diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml index 0f17e99..208ae27 100644 --- a/inventory/group_vars/all.yml +++ b/inventory/group_vars/all.yml @@ -6,21 +6,21 @@ ansible_pull_commit: rewrite common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible" # For backups -backup_s3backup_bucket: !vault | +backup_s3_bucket: !vault | $ANSIBLE_VAULT;1.1;AES256 61393939633736616361336162633564356434363963303737366236373332653265366132393439 3333643463306561616261636466303631373866353962310a356561633833633533353937323265 64656235616637366363323330346134656366663733393462346333613535633838333938653434 6133326433613239650a386333626339363263323134313830353963326265666336306130656534 6534 -backup_s3backup_aws_access_key_id: !vault | +backup_s3_aws_access_key_id: !vault | $ANSIBLE_VAULT;1.1;AES256 61353734383466366564333832643738313238666235336332303539383639626263633231396261 6165393062393266343661643466633163383164383032340a333833656566336331323565386162 35646665353539616538353339616531346564636466643639326366353165313861373761396537 3731653463643838330a383065313135343763636534656133343666363237356462326236643631 34366564373661396434663633346635663331393538363362376265653334623538 -backup_s3backup_aws_secret_access_key: !vault | +backup_s3_aws_access_key_id: !vault | $ANSIBLE_VAULT;1.1;AES256 64316231613337333231383837333930336561633164393762343838646136393165626361346637 3364643830346533623137643530323438366665393632320a633032336664616261353734343661 diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index 53d3e46..460a2c4 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -7,6 +7,12 @@ backup_time: "*-*-* 02:00:00" # So January 5th, 2021 at 3:41PM would be 2021-01-05-1541 backup_dateformat: "%Y-%m-%d-%H%M" +# For S3-enabled scripts, which bucket to upload the backup to +backup_s3_bucket: replaceme +# Credentials for the bucket +backup_s3_aws_access_key_id: REPLACEME +backup_s3_aws_access_key_id: REPLACEME + # List of files/directories to back up # Note that tar is NOT instructed to recurse through symlinks # If you want it to do that, end the path with a slash! @@ -16,8 +22,3 @@ backup_s3backup_list_extra: [] # Note that passing f here is probably a bad idea backup_s3backup_tar_args: cz backup_s3backup_tar_args_extra: "" -# Which bucket to upload the backup to -backup_s3backup_bucket: replaceme -# Credentials for the bucket -backup_s3backup_aws_access_key_id: REPLACEME -backup_s3backup_aws_secret_access_key: REPLACEME diff --git a/roles/backup/templates/s3backup.sh b/roles/backup/templates/s3backup.sh index dac8b7c..adf525f 100644 --- a/roles/backup/templates/s3backup.sh +++ b/roles/backup/templates/s3backup.sh @@ -37,8 +37,8 @@ DIRS+=("{{ item }}") # AWS S3 configuration # NOTE: THIS IS SECRET INFORMATION -export AWS_ACCESS_KEY_ID="{{ backup_s3backup_aws_access_key_id }}" -export AWS_SECRET_ACCESS_KEY="{{ backup_s3backup_aws_secret_access_key }}" +export AWS_ACCESS_KEY_ID="{{ backup_s3_aws_access_key_id }}" +export AWS_SECRET_ACCESS_KEY="{{ backup_s3_aws_access_key_id }}" # Tar up all items in the backup list, recursively, and pipe them straight # up to S3 @@ -50,8 +50,8 @@ echo "Commencing backup on the following items:" for dir in "${DIRS[@]}"; do echo "- $dir" done -echo "Will upload resultant backup to {{ backup_s3backup_bucket }}" +echo "Will upload resultant backup to {{ backup_s3_bucket }}" nice -n 10 tar {{ backup_s3backup_tar_args }}{{ backup_s3backup_tar_args_extra }} "${DIRS[@]}" \ | aws s3 cp - \ - "s3://{{ backup_s3backup_bucket }}/{{ inventory_hostname_short }}/$(date "+{{ backup_dateformat }}").tar.gz" + "s3://{{ backup_s3_bucket }}/{{ inventory_hostname_short }}/$(date "+{{ backup_dateformat }}").tar.gz"