move to snapshots-based backups

2023-06-17 12:54:41 +02:00 · 2023-06-17 12:54:41 +02:00 · feb29ed0bf
commit feb29ed0bf
parent 04becbb99d
14 changed files with 65 additions and 92 deletions
--- a/ansible/dmz.conf.j2
+++ b/ansible/dmz.conf.j2
@ -1,10 +1,5 @@
 auto enp3s0.30
-{% if dmz_interface.enabled %}
-iface enp3s0.30 inet dhcp
-	hwaddress ether {{ dmz_interface.mac }}
-{% else %}
 iface enp3s0.30 inet manual
-{% endif %}
 iface enp3s0.30 inet6 auto
 	accept_ra 0
 	dhcp 0
--- a/ansible/hypervisors.yml
+++ b/ansible/hypervisors.yml
@ -1,5 +1,6 @@
 ---
- hosts: hypervisors
+- name: Prepare physical machines
+  hosts: hypervisors

  handlers:
    - name: enable interfaces
@ -7,6 +8,13 @@
        cmd: ifup -a

  pre_tasks:
+    - name: Delete externally managed environment file
+      shell:
+        cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
+      register: rm
+      changed_when: "rm.rc == 0"
+      failed_when: "false"
+
    - name: Set timezone
      timezone:
        name: Europe/Amsterdam
@ -17,20 +25,6 @@
        state: directory
        mode: og=rwx

-  roles:
-    - {role: setup_apt, tags: setup_apt}
-    - {role: libvirt, tags: libvirt}
-
- hosts: atlas
-
-  roles:
-    - {role: postgresql, tags: postgresql}
-    - {role: ssh_ca, tags: ssh_ca}
-    - {role: wireguard, tags: wireguard}
-
- hosts: hypervisors
-
-  pre_tasks:
    - name: Copy interfaces configuration
      template:
        src: dmz.conf.j2
@ -42,17 +36,25 @@
        cmd: ifup -a
      when: interfaces.changed

-    - name: Delete externally managed environment file
-      shell:
-        cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
-      register: rm
-      changed_when: "rm.rc == 0"
-      failed_when: "false"
+  roles:
+    - {role: setup_apt, tags: setup_apt}
+    - {role: libvirt, tags: libvirt}
+
+- name: Setup special services
+  hosts: atlas
+
+  roles:
+    - {role: postgresql, tags: postgresql}
+    - {role: ssh_ca, tags: ssh_ca}
+    - {role: wireguard, tags: wireguard}
+
+- hosts: hypervisors

  roles:
    - {role: ssh_ca_known_hosts, tags: ssh_ca_known_hosts}
    - {role: deploy_ssh_certificates, tags: deploy_ssh_certificates}

-# - hosts: atlas, jefke
-#   roles:
-#     - {role: borg, tags: borg}
+- name: Enable backups
+  hosts: lewis
+  roles:
+    - {role: borg, tags: borg}
--- a/ansible/inventory/host_vars/atlas/main.yml
+++ b/ansible/inventory/host_vars/atlas/main.yml
@ -1,2 +0,0 @@
-dmz_interface:
-  enabled: false
--- a/ansible/inventory/host_vars/jefke/main.yml
+++ b/ansible/inventory/host_vars/jefke/main.yml
@ -1,2 +0,0 @@
-dmz_interface:
-  enabled: false
--- a/ansible/inventory/host_vars/lewis/apt.yml
+++ b/ansible/inventory/host_vars/lewis/apt.yml
@ -3,3 +3,4 @@ apt_install_packages:
  - libvirt-daemon-system
  - sudo
  - bridge-utils
+  - borgmatic
--- a/ansible/inventory/host_vars/lewis/main.yml
+++ b/ansible/inventory/host_vars/lewis/main.yml
@ -1,3 +0,0 @@
-dmz_interface:
-  enabled: true
-  mac: "ca:fe:c0:ff:ee:0b"
--- a/ansible/roles/borg/files/backup.service
+++ b/ansible/roles/borg/files/backup.service
--- a/ansible/roles/borg/files/backup.timer
+++ b/ansible/roles/borg/files/backup.timer
--- a/ansible/roles/borg/backup.yml
+++ b/ansible/roles/borg/backup.yml
@ -0,0 +1,17 @@
+location:
+  source_directories:
+    - /mnt/thecloud
+  repositories:
+    - /mnt/backups/share
+retention:
+  keep_daily: 7
+  keep_weekly: 4
+  keep_monthly: 6
+hooks:
+  before_everything:
+    - virsh snapshot-create-as --domain tf-thecloud --name backup-thecloud --disk-only --quiesce --no-metadata --diskspec vda,snapshot=no --diskspec vdb,file=/kvm/snapshots/thecloud.qcow2
+    - guestmount -a /kvm/snapshots/thecloud.qcow2 -m /dev/sda1 --ro /mnt/thecloud
+  after_everything:
+    - guestunmount /mnt/thecloud && sleep 1
+    - virsh blockcommit tf-thecloud vdb --active --verbose --pivot
+    - rm /kvm/snapshots/thecloud.qcow2
--- a/ansible/roles/borg/files/start_vms.sh
+++ b/ansible/roles/borg/files/start_vms.sh
@ -1,3 +0,0 @@
-#!/bin/bash
-
-for i in $(virsh list --all --name --autostart); do virsh start "$i"; done
--- a/ansible/roles/borg/files/stop_vms.sh
+++ b/ansible/roles/borg/files/stop_vms.sh
@ -1,9 +0,0 @@
-#!/bin/bash
-
-for i in $(virsh list --state-running --name --autostart); do
-	virsh shutdown "$i"
-	echo Stopping domain "$i"
-	until virsh domstate "$i" | grep shut; do
-		sleep 0.5
-	done
-done
--- a/ansible/roles/borg/tasks/main.yml
+++ b/ansible/roles/borg/tasks/main.yml
@ -1,3 +1,13 @@
+- name: Create snapshots directory
+  file:
+    path: /kvm/snapshots
+    state: directory
+
+- name: Create backup mountpoint
+  file:
+    path: /mnt/thecloud
+    state: directory
+
 - name: Install Borg
  apt:
    pkg:
@ -9,31 +19,19 @@
    name: apprise

