Ergänzungen

ansible-create_backup_script.yml

@@ -0,0 +1,74 @@
+---
+- name: Setup Backup Script
+  hosts: all
+  become: yes
+  vars_files:
+    - vault.yml
+  tasks:
+    - name: Erstelle Backup-Verzeichnis
+      file:
+        path: /mnt/docker/backup
+        state: directory
+        mode: '0755'
+
+    - name: Erstelle Backup-Skript
+      copy:
+        dest: /usr/local/src/backup-to-s3.sh
+        mode: '0750'
+        owner: root
+        group: root
+        content: |
+          #!/bin/bash
+          EMAIL_FROM="mail@notifications.asmodee.de"
+          EMAIL_TO="it-admin@asmodee.de"
+          ARCHIV_NAME="docker05"
+          ARCHIV_PASS="{{ backup_archive_password }}"
+          ARCHIV_PATH="/mnt/docker/backup"
+          ARCHIV_TIME="$(date +%Y-%m-%d_%H-%M-%S)"
+          AWS_BUCKET="de.asmodee.docker05.backup"
+          AWS_SETUP_CP="--storage-class GLACIER"
+          AWS_EXEC="docker run --rm -v /root/.aws:/root/.aws -v ${ARCHIV_PATH}:/aws amazon/aws-cli"
+          BACKUP_DATAS[0]="unifi-backups|/mnt/docker/unifi-controller/data/data/backup/"
+
+          # Testings
+          test -f /root/.aws/config || exit 1
+          test -f /root/.aws/credentials || exit 1
+          test -d "${ARCHIV_PATH}" || exit 1
+          test -x "$(which 7z)" || exit 1
+          test -x "$(which docker)" || exit 1
+
+          # CleanUp previews Backups
+          find "${ARCHIV_PATH}" -maxdepth 1 -type f -name "*.7z" -delete
+
+          # Backup Attachements (only on Sunday!)
+          if [[ $(date +%u) -eq 7 ]]; then
+          for BACKUP_DATA in "${BACKUP_DATAS[@]}"; do
+          mapfile -td \| ENV_MAPFILE <<<"$BACKUP_DATA"
+          DATA_NAME=$(echo ${ENV_MAPFILE[0]})
+          DATA_PATH=$(echo ${ENV_MAPFILE[1]})
+          7z a -p"${ARCHIV_PASS}" -mhe=on "${ARCHIV_PATH}/${ARCHIV_NAME}_${ARCHIV_TIME}_${DATA_NAME}-data.7z" "${DATA_PATH}"
+          if [ $? -eq 0 ]; then
+           $AWS_EXEC s3 cp "${ARCHIV_NAME}_${ARCHIV_TIME}_${DATA_NAME}-data.7z" s3://${AWS_BUCKET}/ ${AWS_SETUP_CP}
+          else
+           rm "${ARCHIV_PATH}/${ARCHIV_NAME}_${ARCHIV_TIME}_${DATA_NAME}-data.7z"
+           echo "ERROR: ${DATA_NAME} Backup failed!"; exit 1; fi
+          done
+          fi
+
+          # Email Notification
+          echo "Subject:[$ARCHIV_NAME] Cloud Backup
+          From:$ARCHIV_NAME <$EMAIL_FROM>
+          To: $EMAIL_TO
+          Mime-Version: 1.0
+          Content-Type: text/html
+          Charset: UTF-8
+          <html><body>
+          Backup Files:<br>
+          $(ls -lh "${ARCHIV_PATH}" | sed "s/$/<br>/")
+          <br>
+          Service Log:<br>
+          $(journalctl -u backup-to-s3.service --since today --output short | sed "s/$/<br>/")
+          </body></html>" | docker exec -i mail-relay sendmail -f $EMAIL_FROM $EMAIL_TO
+
+          # Clean Exit
+          exit 0

setups/docker-compose.yml

@@ -42,6 +42,7 @@ services:
       - ./inventory/:/inventory:ro
       - ./authorized-keys/:/authorized-keys:ro
       - ./config/:/etc/semaphore:rw
+    #  - ./ansible.cfg:/etc/ansible/ansible.cfg
     restart: unless-stopped
     depends_on:
       - mysql

setups/setup_vault.yml

@@ -0,0 +1,10 @@
+# Erzeugen der Vault:
+#   ansible-vault create vault.yml
+# hier muss dann das Passwort für den Zugriff auf die Vault eingegeben werden
+# Anschließend werden die benötigten Daten in der folgenden Form eingegeben:
+# backup_archive_password: IhrPasswortHier
+#
+# Erzeugen des Passwortfiles im Verzeichnis von root:
+# echo "IhrVaultPasswort" > /root/pw-file.txt
+# chown root:root /root/pw-file.txt
+# chmod 600 /root/pw-file.txt