From ea052ef0b9efc9d338278d3b493d78d50591b042 Mon Sep 17 00:00:00 2001 From: Ludovic Cartier Date: Fri, 15 May 2026 11:28:07 +0200 Subject: [PATCH] refactor: update README and templates for improved backup configuration and logging Co-authored-by: Copilot --- README.md | 47 ++++++++++++------------- tasks/install.yml | 5 ++- templates/brain_backup.j2 | 72 +++++++++++++++++++++++++-------------- templates/pxarexclude.j2 | 2 +- 4 files changed, 74 insertions(+), 52 deletions(-) diff --git a/README.md b/README.md index a7d01e2..b2f48e0 100644 --- a/README.md +++ b/README.md @@ -23,28 +23,26 @@ All files are then send it to a custom Proxmox Backup Server. Role variables --------------- -| Variable | Type | Choices | Default | Comment | -|---------------------------|---------|------------------|--------------------------------------------------------------------------------------|-----------------| -| pbs_debian_release_name | string | | bookworm | | -| pbs_repo_key | string | | https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg | | -| pbs_repo_no_subscription | string | | deb http://download.proxmox.com/debian/pbs-client {{ pbs_debian_release_name }} main | | -| pbs_user | string | | | mandatory | -| pbs_server | string | | | mandatory | -| pbs_datastore | string | | | mandatory | -| pbs_fingerprint | string | | | mandatory | -| pbs_password | string | | | mandatory | -| backup_host_id | string | | | | -| backup_dir | string | | | mandatory | -| backup_local_retention | string | | | mandatory | -| backup_path_include | dict | | | | -| - path: /etc list | string | | | | -| - path: /var/www list | string | | | | -| fs_mount: true list | boolean | | | | -| backup_path_exclude | list | | | | -| backup_mysql_enabled | boolean | | | | -| backup_postgreslq_enabled | boolean | | | | -| backup_cron_minute | int | | | | -| backup_cron_hour | int | | | | +| Variable | Type | Choices | Default | Comment | +|---------------------------|---------|------------------|--------------------------------------------------------------------------------------|-------------------| +| pbs_debian_release_name | string | | bookworm | | +| pbs_repo_key | string | | https://enterprise.proxmox.com/debian/proxmox-release-bookworm.gpg | | +| pbs_repo_no_subscription | string | | deb http://download.proxmox.com/debian/pbs-client {{ pbs_debian_release_name }} main | | +| pbs_user | string | | | mandatory | +| pbs_server | string | | | mandatory | +| pbs_datastore | string | | | mandatory | +| pbs_fingerprint | string | | | mandatory | +| pbs_password | string | | | mandatory | +| backup_host_id | string | | | | +| backup_dir | string | | | mandatory | +| backup_local_retention | string | | | mandatory | +| backup_path_include | list | | | | +| backup_path_exclude | list | | | | +| backup_mysql_enabled | boolean | | | uses mysqldump | +| backup_mariadb_enabled | boolean | | | uses mariadb-dump | +| backup_pgsql_enabled | boolean | | | | +| backup_cron_minute | int | | | | +| backup_cron_hour | int | | | | Dependencies ------------ @@ -77,9 +75,8 @@ backup_dir: /backup backup_local_retention: 2 backup_path_include: - - path: /etc - - path: /var/www - fs_mount: true + - /etc + - /var/www backup_path_exclude: - /var/backups diff --git a/tasks/install.yml b/tasks/install.yml index eef8b4d..ce10b44 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -1,7 +1,10 @@ --- - name: proxmox backup client | get GPG key - apt_key: + get_url: url: "{{ pbs_repo_key }}" + dest: /etc/apt/trusted.gpg.d/proxmox-release-bookworm.gpg + mode: '0644' + become: yes - name: proxmox backup client | add repository become: yes diff --git a/templates/brain_backup.j2 b/templates/brain_backup.j2 index d67f104..fd3b56b 100644 --- a/templates/brain_backup.j2 +++ b/templates/brain_backup.j2 @@ -16,7 +16,7 @@ export PBS_USER="{{ pbs_user }}" export PBS_SERVER="{{ pbs_server }}" export PBS_DATASTORE="{{ pbs_datastore }}" export PBS_REPOSITORY="${PBS_USER}@${PBS_SERVER}:${PBS_DATASTORE}" -export PBS_LOG="{{ PBS_LOG_LEVEL | default('error') }}" +export PBS_LOG="{{ pbs_log_level | default('error') }}" ## PBS login ## /usr/bin/proxmox-backup-client login @@ -26,30 +26,35 @@ if [ $? -ne 0 ]; then fi ## end of PBS login ## -## system ## -mkdir -p $backup_dir/$today/system +## today symlink ## +mkdir -p $backup_dir/$today +ln -sfn $backup_dir/$today $backup_dir/today +## end of today symlink ## -/usr/bin/tar cfz $backup_dir/$today/system/crontab.tgz -C /var/spool/cron/ crontabs/ -/usr/bin/dpkg -l > $backup_dir/$today/system/dpkg.txt -[ -f /sbin/iptables ] && /sbin/iptables -L -n > $backup_dir/$today/system/firewall.txt -[ -f /sbin/iptables ] && /sbin/iptables -L -n -t