home/hypervisors
Archived
2
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

move to snapshots-based backups

Browse source
This commit is contained in:
Pim Kunis 2023-06-17 12:54:41 +02:00
parent 04becbb99d
commit feb29ed0bf
14 changed files with 65 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
ansible/dmz.conf.j2
View file

@ -1,10 +1,5 @@
auto enp3s0.30 auto enp3s0.30
{% if dmz_interface.enabled %}
iface enp3s0.30 inet dhcp
hwaddress ether {{ dmz_interface.mac }}
{% else %}
iface enp3s0.30 inet manual iface enp3s0.30 inet manual
{% endif %}
iface enp3s0.30 inet6 auto iface enp3s0.30 inet6 auto
accept_ra 0 accept_ra 0
dhcp 0 dhcp 0

50
ansible/hypervisors.yml
View file

@ -1,5 +1,6 @@
--- ---
- hosts: hypervisors - name: Prepare physical machines
hosts: hypervisors
handlers: handlers:
- name: enable interfaces - name: enable interfaces
@ -7,6 +8,13 @@
cmd: ifup -a cmd: ifup -a
pre_tasks: pre_tasks:
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"
- name: Set timezone - name: Set timezone
timezone: timezone:
name: Europe/Amsterdam name: Europe/Amsterdam
@ -17,20 +25,6 @@
state: directory state: directory
mode: og=rwx mode: og=rwx
roles:
- {role: setup_apt, tags: setup_apt}
- {role: libvirt, tags: libvirt}
- hosts: atlas
roles:
- {role: postgresql, tags: postgresql}
- {role: ssh_ca, tags: ssh_ca}
- {role: wireguard, tags: wireguard}
- hosts: hypervisors
pre_tasks:
- name: Copy interfaces configuration - name: Copy interfaces configuration
template: template:
src: dmz.conf.j2 src: dmz.conf.j2
@ -42,17 +36,25 @@
cmd: ifup -a cmd: ifup -a
when: interfaces.changed when: interfaces.changed
- name: Delete externally managed environment file roles:
shell: - {role: setup_apt, tags: setup_apt}
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED" - {role: libvirt, tags: libvirt}
register: rm
changed_when: "rm.rc == 0" - name: Setup special services
failed_when: "false" hosts: atlas
roles:
- {role: postgresql, tags: postgresql}
- {role: ssh_ca, tags: ssh_ca}
- {role: wireguard, tags: wireguard}
- hosts: hypervisors
roles: roles:
- {role: ssh_ca_known_hosts, tags: ssh_ca_known_hosts} - {role: ssh_ca_known_hosts, tags: ssh_ca_known_hosts}
- {role: deploy_ssh_certificates, tags: deploy_ssh_certificates} - {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}
# - hosts: atlas, jefke - name: Enable backups
# roles: hosts: lewis
# - {role: borg, tags: borg} roles:
- {role: borg, tags: borg}

2
ansible/inventory/host_vars/atlas/main.yml
View file

@ -1,2 +0,0 @@
dmz_interface:
enabled: false

2
ansible/inventory/host_vars/jefke/main.yml
View file

@ -1,2 +0,0 @@
dmz_interface:
enabled: false

1
ansible/inventory/host_vars/lewis/apt.yml
View file

@ -3,3 +3,4 @@ apt_install_packages:
- libvirt-daemon-system - libvirt-daemon-system
- sudo - sudo
- bridge-utils - bridge-utils
- borgmatic

3
ansible/inventory/host_vars/lewis/main.yml
View file

@ -1,3 +0,0 @@
dmz_interface:
enabled: true
mac: "ca:fe:c0:ff:ee:0b"

0
ansible/roles/borg/files/backup.service → ansible/roles/borg/backup.service
View file

0
ansible/roles/borg/files/backup.timer → ansible/roles/borg/backup.timer
View file

17
ansible/roles/borg/backup.yml Normal file
View file

@ -0,0 +1,17 @@
location:
source_directories:
- /mnt/thecloud
repositories:
- /mnt/backups/share
retention:
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
hooks:
before_everything:
- virsh snapshot-create-as --domain tf-thecloud --name backup-thecloud --disk-only --quiesce --no-metadata --diskspec vda,snapshot=no --diskspec vdb,file=/kvm/snapshots/thecloud.qcow2
- guestmount -a /kvm/snapshots/thecloud.qcow2 -m /dev/sda1 --ro /mnt/thecloud
after_everything:
- guestunmount /mnt/thecloud && sleep 1
- virsh blockcommit tf-thecloud vdb --active --verbose --pivot
- rm /kvm/snapshots/thecloud.qcow2

