub](https://github.com/anry/ansible-role-epel/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-epel/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-epel/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-epel)| +|[anry.python_pip](https://galaxy.ansible.com/anry/python_pip)|[![Build Status GitHub](https://github.com/anry/ansible-role-python_pip/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-python_pip/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-python_pip/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-python_pip)| +|[anry.postgres](https://galaxy.ansible.com/anry/postgres)|[![Build Status GitHub](https://github.com/anry/ansible-role-postgres/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-postgres/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-postgres/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-postgres)| + +## [Context](#context) + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://anry.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/anry/ansible-role-bareos_dir/png/requirements.png "Dependencies") + +## [Compatibility](#compatibility) + +This role has been tested on these [container images](https://hub.docker.com/u/anry): + +|container|tags| +|---------|----| +|[Debian](https://hub.docker.com/r/anry/debian)|bookworm, bullseye, buster| +|[EL](https://hub.docker.com/r/anry/enterpriselinux)|7, 8, 9| +|[Fedora](https://hub.docker.com/r/anry/fedora/)|38, 39| +|[opensuse](https://hub.docker.com/r/anry/opensuse)|all| +|[Ubuntu](https://hub.docker.com/r/anry/ubuntu)|jammy, focal| + +The minimum version of Ansible required is 2.12, tests have been done to: + +- The previous version. +- The current version. +- The development version. + +If you find issues, please register them in [GitHub](https://github.com/anry/ansible-role-bareos_dir/issues). + +## [License](#license) + +[Apache-2.0](https://github.com/anry/ansible-role-bareos_dir/blob/master/LICENSE). + +## [Author Information](#author-information) + +[anry](https://anry.nl/) + +Please consider [sponsoring me](https://github.com/sponsors/anry). diff --git a/roles/bareos_dir/defaults/main.yml b/roles/bareos_dir/defaults/main.yml new file mode 100644 index 0000000..d5c21ac --- /dev/null +++ b/roles/bareos_dir/defaults/main.yml @@ -0,0 +1,64 @@ +--- +# defaults file for bareos_dir + +# The director has these configuration parameters. + +# Backup the configuration files. +bareos_dir_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_dir_install_debug_packages: no + +# The hostname of the Director. +bareos_dir_hostname: "{{ inventory_hostname }}" + +# The password for the Director. +bareos_dir_password: "secretpassword" + +# The query file. +bareos_dir_queryfile: "/usr/lib/bareos/scripts/query.sql" + +# The maximum number of concurrent jobs. +bareos_dir_max_concurrent_jobs: 100 + +# The messages configuration to use. +bareos_dir_message: Daemon + +# Enable TLS. +bareos_dir_tls_enable: yes + +# Verify the peer. +bareos_dir_tls_verify_peer: no + +# A list of catalogs to configure. +bareos_dir_catalogs: [] + +# A list of consoled to configure. +bareos_dir_consoles: [] + +# A list of clients to configure. +bareos_dir_clients: [] + +# A list of filesets to configure. +bareos_dir_filesets: [] + +# A list of jobdefs to configure +bareos_dir_jobdefs: [] + +# A list of jobs to configure. +bareos_dir_jobs: [] + +# A list of messages to configure. +bareos_dir_messages: [] + +# A list of pools to configure. +bareos_dir_pools: [] + +# A list of profiles to configure. +bareos_dir_profiles: [] + +# A list of schedules to configure. +bareos_dir_schedules: [] + +# A list of storages to configure. +bareos_dir_storages: [] diff --git a/roles/bareos_dir/handlers/main.yml b/roles/bareos_dir/handlers/main.yml new file mode 100644 index 0000000..5dabb70 --- /dev/null +++ b/roles/bareos_dir/handlers/main.yml @@ -0,0 +1,23 @@ +--- +# handlers file for bareos_dir + +- name: Write results of database setup to file + ansible.builtin.copy: + content: "{{ item.stdout }}" + dest: "/var/log/bareos/{{ item.cmd[0] | basename }}.log" + mode: "0640" + loop: "{{ bareos_setup_database.results }}" + loop_control: + label: "{{ item.cmd[0] | basename | default('Command was skipped') }}" + when: + - item.stdout is defined + +- name: Check configuration + ansible.builtin.command: "bareos-dir --test-config" + changed_when: false + become_user: bareos + +- name: Reload bareos-dir + ansible.builtin.service: + name: bareos-dir + state: reloaded diff --git a/roles/bareos_dir/meta/argument_specs.yml b/roles/bareos_dir/meta/argument_specs.yml new file mode 100644 index 0000000..d71279a --- /dev/null +++ b/roles/bareos_dir/meta/argument_specs.yml @@ -0,0 +1,89 @@ +--- + +argument_specs: + main: + short_description: "Install and configure BareOS Director on your system." + description: > + Install and configure BareOS Director on your system. + author: Robert de Bock + options: + bareos_dir_backup_configurations: + type: "bool" + default: no + description: "Backup the configuration files." + bareos_dir_hostname: + type: "str" + default: "{{ inventory_hostname }}" + description: "The hostname of the Director." + bareos_dir_password: + type: "str" + default: "secretpassword" + description: "The password for the Director." + bareos_dir_queryfile: + type: "str" + default: "/usr/lib/bareos/scripts/query.sql" + description: "The query file." + bareos_dir_max_concurrent_jobs: + type: "int" + default: 10 + description: "The maximum number of concurrent jobs." + bareos_dir_message: + type: "str" + default: "Daemon" + description: "The messages configuration to use." + bareos_dir_tls_enable: + type: "bool" + default: yes + description: "Enable TLS." + bareos_dir_tls_verify_peer: + type: "bool" + default: no + description: "Verify the peer." + bareos_dir_catalogs: + type: "list" + default: [] + description: "A list of catalogs to configure." + bareos_dir_consoles: + type: "list" + default: [] + description: "A list of consoled to configure." + bareos_dir_clients: + type: "list" + default: [] + description: "A list of clients to configure." + bareos_dir_filesets: + type: "list" + default: [] + description: "A list of filesets to configure." + bareos_dir_jobdefs: + type: "list" + default: [] + description: "A list of jobdefs to configure." + bareos_dir_jobs: + type: "list" + default: [] + description: "A list of jobs to configure." + bareos_dir_messages: + type: "list" + default: [] + description: "A list of messages to configure." + bareos_dir_pools: + type: "list" + default: [] + description: "A list of pools to configure." + bareos_dir_profiles: + type: "list" + default: [] + description: "A list of profiles to configure." + bareos_dir_schedules: + type: "list" + default: [] + description: "A list of schedules to configure." + bareos_dir_storages: + type: "list" + default: [] + description: "A list of storages to configure." + bareos_dir_install_debug_packages: + type: "bool" + default: no + description: "Install debug packages. This requires the debug repositories to be enabled." diff --git a/roles/bareos_dir/meta/main.yml b/roles/bareos_dir/meta/main.yml new file mode 100644 index 0000000..7d5d38e --- /dev/null +++ b/roles/bareos_dir/meta/main.yml @@ -0,0 +1,41 @@ +--- +galaxy_info: + author: anry + role_name: bareos_dir + description: Install and configure [Bareos](https://www.bareos.com/) Director. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "7" + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_dir/requirements.yml b/roles/bareos_dir/requirements.yml new file mode 100644 index 0000000..952d36e --- /dev/null +++ b/roles/bareos_dir/requirements.yml @@ -0,0 +1,13 @@ +--- +roles: + - name: anry.bootstrap + - name: anry.bareos_repository + # The `buildtools`, `python_pip` and `postgres` roles provide a database. + - name: anry.buildtools + # EPEL is required for python-pip on RHEL7. + - name: anry.epel + - name: anry.python_pip + - name: anry.postgres + # The `core_dependencies` and `postfix` roles provide mailing capabilities for the `bareos_role`: "dir". + # - name: anry.core_dependencies + # - name: anry.postfix diff --git a/roles/bareos_dir/tasks/assert.yml b/roles/bareos_dir/tasks/assert.yml new file mode 100644 index 0000000..eac8912 --- /dev/null +++ b/roles/bareos_dir/tasks/assert.yml @@ -0,0 +1,145 @@ +--- + +- name: assert | Test bareos_dir_backup_configurations + ansible.builtin.assert: + that: + - bareos_dir_backup_configurations is defined + - bareos_dir_backup_configurations is boolean + quiet: yes + +- name: assert | Test bareos_dir_hostname + ansible.builtin.assert: + that: + - bareos_dir_hostname is defined + - bareos_dir_hostname is string + - bareos_dir_hostname != "" + quiet: yes + +- name: assert | Test bareos_dir_password + ansible.builtin.assert: + that: + - bareos_dir_password is defined + - bareos_dir_password is string + - bareos_dir_password != "" + quiet: yes + +- name: assert | Test bareos_dir_queryfile + ansible.builtin.assert: + that: + - bareos_dir_queryfile is defined + - bareos_dir_queryfile is string + - bareos_dir_queryfile != "" + quiet: yes + +- name: assert | Test bareos_dir_max_concurrent_jobs + ansible.builtin.assert: + that: + - bareos_dir_max_concurrent_jobs is defined + - bareos_dir_max_concurrent_jobs is number + quiet: yes + +- name: assert | Test bareos_dir_message + ansible.builtin.assert: + that: + - bareos_dir_message is defined + - bareos_dir_message is string + - bareos_dir_message != "" + quiet: yes + +- name: assert | Test bareos_dir_tls_enable + ansible.builtin.assert: + that: + - bareos_dir_tls_enable is defined + - bareos_dir_tls_enable is boolean + quiet: yes + +- name: assert | Test bareos_dir_tls_verify_peer + ansible.builtin.assert: + that: + - bareos_dir_tls_verify_peer is defined + - bareos_dir_tls_verify_peer is boolean + quiet: yes + +- name: assert | Test bareos_dir_catalogs + ansible.builtin.assert: + that: + - bareos_dir_catalogs is defined + - bareos_dir_catalogs is iterable + quiet: yes + +- name: assert | Test bareos_dir_consoles + ansible.builtin.assert: + that: + - bareos_dir_consoles is defined + - bareos_dir_consoles is iterable + quiet: yes + +- name: assert | Test bareos_dir_clients + ansible.builtin.assert: + that: + - bareos_dir_clients is defined + - bareos_dir_clients is iterable + quiet: yes + +- name: assert | Test bareos_dir_filesets + ansible.builtin.assert: + that: + - bareos_dir_filesets is defined + - bareos_dir_filesets is iterable + quiet: yes + +- name: assert | Test bareos_dir_jobdefs + ansible.builtin.assert: + that: + - bareos_dir_jobdefs is defined + - bareos_dir_jobdefs is iterable + quiet: yes + +- name: assert | Test bareos_dir_jobs + ansible.builtin.assert: + that: + - bareos_dir_jobs is defined + - bareos_dir_jobs is iterable + quiet: yes + +- name: assert | Test bareos_dir_messages + ansible.builtin.assert: + that: + - bareos_dir_messages is defined + - bareos_dir_messages is iterable + quiet: yes + +- name: assert | Test bareos_dir_pools + ansible.builtin.assert: + that: + - bareos_dir_pools is defined + - bareos_dir_pools is iterable + quiet: yes + +- name: assert | Test bareos_dir_profiles + ansible.builtin.assert: + that: + - bareos_dir_profiles is defined + - bareos_dir_profiles is iterable + quiet: yes + +- name: assert | Test bareos_dir_schedules + ansible.builtin.assert: + that: + - bareos_dir_schedules is defined + - bareos_dir_schedules is iterable + quiet: yes + +- name: assert | Test bareos_dir_storages + ansible.builtin.assert: + that: + - bareos_dir_storages is defined + - bareos_dir_storages is iterable + quiet: yes + +- name: assert | Test bareos_dir_install_debug_packages + ansible.builtin.assert: + that: + - bareos_dir_install_debug_packages is defined + - bareos_dir_install_debug_packages is boolean + quiet: yes diff --git a/roles/bareos_dir/tasks/main.yml b/roles/bareos_dir/tasks/main.yml new file mode 100644 index 0000000..2ce9a48 --- /dev/null +++ b/roles/bareos_dir/tasks/main.yml @@ -0,0 +1,242 @@ +--- +# tasks file for bareos_dir + +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Prevent db installation (apt) + ansible.builtin.debconf: + name: bareos-database-common + question: bareos-database-common/dbconfig-install + value: "false" + vtype: boolean + when: + - ansible_pkg_mgr in [ "apt" ] + +- name: Install requirements + ansible.builtin.package: + name: "{{ bareos_dir_requirements }}" + +- name: Install packages + ansible.builtin.package: + name: "{{ bareos_dir_packages }}" + +- name: Install debug packages + ansible.builtin.package: + name: "{{ bareos_dir_debug_packages }}" + when: + - bareos_dir_install_debug_packages + +- name: Run database setup scripts + ansible.builtin.command: + cmd: "{{ item }}" + creates: "/var/log/bareos/{{ item | basename }}.log" + become_user: postgres + become: true + register: bareos_setup_database + loop: "{{ bareos_dir_install_scripts }}" + loop_control: + label: "{{ item | basename }}" + notify: + - Write results of database setup to file + +- name: Run handlers + ansible.builtin.meta: flush_handlers + +- name: Place bareos-dir.conf + ansible.builtin.template: + src: bareos-dir.conf.j2 + dest: "/etc/bareos/bareos-dir.d/director/bareos-dir.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place catalog + ansible.builtin.template: + src: catalog.conf.j2 + dest: "/etc/bareos/bareos-dir.d/catalog/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_catalogs }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place console + ansible.builtin.template: + src: console.conf.j2 + dest: "/etc/bareos/bareos-dir.d/console/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0644" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_consoles }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place client + ansible.builtin.template: + src: client.conf.j2 + dest: "/etc/bareos/bareos-dir.d/client/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_clients }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place fileset + ansible.builtin.template: + src: fileset.conf.j2 + dest: "/etc/bareos/bareos-dir.d/fileset/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_filesets }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place job + ansible.builtin.template: + src: job.conf.j2 + dest: "/etc/bareos/bareos-dir.d/job/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + vars: + bareos_dir_template_type: Job + loop: "{{ bareos_dir_jobs }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place jobdef + ansible.builtin.template: + src: job.conf.j2 + dest: "/etc/bareos/bareos-dir.d/jobdefs/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + vars: + bareos_dir_template_type: JobDefs + loop: "{{ bareos_dir_jobdefs }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place message + ansible.builtin.template: + src: message.conf.j2 + dest: "/etc/bareos/bareos-dir.d/messages/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_messages }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place pool + ansible.builtin.template: + src: pool.conf.j2 + dest: "/etc/bareos/bareos-dir.d/pool/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_pools }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place profile + ansible.builtin.template: + src: profile.conf.j2 + dest: "/etc/bareos/bareos-dir.d/profile/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0644" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_profiles }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place schedule + ansible.builtin.template: + src: schedule.conf.j2 + dest: "/etc/bareos/bareos-dir.d/schedule/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0644" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_schedules }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Place storage + ansible.builtin.template: + src: storage.conf.j2 + dest: "/etc/bareos/bareos-dir.d/storage/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_dir_backup_configurations }}" + loop: "{{ bareos_dir_storages }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Reload bareos-dir + +- name: Start bareos-dir + ansible.builtin.service: + name: bareos-dir + state: started + enabled: yes + +- name: Place cron to update bvfs + ansible.builtin.cron: + name: bareos bvfs update + user: root + job: echo .bvfs_update | bconsole + hour: '6' + minute: '0' \ No newline at end of file diff --git a/roles/bareos_dir/templates/.gitkeep b/roles/bareos_dir/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/bareos_dir/templates/bareos-dir.conf.j2 b/roles/bareos_dir/templates/bareos-dir.conf.j2 new file mode 100644 index 0000000..263d18f --- /dev/null +++ b/roles/bareos_dir/templates/bareos-dir.conf.j2 @@ -0,0 +1,17 @@ +{{ ansible_managed | comment }} + +Director { + Name = "{{ bareos_dir_hostname }}" + Password = "{{ bareos_dir_password }}" + QueryFile = "{{ bareos_dir_queryfile }}" +{% if bareos_dir_max_concurrent_jobs != 1 %} + Maximum Concurrent Jobs = {{ bareos_dir_max_concurrent_jobs }} +{% endif %} + Messages = "{{ bareos_dir_message }}" +{% if not bareos_dir_tls_enable %} + TLS Enable = No +{% endif %} +{% if bareos_dir_tls_verify_peer %} + TLS Verify Peer = Yes +{% endif %} +} diff --git a/roles/bareos_dir/templates/catalog.conf.j2 b/roles/bareos_dir/templates/catalog.conf.j2 new file mode 100644 index 0000000..0a50ca8 --- /dev/null +++ b/roles/bareos_dir/templates/catalog.conf.j2 @@ -0,0 +1,12 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Catalog { + Name = {{ item.name }} + dbname = "{{ item.dbname }}" + dbuser = "{{ item.dbuser }}" + dbpassword = "{{ item.dbpassword }}" +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/client.conf.j2 b/roles/bareos_dir/templates/client.conf.j2 new file mode 100644 index 0000000..dc37175 --- /dev/null +++ b/roles/bareos_dir/templates/client.conf.j2 @@ -0,0 +1,29 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Client { + Name = "{{ item.name }}" + Address = "{{ item.address }}" + Password = "{{ item.password }}" +{% if item.maximum_concurrent_jobs is defined %} + Maximum Concurrent Jobs = {{ item.maximum_concurrent_jobs }} +{% endif %} +{% if item.connection_from_client_to_director is defined %} + Connection From Client To Director = {{ item.connection_from_client_to_director | ternary('Yes', 'No') }} +{% endif %} +{% if item.connection_from_director_to_client is defined %} + Connection From Director To Client = {{ item.connection_from_director_to_client | ternary('Yes', 'No') }} +{% endif %} +{% if item.heartbeat_interval is defined %} + Heartbeat Interval = {{ item.heartbeat_interval }} +{% endif %} +{% if item.tls_enable is defined %} + TLS Enable = {{ item.tls_enable | ternary('Yes', 'No') }} +{% endif %} +{% if item.tls_verify_peer is defined %} + TLS Verify Peer = {{ item.tls_verify_peer | ternary('Yes', 'No') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/console.conf.j2 b/roles/bareos_dir/templates/console.conf.j2 new file mode 100644 index 0000000..14fdb1d --- /dev/null +++ b/roles/bareos_dir/templates/console.conf.j2 @@ -0,0 +1,25 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Console { + Name = "{{ item.name }}" +{% if item.description is defined %} + Description = "{{ item.description }}" +{% endif %} + Password = "{{ item.password }}" +{% if item.commandacl is defined %} + CommandACL = {{ item.commandacl | join(', ') }} +{% endif %} +{% if item.jobacl is defined %} + JobACL = {{ item.jobacl | join(', ') }} +{% endif %} +{% if item.profile is defined %} + Profile = "{{ item.profile }}" +{% endif %} +{% if item.tlsenable is defined %} + TlsEnable = {{ item.tlsenable | ternary('Yes', 'No') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/fileset.conf.j2 b/roles/bareos_dir/templates/fileset.conf.j2 new file mode 100644 index 0000000..5ccce2d --- /dev/null +++ b/roles/bareos_dir/templates/fileset.conf.j2 @@ -0,0 +1,40 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +FileSet { + Name = "{{ item.name }}" + Description = "{{ item.description }}" + Include { + Options { + Signature = {{ item.include.options.signature }} +{% if item.include.options.one_fs is defined %} + One FS = {{ item.include.options.one_fs | ternary('Yes', 'No') }} +{% endif %} +{% if item.include.options.fs_types is defined %} +{% for fs_type in item.include.options.fs_types %} + FS Type = {{ fs_type }} +{% endfor %} +{% endif %} +{% if item.include.options.compression is defined %} + Compression = {{ item.include.options.compression }} +{% endif %} + } +{% if item.include.exclude_dirs_containing is defined %} + Exclude Dir Containing = {{ item.include.exclude_dirs_containing }} +{% endif %} + +{% for file in item.include.files %} + File = {{ file }} +{% endfor %} + } +{% if item.exclude is defined %} + Exclude { +{% for file in item.exclude.files %} + File = {{ file }} +{% endfor %} + } +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/job.conf.j2 b/roles/bareos_dir/templates/job.conf.j2 new file mode 100644 index 0000000..6c40609 --- /dev/null +++ b/roles/bareos_dir/templates/job.conf.j2 @@ -0,0 +1,51 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +{{ bareos_dir_template_type }} { + Name = "{{ item.name }}" +{% if item.messages is defined %} + Messages = "{{ item.messages }}" +{% endif %} +{% if item.pool is defined %} + Pool = {{ item.pool }} +{% endif %} +{% if item.type is defined %} + Type = {{ item.type }} +{% endif %} +{% if item.description is defined %} + Description = "{{ item.description }}" +{% endif %} +{% if item.client is defined %} + Client = "{{ item.client }}" +{% endif %} +{% if item.fileset is defined %} + FileSet = "{{ item.fileset }}" +{% endif %} +{% if item.storage is defined %} + Storage = "{{ item.storage }}" +{% endif %} +{% if item.jobdefs is defined %} + Job Defs = "{{ item.jobdefs }}" +{% endif %} +{% if item.level is defined %} + Level = {{ item.level }} +{% endif %} +{% if item.schedule is defined %} + Schedule = "{{ item.schedule }}" +{% endif %} +{% if item.runbeforejob is defined %} + Run Before Job = "{{ item.runbeforejob }}" +{% endif %} +{% if item.runafterjob is defined %} + Run After Job = "{{ item.runafterjob }}" +{% endif %} +{% if item.where is defined %} + Where = "{{ item.where }}" +{% endif %} +{% if item.maximum_concurrent_jobs is defined %} + Maximum Concurrent Jobs = {{ item.maximum_concurrent_jobs }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/message.conf.j2 b/roles/bareos_dir/templates/message.conf.j2 new file mode 100644 index 0000000..7253ae2 --- /dev/null +++ b/roles/bareos_dir/templates/message.conf.j2 @@ -0,0 +1,29 @@ +{{ ansible_managed | comment}} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Messages { + Name = "{{ item.name }}" + Description = "{{ item.description }}" +{% if item.append is defined %} +{% for append in item.append %} + Append = "{{ append.file }}" = {{ append.messages | join(', ') }} +{% endfor %} +{% endif %} +{% if item.catalog is defined %} + Catalog = {{ item.catalog | join(', ') }} +{% endif %} +{% if item.console is defined %} + Console = {{ item.console | join(', ') }} +{% endif %} +{% if item.mailcommand is defined %} + mailcommand = "{{ item.mailcommand }}" +{% endif %} +{% if item.mail is defined %} +{% for mail in item.mail %} + mail = {{ mail.to }} = {{ mail.messages | join(', ') }} +{% endfor %} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/pool.conf.j2 b/roles/bareos_dir/templates/pool.conf.j2 new file mode 100644 index 0000000..a45cf51 --- /dev/null +++ b/roles/bareos_dir/templates/pool.conf.j2 @@ -0,0 +1,28 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Pool { + Name = {{ item.name }} + Pool Type = {{ item.pool_type }} +{% if item.recycle is defined %} + Recycle = {{ item.recycle | ternary('Yes', 'No') }} +{% endif %} +{% if item.autoprune is defined %} + AutoPrune = {{ item.autoprune | ternary('Yes', 'No') }} +{% endif %} +{% if item.volume_retention is defined %} + Volume Retention = {{ item.volume_retention }} +{% endif %} +{% if item.maximum_volume_bytes is defined %} + Maximum Volume Bytes = {{ item.maximum_volume_bytes }} +{% endif %} +{% if item.maximum_volumes is defined %} + Maximum Volumes = {{ item.maximum_volumes }} +{% endif %} +{% if item.label_format is defined %} + Label Format = "{{ item.label_format }}" +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/profile.conf.j2 b/roles/bareos_dir/templates/profile.conf.j2 new file mode 100644 index 0000000..fd35c67 --- /dev/null +++ b/roles/bareos_dir/templates/profile.conf.j2 @@ -0,0 +1,19 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Profile { + Name = "{{ item.name }}" + JobAcl = "{{ item.jobacl | join('", "') }}" + ClientAcl = "{{ item.clientacl | join('", "') }}" + StorageAcl = "{{ item.storageacl | join('", "') }}" + ScheduleAcl = "{{ item.scheduleacl | join('", "') }}" + PoolAcl = "{{ item.poolacl | join('", "') }}" + CommandAcl = "{{ item.commandacl | join('", "') }}" + FileSetAcl = "{{ item.filesetacl | join('", "') }}" + CatalogAcl = "{{ item.catalogacl | join('", "') }}" + WhereAcl = "{{ item.whereacl | join('", "') }}" + PluginOptionsAcl = "{{ item.pluginoptionsacl | join('", "') }}" +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/schedule.conf.j2 b/roles/bareos_dir/templates/schedule.conf.j2 new file mode 100644 index 0000000..2a41234 --- /dev/null +++ b/roles/bareos_dir/templates/schedule.conf.j2 @@ -0,0 +1,15 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Schedule { + Name = "{{ item.name }}" +{% if item.description is defined %} + Description = "{{ item.description }}" +{% endif %} +{% for run in item.run %} + Run = {{ run }} +{% endfor %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/templates/storage.conf.j2 b/roles/bareos_dir/templates/storage.conf.j2 new file mode 100644 index 0000000..df1de97 --- /dev/null +++ b/roles/bareos_dir/templates/storage.conf.j2 @@ -0,0 +1,22 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Storage { + Name = "{{ item.name }}" + Address = "{{ item.address }}" + Password = "{{ item.password }}" + Device = "{{ item.device }}" + Media Type = "{{ item.media_type }}" +{% if item.tls_enable is defined %} + TLS Enable = {{ item.tls_enable | ternary('Yes', 'No') }} +{% endif %} +{% if item.tls_verify_peer is defined %} + TLS Verify Peer = {{ item.tls_verify_peer | ternary('Yes', 'No') }} +{% endif %} +{% if item.maximum_concurrent_jobs is defined %} + Maximum Concurrent Jobs = {{ item.maximum_concurrent_jobs }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_dir/vars/main.yml b/roles/bareos_dir/vars/main.yml new file mode 100644 index 0000000..d5d6730 --- /dev/null +++ b/roles/bareos_dir/vars/main.yml @@ -0,0 +1,33 @@ +--- +# vars file for bareos_dir + +# The requirements for bareos-dir. +_bareos_dir_requirements: + default: [] + Debian: + - procps +bareos_dir_requirements: "{{ _bareos_dir_requirements[ansible_os_family] | default(_bareos_dir_requirements['default']) }}" + +# The packages to install. +bareos_dir_packages: + - bareos-database-postgresql + - bareos-database-tools + - bareos-director + +# A list of script to setup the database. +bareos_dir_install_scripts: + - /usr/lib/bareos/scripts/create_bareos_database + - /usr/lib/bareos/scripts/make_bareos_tables + - /usr/lib/bareos/scripts/grant_bareos_privileges + +_bareos_dir_debug_packages: + default: + - "bareos-director-debuginfo" + - gdb + Debian: + - "bareos-dbg" + - gdb + RedHat-7: + - "bareos-debuginfo" + - gdb +bareos_dir_debug_packages: "{{ _bareos_dir_debug_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] | default(_bareos_dir_debug_packages[ansible_os_family] | default(_bareos_dir_debug_packages['default'])) }}" diff --git a/roles/bareos_fd/LICENSE b/roles/bareos_fd/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_fd/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_fd/README.md b/roles/bareos_fd/README.md new file mode 100644 index 0000000..9b73705 --- /dev/null +++ b/roles/bareos_fd/README.md @@ -0,0 +1,268 @@ +# [Ansible role bareos_fd](#bareos_fd) + +Install and configure [Bareos](https://www.bareos.com/) File Daemon. + +|GitHub|GitLab|Downloads|Version| +|------|------|---------|-------| +|[![github](https://github.com/anry/ansible-role-bareos_fd/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_fd/actions)|[![gitlab](https://gitlab.com/anry-iac/ansible-role-bareos_fd/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_fd)|[![downloads](https://img.shields.io/ansible/role/d/anry/bareos_fd)](https://galaxy.ansible.com/anry/bareos_fd)|[![Version](https://img.shields.io/github/release/anry/ansible-role-bareos_fd.svg)](https://github.com/anry/ansible-role-bareos_fd/releases/)| + +## [Example Playbook](#example-playbook) + +This example is taken from [`molecule/default/converge.yml`](https://github.com/anry/ansible-role-bareos_fd/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release. + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_fd + bareos_fd_backup_configurations: yes + bareos_fd_install_debug_packages: yes + bareos_fd_encryption_enabled: yes + bareos_fd_encryption_private_key: | + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAvFS5DDxBm2Hgf6LM2QnU3eKTw6PHpCBESjuqoKDnwnjL9wXH + GAO77b3lPXKFPZfrXUH41FxJt1wWuRXWjJfR4XI7RLmG5XGgbvKamnhCK48aZelN + oFa2Midto1Gydnb/I2I7GTA2fmx65mS4DTlXPn/phZJx9akUwJ1kRWVJgzuzimJ8 + 0YPqKbLPBRz86PWjAfTmYP4a7iuCTOlPqNIxGgCFUi5KIeFQZ3V8eO4iwVE8FhSK + /d1ykdiKlPAWjhcjDsTaQmWQd+IGi20bdzDrOevNUvaR7xGYbPczHDRVYveuEddl + 4up8teWGczQxiIYhIR6n0F9wqFK2AzZGbXOKBLkiPKocKQ/X1glEgLc1jy16YYA4 + vNXc3D+wxKNgnEcZ/YtDOZ746/k+4y8QuLaycA62BaD0hV/UxRHhJX1/gCkjkuU/ + F4ZFP52nMDlyB9uMY1rkUJgNWvgT/GyycPDHFJl04rAM+zl/wFHajy9Dfi8WxzKl + NILvDmSpoyZJww1mhKAFzkRf9ThtoZvs9ctA12QQJdSWWL9kPjJjw0RlBAwKnmBu + C/1wzBL3O9z8OSbJh9LixtfzR6X96ojgUxwQYsXcvcUopCHIAti6INRghbx4AWY8 + 5Jq4C8/OiY2LdHDBoxHY3gnqyKnzCqHZRbE2XUxkPkHXjoOlFX6KqYy49CkCAwEA + AQKCAgAAnUlyA4l5oEr8E3MEcxVR2E7nXi2SMNlKtLEskYwd7irk+S7lhCZJj4TF + iUUv639MZD/CB4ui2ytKV8LE4zue7y7ua0AFi6Nq829KAhHKs3UbMhw9J/vPqwq7 + 5fNIIo3plCLAnLZc6LyaB5BQfnu8DHCKblOx4i77nFYV4jbpMRJpmvX8Em+FZSIa + OT1r3GMf2FzLl5ZUK+ScgmknikFLZ26V8Rncp6jxZ+3XoF/xiRCpm2+Vgm5MK1aK + StsWEFSp6THmSBgt6iK5BaWuLam40crvWYrKrHxMgwIC/x9o44CXOORlN8l2XH6F + T+uxYTqrS7pbuHeo6ZOzMhXZbP5CCpNQdMrJMgtOJsdxoC9viKfAvSbvl+tlwMeb + pAcSxBQ69DRcxbR/Mb5AdZ0KQObdxeeRdHfJBcZypzuARfhxIKqGKVKtxUSE+Gc1 + kq7X9rdqxEBmDHULxnDfqjtf2LVqZao3moCbMqs+sX2rP7pD7TSlnsLNdsDx3yud + X1583lSxSCWIt4i74Elep1BEelO1S+cv0n60czT6IPkpkhr+/X8Vzu48oaGwFvoO + XUFMvzjNZbUv4/FcbISjcnuuXFGQZY9vXvhGtgnwQ+twOyllaGMvogEg0gNSOy1+ + 8yLNrN3QiZlKjFhIBNsJLCvmq5l3u09ijlGl5AxNoYE4wyLg/QKCAQEA4XVLlYeR + zYXibWlYJHdxf7rHnnbUwdww8NRdi6If/48MjEkHrHHK1K+4j/JoKuaKT1kOT9Mk + DgFQJYWXYPo6gFEXLqmjrAVDrHUFPi0Va5F6u/6I18jVmwJzvAkdO79LGNewmawL + mluA/SZAq12nnncbJGA1zn2nTri1Ld/2az1IztYEZGpJf6SU7HQIGqV5hKYTS1NV + TL9wehaCht0RiZh+xOZTENpuCgslBPI7NN82kAAD3/jtbOf37QJ7pkVYhC38r8Vo + dhdOR1STC/30IybiPYacHFTOIhtpbAD5CMkH6/Y5+40LAboqP9uO1rKHSJamj2kn + NqUHIhoi3nz87QKCAQEA1dfisgifNE25MsS5QvFMffuJwe7fyrZlDPnfxuqjEYfw + /Oi/FJ8Ov1tu/9FSkDzFuu+gKHLQ06OVKLJXCdsKSz4uVK+5LLAxbHn8APEarHU/ + ZjC8NV0g+lJhSOAEHnYAZOBipCt0eBZA0eoxDLk3U7ZpvdgUA3VwaWxsSCfGdkcs + CtS3GVLKX5IvufY0DXEHTOXdM0lN0F7lzN2lNeqW/7eBItSUACmT5zaljhpRXWBO + ivdicD6jX5v8egwxRS1hIQr+8XRtY7xILBMlOw0y3oxtjv6jPdX0wpc1TdjyN2eB + RlyP5ifNMrve+3e5640rhtoAUdheSner6ncvexEorQKCAQBaE8sHCwst2fgFTrlw + mGg4aB+pKEEI0ziaf76AM14ldLnGssbmFvC62RocKPWFbmaEHUiii/Ezx0KGO0Gn + 9VG6QqvIcO57o/7NwFM/7DNKru0ifyedTxhIvkoPLnUHkf4nBsYAH8Ti/vwiKE5e + KST3Iw8tEWNuBLX7tcBte7WwUuPr/4XxuKV04gS+E/3I56QNY20CA2FpMHN309aC + m4COQOclNACsExkz2hAIUd9l2GisT9U8fvAdOvDLONq+K6aZ6OW0NGLwC4+y4A+A + Ew6fnMF3Y3iruRZCekE8bYcSA3+uvsmbv1ZOclq++LGxBdMXJVmWoqSQKI8ZCOg1 + jCphAoIBAEmpLuaiv6x1pXjOeP6NPgsbjW1nSmF6iL56iFHt2zQbvrBvv/pre9oA + tfCa+zTCKl5lUqb8PeDZNXUqUX8Mm7QlfDIhwciZ/LxgHKV6Z/TGAovB9+Lt7IEt + xWMj/2c6wJH/FRt1+I2xJKzqXfEDEALfD/ecKfCzEIDQH1CPmvZ9N7eXZGbttNZM + 9fG51F5Y8+nSOGsFMi+3sLLsGo/C+jal0G7eCQkxSUhY85hKioJ+vS9zXc5KVV6G + zeaAsqwgoJeQQReNQm0bm0TLZ4S63C3683ZRUovnWoN5MJxbQbxCBC7njY37Ydy7 + CGlY6YsxOrAeAgQvYvOF24tNeOaMl5UCggEBAJ7LRUjNlGZ4xcCLNRIV9imXxo48 + eQiDC298h+wPzKOjFNp7c/+QQZRsVaKJLIY2FnsEA4ZJZx+oT4wL/3smYCBP/aMD + vLWTarp6unKnzvopBMarFpk3RTqzv8txMjz3kr8WiIhr8geFagjE/ujcuBOu17k8 + /qc6HNLy0e4bK648oBAq4C5qxid33zc06eRed2EOSqXdHwHgfBKlRwqCIYkiWlq/ + SWAk+9svFT9HvziCtFzH5GdsM24W0KtOsTxUiil89ybQW2uWWm5HB3OuATmb0JZA + cz+WiXCcYLVId8gl/hXkKBjRVEhhKsmnab8Jg2HlwGXuAdwqP5/GwxsM41g= + -----END RSA PRIVATE KEY----- + bareos_fd_encryption_master_public_key: | + -----BEGIN CERTIFICATE----- + MIIDyjCCArKgAwIBAgIJAIAjOIGqAGRwMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD + VQQGEwJOTDEQMA4GA1UECAwHVVRSRUNIVDESMBAGA1UEBwwJQnJldWtlbGVuMSIw + IAYDVQQKDBlBZGZpbmlzIElUIE5lZGVybGFuZCBCLlYuMQ8wDQYDVQQDDAZiYXJl + b3MxKDAmBgkqhkiG9w0BCQEWGXJvYmVydC5kZWJvY2tAYWRmaW5pcy5jb20wHhcN + MjMwOTExMDg1MzA0WhcNMjMxMDExMDg1MzA0WjCBkjELMAkGA1UEBhMCTkwxEDAO + BgNVBAgMB1VUUkVDSFQxEjAQBgNVBAcMCUJyZXVrZWxlbjEiMCAGA1UECgwZQWRm + aW5pcyBJVCBOZWRlcmxhbmQgQi5WLjEPMA0GA1UEAwwGYmFyZW9zMSgwJgYJKoZI + hvcNAQkBFhlyb2JlcnQuZGVib2NrQGFkZmluaXMuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAxFjcLKHDTf8dcT4kKtyZlIh4Zh7zNglaa6SJNBGW + pmcvtgfR9aBCDbcEphcssdytrXIiLsCEfv1h63o58UXePKYJMtNzbn6NNyzamxB9 + CM4oHWr/td8i6fYaYXmqOxOimX707joWPlTB9+/rKWFrxwyg08oVGFdBNR6GmWek + Y5aRaEMwRBhh+bSVR9/Rj/QmqlF9pCB9/TtY3hhBdQkcy1tLTDo7Mf/Z4gLpk7d2 + vRmpvVY8JloXjzuJNgVNbzY09pylqe78m9UsrJGBlzocZO5+AnO7wsqMAtUvplOM + oE7GHrg1FpfLjY3bqTQka/fVd1bDt5eDjAJnPqO1RYpKjQIDAQABoyEwHzAdBgNV + HQ4EFgQURTeY0pPxExJwTelsdBXr5PxgOdAwDQYJKoZIhvcNAQELBQADggEBALCi + urw+j1Yg2QDkOzMxmr6r0O/kF3WfrfpcevOCGVN0GxdxP/nGcfAh8feq4xj4oAnS + 2CyhNfPPi+rIO1T0EkZWwL/kTByMGoR9Qc+juMgJ1HTYP6nEnBOXPMo1OyUdK5K3 + MefQpNgHdWNSjWtLuW3YW8rkIeF8ZjmlXOSmBdOmqFi7p3OwwF8FnuXze1RLTgPL + VeI8D8DtzbX+mocuYxfIAFEmRXAmMeimXgwrVyI+w8+3IRGw8rDje0pFZX5X2aED + Gcz2IVF2cw5k1ryYW5kN027oK9igd8qc6dcJC6nMJw1kLbBdo68Eq3EOx92Fljlg + Wa7Dw2pD6yQGl/dfgQg= + -----END CERTIFICATE----- + bareos_fd_directors: + - name: "bareos-dir" + password: "secretpassword" + monitor: no + connection_from_client_to_director: yes + connection_from_director_to_client: no + tls_enable: yes + tls_verify_peer: no + - name: "disabled-director" + enabled: no + bareos_fd_messages: + - name: "Standard" + director: + server: bareos-dir + messages: + - all + - "!skipped" + - "!restored" + description: "Send relevant messages to the Director." + append: + file: "/var/log/bareos/bareos.log" + messages: + - all + - "!skipped" + - "!terminate" + console: + - all + - "!skipped" + - "!saved" + - name: "disabled-message" + enabled: no +``` + +The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/anry/ansible-role-bareos_fd/blob/master/molecule/default/prepare.yml): + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bootstrap + - role: anry.roles.bareos_repository + bareos_repository_enable_tracebacks: yes +``` + +Also see a [full explanation and example](https://anry.nl/how-to-use-these-roles.html) on how to use these roles. + +## [Role Variables](#role-variables) + +The default values for the variables are set in [`defaults/main.yml`](https://github.com/anry/ansible-role-bareos_fd/blob/master/defaults/main.yml): + +```yaml +--- +# defaults file for bareos_fd + +# The client has these configuration parameters. + +# Backup existing configurations. +bareos_fd_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_fd_install_debug_packages: no + +# The hostname of the File Daemon. +bareos_fd_hostname: "{{ inventory_hostname }}" + +# The maximum bandwidth to use. +bareos_fd_max_job_bandwidth: "10 mb/s" + +# The message to use. +bareos_fd_message: "Standard" + +# The maximum number of concurrent jobs. +bareos_fd_maximum_concurrent_jobs: 20 + +# Enable TLS. +bareos_fd_tls_enable: yes + +# Verify the peer. +bareos_fd_tls_verify_peer: no + +# The inteval in seconds to send a heartbeat. +bareos_fd_heartbeat_interval: 0 + +# The Directors to connect to. +bareos_fd_directors: + - name: "bareos-dir" + password: "secretpassword" + monitor: no + description: "Allow the configured Director to access this file daemon." + - name: bareos-mon + password: "secretpassword" + monitor: yes + description: "Restricted Director, used by tray-monitor to get the status of this file daemon." + +# The Messages to configure. +bareos_fd_messages: + - name: "Standard" + director: + server: bareos-dir + messages: + - all + - "!skipped" + - "!restored" + description: "Send relevant messages to the Director." + +# For encryption of data, set this to `yes`. +bareos_fd_encryption_enabled: no + +# You may bring your own private key. If not specified, a new one will be generated. +bareos_fd_encryption_private_key: "" + +# The master public key to use. +bareos_fd_encryption_master_public_key: "" +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt](https://github.com/anry/ansible-role-bareos_fd/blob/master/requirements.txt). + +## [State of used roles](#state-of-used-roles) + +The following roles are used to prepare a system. You can prepare your system in another way. + +| Requirement | GitHub | GitLab | +|-------------|--------|--------| +|[anry.bootstrap](https://galaxy.ansible.com/anry/bootstrap)|[![Build Status GitHub](https://github.com/anry/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bootstrap)| +|[anry.bareos_repository](https://galaxy.ansible.com/anry/bareos_repository)|[![Build Status GitHub](https://github.com/anry/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_repository)| + +## [Context](#context) + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://anry.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/anry/ansible-role-bareos_fd/png/requirements.png "Dependencies") + +## [Compatibility](#compatibility) + +This role has been tested on these [container images](https://hub.docker.com/u/anry): + +|container|tags| +|---------|----| +|[Debian](https://hub.docker.com/r/anry/debian)|bookworm, bullseye, buster| +|[EL](https://hub.docker.com/r/anry/enterpriselinux)|7, 8, 9| +|[Fedora](https://hub.docker.com/r/anry/fedora/)|38, 39| +|[opensuse](https://hub.docker.com/r/anry/opensuse)|all| +|[Ubuntu](https://hub.docker.com/r/anry/ubuntu)|jammy, focal| + +The minimum version of Ansible required is 2.12, tests have been done to: + +- The previous version. +- The current version. +- The development version. + +If you find issues, please register them in [GitHub](https://github.com/anry/ansible-role-bareos_fd/issues). + +## [License](#license) + +[Apache-2.0](https://github.com/anry/ansible-role-bareos_fd/blob/master/LICENSE). + +## [Author Information](#author-information) + +[anry](https://anry.nl/) + +Please consider [sponsoring me](https://github.com/sponsors/anry). diff --git a/roles/bareos_fd/defaults/main.yml b/roles/bareos_fd/defaults/main.yml new file mode 100644 index 0000000..0fe9ab8 --- /dev/null +++ b/roles/bareos_fd/defaults/main.yml @@ -0,0 +1,62 @@ +--- +# defaults file for bareos_fd + +# The client has these configuration parameters. + +# Backup existing configurations. +bareos_fd_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_fd_install_debug_packages: no + +# The hostname of the File Daemon. +bareos_fd_hostname: "{{ inventory_hostname }}" + +# The maximum bandwidth to use. +bareos_fd_max_job_bandwidth: "10 mb/s" + +# The message to use. +bareos_fd_message: "Standard" + +# The maximum number of concurrent jobs. +bareos_fd_maximum_concurrent_jobs: 20 + +# Enable TLS. +bareos_fd_tls_enable: yes + +# Verify the peer. +bareos_fd_tls_verify_peer: no + +# The inteval in seconds to send a heartbeat. +bareos_fd_heartbeat_interval: 0 + +# The Directors to connect to. +bareos_fd_directors: + - name: "bareos-dir" + password: "secretpassword" + monitor: no + description: "Allow the configured Director to access this file daemon." + - name: bareos-mon + password: "secretpassword" + monitor: yes + description: "Restricted Director, used by tray-monitor to get the status of this file daemon." + +# The Messages to configure. +bareos_fd_messages: + - name: "Standard" + director: + server: bareos-dir + messages: + - all + - "!skipped" + - "!restored" + description: "Send relevant messages to the Director." + +# For encryption of data, set this to `yes`. +bareos_fd_encryption_enabled: no + +# You may bring your own private key. If not specified, a new one will be generated. +bareos_fd_encryption_private_key: "" + +# The master public key to use. +bareos_fd_encryption_master_public_key: "" diff --git a/roles/bareos_fd/handlers/main.yml b/roles/bareos_fd/handlers/main.yml new file mode 100644 index 0000000..73dea73 --- /dev/null +++ b/roles/bareos_fd/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for bareos_fd + +- name: Check configuration + ansible.builtin.command: "/usr/sbin/bareos-fd --test-config" + changed_when: false + +- name: Restart bareos-filedaemon + ansible.builtin.service: + name: "{{ bareos_fd_service }}" + state: restarted diff --git a/roles/bareos_fd/meta/argument_specs.yml b/roles/bareos_fd/meta/argument_specs.yml new file mode 100644 index 0000000..511689b --- /dev/null +++ b/roles/bareos_fd/meta/argument_specs.yml @@ -0,0 +1,67 @@ +--- + +# # bareos_dir_messages: Daemon + +argument_specs: + main: + short_description: "Install and configure BareOS File Daemon on your system." + description: > + Install and configure BareOS File Daemon on your system. + author: Robert de Bock + options: + bareos_fd_backup_configurations: + type: "bool" + default: no + description: "Backup existing configurations." + bareos_fd_install_debug_packages: + type: "bool" + default: no + description: "Install debug packages. This requires the debug repositories to be enabled." + bareos_fd_hostname: + type: "str" + default: "{{ inventory_hostname }}" + description: "The hostname of the File Daemon." + bareos_fd_max_job_bandwidth: + type: "str" + default: "10 mb/s" + description: "The maximum bandwidth to use." + bareos_fd_message: + type: "str" + default: "Standard" + description: "The message to use." + bareos_fd_maximum_concurrent_jobs: + type: "int" + default: 20 + description: "The maximum number of concurrent jobs." + bareos_fd_tls_enable: + type: "bool" + default: yes + description: "Enable TLS." + bareos_fd_tls_verify_peer: + type: "bool" + default: no + description: "Verify the peer." + bareos_fd_heartbeat_interval: + type: "int" + default: 0 + description: "The inteval in seconds to send a heartbeat." + bareos_fd_directors: + type: "list" + default: [] + description: "The Directors to connect to." + bareos_fd_messages: + type: "list" + default: [] + description: "The Messages to configure." + bareos_fd_encryption_enabled: + type: "bool" + default: no + description: "For encryption of data, set this to `yes`." + bareos_fd_encryption_private_key: + type: "str" + default: "" + description: "You may bring your own private key. If not specified, a new one will be generated." + bareos_fd_encryption_master_public_key: + type: "str" + default: "" + description: "The master public key to use." diff --git a/roles/bareos_fd/meta/main.yml b/roles/bareos_fd/meta/main.yml new file mode 100644 index 0000000..59e48ce --- /dev/null +++ b/roles/bareos_fd/meta/main.yml @@ -0,0 +1,41 @@ +--- +galaxy_info: + author: anry + role_name: bareos_fd + description: Install and configure [Bareos](https://www.bareos.com/) File Daemon. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "7" + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_fd/requirements.yml b/roles/bareos_fd/requirements.yml new file mode 100644 index 0000000..9246aef --- /dev/null +++ b/roles/bareos_fd/requirements.yml @@ -0,0 +1,7 @@ +--- +roles: + - name: anry.bootstrap + - name: anry.bareos_repository + +collections: + - name: community.crypto diff --git a/roles/bareos_fd/tasks/assert.yml b/roles/bareos_fd/tasks/assert.yml new file mode 100644 index 0000000..ca435f5 --- /dev/null +++ b/roles/bareos_fd/tasks/assert.yml @@ -0,0 +1,100 @@ +--- + +- name: assert | Test bareos_backup_configurations + ansible.builtin.assert: + that: + - bareos_fd_backup_configurations is defined + - bareos_fd_backup_configurations is boolean + quiet: yes + +- name: assert | Test bareos_fd_hostname + ansible.builtin.assert: + that: + - bareos_fd_hostname is defined + - bareos_fd_hostname is string + - bareos_fd_hostname is not none + quiet: yes + +- name: assert | Test bareos_fd_max_job_bandwidth + ansible.builtin.assert: + that: + - bareos_fd_max_job_bandwidth is defined + - bareos_fd_max_job_bandwidth is string + - bareos_fd_max_job_bandwidth is not none + quiet: yes + +- name: assert | Test bareos_fd_message + ansible.builtin.assert: + that: + - bareos_fd_message is defined + - bareos_fd_message is string + - bareos_fd_message is not none + quiet: yes + +- name: assert | Test bareos_fd_tls_enable + ansible.builtin.assert: + that: + - bareos_fd_tls_enable is defined + - bareos_fd_tls_enable is boolean + quiet: yes + +- name: assert | Test bareos_fd_tls_verify_peer + ansible.builtin.assert: + that: + - bareos_fd_tls_verify_peer is defined + - bareos_fd_tls_verify_peer is boolean + quiet: yes + +- name: assert | Test bareos_fd_heartbeat_interval + ansible.builtin.assert: + that: + - bareos_fd_heartbeat_interval is defined + - bareos_fd_heartbeat_interval is number + quiet: yes + +- name: assert | Test bareos_fd_maximum_concurrent_jobs + ansible.builtin.assert: + that: + - bareos_fd_maximum_concurrent_jobs is defined + - bareos_fd_maximum_concurrent_jobs is number + quiet: yes + +- name: assert | Test bareos_fd_directors + ansible.builtin.assert: + that: + - bareos_fd_directors is defined + - bareos_fd_directors is iterable + quiet: yes + +- name: assert | Test bareos_fd_messages + ansible.builtin.assert: + that: + - bareos_fd_messages is defined + - bareos_fd_messages is iterable + quiet: yes + +- name: assert | Test bareos_fd_encryption_enabled + ansible.builtin.assert: + that: + - bareos_fd_encryption_enabled is defined + - bareos_fd_encryption_enabled is boolean + quiet: yes + +- name: assert | Test bareos_fd_encryption_private_key + ansible.builtin.assert: + that: + - bareos_fd_encryption_private_key is defined + - bareos_fd_encryption_private_key is string + quiet: yes + when: + - bareos_fd_encryption_enabled + +- name: assert | Test bareos_fd_encryption_master_public_key + ansible.builtin.assert: + that: + - bareos_fd_encryption_master_public_key is defined + - bareos_fd_encryption_master_public_key is string + - bareos_fd_encryption_master_public_key != "" + quiet: yes + when: + - bareos_fd_encryption_enabled diff --git a/roles/bareos_fd/tasks/encryption.yml b/roles/bareos_fd/tasks/encryption.yml new file mode 100644 index 0000000..1d118b3 --- /dev/null +++ b/roles/bareos_fd/tasks/encryption.yml @@ -0,0 +1,69 @@ +--- + +- name: encryption | Install python cryptography package + ansible.builtin.package: + name: "{{ bareos_fd_encryption_packages }}" + +- name: encryption | Generate private key + community.crypto.openssl_privatekey: + path: /etc/bareos/{{ bareos_fd_hostname }}-private.key + owner: bareos + group: bareos + mode: "0600" + return_content: yes + register: bareos_fd_encryption_private_key_generated + when: + - bareos_fd_encryption_private_key == "" + +- name: encryption | Place private key + ansible.builtin.copy: + content: "{{ bareos_fd_encryption_private_key }}" + dest: /etc/bareos/{{ bareos_fd_hostname }}-private.key + owner: bareos + group: bareos + mode: "0600" + when: + - bareos_fd_encryption_private_key != "" + +- name: encryption | Generate csr for public key + community.crypto.openssl_csr: + path: /etc/bareos/{{ bareos_fd_hostname }}-public.csr + privatekey_path: /etc/bareos/{{ bareos_fd_hostname }}-private.key + common_name: "{{ bareos_fd_hostname }}" + owner: bareos + group: bareos + mode: "0644" + +- name: encryption | Generate public key + community.crypto.x509_certificate: + path: /etc/bareos/{{ bareos_fd_hostname }}-public.key + privatekey_path: /etc/bareos/{{ bareos_fd_hostname }}-private.key + csr_path: /etc/bareos/{{ bareos_fd_hostname }}-public.csr + provider: selfsigned + return_content: yes + owner: bareos + group: bareos + mode: "0644" + register: bareos_fd_encryption_public_key + +- name: encryption | Combine private and public key + ansible.builtin.copy: + content: "{{ bareos_fd_encryption_private_key_generated.privatekey | default(bareos_fd_encryption_private_key) }}{{ bareos_fd_encryption_public_key.certificate }}" + dest: /etc/bareos/{{ bareos_fd_hostname }}.pem + owner: bareos + group: bareos + mode: "0600" + notify: + - Check configuration + - Restart bareos-filedaemon + +- name: encryption | Place master public key + ansible.builtin.copy: + content: "{{ bareos_fd_encryption_master_public_key }}" + dest: /etc/bareos/master.pub.key + owner: bareos + group: bareos + mode: "0640" + notify: + - Check configuration + - Restart bareos-filedaemon diff --git a/roles/bareos_fd/tasks/main.yml b/roles/bareos_fd/tasks/main.yml new file mode 100644 index 0000000..ecf6005 --- /dev/null +++ b/roles/bareos_fd/tasks/main.yml @@ -0,0 +1,72 @@ +--- +# tasks file for bareos_fd + +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Install packages + ansible.builtin.package: + name: bareos-filedaemon + +- name: Install debug packages + ansible.builtin.package: + name: "{{ bareos_fd_debug_packages }}" + when: + - bareos_fd_install_debug_packages + +- name: Place myself.conf + ansible.builtin.template: + src: myself.conf.j2 + dest: "/etc/bareos/bareos-fd.d/client/myself.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_fd_backup_configurations }}" + notify: + - Check configuration + - Restart bareos-filedaemon + +- name: Place director + ansible.builtin.template: + src: director.conf.j2 + dest: "/etc/bareos/bareos-fd.d/director/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_fd_backup_configurations }}" + loop: "{{ bareos_fd_directors }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-filedaemon + +- name: Place message + ansible.builtin.template: + src: message.conf.j2 + dest: "/etc/bareos/bareos-fd.d/messages/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_fd_backup_configurations }}" + loop: "{{ bareos_fd_messages }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-filedaemon + +- name: Import encryption tasklist + ansible.builtin.import_tasks: + file: encryption.yml + when: + - bareos_fd_encryption_enabled + +- name: Start bareos-filedaemon + ansible.builtin.service: + name: "{{ bareos_fd_service }}" + state: started + enabled: yes diff --git a/roles/bareos_fd/templates/.gitkeep b/roles/bareos_fd/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/bareos_fd/templates/director.conf.j2 b/roles/bareos_fd/templates/director.conf.j2 new file mode 100644 index 0000000..c731d4d --- /dev/null +++ b/roles/bareos_fd/templates/director.conf.j2 @@ -0,0 +1,31 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Director { + Name = {{ item.name }} +{% if item.description is defined %} + Description = "{{ item.description }}" +{% endif %} + Password = "[md5]{{ item.password | md5 }}" +{% if item.monitor is defined and item.monitor %} + Monitor = Yes +{% endif %} +{% if item.address is defined %} + Address = "{{ item.address }}" +{% endif %} +{% if item.connection_from_client_to_director is defined %} + Connection From Client To Director = {{ item.connection_from_client_to_director | ternary('Yes', 'No') }} +{% endif %} +{% if item.connection_from_director_to_client is defined %} + Connection From Director To Client = {{ item.connection_from_director_to_client | ternary('Yes', 'No') }} +{% endif %} +{% if item.tls_enable is defined %} + TLS Enable = {{ item.tls_enable | ternary('Yes', 'No') }} +{% endif %} +{% if item.tls_verify_peer is defined %} + TLS Verify Peer = {{ item.tls_verify_peer | ternary('Yes', 'No') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_fd/templates/message.conf.j2 b/roles/bareos_fd/templates/message.conf.j2 new file mode 100644 index 0000000..baebbf2 --- /dev/null +++ b/roles/bareos_fd/templates/message.conf.j2 @@ -0,0 +1,19 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Messages { + Name = "{{ item.name }}" + Description = "{{ item.description }}" +{% if item.director is defined %} + Director = {{ item.director.server }} = {{ item.director.messages | join(', ') }} +{% endif %} +{% if item.append is defined %} + Append = "{{ item.append.file }}" = {{ item.append.messages | join(', ') }} +{% endif %} +{% if item.console is defined %} + Console = {{ item.console | join(', ') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_fd/templates/myself.conf.j2 b/roles/bareos_fd/templates/myself.conf.j2 new file mode 100644 index 0000000..2637dc3 --- /dev/null +++ b/roles/bareos_fd/templates/myself.conf.j2 @@ -0,0 +1,25 @@ +{{ ansible_managed | comment }} + +Client { + Name = "{{ bareos_fd_hostname }}" + Messages = "{{ bareos_fd_message }}" +{% if not bareos_fd_tls_enable %} + TLS Enable = No +{% endif %} +{% if bareos_fd_tls_verify_peer %} + TLS Verify Peer = Yes +{% endif %} +{% if bareos_fd_heartbeat_interval != 0 %} + Heartbeat Interval = {{ bareos_fd_heartbeat_interval }} +{% endif %} +{% if bareos_fd_maximum_concurrent_jobs != 20 %} + Maximum Concurrent Jobs = {{ bareos_fd_max_concurrent_jobs }} +{% endif %} +{% if bareos_fd_encryption_enabled %} + PKI Signatures = Yes + PKI Encryption = Yes + PKI Keypair = "/etc/bareos/{{ bareos_fd_hostname }}.pem" + PKI Master Key = "/etc/bareos/master.pub.key" + PKI Cipher = aes128 +{% endif %} +} diff --git a/roles/bareos_fd/vars/main.yml b/roles/bareos_fd/vars/main.yml new file mode 100644 index 0000000..32f07ee --- /dev/null +++ b/roles/bareos_fd/vars/main.yml @@ -0,0 +1,33 @@ +--- +# vars file for bareos_fd + +# A map to define the packages to install for encryption. +_bareos_fd_encryption_packages: + default: + - python3-cryptography + Archlinux: + - python-cryptography + RedHat-7: + - python2-cryptography +bareos_fd_encryption_packages: "{{ _bareos_fd_encryption_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] | default(_bareos_fd_encryption_packages[ansible_os_family]) | default(_bareos_fd_encryption_packages['default']) }}" + +# A map to define the service name to manage. +_bareos_fd_service: + default: bareos-filedaemon + Archlinux: bareos-fd +bareos_fd_service: "{{ _bareos_fd_service[ansible_os_family] | default(_bareos_fd_service['default']) }}" + +# A map to define the packages to install for debugging. +_bareos_fd_debug_packages: + default: + - bareos-filedaemon-debuginfo + - gdb + Archlinux: + - bareos-devel + Debian: + - bareos-dbg + - gdb + RedHat-7: + - bareos-debuginfo + - gdb +bareos_fd_debug_packages: "{{ _bareos_fd_debug_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] | default(_bareos_fd_debug_packages[ansible_os_family]) | default(_bareos_fd_debug_packages['default']) }}" diff --git a/roles/bareos_repository/LICENSE b/roles/bareos_repository/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_repository/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_repository/README.md b/roles/bareos_repository/README.md new file mode 100644 index 0000000..2419684 --- /dev/null +++ b/roles/bareos_repository/README.md @@ -0,0 +1,116 @@ +# [Ansible role bareos_repository](#bareos_repository) + +Setup the [Bareos](https://www.bareos.com/) repositories. + +|GitHub|GitLab|Downloads|Version| +|------|------|---------|-------| +|[![github](https://github.com/anry/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_repository/actions)|[![gitlab](https://gitlab.com/anry-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_repository)|[![downloads](https://img.shields.io/ansible/role/d/anry/bareos_repository)](https://galaxy.ansible.com/anry/bareos_repository)|[![Version](https://img.shields.io/github/release/anry/ansible-role-bareos_repository.svg)](https://github.com/anry/ansible-role-bareos_repository/releases/)| + +## [Example Playbook](#example-playbook) + +This example is taken from [`molecule/default/converge.yml`](https://github.com/anry/ansible-role-bareos_repository/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release. + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_repository + bareos_repository_enable_tracebacks: yes +``` + +The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/anry/ansible-role-bareos_repository/blob/master/molecule/default/prepare.yml): + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bootstrap +``` + +Also see a [full explanation and example](https://anry.nl/how-to-use-these-roles.html) on how to use these roles. + +## [Role Variables](#role-variables) + +The default values for the variables are set in [`defaults/main.yml`](https://github.com/anry/ansible-role-bareos_repository/blob/master/defaults/main.yml): + +```yaml +--- +# defaults file for bareos_repository + +# What type of Bareos to install, either "community" or "subscription". +bareos_repository_type: community + +# The subscription username for the repository. +bareos_repository_username: "" + +# The subscription password for the repository. +bareos_repository_password: "" + +# What release to use, either "current", "next" or "release". +# When using `bareos_repository_type: community` this can be set to "release" or "testing". +bareos_repository_release: current + +# The version of Bareos to install. +# Only affects `bareos_repository_type: subscription`. +bareos_repository_version: 23 + +# You can enable tracebacks for troubleshooting purposes. +bareos_repository_enable_tracebacks: no +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt](https://github.com/anry/ansible-role-bareos_repository/blob/master/requirements.txt). + +## [State of used roles](#state-of-used-roles) + +The following roles are used to prepare a system. You can prepare your system in another way. + +| Requirement | GitHub | GitLab | +|-------------|--------|--------| +|[anry.bootstrap](https://galaxy.ansible.com/anry/bootstrap)|[![Build Status GitHub](https://github.com/anry/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bootstrap)| + +## [Context](#context) + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://anry.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/anry/ansible-role-bareos_repository/png/requirements.png "Dependencies") + +## [Compatibility](#compatibility) + +This role has been tested on these [container images](https://hub.docker.com/u/anry): + +|container|tags| +|---------|----| +|[Debian](https://hub.docker.com/r/anry/debian)|bookworm, bullseye, buster| +|[EL](https://hub.docker.com/r/anry/enterpriselinux)|7, 8, 9| +|[Fedora](https://hub.docker.com/r/anry/fedora/)|38, 39| +|[opensuse](https://hub.docker.com/r/anry/opensuse)|all| +|[Ubuntu](https://hub.docker.com/r/anry/ubuntu)|jammy, focal| + +The minimum version of Ansible required is 2.12, tests have been done to: + +- The previous version. +- The current version. +- The development version. + +If you find issues, please register them in [GitHub](https://github.com/anry/ansible-role-bareos_repository/issues). + +## [License](#license) + +[Apache-2.0](https://github.com/anry/ansible-role-bareos_repository/blob/master/LICENSE). + +## [Author Information](#author-information) + +[anry](https://anry.nl/) + +Please consider [sponsoring me](https://github.com/sponsors/anry). diff --git a/roles/bareos_repository/defaults/main.yml b/roles/bareos_repository/defaults/main.yml new file mode 100644 index 0000000..7aa75a9 --- /dev/null +++ b/roles/bareos_repository/defaults/main.yml @@ -0,0 +1,22 @@ +--- +# defaults file for bareos_repository + +# What type of Bareos to install, either "community" or "subscription". +bareos_repository_type: community + +# The subscription username for the repository. +bareos_repository_username: "" + +# The subscription password for the repository. +bareos_repository_password: "" + +# What release to use, either "current", "next" or "release". +# When using `bareos_repository_type: community` this can be set to "release" or "testing". +bareos_repository_release: current + +# The version of Bareos to install. +# Only affects `bareos_repository_type: subscription`. +bareos_repository_version: 23 + +# You can enable tracebacks for troubleshooting purposes. +bareos_repository_enable_tracebacks: no diff --git a/roles/bareos_repository/meta/argument_specs.yml b/roles/bareos_repository/meta/argument_specs.yml new file mode 100644 index 0000000..277ce1d --- /dev/null +++ b/roles/bareos_repository/meta/argument_specs.yml @@ -0,0 +1,41 @@ +--- + +argument_specs: + main: + short_description: "Setup the bareos repositories." + description: > + Install the BareOS repositories. + After applying this role, you can install bareos packages. + author: Robert de Bock + options: + bareos_repository_type: + type: "str" + default: community + description: "What type of Bareos to install, either 'community' or 'subscription'." + choices: + - community + - subscription + bareos_repository_username: + type: "str" + default: "" + description: "The subscription username for the repository." + bareos_repository_password: + type: "str" + default: "" + description: "The subscription password for the repository." + bareos_repository_release: + type: "str" + default: current + description: "What release to use, either 'current', 'next' or 'release'." + choices: + - current + - next + - release + bareos_repository_version: + type: "int" + default: 23 + description: "The version of Bareos to install. Only affects `bareos_repository_type: subscription`." + bareos_repository_enable_tracebacks: + type: "bool" + default: false + description: "You can enable tracebacks for troubleshooting purposes." diff --git a/roles/bareos_repository/meta/main.yml b/roles/bareos_repository/meta/main.yml new file mode 100644 index 0000000..c0b950a --- /dev/null +++ b/roles/bareos_repository/meta/main.yml @@ -0,0 +1,42 @@ +--- +galaxy_info: + author: anry + role_name: bareos_repository + description: Setup the [Bareos](https://www.bareos.com/) repositories. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "7" + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - backup + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_repository/requirements.yml b/roles/bareos_repository/requirements.yml new file mode 100644 index 0000000..820c85b --- /dev/null +++ b/roles/bareos_repository/requirements.yml @@ -0,0 +1,7 @@ +--- +roles: + - name: anry.bootstrap + +collections: + - name: ansible.posix + - name: community.general diff --git a/roles/bareos_repository/tasks/assert.yml b/roles/bareos_repository/tasks/assert.yml new file mode 100644 index 0000000..046d9ec --- /dev/null +++ b/roles/bareos_repository/tasks/assert.yml @@ -0,0 +1,52 @@ +--- + +- name: assert | Test bareos_repository_type + ansible.builtin.assert: + that: + - bareos_repository_type is defined + - bareos_repository_type in [ "community", "subscription" ] + quiet: yes + +- name: assert | Test bareos_repository_username + ansible.builtin.assert: + that: + - bareos_repository_username is defined + - bareos_repository_username is string + - bareos_repository_username != "" + quiet: yes + when: + - bareos_repository_type == "subscription" + +- name: assert | Test bareos_repository_password + ansible.builtin.assert: + that: + - bareos_repository_password is defined + - bareos_repository_password is string + - bareos_repository_password != "" + quiet: yes + when: + - bareos_repository_type == "subscription" + +- name: assert | Test bareos_repository_release + ansible.builtin.assert: + that: + - bareos_repository_release is defined + - bareos_repository_release in [ "current", "next", "release" ] + quiet: yes + +- name: assert | Test bareos_repository_version + ansible.builtin.assert: + that: + - bareos_repository_version is defined + - bareos_repository_version is number + - bareos_repository_version in [ 20, 21, 22, 23 ] + quiet: yes + when: + - bareos_repository_type == "subscription" + +- name: assert | Test bareos_repository_enable_tracebacks + ansible.builtin.assert: + that: + - bareos_repository_enable_tracebacks is defined + - bareos_repository_enable_tracebacks is boolean + quiet: yes diff --git a/roles/bareos_repository/tasks/main.yml b/roles/bareos_repository/tasks/main.yml new file mode 100644 index 0000000..ac3636d --- /dev/null +++ b/roles/bareos_repository/tasks/main.yml @@ -0,0 +1,150 @@ +--- +# tasks file for bareos_repository + +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Add repository (rpm) + ansible.builtin.yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: yes + gpgkey: "{{ item.gpgkey }}" + username: "{{ item.username | default(omit) }}" + password: "{{ item.password | default(omit) }}" + no_log: true + loop: "{{ bareos_repository_list }}" + loop_control: + label: "{{ item.name }}" + when: + - ansible_pkg_mgr in [ "dnf", "yum" ] + +- name: Run tasks on apt based distributions + when: + - ansible_pkg_mgr in [ "apt" ] + block: + - name: Install CA certificates (apt) + ansible.builtin.package: + name: ca-certificates + + - name: Download gpg key (apt) + ansible.builtin.get_url: + url: "{{ bareos_repository_gpg_key }}" + dest: /etc/apt/bareos.gpg + username: "{{ bareos_repository_username }}" + password: "{{ bareos_repository_password }}" + owner: root + group: root + mode: "0644" + no_log: true + + - name: Place credentials file (apt) + ansible.builtin.copy: + content: | + machine download.bareos.com + login {{ bareos_repository_username }} + password {{ bareos_repository_password }} + dest: /etc/apt/auth.conf.d/download_bareos_com.conf + owner: root + group: root + mode: "0600" + no_log: true + when: + - bareos_repository_type == "subscription" + + - name: Add repository (apt) + ansible.builtin.apt_repository: + repo: "{{ item.deb_repo }}" + state: present + filename: "{{ item.name }}" + update_cache: yes + no_log: true + loop: "{{ bareos_repository_list }}" + loop_control: + label: "{{ item.name }}" + +- name: Run tasks on zypper based distributions + when: + - ansible_pkg_mgr in [ "zypper" ] + block: + - name: Download gpg key (zypper) + ansible.builtin.get_url: + url: "{{ bareos_repository_gpg_key }}" + dest: /etc/gnupg/bareos.gpg + username: "{{ bareos_repository_username }}" + password: "{{ bareos_repository_password }}" + owner: root + group: root + mode: "0644" + no_log: true + + - name: Import gpg key (zypper) + ansible.builtin.rpm_key: + key: /etc/gnupg/bareos.gpg + + - name: Place credentials file (zypper) + ansible.builtin.copy: + content: | + username={{ bareos_repository_username }} + password={{ bareos_repository_password }} + dest: /etc/zypp/credentials.d/bareos + owner: root + group: root + mode: "0600" + no_log: true + when: + - bareos_repository_type == "subscription" + + - name: Add repository (zypper) + community.general.zypper_repository: + name: "{{ item.name }}" + repo: "{{ item.repo }}" + state: present + loop: "{{ bareos_repository_list }}" + loop_control: + label: "{{ item.name }}" + +- name: Enable tracebacks + when: + - bareos_repository_enable_tracebacks + block: + - name: Add debuginfo repository (rpm) + ansible.builtin.yum_repository: + name: "{{ item.name }}" + description: "{{ item.description }}" + baseurl: "{{ item.baseurl }}" + gpgcheck: yes + gpgkey: "{{ item.gpgkey }}" + username: "{{ item.username | default(omit) }}" + password: "{{ item.password | default(omit) }}" + no_log: true + loop: "{{ bareos_repository_debug_list }}" + loop_control: + label: "{{ item.name }}" + when: + - ansible_pkg_mgr in [ "dnf", "yum" ] + + - name: Add repository (zypper) + community.general.zypper_repository: + name: "{{ item.name }}" + repo: "{{ item.repo }}" + state: present + loop: "{{ bareos_repository_debug_list }}" + loop_control: + label: "{{ item.name }}" + when: + - ansible_pkg_mgr in [ "zypper" ] + + - name: Install required packages + ansible.builtin.package: + name: "{{ bareos_repository_debug_required_packages }}" + + - name: Disable ptrace_scope + ansible.posix.sysctl: + name: kernel.yama.ptrace_scope + value: "0" + sysctl_set: yes diff --git a/roles/bareos_repository/vars/main.yml b/roles/bareos_repository/vars/main.yml new file mode 100644 index 0000000..fed1737 --- /dev/null +++ b/roles/bareos_repository/vars/main.yml @@ -0,0 +1,59 @@ +--- +# vars file for bareos_repository + +# The URL differs for community and subscription versions. +_bareos_repository_base_url: + community: "https://download.bareos.org" + subscription: "https://download.bareos.com/bareos" +bareos_repository_base_url: "{{ _bareos_repository_base_url[bareos_repository_type] }}" + +# Different distributions have different repository URLs. +_bareos_repository_url: + community: + default: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ ansible_distribution }}_{{ ansible_distribution_major_version }}" + Fedora: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ ansible_distribution }}_{{ ansible_distribution_major_version }}" + RedHat: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/EL_{{ ansible_distribution_major_version }}" + Suse: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/SUSE_{{ ansible_distribution_major_version }}" + Ubuntu: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/xUbuntu_{{ ansible_distribution_version }}" + subscription: + default: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ bareos_repository_version }}/{{ ansible_distribution }}_{{ ansible_distribution_major_version }}" + Fedora: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ bareos_repository_version }}/{{ ansible_distribution }}_{{ ansible_distribution_major_version }}" + RedHat: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ bareos_repository_version }}/EL_{{ ansible_distribution_major_version }}" + Suse: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ bareos_repository_version }}/SUSE_{{ ansible_distribution_major_version }}" + Ubuntu: "{{ bareos_repository_base_url }}/{{ bareos_repository_release }}/{{ bareos_repository_version }}/xUbuntu_{{ ansible_distribution_version }}" +bareos_repository_url: "{{ _bareos_repository_url[bareos_repository_type][ansible_distribution] | default(_bareos_repository_url[bareos_repository_type][ansible_os_family] | default(_bareos_repository_url[bareos_repository_type]['default'])) }}" + +# Debian and RedHat use a different structure. +_bareos_repository_gpg_key: + default: "{{ bareos_repository_url }}/RPM-GPG-KEY" + Debian: "{{ bareos_repository_url }}/bareos-keyring.gpg" +bareos_repository_gpg_key: "{{ _bareos_repository_gpg_key[ansible_os_family] | default(_bareos_repository_gpg_key['default']) }}" + +# A list of repositories. The items in this list contains parameters for both dnf/yum, apt and zypperz. +bareos_repository_list: + - name: bareos + description: Backup Archiving Recovery + baseurl: "{{ bareos_repository_url }}" + gpgkey: "{{ bareos_repository_gpg_key }}" + repo: "{{ bareos_repository_url }}" + deb_repo: "deb [signed-by=/etc/apt/bareos.gpg] {{ bareos_repository_url }} /" + username: "{{ bareos_repository_username | default(omit) }}" + password: "{{ bareos_repository_password | default(omit) }}" + +# A list of repositories for debug information. +bareos_repository_debug_list: + - name: bareos-debuginfo + description: Backup Archiving Recovery - Debuginfo + baseurl: "{{ bareos_repository_url }}/debug" + gpgkey: "{{ bareos_repository_gpg_key }}" + repo: "{{ bareos_repository_url }}/debug" + username: "{{ bareos_repository_username | default(omit) }}" + password: "{{ bareos_repository_password | default(omit) }}" + +# Extra packages are required to debug. +_bareos_repository_debug_required_packages: + default: + - procps + RedHat: + - procps-ng +bareos_repository_debug_required_packages: "{{ _bareos_repository_debug_required_packages[ansible_os_family] | default(_bareos_repository_debug_required_packages['default']) }}" diff --git a/roles/bareos_sd/LICENSE b/roles/bareos_sd/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_sd/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_sd/README.md b/roles/bareos_sd/README.md new file mode 100644 index 0000000..7ca117c --- /dev/null +++ b/roles/bareos_sd/README.md @@ -0,0 +1,184 @@ +# [Ansible role bareos_sd](#bareos_sd) + +Install and configure [Bareos](https://www.bareos.com/) Storage Daemon. + +|GitHub|GitLab|Downloads|Version| +|------|------|---------|-------| +|[![github](https://github.com/anry/ansible-role-bareos_sd/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_sd/actions)|[![gitlab](https://gitlab.com/anry-iac/ansible-role-bareos_sd/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_sd)|[![downloads](https://img.shields.io/ansible/role/d/anry/bareos_sd)](https://galaxy.ansible.com/anry/bareos_sd)|[![Version](https://img.shields.io/github/release/anry/ansible-role-bareos_sd.svg)](https://github.com/anry/ansible-role-bareos_sd/releases/)| + +## [Example Playbook](#example-playbook) + +This example is taken from [`molecule/default/converge.yml`](https://github.com/anry/ansible-role-bareos_sd/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release. + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_sd + bareos_sd_backup_configurations: yes + bareos_sd_install_debug_packages: yes + bareos_sd_devices: + - name: "FileStorage" + description: "File device. A connecting Director must have the same Name and MediaType." + media_type: "File" + archive_device: "/var/lib/bareos/storage" + label_media: yes + random_access: yes + automatic_mount: yes + removable_media: no + always_open: no + maximum_concurrent_jobs: 1 + - name: "disabled-device" + enabled: no + bareos_sd_directors: + - name: bareos-dir + password: "somepassword" + - name: "disabled-director" + enabled: no + bareos_sd_messages: + - name: "Standard" + description: "Send relevant messages to the Director." + director: + server: bareos-dir + messages: + - all + - "!skipped" + - "!restored" + append: + file: "/var/log/bareos/bareos.log" + messages: + - all + - "!skipped" + - "!terminate" + console: + - all + - "!skipped" + - "!saved" + - name: "disabled-message" + enabled: no + bareos_sd_s3_profiles: + - name: exoscale + host: "sos.exo.io:443" + use_https: yes + access_key: "SomeAPIKey" + secret_key: "SomeSecret" + pricing_dir: "" + backend: "s3" + aws_auth_sign_version: 4 + aws_region: "ch-gva-2" +``` + +The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/anry/ansible-role-bareos_sd/blob/master/molecule/default/prepare.yml): + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bootstrap + - role: anry.roles.bareos_repository + bareos_repository_enable_tracebacks: yes +``` + +Also see a [full explanation and example](https://anry.nl/how-to-use-these-roles.html) on how to use these roles. + +## [Role Variables](#role-variables) + +The default values for the variables are set in [`defaults/main.yml`](https://github.com/anry/ansible-role-bareos_sd/blob/master/defaults/main.yml): + +```yaml +--- +# defaults file for bareos_sd + +# The Storage Daemon has these configuration parameters. + +# Backup the configuration files. +bareos_sd_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_sd_install_debug_packages: no + +# The hostname of the Storage Daemon. +bareos_sd_hostname: "{{ inventory_hostname }}" + +# The messages configuration to use. +bareos_sd_message: "Standard" + +# The amount of jobs to run concurrently. +bareos_sd_max_concurrent_jobs: 20 + +# Enable TLS. +bareos_sd_tls_enable: yes + +# Verify the peer. +bareos_sd_tls_verify_peer: no + +# A list of devices to configure. +bareos_sd_devices: [] + +# A list of directors to connect to. +bareos_sd_directors: [] + +# A list of messages to send to the director. +bareos_sd_messages: [] + +# A list of S3 profiles to configure. +bareos_sd_s3_profiles: [] +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt](https://github.com/anry/ansible-role-bareos_sd/blob/master/requirements.txt). + +## [State of used roles](#state-of-used-roles) + +The following roles are used to prepare a system. You can prepare your system in another way. + +| Requirement | GitHub | GitLab | +|-------------|--------|--------| +|[anry.bootstrap](https://galaxy.ansible.com/anry/bootstrap)|[![Build Status GitHub](https://github.com/anry/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bootstrap)| +|[anry.bareos_repository](https://galaxy.ansible.com/anry/bareos_repository)|[![Build Status GitHub](https://github.com/anry/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_repository)| + +## [Context](#context) + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://anry.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/anry/ansible-role-bareos_sd/png/requirements.png "Dependencies") + +## [Compatibility](#compatibility) + +This role has been tested on these [container images](https://hub.docker.com/u/anry): + +|container|tags| +|---------|----| +|[Debian](https://hub.docker.com/r/anry/debian)|bookworm, bullseye, buster| +|[EL](https://hub.docker.com/r/anry/enterpriselinux)|7, 8, 9| +|[Fedora](https://hub.docker.com/r/anry/fedora/)|38, 39| +|[opensuse](https://hub.docker.com/r/anry/opensuse)|all| +|[Ubuntu](https://hub.docker.com/r/anry/ubuntu)|jammy, focal| + +The minimum version of Ansible required is 2.12, tests have been done to: + +- The previous version. +- The current version. +- The development version. + +If you find issues, please register them in [GitHub](https://github.com/anry/ansible-role-bareos_sd/issues). + +## [License](#license) + +[Apache-2.0](https://github.com/anry/ansible-role-bareos_sd/blob/master/LICENSE). + +## [Author Information](#author-information) + +[anry](https://anry.nl/) + +Please consider [sponsoring me](https://github.com/sponsors/anry). diff --git a/roles/bareos_sd/defaults/main.yml b/roles/bareos_sd/defaults/main.yml new file mode 100644 index 0000000..eaf653c --- /dev/null +++ b/roles/bareos_sd/defaults/main.yml @@ -0,0 +1,37 @@ +--- +# defaults file for bareos_sd + +# The Storage Daemon has these configuration parameters. + +# Backup the configuration files. +bareos_sd_backup_configurations: no + +# Install debug packages. This requires the debug repositories to be enabled. +bareos_sd_install_debug_packages: no + +# The hostname of the Storage Daemon. +bareos_sd_hostname: "{{ inventory_hostname }}" + +# The messages configuration to use. +bareos_sd_message: "Standard" + +# The amount of jobs to run concurrently. +bareos_sd_max_concurrent_jobs: 20 + +# Enable TLS. +bareos_sd_tls_enable: yes + +# Verify the peer. +bareos_sd_tls_verify_peer: no + +# A list of devices to configure. +bareos_sd_devices: [] + +# A list of directors to connect to. +bareos_sd_directors: [] + +# A list of messages to send to the director. +bareos_sd_messages: [] + +# A list of S3 profiles to configure. +bareos_sd_s3_profiles: [] diff --git a/roles/bareos_sd/handlers/main.yml b/roles/bareos_sd/handlers/main.yml new file mode 100644 index 0000000..a026a61 --- /dev/null +++ b/roles/bareos_sd/handlers/main.yml @@ -0,0 +1,11 @@ +--- +# handlers file for bareos_sd + +- name: Check configuration + ansible.builtin.command: "/usr/sbin/bareos-sd --test-config" + changed_when: false + +- name: Restart bareos-sd + ansible.builtin.service: + name: bareos-sd + state: restarted diff --git a/roles/bareos_sd/meta/argument_specs.yml b/roles/bareos_sd/meta/argument_specs.yml new file mode 100644 index 0000000..e00bebc --- /dev/null +++ b/roles/bareos_sd/meta/argument_specs.yml @@ -0,0 +1,53 @@ +--- + +argument_specs: + main: + short_description: "Install and configure BareOS Storage Daemon on your system." + description: > + Install and configure BareOS Storage Daemon on your system. + author: Robert de Bock + options: + bareos_sd_backup_configurations: + type: "bool" + default: no + description: "Backup the configuration files." + bareos_sd_hostname: + type: "str" + default: "{{ inventory_hostname }}" + description: "The hostname of the Storage Daemon." + bareos_sd_message: + type: "str" + default: "Standard" + description: "The messages configuration to use." + bareos_sd_max_concurrent_jobs: + type: "int" + default: 20 + description: "The amount of jobs to run concurrently." + bareos_sd_tls_enable: + type: "bool" + default: yes + description: "Enable TLS." + bareos_sd_tls_verify_peer: + type: "bool" + default: no + description: "Verify the peer." + bareos_sd_devices: + type: "list" + default: [] + description: "A list of devices to configure." + bareos_sd_directors: + type: "list" + default: [] + description: "A list of directors to connect to." + bareos_sd_messages: + type: "list" + default: [] + description: "A list of messages to send to the director." + bareos_sd_s3_profiles: + type: "list" + default: [] + description: "A list of S3 profiles to configure." + bareos_sd_install_debug_packages: + type: "bool" + default: no + description: "Install debug packages. This requires the debug repositories to be enabled." diff --git a/roles/bareos_sd/meta/main.yml b/roles/bareos_sd/meta/main.yml new file mode 100644 index 0000000..fa4924f --- /dev/null +++ b/roles/bareos_sd/meta/main.yml @@ -0,0 +1,41 @@ +--- +galaxy_info: + author: anry + role_name: bareos_sd + description: Install and configure [Bareos](https://www.bareos.com/) Storage Daemon. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "7" + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: opensuse + versions: + - all + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_sd/requirements.yml b/roles/bareos_sd/requirements.yml new file mode 100644 index 0000000..854c2b6 --- /dev/null +++ b/roles/bareos_sd/requirements.yml @@ -0,0 +1,4 @@ +--- +roles: + - name: anry.bootstrap + - name: anry.bareos_repository diff --git a/roles/bareos_sd/tasks/assert.yml b/roles/bareos_sd/tasks/assert.yml new file mode 100644 index 0000000..8658810 --- /dev/null +++ b/roles/bareos_sd/tasks/assert.yml @@ -0,0 +1,87 @@ +--- + +- name: assert | Test bareos_sd_backup_configurations + ansible.builtin.assert: + that: + - bareos_sd_backup_configurations is defined + - bareos_sd_backup_configurations is boolean + quiet: yes + +- name: assert | Test bareos_sd_install_debug_packages + ansible.builtin.assert: + that: + - bareos_sd_install_debug_packages is defined + - bareos_sd_install_debug_packages is boolean + quiet: yes + +- name: assert | Test bareos_sd_hostname + ansible.builtin.assert: + that: + - bareos_sd_hostname is defined + - bareos_sd_hostname is string + - bareos_sd_hostname is not none + quiet: yes + +- name: assert | Test bareos_sd_message + ansible.builtin.assert: + that: + - bareos_sd_message is defined + - bareos_sd_message is string + - bareos_sd_message is not none + quiet: yes + +- name: assert | Test bareos_sd_max_concurrent_jobs + ansible.builtin.assert: + that: + - bareos_sd_max_concurrent_jobs is defined + - bareos_sd_max_concurrent_jobs is number + quiet: yes + +- name: assert | Test bareos_sd_tls_enable + ansible.builtin.assert: + that: + - bareos_sd_tls_enable is defined + - bareos_sd_tls_enable is boolean + quiet: yes + +- name: assert | Test bareos_sd_tls_verify_peer + ansible.builtin.assert: + that: + - bareos_sd_tls_verify_peer is defined + - bareos_sd_tls_verify_peer is boolean + quiet: yes + +- name: assert | Test bareos_sd_directors + ansible.builtin.assert: + that: + - bareos_sd_directors is defined + - bareos_sd_directors is iterable + quiet: yes + +- name: assert | Test bareos_sd_devices + ansible.builtin.assert: + that: + - bareos_sd_devices is defined + - bareos_sd_devices is iterable + quiet: yes + +- name: assert | Test bareos_sd_directors + ansible.builtin.assert: + that: + - bareos_sd_directors is defined + - bareos_sd_directors is iterable + quiet: yes + +- name: assert | Test bareos_sd_messages + ansible.builtin.assert: + that: + - bareos_sd_messages is defined + - bareos_sd_messages is iterable + quiet: yes + +- name: assert | Test bareos_sd_s3_profiles + ansible.builtin.assert: + that: + - bareos_sd_s3_profiles is defined + - bareos_sd_s3_profiles is iterable + quiet: yes diff --git a/roles/bareos_sd/tasks/main.yml b/roles/bareos_sd/tasks/main.yml new file mode 100644 index 0000000..0093522 --- /dev/null +++ b/roles/bareos_sd/tasks/main.yml @@ -0,0 +1,111 @@ +--- +# tasks file for bareos_sd + +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Install packages + ansible.builtin.package: + name: "{{ bareos_sd_packages }}" + +- name: Install debug packages + ansible.builtin.package: + name: "{{ bareos_sd_debug_packages }}" + when: + - bareos_sd_install_debug_packages + +- name: Place bareos-sd.conf + ansible.builtin.template: + src: bareos-sd.conf.j2 + dest: "/etc/bareos/bareos-sd.d/storage/bareos-sd.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_sd_backup_configurations }}" + notify: + - Check configuration + - Restart bareos-sd + +- name: Place device + ansible.builtin.template: + src: device.conf.j2 + dest: "/etc/bareos/bareos-sd.d/device/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_sd_backup_configurations }}" + loop: "{{ bareos_sd_devices }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-sd + +- name: Place director + ansible.builtin.template: + src: director.conf.j2 + dest: "/etc/bareos/bareos-sd.d/director/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_sd_backup_configurations }}" + loop: "{{ bareos_sd_directors }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-sd + +- name: Place message + ansible.builtin.template: + src: message.conf.j2 + dest: "/etc/bareos/bareos-sd.d/messages/{{ item.name }}.conf" + owner: bareos + group: bareos + mode: "0640" + backup: "{{ bareos_sd_backup_configurations }}" + loop: "{{ bareos_sd_messages }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-sd + +- name: Install bareos-storage-droplet. + ansible.builtin.package: + name: bareos-storage-droplet + when: + - bareos_sd_s3_profiles | length > 0 + +- name: Create /etc/bareos/bareos-sd.d/device/droplet + ansible.builtin.file: + path: /etc/bareos/bareos-sd.d/device/droplet + state: directory + owner: bareos + group: bareos + mode: "0755" + when: + - bareos_sd_s3_profiles | length > 0 + +- name: Place S3 profile + ansible.builtin.template: + src: s3.profile.j2 + dest: /etc/bareos/bareos-sd.d/device/droplet/{{ item.name }}.profile + owner: bareos + group: bareos + mode: "0600" + loop: "{{ bareos_sd_s3_profiles }}" + loop_control: + label: "{{ item.name }}" + notify: + - Check configuration + - Restart bareos-sd + +- name: Start bareos-sd + ansible.builtin.service: + name: bareos-sd + state: started + enabled: yes diff --git a/roles/bareos_sd/templates/.gitkeep b/roles/bareos_sd/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/roles/bareos_sd/templates/bareos-sd.conf.j2 b/roles/bareos_sd/templates/bareos-sd.conf.j2 new file mode 100644 index 0000000..f1ae704 --- /dev/null +++ b/roles/bareos_sd/templates/bareos-sd.conf.j2 @@ -0,0 +1,15 @@ +{{ ansible_managed | comment }} + +Storage { + Name = "{{ bareos_sd_hostname }}" + Messages = "{{ bareos_sd_message }}" +{% if bareos_sd_max_concurrent_jobs != 20 %} + Maximum Concurrent Jobs = {{ bareos_sd_max_concurrent_jobs }} +{% endif %} +{% if not bareos_sd_tls_enable %} + TLS Enable = No +{% endif %} +{% if bareos_sd_tls_verify_peer %} + TLS Verify Peer = Yes +{% endif %} +} diff --git a/roles/bareos_sd/templates/device.conf.j2 b/roles/bareos_sd/templates/device.conf.j2 new file mode 100644 index 0000000..990287e --- /dev/null +++ b/roles/bareos_sd/templates/device.conf.j2 @@ -0,0 +1,28 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Device { + Name = "{{ item.name }}" +{% if item.description is defined %} + Description = "{{ item.description }}" +{% endif %} +{% if item.maximum_concurrent_jobs is defined %} + Maximum Concurrent Jobs = {{ item.maximum_concurrent_jobs }} +{% endif %} + Media Type = "{{ item.media_type }}" + Archive Device = "{{ item.archive_device }}" +{% if item.device_type is defined %} + Device Type = "{{ item.device_type }}" +{% endif %} +{% if item.device_options is defined %} + Device Options = "{{ item.device_options }}" +{% endif %} + LabelMedia = {{ item.label_media | ternary('yes', 'No') }} + Random Access = {{ item.random_access | ternary('yes', 'No') }} + AutomaticMount = {{ item.automatic_mount | ternary('yes', 'No') }} + RemovableMedia = {{ item.removable_media | ternary('yes', 'No') }} + AlwaysOpen = {{ item.always_open | ternary('yes', 'No') }} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_sd/templates/director.conf.j2 b/roles/bareos_sd/templates/director.conf.j2 new file mode 100644 index 0000000..6a1be4c --- /dev/null +++ b/roles/bareos_sd/templates/director.conf.j2 @@ -0,0 +1,16 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Director { + Name = "{{ item.name }}" + Password = "{{ item.password }}" +{% if item.tls_enable is defined %} + TLS Enable = {{ item.tls_enable | ternary('Yes', 'No') }} +{% endif %} +{% if item.tls_verify_peer is defined %} + TLS Verify Peer = {{ item.tls_verify_peer | ternary('Yes', 'No') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_sd/templates/message.conf.j2 b/roles/bareos_sd/templates/message.conf.j2 new file mode 100644 index 0000000..baebbf2 --- /dev/null +++ b/roles/bareos_sd/templates/message.conf.j2 @@ -0,0 +1,19 @@ +{{ ansible_managed | comment }} + +{% if item.enabled is defined and item.enabled or item.enabled is not defined %} +Messages { + Name = "{{ item.name }}" + Description = "{{ item.description }}" +{% if item.director is defined %} + Director = {{ item.director.server }} = {{ item.director.messages | join(', ') }} +{% endif %} +{% if item.append is defined %} + Append = "{{ item.append.file }}" = {{ item.append.messages | join(', ') }} +{% endif %} +{% if item.console is defined %} + Console = {{ item.console | join(', ') }} +{% endif %} +} +{% else %} +# This file is not enabled. +{% endif %} diff --git a/roles/bareos_sd/templates/s3.profile.j2 b/roles/bareos_sd/templates/s3.profile.j2 new file