From c5c18b05a027cf9d7cf577dbfd8d80aae65784a9 Mon Sep 17 00:00:00 2001
From: Valentin CZERYBA <valcze80@gmail.com>
Date: Fri, 17 Feb 2023 18:04:21 +0100
Subject: [PATCH] add backup script

---
 inventory/host_vars/vps-host               | 46 +++++++++++--------
 roles/deploy-web/files/scw-backup.sh       | 51 ++++++++++++++++++++++
 roles/deploy-web/tasks/backup.yml          | 47 ++++++++++++++++++++
 roles/deploy-web/tasks/configure.yml       |  6 +++
 roles/deploy-web/tasks/deconfigure.yml     |  2 +-
 roles/deploy-web/templates/scw-configrc.j2 | 26 +++++++++++
 6 files changed, 160 insertions(+), 18 deletions(-)
 create mode 100755 roles/deploy-web/files/scw-backup.sh
 create mode 100644 roles/deploy-web/tasks/backup.yml
 create mode 100644 roles/deploy-web/templates/scw-configrc.j2

diff --git a/inventory/host_vars/vps-host b/inventory/host_vars/vps-host
index 575c2a9..628dc84 100644
--- a/inventory/host_vars/vps-host
+++ b/inventory/host_vars/vps-host
@@ -1,18 +1,30 @@
 $ANSIBLE_VAULT;1.1;AES256
-31393265313635666339373930656266363533626234383533313734323964386463363739363664
-3362323965366165643139326433646535303931616338390a316232656464383534383361313032
-39303032376339303830643866356464303235633736623134313334646361363265393330653432
-6338626261383734380a333662613238323038616637643162626436376536326461396461303866
-36383835363639633530653238353564643438616238663263363837343436636531656332303266
-37303663303139393636663334313130356231643639633833636563356137393930383639613337
-31353336346531313561336464643332333234656236386330316236376234306463663164623435
-62386665383332316133383035366162323636323638323965643532356634333836323562303132
-61396539633336346436346466306339316461613732383738666663366233373261396366353039
-61303966326130326531393837333562383337646463393435643336303465393935623938346530
-64623864313332613633333162623736643030363833346133643838383534656430336332333331
-61383661353932383961303537306233333864623531316239653131346436313035643461633032
-33376338326466616230373465643236343937653839316562633630393162373936306364633765
-32306337656639386330386334653262313663363062356263623165366164663764646430373162
-36353539376234386465393637303533323662353965663936623464633066386239623637373539
-39323637653361663730633735396133636539303133306164373838623930663364306135353938
-3935
+36626136326337616132316236306132333431646431313930313833313062336239623763336335
+6538653435663965303330303835353935636433303834340a326439353435326661343964623464
+61633563323032626230616361336533313733363965323666306537313061666266613731366430
+6464306365656536300a303463313966353833346164326434376635326334336539393739383266
+66383664636161656636623131636437646436316530376133616134383732633932623064663531
+30306135643033633934396530353636653263393935613230663165623664653563306161383761
+36653533326264346134623532363562313638666439626163396466316632303866306664363666
+35613064616236316532643235643231376564616530363831386436626565363261636438663335
+35303233303734653363613161363036393434626363333636613331316133366462316665626463
+62343762643233343366396439303966333331663865636666643230333937653866666432353162
+35306131623364306131333931326437646335653237653735663165656132303065656162653539
+63326337306234333636373461326537376561353663343231336561313736363432376261656566
+63366261353539646263343366363533623330393132373461373166323633333032303930616134
+33663365356430373239663462343135636138373831626633383664333135353466636439316638
+64313138326630613233323461653730323733353465356433626436336338633431656334363366
+31376566653565643631383339326465303537633864343136623230366630376539383465303639
+32626562373062313464323037323530346530303235313037663236646134626434363934643935
+66626333363163306563316631313331656261353263633133393835303235626665376236333339
+32323366653932393666313164643162363864636238613332343263623731643338303066326364
+66626163343733646462626536336533353239383332616438316565353966373263356336653062
+34646432396264666461336534363862623230313633336434393065303863623338326135363365
+65363733656339616461363564646633626462643062343835663637633832646633353664653933
+39393838333332616665663432626565336235396138316637663933373339613336376164376166
+36626261366331336436353466623230326232373833333038313138623366623234363630303663
+30646537653230383461623535376631613337336539626166653236373961326639326232393264
+31306336303563383734376366383831663061373532336636626165336335653465373839363235
+37393132613461656263386537376634363661393038626264373435366366336135383132303733
+36653862393932393734303862666463376138303635363161333566323830343336336566666230
+37626136376231353566313934633563656636356430663861336537613664306461
diff --git a/roles/deploy-web/files/scw-backup.sh b/roles/deploy-web/files/scw-backup.sh
new file mode 100755
index 0000000..1bf2635
--- /dev/null
+++ b/roles/deploy-web/files/scw-backup.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+LOGFILE_RECENT="/var/log/scw-log/logfile-recent.log"
+LOGFILE="/var/log/scw-log/logfile.log"
+DUPLICITY=/usr/local/bin/duplicity
+log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+
+rotate_log() {
+	cat ${LOGFILE_RECENT} >> ${LOGFILE}
+	backupScw=`echo ${URL_SCW} | rev | cut -d "/" -f 2 | rev`
+	status="OK"
+	if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then
+		status="ALERTE FAIL !!!"
+	fi	
+	cat ${LOGFILE_RECENT} |mail -s "${status} | Backup ${backupScw} `date +%Y-%m-%d`" valczebackup@gmail.com
+}
+
+USER=$(whoami)
+currently_backuping=$(ps -ef | grep duplicity  | grep python |grep ${USER}  | wc -l)
+
+if [ $currently_backuping -eq 0 ]; then
+	if [ ${#} -ne 1 ]; then
+		log ">>> Il manque un paramètre ${0} : <CONFIGFILE>"
+		rotate_log
+		exit 1
+	fi
+	if [ ! -f ${1} ]; then
+		log ">>> Le paramètre n'est pas un fichier ${USER} : ${1}"
+		rotate_log
+		exit 1
+	fi
+	source "$1"
+	echo > ${LOGFILE_RECENT}
+	log ">>> removing old backups"
+	${DUPLICITY} remove-older-than ${KEEP_BACKUP_TIME} ${URL_SCW} --force >> ${LOGFILE_RECENT} 2>&1
+       	log ">>> creating and uploading backup to c14 cold storage ${SOURCE}"
+     	${DUPLICITY} \
+	    	incr --full-if-older-than ${FULL_BACKUP_TIME} \
+	    	--asynchronous-upload \
+	    	--s3-use-glacier \
+	    	--encrypt-key=${GPG_FINGERPRINT} \
+	    	--sign-key=${GPG_FINGERPRINT} \
+		${SOURCE} ${URL_SCW} >> ${LOGFILE_RECENT} 2>&1
+	rotate_log
+else
+	log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}"	
+	rotate_log
+fi
diff --git a/roles/deploy-web/tasks/backup.yml b/roles/deploy-web/tasks/backup.yml
new file mode 100644
index 0000000..fdf4c7b
--- /dev/null
+++ b/roles/deploy-web/tasks/backup.yml
@@ -0,0 +1,47 @@
+# tasks file for stats script
+
+- name: "Create log for backup script"
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/var/log/scw-log"
+    - "/root/log"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup script
+  copy:
+    src: "scw-backup.sh"
+    dest: "/opt/scw-backup.sh"
+    mode: "0500"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup config
+  template:
+    src: "scw-configrc.j2"
+    dest: "/root/.scw-configrc"
+    mode: "0400"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+#- name: Crontab blacklist
+#  ansible.builtin.cron:
+#    name: "blacklist script"
+#    cron_file: "blacklist_cron"
+#    minute: "*/5"
+#    job: "bash /usr/local/bin/sentinel/blacklist.sh"
+#    user: root
+#
+#  vars:
+#    ansible_become: yes
+#    ansible_become_method: sudo
+#    ansible_become_password: "{{ sudo_password }}"
diff --git a/roles/deploy-web/tasks/configure.yml b/roles/deploy-web/tasks/configure.yml
index 9ba3466..a55dc8c 100644
--- a/roles/deploy-web/tasks/configure.yml
+++ b/roles/deploy-web/tasks/configure.yml
@@ -46,3 +46,9 @@
   import_tasks: supervision.yml
   tags: [ "configure_supervision" ]
 
