library/roles/mysql: better backup script. Now supports nagios and a retain interval.

library/roles/iptables: special case for ldap. library/roles/openldap-server: first bits of a openldap role
2015-07-14 00:30:49 +02:00 · 2015-07-14 00:30:49 +02:00 · e1180b39a7
parent d222d0cfdc
commit e1180b39a7
6 changed files with 110 additions and 34 deletions
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@ -74,6 +74,22 @@
 -A INPUT -p tcp -m tcp --dport {{ mysql_db_port }} -j DROP
 {% endif %}

+{% if openldap_slapd_tcp_port is defined %}
+{% if openldap_allowed_clients is defined %}
+{% for addr in openldap_allowed_clients %}
+{% if not openldap_slapd_ssl_only %}
+-A INPUT -m state --state NEW -s {{ addr }} -p tcp -m tcp --dport {{ openldap_slapd_tcp_port }} -j ACCEPT
+{% endif %}
+-A INPUT -m state --state NEW -s {{ addr }} -p tcp -m tcp --dport {{ openldap_slapd_ssl_port }} -j ACCEPT
+{% endfor %}
+{% else %}
+{% if not openldap_slapd_ssl_only %}
+-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ openldap_slapd_tcp_port }} -j ACCEPT
+{% endif %}
+-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ openldap_slapd_ssl_port }} -j ACCEPT
+{% endif %}
+{% endif %}
+
 {% if mongodb_allowed_hosts is defined %}
 # mongodb clients
 {% for ip in mongodb_allowed_hosts %}
--- a/mysql/defaults/main.yml
+++ b/mysql/defaults/main.yml
@ -3,6 +3,8 @@ mysql_enabled: True
 mysql_pkg_state: present
 mysql_conf_dir: /etc/mysql/conf.d
 mysql_socket: /var/run/mysqld/mysqld.sock
+mysql_data_dir: /var/lib/mysql
+mysql_log_dir: /var/log/mysql

 # python-mysqldb is needed by ansible to manage users and databases
 mysql_packages_list:
@ -36,3 +38,9 @@ mysql_listen_on_ext_int: False
 #mysql_db_data:
 #  - { name: '{{ mysql_db_name }}', collation: '{{ mysql_default_collation }}', encoding: '{{ mysql_default_encoding }}', user: '{{ mysql_db_user }}', pwd: '{{ mysql_db_pwd }}', user_grant: 'ALL', allowed_hosts: [ 'localhost', 'yyy.yyy.yyy.yyy/32' ] }

+mysql_backup_use_nagios: False
+mysql_backup_logdir: '{{ mysql_log_dir }}'
+mysql_backup_logfile: '{{ mysql_backup_logdir }}/my_backup.log'
+mysql_backup_retain_copies: 15
+mysql_backup_destdir: /var/lib/mysql-backup
+
--- a/mysql/files/mysql-backup.sh
+++ b/mysql/files/mysql-backup.sh
@ -1,41 +1,82 @@
-#!/bin/sh
+#!/bin/bash
+
+RETVAL=0
+
+MY_BACKUP_USE_NAGIOS="False"
+MY_BACKUP_DIR=/var/lib/mysql-backup
+MY_DATA_DIR=/var/lib/mysql
+N_DAYS_TO_SPARE=7
+
+if [ -f /etc/default/mysql_backup ] ; then
+    . /etc/default/mysql_backup
+fi

 if [ ! -f /root/.my.cnf ] ; then
    exit 1
 fi

-MY_BACKUP_DIR=/var/lib/mysql-backup
 umask 0077
-MY_DATA_DIR=/var/lib/mysql
-LOCKFILE=$MY_DATA_DIR/.mysqldump.lock
-
+# Year month day - hour minute second
+SAVE_TIME=$( date +%Y%m%d-%H%M%S )
+TIMESTAMP=
+TIMESTAMP_LOG=$MY_BACKUP_DIR/.timestamp

 if [ ! -d $MY_BACKUP_DIR ] ; then
    mkdir -p $MY_BACKUP_DIR
 fi
-if [ ! -d $MY_BACKUP_DIR/log ] ; then
-    mkdir -p $MY_BACKUP_DIR/log
+if [ ! -d $MY_BACKUP_LOG_DIR ] ; then
+    mkdir -p $MY_BACKUP_LOG_DIR
 fi
-if [ ! -d $MY_BACKUP_DIR/old ] ; then
-    mkdir -p $MY_BACKUP_DIR/old
+if [ ! -d $MY_BACKUP_DIR/history ] ; then
+    mkdir -p $MY_BACKUP_DIR/history
 fi
 chmod -R 700 $MY_BACKUP_DIR
+LOCKFILE=$MY_DATA_DIR/.mysqldump.lock
+NAGIOS_LOG=$MY_BACKUP_DIR/.nagios-status
+# Exclude list
+EXCLUDE_LIST='performance_schema'