 - name: Copy Borgmatic script
-  template:
-    src: "{{ role_path }}/templates/backup.yml.j2"
+  copy:
+    src: "{{ role_path }}/backup.yml"
    dest: /root/backup.yml

- name: Copy start_vms.sh
-  copy:
-    src: "{{ role_path }}/files/start_vms.sh"
-    dest: /root/start_vms.sh
-    mode: preserve
-
- name: Copy stop_vms.sh
-  copy:
-    src: "{{ role_path }}/files/stop_vms.sh"
-    dest: /root/stop_vms.sh
-    mode: preserve
-
 - name: Copy systemd backup unit
  copy:
-    src: "{{ role_path }}/files/backup.service"
+    src: "{{ role_path }}/backup.service"
    dest: /etc/systemd/system/backup.service
  notify: systemd daemon reload

 - name: Copy systemd backup timer
  copy:
-    src: "{{ role_path }}/files/backup.timer"
+    src: "{{ role_path }}/backup.timer"
    dest: /etc/systemd/system/backup.timer
  notify: systemd daemon reload

--- a/ansible/roles/borg/templates/backup.yml.j2
+++ b/ansible/roles/borg/templates/backup.yml.j2
@ -1,28 +0,0 @@
-# vi: ft=yaml
-location:
-  source_directories:
-    - /data
-  repositories:
-    - 'ssh://root@lewis.hyp/mnt/backups/hosts/{{ ansible_hostname }}'
-retention:
-  keep_daily: 7
-  keep_weekly: 4
-  keep_monthly: 6
-storage:
-  unknown_unencrypted_repo_access_is_ok: true
-  relocated_repo_access_is_ok: true
-hooks:
-  before_everything:
-    - 'apprise --body="{{ ansible_hostname }}: Stopping VMs" {{ apprise_url }} || true'
-    - /root/stop_vms.sh
-    - 'apprise --body="{{ ansible_hostname }}: Stopped VMs" {{ apprise_url }} || true'
-  after_everything:
-    - 'apprise --body="{{ ansible_hostname }}: Starting VMs" {{ apprise_url }} || true'
-    - /root/start_vms.sh
-    - 'apprise --body="{{ ansible_hostname }}: Started VMs" {{ apprise_url }} || true'
-  before_backup:
-    - 'apprise --body="{{ ansible_hostname }}: Performing backup" {{ apprise_url }} || true'
-  after_backup:
-    - 'apprise --body="{{ ansible_hostname }}: Backup done" {{ apprise_url }} || true'
-  on_error:
-    - 'apprise --body="{{ ansible_hostname }}: Backup error" {{ apprise_url }} || true'
--- a/terraform/main.tf
+++ b/terraform/main.tf
@ -151,6 +151,13 @@ resource "libvirt_pool" "init_lewis" {
  provider = libvirt.lewis
 }

+resource "libvirt_pool" "data_lewis" {
+  name = "data"
+  type = "dir"
+  path = "/kvm/data"
+  provider = libvirt.lewis
+}
+
 resource "libvirt_volume" "ubuntu_jammy_lewis" {
  name   = "ubuntu-jammy.img"
  pool   = "iso"