File tree Expand file tree Collapse file tree 4 files changed +38
-15
lines changed
ansible/roles/mongo-backup-service Expand file tree Collapse file tree 4 files changed +38
-15
lines changed Original file line number Diff line number Diff line change 89
89
uses : dawidd6/action-ansible-playbook@v2.8.0
90
90
env :
91
91
ANSIBLE_TIMEOUT : 60
92
+ DO_SPACES_ACCESS_ID : ${{ secrets.DO_SPACES_ACCESS_ID }}
93
+ DO_SPACES_ACCESS_KEY : ${{ secrets.DO_SPACES_ACCESS_KEY }}
92
94
with :
93
95
playbook : setup.yaml
94
96
directory : ansible
Original file line number Diff line number Diff line change 1
1
#! /usr/bin/env bash
2
2
3
- mongodump --gzip --archive= dump.gz
3
+ filename= " dump- $( date ' +%Y%m%d%H%M%S ' ) .gz"
4
4
5
+ mongodump --gzip --archive=" ${filename} "
6
+
7
+ export AWS_ACCESS_KEY_ID=$( jq -r ' .id' < " ${CREDENTIALS_DIRECTORY} /do_access_secret)"
8
+ export AWS_SECRET_ACCESS_KEY=$( jq -r ' .key' < " ${CREDENTIALS_DIRECTORY} /do_access_secret" )
9
+
10
+ s3cmd --host=" fra1.digitaloceanspaces.com" \
11
+ --host-bucket=" %(bucket)s.fra1.digitaloceanspaces.com" \
12
+ put dump.gz s3://backups-roadmapsh-kzwolenik95/
13
+
14
+ rm " ${filename} "
Original file line number Diff line number Diff line change 3
3
name : s3cmd
4
4
state : present
5
5
6
- # - name: Encrypt secret
7
- # community.general.systemd_creds_encrypt:
8
- # name: do_access_key
9
- # not_after: +48hr
10
- # secret: "{{ do_access_key }}"
11
- # register: encrypted_secret
6
+ - name : Encrypt secret
7
+ community.general.systemd_creds_encrypt :
8
+ name : do_access_secret
9
+ secret : |
10
+ {
11
+ "id": {{ lookup('ansible.builtin.env', 'DO_SPACES_ACCESS_ID') }},
12
+ "key": {{ lookup('ansible.builtin.env', 'DO_SPACES_ACCESS_KEY') }}
13
+ }
14
+ register : do_access_secret
12
15
13
16
- name : Copy script to remote server
14
17
ansible.builtin.copy :
17
20
owner : ubuntu
18
21
mode : " 0700"
19
22
20
- - name : Copy python scripts to remote server
23
+ - name : Create service unit
24
+ ansible.builtin.template :
25
+ src : templates/mongo-backup.service.j2
26
+ dest : /etc/systemd/system/mongo-backup.service
27
+ owner : root
28
+ group : root
29
+ mode : " 0644"
30
+ vars :
31
+ s3-secret : " {{ do_access_secret }}"
32
+
33
+ - name : Create timer unit
21
34
ansible.builtin.copy :
22
- src : " {{ item }} "
35
+ src : mongo-backup.timer
23
36
dest : /etc/systemd/system/
24
- owner : ubuntu
37
+ owner : root
38
+ group : root
25
39
mode : " 0644"
26
- with_fileglob :
27
- - " files/mongo-backup*"
28
40
29
41
- name : Enable mongo-backup.service
30
42
ansible.builtin.systemd_service :
Original file line number Diff line number Diff line change @@ -3,10 +3,9 @@ Description=Mongodb backup
3
3
4
4
[Service]
5
5
Type=oneshot
6
- LoadCredentialEncrypted =do_access_key:/etc/secrets/do_access_key.cred
7
- ExecStart =/usr/local/bin/mongo-backup/backup-to-digitalocean-bucket.py
6
+ {{ s3-secret }}
7
+ ExecStart=/usr/local/bin/mongo-backup/backup-to-digitalocean-bucket.sh
8
8
WorkingDirectory=/usr/local/bin/mongo-backup/
9
- RemainAfterExit =yes
10
9
11
10
[Install]
12
11
WantedBy=multi-user.target
You can’t perform that action at this time.
0 commit comments