add backup script

roles/deploy-web/files/scw-backup.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+LOGFILE_RECENT="/var/log/scw-log/logfile-recent.log"
+LOGFILE="/var/log/scw-log/logfile.log"
+DUPLICITY=/usr/local/bin/duplicity
+log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+
+rotate_log() {
+	cat ${LOGFILE_RECENT} >> ${LOGFILE}
+	backupScw=`echo ${URL_SCW} | rev | cut -d "/" -f 2 | rev`
+	status="OK"
+	if [ $(grep "Errors 0" ${LOGFILE_RECENT} |wc -l) -eq 0 ]; then
+		status="ALERTE FAIL !!!"
+	fi	
+	cat ${LOGFILE_RECENT} |mail -s "${status} | Backup ${backupScw} `date +%Y-%m-%d`" valczebackup@gmail.com
+}
+
+USER=$(whoami)
+currently_backuping=$(ps -ef | grep duplicity  | grep python |grep ${USER}  | wc -l)
+
+if [ $currently_backuping -eq 0 ]; then
+	if [ ${#} -ne 1 ]; then
+		log ">>> Il manque un paramètre ${0} : <CONFIGFILE>"
+		rotate_log
+		exit 1
+	fi
+	if [ ! -f ${1} ]; then
+		log ">>> Le paramètre n'est pas un fichier ${USER} : ${1}"
+		rotate_log
+		exit 1
+	fi
+	source "$1"
+	echo > ${LOGFILE_RECENT}
+	log ">>> removing old backups"
+	${DUPLICITY} remove-older-than ${KEEP_BACKUP_TIME} ${URL_SCW} --force >> ${LOGFILE_RECENT} 2>&1
+       	log ">>> creating and uploading backup to c14 cold storage ${SOURCE}"
+     	${DUPLICITY} \
+	    	incr --full-if-older-than ${FULL_BACKUP_TIME} \
+	    	--asynchronous-upload \
+	    	--s3-use-glacier \
+	    	--encrypt-key=${GPG_FINGERPRINT} \
+	    	--sign-key=${GPG_FINGERPRINT} \
+		${SOURCE} ${URL_SCW} >> ${LOGFILE_RECENT} 2>&1
+	rotate_log
+else
+	log ">>> Duplicity déjà en cours de route sur cette utilisateur ${USER}"	
+	rotate_log
+fi

roles/deploy-web/tasks/backup.yml

@@ -0,0 +1,47 @@
+# tasks file for stats script
+
+- name: "Create log for backup script"
+  file:
+    path: "{{ item }}"
+    state: directory
+  with_items:
+    - "/var/log/scw-log"
+    - "/root/log"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup script
+  copy:
+    src: "scw-backup.sh"
+    dest: "/opt/scw-backup.sh"
+    mode: "0500"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+- name: Copy scw backup config
+  template:
+    src: "scw-configrc.j2"
+    dest: "/root/.scw-configrc"
+    mode: "0400"
+  vars:
+    ansible_become: yes
+    ansible_become_method: sudo
+    ansible_become_password: "{{ sudo_password }}"
+
+
+#- name: Crontab blacklist
+#  ansible.builtin.cron:
+#    name: "blacklist script"
+#    cron_file: "blacklist_cron"
+#    minute: "*/5"
+#    job: "bash /usr/local/bin/sentinel/blacklist.sh"
+#    user: root
+#
+#  vars:
+#    ansible_become: yes
+#    ansible_become_method: sudo
+#    ansible_become_password: "{{ sudo_password }}"

roles/deploy-web/tasks/configure.yml

@@ -46,3 +46,9 @@
   import_tasks: supervision.yml
   tags: [ "configure_supervision" ]
 
+- name: Configure backup script
+  import_tasks: backup.yml
+  tags: [ "configure_backup" ]
+
+
+

roles/deploy-web/tasks/deconfigure.yml

@@ -11,7 +11,7 @@
 
 - name: Deconfigure blacklist script
   import_tasks: deconfigure_blacklist.yml
-tags: [ "deconfigure_blacklist" ]
+  tags: [ "deconfigure_blacklist" ]
 
 
 - name: Deconfigure supervision script

roles/deploy-web/templates/scw-configrc.j2

@@ -0,0 +1,26 @@
+export AWS_ACCESS_KEY_ID="{{ aws_access_key_id }}"
+export AWS_SECRET_ACCESS_KEY="{{ aws_secret_access_key }}"
+export URL_SCW="s3://{{ url_scw }}/{{ scw_directory }}"
+
+# GPG Key information
+export PASSPHRASE="{{ passphrase }}"
+export GPG_FINGERPRINT="{{ gpg_fingerprint }}"
+# Folder to backup
+export SOURCE="--exclude /sys --exclude /proc --exclude /opt --exclude /tmp --exclude /mnt --exclude /home /"
+
+# Will keep backup up to 1 month
+export KEEP_BACKUP_TIME="1M"
+
+# Will make a full backup every 10 days
+export FULL_BACKUP_TIME="10D"
+
+# Log files
+export LOGFILE_RECENT="/root/log/logfile-recent.log"
+export LOGFILE="/root/log/logfile.log"
+
+ log () {
+	    date=`date +%Y-%m-%d`
+	    hour=`date +%H:%M:%S`
+	    echo "$date $hour $*" >> ${LOGFILE_RECENT}
+}
+export -f log