This role follow a very strict pattern for backup:
- Run a shell script to generate the backup artifacts and store then in
/data/backup
- Encrypt the backups using the GPG key already installed
- Upload the encrypted backup to S3
- Delete all local copies
If something fails, the backup stop as is, so you can manually recover.
The backup folder is cleaned BEFORE the backup, so don't store important things there.
The tasks run after the roles on the demo playbook, keep that in mind.
backup_script
- The backup script as text (You can put directly the shell script on the variable)gpg_email
- Respective email to use as in (--recipient
) for GPG encriptionbucket
- Bucket name for uploading the filefolder
- Inside the bucket, which folder you will store your files
As obvious, you need your AWS id and secret to perform the uploads to S3, these follow Ansible standards.
- hosts: all
vars:
backup_script:
echo nothing > /data/backup/backup_$(date)
echo nothing2 > /data/backup/backup2_$(date)
gpg_email: [email protected]
bucket: backups
folder: demo
tasks:
- name: My things
debug: msg="Some additional task here"
roles:
- opsxcq.host_backup
- src: git+https://github.com/opsxcq/ansible-role-host-backup.git
name: "opsxcq.host_backup"