3
ansible/roles/borg/files/start_vms.sh
View file

@ -1,3 +0,0 @@
#!/bin/bash
for i in $(virsh list --all --name --autostart); do virsh start "$i"; done

9
ansible/roles/borg/files/stop_vms.sh
View file

@ -1,9 +0,0 @@
#!/bin/bash
for i in $(virsh list --state-running --name --autostart); do
virsh shutdown "$i"
echo Stopping domain "$i"
until virsh domstate "$i" | grep shut; do
sleep 0.5
done
done

30
ansible/roles/borg/tasks/main.yml
View file

@ -1,3 +1,13 @@
- name: Create snapshots directory
file:
path: /kvm/snapshots
state: directory
- name: Create backup mountpoint
file:
path: /mnt/thecloud
state: directory
- name: Install Borg - name: Install Borg
apt: apt:
pkg: pkg:
@ -9,31 +19,19 @@
name: apprise name: apprise
- name: Copy Borgmatic script - name: Copy Borgmatic script
template: copy:
src: "{{ role_path }}/templates/backup.yml.j2" src: "{{ role_path }}/backup.yml"
dest: /root/backup.yml dest: /root/backup.yml
- name: Copy start_vms.sh
copy:
src: "{{ role_path }}/files/start_vms.sh"
dest: /root/start_vms.sh
mode: preserve
- name: Copy stop_vms.sh
copy:
src: "{{ role_path }}/files/stop_vms.sh"
dest: /root/stop_vms.sh
mode: preserve
- name: Copy systemd backup unit - name: Copy systemd backup unit
copy: copy:
src: "{{ role_path }}/files/backup.service" src: "{{ role_path }}/backup.service"
dest: /etc/systemd/system/backup.service dest: /etc/systemd/system/backup.service
notify: systemd daemon reload notify: systemd daemon reload
- name: Copy systemd backup timer - name: Copy systemd backup timer
copy: copy:
src: "{{ role_path }}/files/backup.timer" src: "{{ role_path }}/backup.timer"
dest: /etc/systemd/system/backup.timer dest: /etc/systemd/system/backup.timer
notify: systemd daemon reload notify: systemd daemon reload

28
ansible/roles/borg/templates/backup.yml.j2
View file

@ -1,28 +0,0 @@
# vi: ft=yaml
location:
source_directories:
- /data
repositories:
- 'ssh://root@lewis.hyp/mnt/backups/hosts/{{ ansible_hostname }}'
retention:
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
storage:
unknown_unencrypted_repo_access_is_ok: true
relocated_repo_access_is_ok: true
hooks:
before_everything:
- 'apprise --body="{{ ansible_hostname }}: Stopping VMs" {{ apprise_url }} || true'
- /root/stop_vms.sh
- 'apprise --body="{{ ansible_hostname }}: Stopped VMs" {{ apprise_url }} || true'
after_everything:
- 'apprise --body="{{ ansible_hostname }}: Starting VMs" {{ apprise_url }} || true'
- /root/start_vms.sh
- 'apprise --body="{{ ansible_hostname }}: Started VMs" {{ apprise_url }} || true'
before_backup:
- 'apprise --body="{{ ansible_hostname }}: Performing backup" {{ apprise_url }} || true'
after_backup:
- 'apprise --body="{{ ansible_hostname }}: Backup done" {{ apprise_url }} || true'
on_error:
- 'apprise --body="{{ ansible_hostname }}: Backup error" {{ apprise_url }} || true'

7
terraform/main.tf
View file

@ -151,6 +151,13 @@ resource "libvirt_pool" "init_lewis" {
provider = libvirt.lewis provider = libvirt.lewis
} }
resource "libvirt_pool" "data_lewis" {
name = "data"
type = "dir"
path = "/kvm/data"
provider = libvirt.lewis
}
resource "libvirt_volume" "ubuntu_jammy_lewis" { resource "libvirt_volume" "ubuntu_jammy_lewis" {
name = "ubuntu-jammy.img" name = "ubuntu-jammy.img"
pool = "iso" pool = "iso"