From fbc3d003f71a78be3f9be43c8403fd05e200b3b2 Mon Sep 17 00:00:00 2001 From: Francis Kayiwa Date: Mon, 4 Sep 2023 09:20:10 -0400 Subject: [PATCH] add restic configuration steps create a password and add fake gce_credentials to source environment --- roles/restic/defaults/main.yml | 8 ++++++ roles/restic/molecule/default/molecule.yml | 2 +- roles/restic/tasks/main.yml | 30 ++++++++++++++++++++++ roles/restic/templates/env.restic.j2 | 10 ++++++++ roles/restic/templates/restic.pwd.j2 | 1 + 5 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 roles/restic/templates/env.restic.j2 create mode 100644 roles/restic/templates/restic.pwd.j2 diff --git a/roles/restic/defaults/main.yml b/roles/restic/defaults/main.yml index fda7ff9220..2f8ea363a9 100644 --- a/roles/restic/defaults/main.yml +++ b/roles/restic/defaults/main.yml @@ -1,2 +1,10 @@ --- # defaults file for restic +restic_user: "restic" +restice_user_home: "/home/{{ restic_user }}" +restic_home: "{{ restic_user_home }}/.restic" +restic_local_repo: "/var/local/demo_backup" +restic_remote_repo: "gs:deadbeef:daily" +restic_gce_credentials: "{{ restic_home }}/pul-gcdc-33c75c1ceece.json" +restic_password: "CHANGEME" +restic_password_file: "{{ restic_user_home }}/.restic.pwd" diff --git a/roles/restic/molecule/default/molecule.yml b/roles/restic/molecule/default/molecule.yml index d186f778e9..0e1659c89a 100644 --- a/roles/restic/molecule/default/molecule.yml +++ b/roles/restic/molecule/default/molecule.yml @@ -9,7 +9,7 @@ lint: | ansible-lint platforms: - name: instance - image: "pulibrary/puldocker-${MOLECULE_DISTRO:-ubuntu1804}-ansible:latest" + image: "quay.io/pulibrary/jammy-ansible:latest" command: "" volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro diff --git a/roles/restic/tasks/main.yml b/roles/restic/tasks/main.yml index 93645e56f9..fdb2c03f10 100644 --- a/roles/restic/tasks/main.yml +++ b/roles/restic/tasks/main.yml @@ -1,2 +1,32 @@ --- # tasks file for restic +- name: Install Restic Software + ansible.builtin.apt: + name: restic + state: present + +- name: Create restic directory if it does not exist + ansible.builtin.file: + path: "{{ restic_home }}" + state: directory + mode: o-rwx + +- name: Add restic credentials + ansible.builtin.template: + src: restic.pwd.j2 + dest: "{{ restic_user_home }}/.restic.pwd" + owner: "{{ restic_user }}" + group: "{{ restic_user }}" + mode: o-r + +- name: Add restic environment + ansible.builtin.template: + src: env.restic.j2 + dest: "{{ restic_user_home }}/.env.restic" + owner: "{{ restic_user }}" + group: "{{ restic_user }}" + mode: o-rwx + +- name: Source Restic environment + ansible.builtin.shell: "source ~/.env.restic" + changed_when: false diff --git a/roles/restic/templates/env.restic.j2 b/roles/restic/templates/env.restic.j2 new file mode 100644 index 0000000000..ebee23b684 --- /dev/null +++ b/roles/restic/templates/env.restic.j2 @@ -0,0 +1,10 @@ +### repository on local filesystem +export RESTIC_ARCHIVE_REPOSITORY='{{ restic_local_repo }}' + +### repository on google cloud +export GOOGLE_APPLICATION_CREDENTIALS='{{ restic_gce_credentials }}' + +export RESTIC_ARCHIVE_REPOSITORY='{{ restic_remote_repo }}' + +export RESTIC_REPOSITORY=$RESTIC_ARCHIVE_REPOSITORY +export RESTIC_PASSWORD_FILE='{{ restic_password_file }}' diff --git a/roles/restic/templates/restic.pwd.j2 b/roles/restic/templates/restic.pwd.j2 new file mode 100644 index 0000000000..ec613a4582 --- /dev/null +++ b/roles/restic/templates/restic.pwd.j2 @@ -0,0 +1 @@ +"{{ restic_password }}"