commit 137bd5c41672a33873c09f44ade73769b855a91d Author: Andrey Sokolovskiy Date: Sun Feb 11 20:45:57 2024 +0700 init diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b6ba999 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.kitchen +*.swp +*.pyc diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000..5465b58 --- /dev/null +++ b/.yamllint @@ -0,0 +1,12 @@ +--- +extends: default + +ignore: | + .kitchen/* + vendor/ + +rules: + line-length: + max: 120 + level: warning + truthy: false diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..8203c91 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,10 @@ +# CHANGELOG + +This project adheres to [Semantic Versioning](http://semver.org/). +Which is based on [Keep A Changelog](http://keepachangelog.com/) + +## [Unreleased] + +## v1.0.0 - 2021-09-12 + +- first version diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e912bb1 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2021 Adrien Waksberg + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/README.md b/README.md new file mode 100644 index 0000000..6f490cb --- /dev/null +++ b/README.md @@ -0,0 +1,159 @@ +# Ansible role: Bareos + +[![Version](https://img.shields.io/badge/latest_version-1.0.0-green.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bareos/releases) +[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](https://git.yaegashi.fr/nishiki/ansible-role-bareos/src/branch/master/LICENSE) + +Install and configure the bareos client, server and storage + +## Requirements + +* Ansible >= 2.9 +* Debian Buster + +## Role variables + +## General + +- `bareos_version` - the bareos version to install (default: `19.2`) +- `bareos_distribution_major_version` - (default: `{{ ansible_distribution_major_version }}`) +- `bareos_server_name` - the bareos server name (default: `bareos`) +- `bareos_server_password` - the bareos server password + +## Client + +- `bareos_client` - install bareos client (default: `true`) +- `bareos_client_name` - set the client name (default: `{{ inventory_hostname_short }}`) +- `bareos_client_max_concurrent_jobs` - set the number max concurrent job (default: `2`) + +### Server + +- `bareos_server` - install bareos directory (default: `false`) +- `bareos_server_max_concurrent_jobs` - set the number max concurrent jobs (default: `10`) +- `bareos_server_heartbeat_interval` - set the heartbeat interval (default: `1 min`) +- `bareos_server_console_password` - set the console password +- `bareos_server_database_type` - set the database type: sqlite3 or postgresql (default: `postgresql`) +- `bareos_server_database_name` - set the database name (default: `bareos`) +- `bareos_server_database_user` - set the database user (default: `bareos`) +- `bareos_server_database_host` - set the database host +- `bareos_server_database_password` - set the database password +- `bareos_server_filesets` - hash with the filesets definitions (see all fileset options in [bareos documentation](https://docs.bareos.org/Configuration/Director.html#fileset-options-ressource) + +``` + root: + path: / + options: + compression: GZIP + excludes: + - /proc + - /sys +``` + +- `bareos_server_clients` - hash with the client definitions + +``` + localhost: + address: localhost + password: secret + retention: '14 days' + jobs: + restore: + name: Restore + type: Restore + storage: local_storage + fileset: root + full: + level: Full + schedule: full_and_incr + storage: local_storage + fileset: root + maximum_bandwidth: 5Mb/s + incremental: + level: Incremental + schedule: full_and_incr + storage: local_storage + fileset: root +``` + +- `bareos_server_storages` - hash with the storage definitions + +``` + local_storage: + address: 127.0.0.1 + password: secret + device: file_storage +``` + +- `bareos_server_schedules` - hash with the schedules definitions + +``` + full_and_incr: + - Level=Full sun at 0:05 + - Level=Incremental mon-sat at 3:05 +``` + +- `bareos_server_profiles` - hash with the ACL user's profiles + +``` + sysadmin: + Command: all + Job: all + Schedule: all + Catalog: all + Pool: all + Storage: all + Client: all + FileSet: all + Where: all +``` + +- `bareos_server_users` - hash with the users to connect bareos + +``` + admin: + password: secret + profile: sysadmin +``` + +### Storage + +- `bareos_storage` - install bareos storage (default: `false`) +- `bareos_storage_name` - set the storage name (default: `{{ inventory_hostname_short }}`) +- `bareos_storage_max_concurrent_jobs` - set the number max concurrent jobs (default: `10`) +- `bareos_storage_devices` - hash with the storage devices (see all options in [bareos documentation](https://docs.bareos.org/Configuration/StorageDaemon.html#device-resource) + +``` + file_storage: + MediaType: File + ArchiveDevice: /var/lib/bareos/storage + AutomaticMount: 'yes' + RandomAccess: 'yes' + AlwaysOpen: 'yes' + LabelMedia: 'yes' +``` + +## Development + +### Test with molecule and docker + +* install [docker](https://docs.docker.com/engine/installation/) +* install `python3` and `python3-pip` +* install molecule and dependencies `pip3 install molecule molecule-docker docker ansible-lint pytest-testinfra yamllint` +* run `molecule test` + +## License + +``` +Copyright (c) 2021 Adrien Waksberg + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..68d241f --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,26 @@ +--- +bareos_version: 19.2 +bareos_distribution_major_version: '{{ ansible_distribution_major_version }}' +bareos_repo: http://download.bareos.org/bareos/release +bareos_url: '{{ bareos_repo }}/{{ bareos_version }}/Debian_{{ bareos_distribution_major_version }}' +bareos_client: true +bareos_client_name: '{{ inventory_hostname_short }}' +bareos_client_max_concurrent_jobs: 2 +bareos_server: false +bareos_server_name: bareos +bareos_server_max_concurrent_jobs: 10 +bareos_server_heartbeat_interval: 1 min +bareos_server_database_type: postgresql +bareos_server_database_name: bareos +bareos_server_database_user: bareos +bareos_server_filesets: {} +bareos_server_clients: {} +bareos_server_storages: {} +bareos_server_schedules: {} +bareos_server_profiles: {} +bareos_server_users: {} +bareos_storage: false +bareos_storage_name: '{{ inventory_hostname_short }}' +bareos_storage_max_concurrent_jobs: 10 +bareos_storage_devices: {} +bareos_web: false diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..a5f8a9b --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,18 @@ +--- +- name: restart bareos-fd + ansible.builtin.service: + name: bareos-fd + state: restarted + +- name: reload bareos-dir + ansible.builtin.shell: echo reload | bconsole + +- name: restart bareos-sd + ansible.builtin.service: + name: bareos-sd + state: restarted + +- name: reload apache + ansible.builtin.service: + name: apache2 + state: reloaded diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..2f4c021 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,20 @@ +--- +galaxy_info: + role_name: bareos + author: Adrien Waksberg + company: Adrien Waksberg + description: Install and configure Bareos + license: Apache2 + + min_ansible_version: 2.9 + + platforms: + - name: Debian + versions: + - buster + + galaxy_tags: + - bacula + - backup + +dependencies: [] diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml new file mode 100644 index 0000000..3480268 --- /dev/null +++ b/molecule/default/converge.yml @@ -0,0 +1,73 @@ +--- +- name: Converge + hosts: all + roles: + - ansible-role-bareos + vars: + bareos_web: true + bareos_server: true + bareos_server_console_password: superSecr3t! + bareos_server_password: secr3t + bareos_server_database_type: sqlite3 + bareos_server_storages: + default: + address: 127.0.0.1 + password: secr3t + device: default + options: + Port: 9103 + bareos_server_filesets: + config_in_etc: + path: /etc + excludes: + - /proc + bareos_server_schedules: + one_hour: + - Level=Full weekly at 0:05 + bareos_server_clients: + localhost: + address: localhost + password: secr3t + retention: '14 days' + jobs: + restore: + name: Restore + type: Restore + storage: default + fileset: config_in_etc + full: + level: Full + schedule: one_hour + storage: default + fileset: config_in_etc + maximum_bandwidth: 5Mb/s + bareos_server_users: + admin: + password: secret + profile: