Ansible role making simple encrypted backups into S3 using systemd timers and a script
Create encrypted backups once a day and push them into S3.
Last 14 versions will be kept.
In order to work properly you must specify following variables:
s3_backup_access_key (string)s3_backup_secret_key (string)s3_backup_configs (complex)S3 Endpoint must support SSE-C.
| Variable | Type | Default | Description |
|---|---|---|---|
s3_backup_region |
string | us-east-1 |
Default region |
s3_backup_endpoint |
string | s3.amazonaws.com |
Endpoint to connect to. Works with S3-Compatible endpoinds as well (At least cephs rados s3) |
s3_backup_access_key |
string | “” | Access Key |
s3_backup_secret_key |
string | “” | Secret Key |
s3_backup_credentials |
dict | { aws_access_key_id: “{{ s3_backup_access_key }}”, aws_secret_access_key: “{{ s3_backup_secret_key }}” } | Wrapper for writing access and secret key into credentials config |
s3_backup_configs |
complex | {} | Configuration for Backups. Each element must contain name, src, dst, key. See Example Playbook |
None so far…
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: serversvars:s3_backup_access_key: AAABBBCCCs3_backup_secret_key: DDDEEEFFFs3_backup_configs:- name: gitlab-configsrc: /etc/gitlab/dst: gitlab-configkey: abcdefgh12345678abcdefgh12345678- name: icinga2-casrc: /var/lib/icinga2/ca/dst: icinga2-cakey: abcdefgh12345678abcdefgh12345678roles:- derJD.s3_backup
BSD
An optional section for the role authors to include contact information, or a website (HTML is not allowed).