Commit 4d7c5a9e authored by totten's avatar totten
Browse files

Merge branch 'master' of lab.civicrm.org:infra/ops

parents 4be2c47f ec6e099e
......@@ -21,6 +21,9 @@ preseed_ipv6_gateway: 2607:5300:0060:71ff:ff:ff:ff:ff
# ip route add 167.114.158.254 dev ens3
# ip route add default via 167.114.158.254 dev ens3
backups_exclude_extras:
- /srv/buildkit/build
logstash_forwarder_files:
- paths:
- /var/log/messages
......
......@@ -18,8 +18,30 @@ include = /var/lib/automysqlbackup
include = /var/www
include = /srv
exclude = /usr/local/promtail*
exclude = /var/aegir/backups
exclude = /var/aegir/platforms/*/sites/*/files/civicrm/templates_c
exclude = /var/aegir/platforms/*/sites/*/files/civicrm/ConfigAndLog
exclude = /var/aegir/platforms/*/sites/*/files/css
exclude = /var/aegir/platforms/*/sites/*/files/imagecache
exclude = /var/aegir/platforms/*/sites/*/files/js
exclude = /var/aegir/platforms/*/sites/*/files/styles
exclude = /var/aegir/platforms/*/sites/*/files/tmp
exclude = /var/aegir/platforms/*/sites/*/files/*.sql
exclude = /var/aegir/platforms/*/sites/*/files/*.sql.gz
exclude = /var/aegir/platforms/web/*/sites/*/files/civicrm/templates_c
exclude = /var/aegir/platforms/web/*/sites/*/files/civicrm/ConfigAndLog
exclude = /var/aegir/platforms/web/*/sites/*/files/css
exclude = /var/aegir/platforms/web/*/sites/*/files/imagecache
exclude = /var/aegir/platforms/web/*/sites/*/files/js
exclude = /var/aegir/platforms/web/*/sites/*/files/styles
exclude = /var/aegir/platforms/web/*/sites/*/files/tmp
exclude = /var/aegir/platforms/web/*/sites/*/files/*.sql
exclude = /var/aegir/platforms/web/*/sites/*/files/*.sql.gz
exclude = /var/aegir/hostmaster-7.x-*
{% if backups_exclude_extras is defined %}
# custom excludes from the ansible host_vars
{% for item in backups_exclude_extras %}
......
......@@ -30,16 +30,20 @@
- gitlab
- packages
# NB: coopsymbiotic/ops#63
# Backup of uploads is done separately, to reduce the size of the main tar
# (uploads are 50% of the 2GB tar).
- name: Configure Gitlab cron for backups.
cron:
name="gitlab-backup"
minute="20"
hour="22"
job="/opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1"
job="/opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1 SKIP=uploads"
cron_file="gitlab-backup"
user="root"
state=present
tags:
- gitlab
- gitlab-cron
## TODO:
......
......@@ -5,6 +5,7 @@ Includes:
* Installation of https://cytopia.github.io/mysqldump-secure/
* Included/patched in this repo, because by default it makes it hard to use /etc/mysql/debian.cnf
* Also patched to allow overwriting existing files, to avoid rdiff backup growth, and avoid need for tmpreaper.
* Configuration inspired from https://github.com/infOpen/ansible-role-mysql-backup/
Overview (assuming defaults):
......@@ -12,6 +13,4 @@ Overview (assuming defaults):
* MySQL dumps are stored in: /var/backups/mysql/
* The cron runs daily, around 20:30 because rdiff-backup runs at 21:00 (UTC)
* Runs using the Debian sys-maint (/etc/mysql/debian.cnf)
* Logs in: /var/log/mysql/mysqldump-secure.log
* TODO: log rotation?