mode 100644 index 0000000..c5a2b63 --- /dev/null +++ b/roles/bareos_sd/templates/s3.profile.j2 @@ -0,0 +1,10 @@ +{{ ansible_managed | comment }} + +host = "{{ item.host }}" +use_https = {{ item.use_https | ternary("true", "false") }} +access_key = {{ item.access_key }} +secret_key = {{ item.secret_key }} +pricing_dir = "{{ item.pricing_dir }}" +backend = {{ item.backend }} +aws_auth_sign_version = {{ item.aws_auth_sign_version }} +aws_region = {{ item.aws_region }} diff --git a/roles/bareos_sd/vars/main.yml b/roles/bareos_sd/vars/main.yml new file mode 100644 index 0000000..c577c38 --- /dev/null +++ b/roles/bareos_sd/vars/main.yml @@ -0,0 +1,19 @@ +--- +# vars file for bareos_sd + +bareos_sd_packages: + - bareos-storage + - bareos-storage-tape + +# A map to define the packages to install for debugging. +_bareos_sd_debug_packages: + default: + - bareos-storage-debuginfo + - gdb + Debian: + - bareos-dbg + - gdb + RedHat-7: + - bareos-debuginfo + - gdb +bareos_sd_debug_packages: "{{ _bareos_sd_debug_packages[ansible_os_family ~ '-' ~ ansible_distribution_major_version] | default(_bareos_sd_debug_packages[ansible_os_family] | default(_bareos_sd_debug_packages['default'])) }}" diff --git a/roles/bareos_webui/LICENSE b/roles/bareos_webui/LICENSE new file mode 100644 index 0000000..be5b773 --- /dev/null +++ b/roles/bareos_webui/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2024 Robert de Bock (robert@meinit.nl) + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/roles/bareos_webui/README.md b/roles/bareos_webui/README.md new file mode 100644 index 0000000..f3af5d6 --- /dev/null +++ b/roles/bareos_webui/README.md @@ -0,0 +1,109 @@ +# [Ansible role bareos_webui](#bareos_webui) + +Install and configure [Bareos](https://www.bareos.com/) WebUI on your system. + +|GitHub|GitLab|Downloads|Version| +|------|------|---------|-------| +|[![github](https://github.com/anry/ansible-role-bareos_webui/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_webui/actions)|[![gitlab](https://gitlab.com/anry-iac/ansible-role-bareos_webui/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_webui)|[![downloads](https://img.shields.io/ansible/role/d/anry/bareos_webui)](https://galaxy.ansible.com/anry/bareos_webui)|[![Version](https://img.shields.io/github/release/anry/ansible-role-bareos_webui.svg)](https://github.com/anry/ansible-role-bareos_webui/releases/)| + +## [Example Playbook](#example-playbook) + +This example is taken from [`molecule/default/converge.yml`](https://github.com/anry/ansible-role-bareos_webui/blob/master/molecule/default/converge.yml) and is tested on each push, pull request and release. + +```yaml +--- +- name: Converge + hosts: all + become: yes + gather_facts: yes + + roles: + - role: anry.roles.bareos_webui + bareos_webui_directors: + - name: localhost-dir + enabled: yes + diraddress: localhost + - name: disabled-dir + enabled: no +``` + +The machine needs to be prepared. In CI this is done using [`molecule/default/prepare.yml`](https://github.com/anry/ansible-role-bareos_webui/blob/master/molecule/default/prepare.yml): + +```yaml +--- +- name: Prepare + hosts: all + become: yes + gather_facts: no + + roles: + - role: anry.roles.bootstrap + - role: anry.roles.bareos_repository +``` + +Also see a [full explanation and example](https://anry.nl/how-to-use-these-roles.html) on how to use these roles. + +## [Role Variables](#role-variables) + +The default values for the variables are set in [`defaults/main.yml`](https://github.com/anry/ansible-role-bareos_webui/blob/master/defaults/main.yml): + +```yaml +--- +# defaults file for bareos_webui + +bareos_webui_configuration: + - section: session + option: timeout + value: 3600 + +bareos_webui_directors: [] +``` + +## [Requirements](#requirements) + +- pip packages listed in [requirements.txt](https://github.com/anry/ansible-role-bareos_webui/blob/master/requirements.txt). + +## [State of used roles](#state-of-used-roles) + +The following roles are used to prepare a system. You can prepare your system in another way. + +| Requirement | GitHub | GitLab | +|-------------|--------|--------| +|[anry.bootstrap](https://galaxy.ansible.com/anry/bootstrap)|[![Build Status GitHub](https://github.com/anry/ansible-role-bootstrap/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bootstrap/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bootstrap/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bootstrap)| +|[anry.bareos_repository](https://galaxy.ansible.com/anry/bareos_repository)|[![Build Status GitHub](https://github.com/anry/ansible-role-bareos_repository/workflows/Ansible%20Molecule/badge.svg)](https://github.com/anry/ansible-role-bareos_repository/actions)|[![Build Status GitLab](https://gitlab.com/anry-iac/ansible-role-bareos_repository/badges/master/pipeline.svg)](https://gitlab.com/anry-iac/ansible-role-bareos_repository)| + +## [Context](#context) + +This role is a part of many compatible roles. Have a look at [the documentation of these roles](https://anry.nl/) for further information. + +Here is an overview of related roles: +![dependencies](https://raw.githubusercontent.com/anry/ansible-role-bareos_webui/png/requirements.png "Dependencies") + +## [Compatibility](#compatibility) + +This role has been tested on these [container images](https://hub.docker.com/u/anry): + +|container|tags| +|---------|----| +|[Debian](https://hub.docker.com/r/anry/debian)|bookworm, bullseye, buster| +|[EL](https://hub.docker.com/r/anry/enterpriselinux)|8, 9| +|[Fedora](https://hub.docker.com/r/anry/fedora/)|38, 39| +|[Ubuntu](https://hub.docker.com/r/anry/ubuntu)|jammy, focal| + +The minimum version of Ansible required is 2.12, tests have been done to: + +- The previous version. +- The current version. +- The development version. + +If you find issues, please register them in [GitHub](https://github.com/anry/ansible-role-bareos_webui/issues). + +## [License](#license) + +[Apache-2.0](https://github.com/anry/ansible-role-bareos_webui/blob/master/LICENSE). + +## [Author Information](#author-information) + +[anry](https://anry.nl/) + +Please consider [sponsoring me](https://github.com/sponsors/anry). diff --git a/roles/bareos_webui/defaults/main.yml b/roles/bareos_webui/defaults/main.yml new file mode 100644 index 0000000..de86fb8 --- /dev/null +++ b/roles/bareos_webui/defaults/main.yml @@ -0,0 +1,9 @@ +--- +# defaults file for bareos_webui + +bareos_webui_configuration: + - section: session + option: timeout + value: 3600 + +bareos_webui_directors: [] diff --git a/roles/bareos_webui/handlers/main.yml b/roles/bareos_webui/handlers/main.yml new file mode 100644 index 0000000..b5a6a95 --- /dev/null +++ b/roles/bareos_webui/handlers/main.yml @@ -0,0 +1,7 @@ +--- +# handlers file for bareos_webui + +- name: Restart httpd + ansible.builtin.service: + name: "{{ bareos_webui_httpd_service }}" + state: restarted diff --git a/roles/bareos_webui/meta/argument_specs.yml b/roles/bareos_webui/meta/argument_specs.yml new file mode 100644 index 0000000..08d2920 --- /dev/null +++ b/roles/bareos_webui/meta/argument_specs.yml @@ -0,0 +1,17 @@ +--- + +# # bareos_dir_messages: Daemon + +argument_specs: + main: + short_description: "Install and configure BareOS WebUI on your system." + description: > + Install and configure BareOS WebUI on your system. + author: Robert de Bock + options: + bareos_webui_directors: + type: "list" + description: "A list of directors to connect to.." + bareos_webui_configuration: + type: "list" + description: "Configuration for the webui." diff --git a/roles/bareos_webui/meta/main.yml b/roles/bareos_webui/meta/main.yml new file mode 100644 index 0000000..4d2a426 --- /dev/null +++ b/roles/bareos_webui/meta/main.yml @@ -0,0 +1,38 @@ +--- +galaxy_info: + author: anry + role_name: bareos_webui + description: Install and configure [Bareos](https://www.bareos.com/) WebUI on your system. + license: Apache-2.0 + company: none + min_ansible_version: "2.12" + + platforms: + - name: Debian + versions: + - bookworm + - bullseye + - buster + - name: EL + versions: + - "8" + - "9" + - name: Fedora + versions: + - "38" + - "39" + - name: Ubuntu + versions: + - jammy + - focal + + galaxy_tags: + - backup + - bareos + - infrastructure + - linux + - storage + - system + - tools + +dependencies: [] diff --git a/roles/bareos_webui/requirements.yml b/roles/bareos_webui/requirements.yml new file mode 100644 index 0000000..3f8b39b --- /dev/null +++ b/roles/bareos_webui/requirements.yml @@ -0,0 +1,7 @@ +--- +roles: + - name: anry.bootstrap + - name: anry.bareos_repository +collections: + - name: ansible.posix + - name: community.general diff --git a/roles/bareos_webui/tasks/assert.yml b/roles/bareos_webui/tasks/assert.yml new file mode 100644 index 0000000..5b69704 --- /dev/null +++ b/roles/bareos_webui/tasks/assert.yml @@ -0,0 +1,58 @@ +--- + +- name: assert | Test bareos_webui_directors + ansible.builtin.assert: + that: + - bareos_webui_directors is defined + - bareos_webui_directors is iterable + quiet: yes + +- name: assert | Test items in bareos_webui_directors are set correctly when enabled + ansible.builtin.assert: + that: + - item.name is defined + - item.name is string + - item.enabled is defined + - item.enabled is boolean + - item.diraddress is defined + - item.diraddress is string + quiet: yes + loop: "{{ bareos_webui_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - item.enabled + +- name: assert | Test items in bareos_webui_directors are set correctly when not enabled + ansible.builtin.assert: + that: + - item.name is defined + - item.name is string + - item.enabled is defined + - item.enabled is boolean + quiet: yes + loop: "{{ bareos_webui_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - not item.enabled + +- name: assert | Test bareos_webui_configuration + ansible.builtin.assert: + that: + - bareos_webui_configuration is defined + - bareos_webui_configuration is iterable + quiet: yes + +- name: assert | Test items in bareos_webui_configuration are set correctly + ansible.builtin.assert: + that: + - item.section is defined + - item.section is string + - item.option is defined + - item.option is string + - item.value is defined + quiet: yes + loop: "{{ bareos_webui_configuration }}" + loop_control: + label: "{{ item.section }}:{{ item.option }}" diff --git a/roles/bareos_webui/tasks/main.yml b/roles/bareos_webui/tasks/main.yml new file mode 100644 index 0000000..758e521 --- /dev/null +++ b/roles/bareos_webui/tasks/main.yml @@ -0,0 +1,67 @@ +--- +# tasks file for bareos_webui +- name: Import assert.yml + ansible.builtin.import_tasks: + file: assert.yml + run_once: true + delegate_to: localhost + +- name: Install requirements + ansible.builtin.package: + name: "{{ bareos_webui_requirements }}" + +- name: Install bareos-webui + ansible.builtin.package: + name: bareos-webui + notify: + - Restart httpd + +- name: Set "enabled" in directors.ini + community.general.ini_file: + path: /etc/bareos-webui/directors.ini + section: "{{ item.name }}" + option: enabled + value: "{{ item.enabled | ternary('Yes', 'No') }}" + owner: root + group: root + mode: "0644" + loop: "{{ bareos_webui_directors }}" + loop_control: + label: "{{ item.name }}" + +- name: Set "diraddress" in directors.ini + community.general.ini_file: + path: /etc/bareos-webui/directors.ini + section: "{{ item.name }}" + option: diraddress + value: "{{ item.diraddress }}" + owner: root + group: root + mode: "0644" + loop: "{{ bareos_webui_directors }}" + loop_control: + label: "{{ item.name }}" + when: + - item.enabled + +- name: Set settings for configuration.ini + community.general.ini_file: + path: /etc/bareos-webui/configuration.ini + section: "{{ item.section }}" + option: "{{ item.option }}" + value: "{{ item.value }}" + owner: root + group: root + mode: "0644" + loop: "{{ bareos_webui_configuration }}" + loop_control: + label: "{{ item.section }}:{{ item.option }}" + +- name: Set SELinux boolean httpd_can_network_connect + ansible.posix.seboolean: + name: httpd_can_network_connect + state: yes + persistent: yes + when: + - ansible_selinux.status is defined + - ansible_selinux.status == "enabled" diff --git a/roles/bareos_webui/vars/main.yml b/roles/bareos_webui/vars/main.yml new file mode 100644 index 0000000..d27562f --- /dev/null +++ b/roles/bareos_webui/vars/main.yml @@ -0,0 +1,17 @@ +--- +# vars file for bareos_webui + +_bareos_webui_requirements: + default: [] + Debian: + - libapache2-mod-php + +bareos_webui_requirements: "{{ _bareos_webui_requirements[ansible_os_family] | default(_bareos_webui_requirements['default']) }}" + +_bareos_webui_httpd_service: + default: httpd + Alpine: apache2 + Debian: apache2 + RedHat: httpd + +bareos_webui_httpd_service: "{{ _bareos_webui_httpd_service[ansible_os_family] | default(_bareos_webui_httpd_service['default']) }}"