+- name: Configure backup script
+  import_tasks: backup.yml
+  tags: [ "configure_backup" ]
+
+
+
diff --git a/roles/deploy-web/tasks/deconfigure.yml b/roles/deploy-web/tasks/deconfigure.yml
index 037c8d1..4e1ccf3 100644
--- a/roles/deploy-web/tasks/deconfigure.yml
+++ b/roles/deploy-web/tasks/deconfigure.yml
@@ -11,7 +11,7 @@
 
 - name: Deconfigure blacklist script
   import_tasks: deconfigure_blacklist.yml
-tags: [ "deconfigure_blacklist" ]
+  tags: [ "deconfigure_blacklist" ]
 
 
 - name: Deconfigure supervision script
diff --git a/roles/deploy-web/templates/scw-configrc.j2 b/roles/deploy-web/templates/scw-configrc.j2
new file mode 100644
index 0000000..32db50f
--- /dev/null
+++ b/roles/deploy-web/templates/scw-configrc.j2
@@ -0,0 +1,26 @@
+export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}"
+export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}"
+export URL_SCW="s3://{{ url_scw }}/{{ scw_directory }}"
+
+# GPG Key information
+export PASSPHRASE="{{ passphrase }}"
+export GPG_FINGERPRINT="{{ gpg_fingerprint }}"
+# Folder to backup
+export SOURCE="--exclude /sys --exclude /proc --exclude /opt --exclude /tmp --exclude /mnt --exclude /home /"
+
+# Will keep backup up to 1 month
+export KEEP_BACKUP_TIME="1M"
+
+# Will make a full backup every 10 days
+export FULL_BACKUP_TIME="10D"
+
+# Log files
+export LOGFILE_RECENT="/root/log/logfile-recent.log"
+export LOGFILE="/root/log/logfile.log"
+
+ log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+export -f log