backups_role/tasks/restore-to-controller.yml at 4e9d14de0ea9c81f74acaeda1c07d42a925f9b2e · coopdevs/backups_role · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
---
- name: "Prepare ansible's environment"
  block:

  - name: Ensure that this set of tasks are running locally
    assert:
      that: ansible_connection == "local"
      fail_msg: >
        This playbook is intended to be executed in controller machine,
        but is running somewhere else.

        Please refer to the README of this role to see an example of how to use this tasklist.
      success_msg: Connection is local

  - name: Define working path based on current directory
    set_fact:
      work_path: "{{ lookup('env','PWD') }}/backup-restore"

  tags:
  - install
  - restore

- name: Install restic and its environment
  block:

  - name: Ensure working directory exists
    file:
      state: 'directory'
      path: '{{ work_path }}'

  - name: Configure restic
    import_role:
      name: coopdevs.ansible_restic
      tasks_from: preflight.yml

  - name: Install restic using restic-role
    import_role:
      name: coopdevs.ansible_restic
      tasks_from: install.yml
    vars:
    - restic_install_path: "{{ work_path }}"
    become: yes

  - name: Ensure directory for snapshot restore exists at the controller
    file:
      path: "{{ work_path }}"
      state: directory
      mode: 0775

  - name: Render script template that wraps restic with credentials
    template:
      src: 'coopdevs.ansible_restic/templates/restic.helper.j2'
      dest: "{{ work_path }}/restic-{{ backups_role_restic_repo_name }}"
      mode: '0750'
    no_log: true
    with_items: [ "{{ backups_role_restic_repo  }}" ]

  # block "Install restic and its environment"
  tags:
  - install
  - restore

- name: Restore last snapshot and remove secrets
  block:

  - name: Restore last backup for this restic repo
    command: "{{ work_path }}/restic-{{ backups_role_restic_repo_name }} restore latest --target {{ work_path }}/restored"

  - name: Safely delete restic wrapper with secrets
    block:
    - name: "Shred restic's wrapper script to make secrets unrecoverable"
      command: "shred {{ work_path }}/restic-{{ backups_role_restic_repo_name }}"
    - name: Remove already shredded wrapper script
      file:
        path: "{{ work_path }}/restic-{{ backups_role_restic_repo_name }}"
        state: absent

  # block: "Restore last snapshot and remove secrets"
  tags:
  - restore