* TODO: /var/log/mysql/mysqldump-secure.monitoring.log can be monitored by check_mysqldump-secure
* Logs in: /var/backups/mysqldump-secure.monitoring.log (monitored by Icinga)
......@@ -4661,20 +4661,21 @@ for db in ${DB_LIST_ALL}; do
DB_CNT_IGNORED=$((DB_CNT_IGNORED + 1))
DB_LIST_IGNORED="$( str_join "${DB_LIST_IGNORED}" "," "${db}" )"
#
# Main case 2 (file exists on disk)
#
elif [ -f "${DUMP_DIR}/${DUMP_FILE_PRE}${db}${ext}" ]; then
# Increment counters
DB_CNT_FAILED=$((DB_CNT_FAILED + 1))
MDS_FAIL_COUNT=$((MDS_FAIL_COUNT + 1))
# Add failed db to nagios log
DB_LIST_FAILED="$( str_join "${DB_LIST_FAILED}" "," "${db}" )"
debug "fatal" "(RUN): ${_cnt} Failed: ${db} cannot be written to disk (file exists: ${DUMP_DIR}/${DUMP_FILE_PRE}${db}${ext})" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}"
NAGIOS_EXIT_CODE="$(merge_exit_codes "${NAGIOS_EXIT_CODE}" 2)"
# [ML] SYMBIOTIC We keep the same file name to limit rdiff backup growth
# #
# # Main case 2 (file exists on disk)
# #
# elif [ -f "${DUMP_DIR}/${DUMP_FILE_PRE}${db}${ext}" ]; then
#
# # Increment counters
# DB_CNT_FAILED=$((DB_CNT_FAILED + 1))
# MDS_FAIL_COUNT=$((MDS_FAIL_COUNT + 1))
#
# # Add failed db to nagios log
# DB_LIST_FAILED="$( str_join "${DB_LIST_FAILED}" "," "${db}" )"
#
# debug "fatal" "(RUN): ${_cnt} Failed: ${db} cannot be written to disk (file exists: ${DUMP_DIR}/${DUMP_FILE_PRE}${db}${ext})" "${OUT_VERBOSITY}" "${LOG_VERBOSITY}" "${LOG_FILE}"
# NAGIOS_EXIT_CODE="$(merge_exit_codes "${NAGIOS_EXIT_CODE}" 2)"
#
# Main case 3 (dumping)
......
......@@ -3,16 +3,25 @@
# Based on:
# https://github.com/openmicroscopy/ansible-role-mysql-backup/
# Required to cleanup backups after 24h
- apt: name={{ item }} state=present install_recommends=no
with_items:
- tmpreaper
tags:
- mysqlbackup
- packages
# Not used now that we overwrite the previous backup with the same name.
# # Required to cleanup backups after 24h
# - apt: name={{ item }} state=present install_recommends=no
# with_items:
# - tmpreaper
# when: ansible_distribution == "Debian"
# tags:
# - mysqlbackup
# - packages
#
# - yum: name={{ item }} state=present
# with_items:
# - tmpwatch
# when: ansible_distribution == "CentOS"
# tags:
# - mysqlbackup
# - packages
- name: mysqlbackup | create backup directory
become: yes
file:
path: "{{ mysqlbackup_backupdir }}"
recurse: yes
......@@ -20,8 +29,16 @@
tags:
- mysqlbackup
- name: mysqlbackup | chgrp aegir if Aegir server
file:
path: "{{ mysqlbackup_backupdir }}"
owner: root
group: aegir
when: "'symbiotic-aegir-vm' in group_names"
tags:
- mysqlbackup
- name: mysqlbackup | create backup tmp directory
become: yes
file:
path: "{{ mysqlbackup_backupdir }}/tmp"
recurse: yes
......
......@@ -14,12 +14,17 @@ TMP_DIR="{{ mysqlbackup_backupdir }}/tmp"
# NOTE: Must be chmod 0400
MYSQL_CNF_FILE="{{ mysqlbackup_cnf_file }}"
# For Zimbra servers
if [ -d "/opt/zimbra/common/bin/" ]; then
PATH="$PATH:/opt/zimbra/common/bin/"
fi
# File/Folder permission of Target directory ($TARGET)
# and the actual dumped databases.
# If not otherwise needed, leave the
# protective secure default values
DUMP_DIR_CHMOD="700"
DUMP_FILE_CHMOD="400"
DUMP_DIR_CHMOD="750"
DUMP_FILE_CHMOD="440"
# mysqldump options
# --routines (Off by default)
......@@ -51,10 +56,10 @@ COMPRESS={{ mysqlbackup_mysqldump_compress_active }}
COMPRESS_BIN="gzip"
COMPRESS_EXT="gz"
COMPRESS_ARG="-6"
COMPRESS_ARG="-6 --rsyncable"
# The script is whiny if these defaults aren't set.
DUMP_FILE_PRE="$(date '+%Y-%m-%d')_"
DUMP_FILE_PRE="db_"
MYSQL_OPTS_QUICK_MIN_SIZE=200
CONSISTENT_DUMP_ONLY_INNODB=1
CONSISTENT_DUMP_NO_INNODB=1
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment