diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..8d0b611 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +--- +pbs_debian_release_name: "bookworm" +pbs_repo_key: "https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg" +pbs_repo_no_subscription: "deb http://download.proxmox.com/debian/pbs-client {{ pbs_debian_release_name }} main" diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..9a5a4df --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,9 @@ +--- +galaxy_info: + author: Ludovic Cartier + description: Custom bash backup script which send data to Proxmox Backup Server + company: brainsys + license: MIT + min_ansible_version: 2.8 + issue_tracker_url: https://git.brainsys.io/ansible-roles/prometheus/issues + github_branch: main diff --git a/tasks/asserts.yml b/tasks/asserts.yml new file mode 100644 index 0000000..d827c45 --- /dev/null +++ b/tasks/asserts.yml @@ -0,0 +1,11 @@ +--- +- name: assert | check OS + assert: + that: + - ansible_distribution == 'Debian' + +- name: assert | check vars + assert: + that: + - backup_dir is defined + - backup_retention is defined diff --git a/tasks/install.yml b/tasks/install.yml new file mode 100644 index 0000000..e12e81b --- /dev/null +++ b/tasks/install.yml @@ -0,0 +1,37 @@ +--- +- name: proxmox backup client | get GPG key + apt_key: + url: "{{ pbs_repo_key }}" + +- name: proxmox backup client | add repository + become: yes + apt_repository: + repo: "{{ pbs_repo_no_subscription }}" + filename: pbs-client.list + +- name: proxmox backup client | update APT Cache + apt: + update_cache: yes + cache_valid_time: 3600 + +- name: proxmox backup client | install + apt: + name: + - proxmox-backup-client + state: present + +- name: proxmox backup client | copy backup script + template: + src: brain_backup.j2 + dest: /usr/local/bin/brain_backup + owner: root + group: root + mode: 0755 + +- name: proxmox backup client | install crontab + cron: + name: brain backup + minute: "{{ backup_cron_minute | default('0') }}" + hour: "{{ backup_cron_hour | default('2') }}" + user: root + job: "/usr/local/bin/brain_backup" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..3793823 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: asserts + include_tasks: asserts.yml + +- name: install + include_tasks: install.yml diff --git a/templates/brain_backup.j2 b/templates/brain_backup.j2 new file mode 100644 index 0000000..b543956 --- /dev/null +++ b/templates/brain_backup.j2 @@ -0,0 +1,100 @@ +# {{ ansible_managed }} +#!/bin/bash + +[ ! -f /usr/bin/proxmox-backup-client ] && echo "proxmox-backup-client is not installed: exiting." && exit 1 + +today=`date +%Y-%m-%d` +backup_dir={{ backup_dir | default('/backup') }} +backup_retention={{ backup_retention | default('7') }} + +### PBS #### +PBS_RATE={{ pbs_rate | default('60000000') }} + +export PBS_FINGERPRINT="{{ pbs_fingerprint }}" +export PBS_PASSWORD="{{ pbs_password }}" +export PBS_USER="{{ pbs_user }}" +export PBS_SERVER="{{ pbs_server }}" +export PBS_DATASTORE="{{ pbs_datastore }}" +export PBS_REPOSITORY="${PBS_USER}@${PBS_SERVER}:${PBS_DATASTORE}" +export PBS_LOG="{{ PBS_LOG_LEVEL | default('error') }}" + +## PBS login ## +/usr/bin/proxmox-backup-client login +if [ $? -ne 0 ]; then + echo "Error on PBS login - exiting." + exit 1 +fi +## end of PBS login ## + +## system ## +mkdir -p $backup_dir/$today/system + +/usr/bin/tar cfz $backup_dir/$today/system/crontab.tgz -C /var/spool/cron/ crontabs/ +/usr/bin/dpkg -l > $backup_dir/$today/system/dpkg.txt +[ -f /sbin/iptables ] && /sbin/iptables -L -n > $backup_dir/$today/system/firewall.txt +[ -f /sbin/iptables ] && /sbin/iptables -L -n -t nat > $backup_dir/$today/system/firewall_nat.txt +[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n > $backup_dir/$today/system/firewall6.txt +[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n -t nat > $backup_dir/$today/system/firewall6_nat.txt +[ -f /usr/bin/pstree ] && /usr/bin/pstree > $backup_dir/$today/system/pstree.txt +/bin/ps faux > $backup_dir/$today/system/ps.txt +/bin/systemctl list-units > $backup_dir/$today/system/systemctl_unit.txt +/usr/bin/getent passwd > $backup_dir/$today/system/users.txt +[ -f /usr/bin/pvs ] && /usr/sbin/pvs > $backup_dir/$today/system/pvs.txt +[ -f /usr/bin/vgs ] && /usr/sbin/vgs > $backup_dir/$today/system/vgs.txt +[ -f /usr/bin/lvs ] &&/ usr/sbin/lvs > $backup_dir/$today/system/lvs.txt + +for dev in /sys/block/*; do + dev=$(basename $dev) + if test -b /dev/$dev && file -s /dev/$dev | egrep -q 'partition table|boot sector'; then + /usr/sbin/sfdisk -d /dev/$dev >> $backup_dir/$today/system/partition-table_$dev.txt + fi +done +## end of system ## + +{% if backup_mysql_enabled is sameas true %} +## mysql ## +mysql_databases=`/usr/bin/mysql -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"` + +mkdir -p $backup_dir/$today/mysql + +for db in $mysql_databases; + do mysqldump -e -q -Q --lock-tables $db | gzip -c > $backup_dir/$today/mysql/dump_$db.sql.gz; +done + +## end of mysql ## +{% endif %} + +{% if backup_pgsql_enabled is sameas true %} +## postgresql ## +pg_port={{ backup_pg_port | default('5432') }} +pg_databases=`sudo su - postgres -c "/usr/bin/psql -p $pg_port -t -c 'SELECT datname FROM pg_database'"|grep -v "template0"` + +mkdir -p $backup_dir/$today/postgresql +chown -R postgres: $backup_dir/$today/postgresql + +for db in $pg_databases; + do sudo su - postgres -c "/usr/bin/pg_dump -p $pg_port -Z9 -Fc -b -f $backup_dir/$today/postgresql/dump_$db.sql $db"; +done + +sudo su - postgres -c "/usr/bin/pg_dumpall --roles-only > $backup_dir/$today/postgresql/role.sql" +## end of postresql ## +{% endif %} + +# purge old backups +find $backup_dir -type d -ctime +$backup_retention -exec rm -rf {} \; + +## send to PBS ## +# TODO : this need to be templified ! +/usr/bin/proxmox-backup-client backup system.pxar:$backup_dir/$today/system --rate ${PBS_RATE} +/usr/bin/proxmox-backup-client backup etc.pxar:/etc/ --rate ${PBS_RATE} +/usr/bin/proxmox-backup-client backup var_www.pxar:/var/www/ --rate ${PBS_RATE} --exclude 'html' --exclude 'lost+found' --exclude='*.sock' --exclude='*.log' --exclude='.cache/' +/usr/bin/proxmox-backup-client backup opt.pxar:/opt/ --rate ${PBS_RATE} +/usr/bin/proxmox-backup-client backup mysql.pxar:$backup_dir/$today/mysql --rate ${PBS_RATE} +/usr/bin/proxmox-backup-client backup postgresql.pxar:$backup_dir/$today/postgresql --rate ${PBS_RATE} +/usr/bin/proxmox-backup-client backup slash.pxar:/ --rate ${PBS_RATE} --include-dev /opt/docker-compose --include-dev /home +## end of send to PBS ## + +## PBS logout ## +/usr/bin/proxmox-backup-client logout +## end of PBS logout ## +