nat > $backup_dir/$today/system/firewall_nat.txt -[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n > $backup_dir/$today/system/firewall6.txt -[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n -t nat > $backup_dir/$today/system/firewall6_nat.txt -[ -f /usr/bin/pstree ] && /usr/bin/pstree > $backup_dir/$today/system/pstree.txt -/bin/ps faux > $backup_dir/$today/system/ps.txt -/bin/systemctl list-units > $backup_dir/$today/system/systemctl_unit.txt -/usr/bin/getent passwd > $backup_dir/$today/system/users.txt -[ -f /usr/bin/pvs ] && /usr/sbin/pvs > $backup_dir/$today/system/pvs.txt -[ -f /usr/bin/vgs ] && /usr/sbin/vgs > $backup_dir/$today/system/vgs.txt -[ -f /usr/bin/lvs ] &&/ usr/sbin/lvs > $backup_dir/$today/system/lvs.txt +## audit ## +mkdir -p $backup_dir/$today/audit + +/usr/bin/tar cfz $backup_dir/$today/audit/crontab.tgz -C /var/spool/cron/ crontabs/ +/usr/bin/dpkg -l > $backup_dir/$today/audit/dpkg.txt +[ -f /sbin/iptables ] && /sbin/iptables -L -n > $backup_dir/$today/audit/firewall.txt +[ -f /sbin/iptables ] && /sbin/iptables -L -n -t nat > $backup_dir/$today/audit/firewall_nat.txt +[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n > $backup_dir/$today/audit/firewall6.txt +[ -f /sbin/ip6tables ] && /sbin/ip6tables -L -n -t nat > $backup_dir/$today/audit/firewall6_nat.txt +[ -f /usr/bin/pstree ] && /usr/bin/pstree > $backup_dir/$today/audit/pstree.txt +/bin/ps faux > $backup_dir/$today/audit/ps.txt +/bin/systemctl list-units > $backup_dir/$today/audit/systemctl_unit.txt +/usr/bin/getent passwd > $backup_dir/$today/audit/users.txt +[ -f /usr/bin/pvs ] && /usr/sbin/pvs > $backup_dir/$today/audit/pvs.txt +[ -f /usr/bin/vgs ] && /usr/sbin/vgs > $backup_dir/$today/audit/vgs.txt +[ -f /usr/bin/lvs ] && /usr/sbin/lvs > $backup_dir/$today/audit/lvs.txt for dev in /sys/block/*; do dev=$(basename $dev) if test -b /dev/$dev && file -s /dev/$dev | egrep -q 'partition table|boot sector'; then - /usr/sbin/sfdisk -d /dev/$dev >> $backup_dir/$today/system/partition-table_$dev.txt + /usr/sbin/sfdisk -d /dev/$dev >> $backup_dir/$today/audit/partition-table_$dev.txt fi done -## end of system ## +## end of audit ## {% if backup_mysql_enabled is sameas true %} ## mysql ## @@ -58,11 +63,23 @@ mysql_databases=`/usr/bin/mysql -e "SHOW DATABASES;" | grep -Ev "(Database|infor mkdir -p $backup_dir/$today/mysql for db in $mysql_databases; - do mysqldump -e -q -Q --lock-tables $db | gzip -c > $backup_dir/$today/mysql/dump_$db.sql.gz; + do mysqldump -e -q -Q --single-transaction $db | gzip -c > $backup_dir/$today/mysql/dump_$db.sql.gz; done ## end of mysql ## {% endif %} +{% if backup_mariadb_enabled is sameas true %} +## mariadb ## +mariadb_databases=`/usr/bin/mariadb -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)"` + +mkdir -p $backup_dir/$today/mariadb + +for db in $mariadb_databases; + do mariadb-dump -e -q -Q --single-transaction $db | gzip -c > $backup_dir/$today/mariadb/dump_$db.sql.gz; +done +## end of mariadb ## +{% endif %} + {% if backup_pgsql_enabled is sameas true %} ## postgresql ## pg_port={{ backup_pg_port | default('5432') }} @@ -83,26 +100,31 @@ sudo su - postgres -c "/usr/bin/pg_dumpall --roles-only > $backup_dir/$today/pos find $backup_dir -type d -ctime +$backup_local_retention -exec rm -rf {} \; ## send to PBS ## -/usr/bin/proxmox-backup-client backup slash.pxar:/ \ +/usr/bin/proxmox-backup-client backup \ {% if backup_host_id is defined %} --backup-id {{ backup_host_id }} \ {% endif %} -{% if backup_path_include is defined %} -{% for item in backup_path_include %} -{% if item.fs_mount is defined %}--include-dev {{ item.path }} \{% endif %} -{% endfor %} -{% endif %} {% if backup_exclude is defined %} {% for item in backup_exclude %} --exclude {{ item }} \ {% endfor %} {% endif %} +etc.pxar:/etc \ +audit.pxar:$backup_dir/today/audit \ +{% if backup_path_include is defined %} +{% for item in backup_path_include %} +{{ item | regex_replace('^/', '') | replace('/', '_') }}.pxar:{{ item }} \ +{% endfor %} +{% endif %} {% if backup_pgsql_enabled is sameas true %} postgresql.pxar:$backup_dir/$today/postgresql \ {% endif %} {% if backup_mysql_enabled is sameas true %} mysql.pxar:$backup_dir/$today/mysql \ {% endif %} +{% if backup_mariadb_enabled is sameas true %} +mariadb.pxar:$backup_dir/$today/mariadb \ +{% endif %} --rate ${PBS_RATE} ## end of send to PBS ## diff --git a/templates/pxarexclude.j2 b/templates/pxarexclude.j2 index cf5ec15..dd63d40 100644 --- a/templates/pxarexclude.j2 +++ b/templates/pxarexclude.j2 @@ -6,6 +6,6 @@ {% endif %} {% if backup_path_include is defined %} {% for item in backup_path_include %} -!{{ item.path }} +!{{ item }} {% endfor %} {% endif %}