diff options
Diffstat (limited to 'baserock_database/instance-backup-config.yml')
-rw-r--r-- | baserock_database/instance-backup-config.yml | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/baserock_database/instance-backup-config.yml b/baserock_database/instance-backup-config.yml deleted file mode 100644 index d04e809b..00000000 --- a/baserock_database/instance-backup-config.yml +++ /dev/null @@ -1,29 +0,0 @@ -# Instance backup configuration for the baserock.org database. ---- -- hosts: database-mariadb - gather_facts: false - sudo: yes - vars: - FRONTEND_IP: 192.168.222.143 - tasks: - - name: pyyaml for Python 2 - dnf: PyYAML state=latest - - - name: backup-snapshot script - copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 - - - name: backup-snapshot config - copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf - - # We need to give the backup automation 'root' access, because it needs to - # manage system services, LVM volumes, and mounts, and because it needs to - # be able to read private data. The risk of having the backup key - # compromised is mitigated by only allowing it to execute the - # 'backup-snapshot' script, and limiting the hosts it can be used from. - - name: access for backup SSH key - authorized_key: - user: root - key: "{{ lookup('file', '../keys/backup.key.pub') }}" - # Quotes are important in this options, the OpenSSH server will reject - # the entry if the 'from' or 'command' values are not quoted. - key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' |