sysadmin + bareos_server_profiles: + sysadmin: + Command: all + Job: all + Schedule: all + Catalog: all + Pool: all + Storage: all + Client: all + FileSet: all + Where: all + bareos_storage: true + bareos_storage_name: bareos-sd + bareos_storage_devices: + default: + MediaType: File + ArchiveDevice: /var/lib/bareos/storage + AutomaticMount: 'yes' + RandomAccess: 'yes' + AlwaysOpen: 'yes' + LabelMedia: 'yes' + + pre_tasks: + - name: update apt cache + ansible.builtin.apt: + update_cache: true diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml new file mode 100644 index 0000000..74f74a3 --- /dev/null +++ b/molecule/default/molecule.yml @@ -0,0 +1,18 @@ +--- +driver: + name: docker +platforms: + - name: debian10 + image: nishiki/debian10:molecule + privileged: true + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + command: /bin/systemd + capabilities: + - SYS_ADMIN +lint: | + set -e + yamllint . + ansible-lint . +verifier: + name: testinfra diff --git a/molecule/default/tests/test_default.py b/molecule/default/tests/test_default.py new file mode 100644 index 0000000..0085624 --- /dev/null +++ b/molecule/default/tests/test_default.py @@ -0,0 +1,152 @@ +import time +import testinfra.utils.ansible_runner + +def test_packages(host): + packages = [ + 'bareos-bconsole', + 'bareos-database-sqlite3', + 'bareos-director', + 'bareos-filedaemon', + 'bareos-storage', + 'bareos-webui', + 'cron' + ] + + for package_name in packages: + package = host.package(package_name) + assert package.is_installed + +def test_client_config_file(host): + config = host.file('/etc/bareos/bareos-fd.d/director/bareos-dir.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Name = bareos') + +def test_server_catalog_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/catalog/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('dbdriver = "sqlite3"') + +def test_server_clients_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/client/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Address = "localhost"') + +def test_server_fileset_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/fileset/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('File = "/etc"') + +def test_server_job_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/job/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Name = localhost-full') + assert config.contains('Name = Restore') + assert config.contains('Type = Restore') + assert config.contains('FileSet = config_in_etc') + assert config.contains('Maximum Bandwidth = 5Mb/s') + +def test_server_pool_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/pool/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('VolumeRetention = 14') + +def test_server_schedule_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/schedule/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Run = Level=Full weekly at 0:05') + +def test_server_console_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/console/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Profile = "sysadmin"') + +def test_server_profile_config_file(host): + config = host.file('/etc/bareos/bareos-dir.d/profile/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('Command ACL = "all"') + +def test_server_clean_old_config_file(host): + files = [ + 'catalog/MyCatalog.conf', + 'client/bareos-fd.conf', + 'job/backup-bareos-fd.conf', + 'job/BackupCatalog.conf', + 'jobdefs/DefaultJob.conf', + 'job/RestoreFiles.conf' + ] + for file_name in files: + config = host.file('/etc/bareos/bareos-dir.d/%s' % file_name) + assert not config.exists + +def test_storage_device_config_file(host): + config = host.file('/etc/bareos/bareos-sd.d/device/ansible.conf') + assert config.exists + assert config.is_file + assert config.user == 'root' + assert config.group == 'bareos' + assert config.mode == 0o640 + assert config.contains('ArchiveDevice = /var/lib/bareos/storage') + assert config.contains('AlwaysOpen = yes') + +def test_services(host): + for service_name in ['bareos-fd', 'bareos-dir', 'bareos-sd']: + service = host.service(service_name) + assert service.is_running + assert service.is_enabled + +def test_sockets(host): + for port in [9101, 9102, 9103]: + socket = host.socket('tcp://0.0.0.0:%s' % port) + assert socket.is_listening + +def test_backup(host): + host.run('echo "run job=localhost-full yes" | bconsole') + time.sleep(10) + backup = host.file('/var/lib/bareos/storage/localhost-0001') + assert backup.exists + assert backup.is_file + assert backup.user == 'bareos' + assert backup.group == 'bareos' + assert backup.mode == 0o640 + +def test_cron(host): + path = host.file('/var/spool/cron/crontabs/root') + assert path.exists + assert path.is_file + assert path.contains('0 9 \\* \\* \\* echo .bvfs_update | bconsole') diff --git a/tasks/client.yml b/tasks/client.yml new file mode 100644 index 0000000..1dd6b02 --- /dev/null +++ b/tasks/client.yml @@ -0,0 +1,33 @@ +--- +- name: install bareos client + ansible.builtin.package: + name: + - bareos-filedaemon + tags: bareos + +- name: copy client configuration 1/2 + ansible.builtin.template: + src: client.conf.j2 + dest: /etc/bareos/bareos-fd.d/client/myself.conf + owner: root + group: bareos + mode: 0640 + notify: restart bareos-fd + tags: bareos + +- name: copy client configuration 2/2 + ansible.builtin.template: + src: bareos-dir.conf.j2 + dest: /etc/bareos/bareos-fd.d/director/bareos-dir.conf + owner: root + group: bareos + mode: 0640 + notify: restart bareos-fd + tags: bareos + +- name: enable and start bareos client service + ansible.builtin.service: + name: bareos-fd + state: started + enabled: true + tags: bareos diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..9fec5c9 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- import_tasks: repo.yml +- import_tasks: client.yml + when: bareos_client +- import_tasks: storage.yml + when: bareos_storage +- import_tasks: server.yml + when: bareos_server diff --git a/tasks/repo.yml b/tasks/repo.yml new file mode 100644 index 0000000..b915ca4 --- /dev/null +++ b/tasks/repo.yml @@ -0,0 +1,17 @@ +--- +- name: install dependencies + ansible.builtin.package: + name: + - gnupg + tags: bareos + +- name: import repo key + ansible.builtin.apt_key: + url: '{{ bareos_url }}/Release.key' + tags: bareos + +- name: add repo + ansible.builtin.apt_repository: + repo: "deb {{ bareos_url }} /" + filename: bareos + tags: bareos diff --git a/tasks/server.yml b/tasks/server.yml new file mode 100644 index 0000000..5829245 --- /dev/null +++ b/tasks/server.yml @@ -0,0 +1,80 @@ +--- +- name: install bareos server + ansible.builtin.package: + name: + - bareos-bconsole + - 'bareos-database-{{ bareos_server_database_type }}' + - bareos-director + - bareos-webui + - cron + tags: bareos + +- name: clean old configuration + ansible.builtin.file: + path: '/etc/bareos/bareos-dir.d/{{ item }}' + state: absent + loop: + - catalog/MyCatalog.conf + - client/bareos-fd.conf + - job/backup-bareos-fd.conf + - job/BackupCatalog.conf + - jobdefs/DefaultJob.conf + - job/RestoreFiles.conf + notify: reload bareos-dir + tags: bareos + +- name: copy server configuration 1/2 + ansible.builtin.template: + src: server-bareos-dir.conf.j2 + dest: /etc/bareos/bareos-dir.d/director/bareos-dir.conf + owner: root + group: bareos + mode: 0640 + notify: reload bareos-dir + tags: bareos + +- name: copy server configuration 2/2 + ansible.builtin.template: + src: 'server-{{ item }}.conf.j2' + dest: '/etc/bareos/bareos-dir.d/{{ item }}/ansible.conf' + owner: root + group: bareos + mode: 0640 + loop: + - client + - storage + - catalog + - fileset + - schedule + - pool + - job + - profile + - console + notify: reload bareos-dir + tags: bareos + +- name: copy bconsole configuration + ansible.builtin.template: + src: bconsole.conf.j2 + dest: /etc/bareos/bconsole.conf + owner: root + group: bareos + mode: 0640 + notify: reload bareos-dir + tags: bareos + +- name: enable and start bareos server service + ansible.builtin.service: + name: bareos-dir + state: started + enabled: true + tags: bareos + +- name: add cron to update bvfs + ansible.builtin.cron: + name: bareos bvfs update + user: root + job: echo .bvfs_update | bconsole + hour: '9' + minute: '0' + tags: bareos diff --git a/tasks/storage.yml b/tasks/storage.yml new file mode 100644 index 0000000..d45d3ff --- /dev/null +++ b/tasks/storage.yml @@ -0,0 +1,43 @@ +--- +- name: install bareos storage + ansible.builtin.package: + name: + - bareos-storage + tags: bareos + +- name: copy storage configuration 1/3 + ansible.builtin.template: + src: storage-bareos-sd.conf.j2 + dest: /etc/bareos/bareos-sd.d/storage/bareos-sd.conf + owner: root + group: bareos + mode: 0640 + notify: restart bareos-sd + tags: bareos + +- name: copy storage configuration 2/3 + ansible.builtin.template: + src: storage-device.conf.j2 + dest: /etc/bareos/bareos-sd.d/device/ansible.conf + owner: root + group: bareos + mode: 0640 + notify: restart bareos-sd + tags: bareos + +- name: copy storage configuration 3/3 + ansible.builtin.template: + src: bareos-dir.conf.j2 + dest: /etc/bareos/bareos-sd.d/director/bareos-dir.conf + owner: root + group: bareos + mode: 0640 + notify: restart bareos-sd + tags: bareos + +- name: enable and start bareos storage service + ansible.builtin.service: + name: bareos-sd + state: started + enabled: true + tags: bareos diff --git a/templates/bareos-dir.conf.j2 b/templates/bareos-dir.conf.j2 new file mode 100644 index 0000000..85ed301 --- /dev/null +++ b/templates/bareos-dir.conf.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Director { + Name = {{ bareos_server_name }} + Password = "{{ bareos_server_password }}" +} diff --git a/templates/bconsole.conf.j2 b/templates/bconsole.conf.j2 new file mode 100644 index 0000000..fe60ab2 --- /dev/null +++ b/templates/bconsole.conf.j2 @@ -0,0 +1,7 @@ +# {{ ansible_managed }} + +Director { + Name = {{ bareos_server_name }} + address = localhost + Password = "{{ bareos_server_console_password }}" +} diff --git a/templates/client.conf.j2 b/templates/client.conf.j2 new file mode 100644 index 0000000..c3184f0 --- /dev/null +++ b/templates/client.conf.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Client { + Name = "{{ bareos_client_name }}" + Maximum Concurrent Jobs = {{ bareos_client_max_concurrent_jobs }} +} diff --git a/templates/server-bareos-dir.conf.j2 b/templates/server-bareos-dir.conf.j2 new file mode 100644 index 0000000..9e7f6a7 --- /dev/null +++ b/templates/server-bareos-dir.conf.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +Director { + Name = {{ bareos_server_name }} + QueryFile = "/usr/lib/bareos/scripts/query.sql" + Maximum Concurrent Jobs = {{ bareos_server_max_concurrent_jobs }} + Password = "{{ bareos_server_console_password }}" + Messages = Daemon + Auditing = yes + Heartbeat Interval = {{ bareos_server_heartbeat_interval }} +} diff --git a/templates/server-catalog.conf.j2 b/templates/server-catalog.conf.j2 new file mode 100644 index 0000000..a825814 --- /dev/null +++ b/templates/server-catalog.conf.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} +Catalog { + Name = database + dbdriver = "{{ bareos_server_database_type }}" + dbname = "{{ bareos_server_database_name }}" +{% if bareos_server_database_type != 'sqlite3' %} + dbaddress = "{{ bareos_server_database_host }}" + dbuser = "{{ bareos_server_database_user }}" + dbpassword = "{{ bareos_server_database_password }}" +{% endif %} +} diff --git a/templates/server-client.conf.j2 b/templates/server-client.conf.j2 new file mode 100644 index 0000000..d577b28 --- /dev/null +++ b/templates/server-client.conf.j2 @@ -0,0 +1,9 @@ +# {{ ansible_managed }} +{% for client_name, client in bareos_server_clients.items() %} + +Client { + Name = "{{ client_name }}" + Address = "{{ client.address }}" + Password = "{{ client.password }}" +} +{% endfor %} diff --git a/templates/server-console.conf.j2 b/templates/server-console.conf.j2 new file mode 100644 index 0000000..96a9c22 --- /dev/null +++ b/templates/server-console.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +{% for user_name, user in bareos_server_users.items() %} + +Console { + Name = "{{ user_name }}" + Password = "{{ user.password }}" + Profile = "{{ user.profile }}" + TLS Enable = No +} +{% endfor %} diff --git a/templates/server-fileset.conf.j2 b/templates/server-fileset.conf.j2 new file mode 100644 index 0000000..a411898 --- /dev/null +++ b/templates/server-fileset.conf.j2 @@ -0,0 +1,24 @@ +# {{ ansible_managed }} +{% for fileset_name, fileset in bareos_server_filesets.items() %} + +FileSet { + Name = "{{ fileset_name }}" + Include { +{% if 'options' in fileset %} + Options { +{% for option, value in fileset.options.items() %} + {{ option }} = {{ value }} +{% endfor %} + } +{% endif %} + File = "{{ fileset.path }}" + } +{% if 'excludes' in fileset %} + Exclude { +{% for exclude in fileset.excludes %} + File = "{{ exclude }}" +{% endfor %} + } +{% endif %} +} +{% endfor %} diff --git a/templates/server-job.conf.j2 b/templates/server-job.conf.j2 new file mode 100644 index 0000000..8a8291b --- /dev/null +++ b/templates/server-job.conf.j2 @@ -0,0 +1,21 @@ +# {{ ansible_managed }} +{% for client_name, client in bareos_server_clients.items() %} +{% for job_name, job in client.jobs.items() %} + +Job { + Name = {{ job.name|default(client_name + '-' + job_name) }} + Type = {{ job.type|default('Backup') }} + Messages = Standard + Client = {{ client_name }} + FileSet = {{ job.fileset }} + Storage = {{ job.storage }} + Pool = {{ client_name }} +{% if 'maximum_bandwidth' in job %} + Maximum Bandwidth = {{ job.maximum_bandwidth }} +{% endif %} +{% if 'schedule' in job %} + Schedule = {{ job.schedule }} +{% endif %} +} +{% endfor %} +{% endfor %} diff --git a/templates/server-pool.conf.j2 b/templates/server-pool.conf.j2 new file mode 100644 index 0000000..46cb8db --- /dev/null +++ b/templates/server-pool.conf.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} +{% for client_name, client in bareos_server_clients.items() %} + +Pool { + Name = {{ client_name }} + PoolType = Backup + Recycle = yes + AutoPrune = yes + VolumeRetention = {{ client.retention }} + MaximumVolumeJobs = 1 + LabelFormat = "{{ client_name }}-" +} +{% endfor %} diff --git a/templates/server-profile.conf.j2 b/templates/server-profile.conf.j2 new file mode 100644 index 0000000..40488ef --- /dev/null +++ b/templates/server-profile.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +{% for profile_name, acls in bareos_server_profiles.items() %} + +Profile { + Name = "{{ profile_name }}" +{% for acl_name, acl in acls.items() %} + {{ acl_name }} ACL = "{{ acl }}" +{% endfor %} +} +{% endfor %} diff --git a/templates/server-schedule.conf.j2 b/templates/server-schedule.conf.j2 new file mode 100644 index 0000000..a67cc4e --- /dev/null +++ b/templates/server-schedule.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +{% for schedule_name, schedule_runs in bareos_server_schedules.items() %} + +Schedule { + Name = "{{ schedule_name }}" +{% for run in schedule_runs %} + Run = {{ run }} +{% endfor %} +} +{% endfor %} diff --git a/templates/server-storage.conf.j2 b/templates/server-storage.conf.j2 new file mode 100644 index 0000000..a4c835c --- /dev/null +++ b/templates/server-storage.conf.j2 @@ -0,0 +1,16 @@ +# {{ ansible_managed }} +{% for storage_name, storage in bareos_server_storages.items() %} + +Storage { + Name = "{{ storage_name }}" + Address = "{{ storage.address }}" + Password = "{{ storage.password }}" + Device = "{{ storage.device }}" + MediaType = "{{ storage.media_type|default('File') }}" +{% if 'config' in storage %} +{% for storage_option, storage_value in storage.config.items() %} + {{ storage_option }} = {{ storage_value }} +{% endfor %} +{% endif %} +} +{% endfor %} diff --git a/templates/storage-bareos-sd.conf.j2 b/templates/storage-bareos-sd.conf.j2 new file mode 100644 index 0000000..fc022da --- /dev/null +++ b/templates/storage-bareos-sd.conf.j2 @@ -0,0 +1,6 @@ +# {{ ansible_managed }} + +Storage { + Name = {{ bareos_storage_name }} + Maximum Concurrent Jobs = {{ bareos_storage_max_concurrent_jobs }} +} diff --git a/templates/storage-device.conf.j2 b/templates/storage-device.conf.j2 new file mode 100644 index 0000000..d6b88f1 --- /dev/null +++ b/templates/storage-device.conf.j2 @@ -0,0 +1,10 @@ +# {{ ansible_managed }} +{% for device_name, device in bareos_storage_devices.items() %} + +Device { + Name = {{ device_name }} +{% for option, value in device.items() %} + {{ option }} = {{ value }} +{% endfor %} +} +{% endfor %}