 if [ ! -f $LOCKFILE ] ; then
    touch $LOCKFILE
-    for db in $( /bin/ls -1 /var/lib/mysql/ ) ; do
-   	if [ -d /var/lib/mysql/$db ] ; then
+    if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
+        > $NAGIOS_LOG
+    fi
+    for db in $( /bin/ls -1 /var/lib/mysql/ | grep -v $EXCLUDE_LIST ) ; do
+   	    if [ -d /var/lib/mysql/$db ] ; then
            if [ -f $MY_BACKUP_DIR/$db.sql ] ; then
-            	mv -f $MY_BACKUP_DIR/$db.sql $MY_BACKUP_DIR/old
+            	mv -f $MY_BACKUP_DIR/$db.sql $MY_BACKUP_DIR/history
            fi
            #mysqldump -uroot -f --opt -p$MYSQLPASS $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log
-            mysqldump -f --opt $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log
-            chmod 600 $MY_BACKUP_DIR/$db.sql
-    	fi
+            mysqldump -f --opt $db > $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME} 2> $MY_BACKUP_LOG_DIR/$db.log
+            DUMP_RESULT=$?
+            chmod 600 $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME}
+            if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
+                if [ $DUMP_RESULT -ne 0 ] ; then
+                    echo "$db:FAILED" >> $NAGIOS_LOG
+                    RETVAL=$DUMP_RESULT
+                else
+                    echo "$db:OK" >> $NAGIOS_LOG                
+                fi
+    	    fi
+            pushd ${MY_BACKUP_DIR}/ >/dev/null 2>&1
+            rm -f $db.sql
+            ln -s $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME} ./$db.sql
+            popd >/dev/null 2>&1
+        fi
    done
    # Do a "flush-hosts" after the backup
-    mysqladmin flush-hosts 2> $MY_BACKUP_DIR/log/flush-hosts.log
+    mysqladmin flush-hosts 2> $MY_BACKUP_LOG_DIR/flush-hosts.log
+    TIMESTAMP=$( date +%s )
+    echo "$TIMESTAMP" > $TIMESTAMP_LOG
    rm -f $LOCKFILE
+else
+    RETVAL=2
+    if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
+        echo "old backup still running:WARNING" >> $NAGIOS_LOG
+    fi
 fi

-exit 0
+# Remove the old backups
+find ${MY_BACKUP_DIR}/history -ctime +$N_DAYS_TO_SPARE -exec rm -f {} \;
+
+exit $RETVAL
--- a/mysql/tasks/mysql-backup.yml
+++ b/mysql/tasks/mysql-backup.yml
@ -1,10 +1,12 @@
 ---
 - name: Install a script that performs mysql dumps
  copy: src=mysql-backup.sh dest=/usr/local/bin/mysql-backup owner=root group=root mode=0750
-  tags:
-    - mysql
+  tags: [ 'mysql', 'mysql_backup' ]
+
+- name: Install the mysql backup defaults
+  template: src=mysql_backup-default.j2 dest=/etc/default/mysql_backup owner=root group=root mode=0440
+  tags: [ 'mysql', 'mysql_backup' ]

 - name: Cron job that executes mysql nightly backups
  copy: src=mysql-backup.cron dest=/etc/cron.d/mysql-backup owner=root group=root mode=0644
-  tags:
-    - mysql
+  tags: [ 'mysql', 'mysql_backup' ]
--- a/mysql/templates/mysql_backup-default.j2
+++ b/mysql/templates/mysql_backup-default.j2
@ -1,13 +1,6 @@
-PG_SERVICE='postgresql-{{ psql_version }}'
-PG_VERSION='{{ psql_version }}'
-PG_DUMP_BIN='{{ pg_backup_pgdump_bin }}'
-PG_BCK_BIN='{{ pg_backup_bin }}'
-USE_NAGIOS='{{ pg_backup_use_nagios }}'
-LOG_DIR='{{ pg_backup_logdir }}'
-LOG_FILE='{{ pg_backup_logfile}}'
-N_DAYS_TO_SPARE='{{ pg_backup_retain_copies }}'
-BUILD_DBLIST='{{ pg_backup_build_db_list }}'
-DB_LIST="{{ pg_backup_db_list }}"
-PG_USE_AUTH='{{ pg_backup_use_auth }}'
-PG_PASS_FILE='{{ pg_backup_pass_file }}'
-BACKUPDIR='{{ pg_backup_destdir }}'
+MY_BACKUP_USE_NAGIOS='{{ mysql_backup_use_nagios }}'
+MY_BACKUP_LOG_DIR='{{ mysql_backup_logdir }}'
+MY_BACKUP_LOG_FILE='{{ mysql_backup_logfile}}'
+N_DAYS_TO_SPARE='{{ mysql_backup_retain_copies }}'
+MY_BACKUP_DIR='{{ mysql_backup_destdir }}'
+MY_DATA_DIR='{{ mysql_data_dir }}'
--- a/openldap-server/defaults/main.yml
+++ b/openldap-server/defaults/main.yml
@ -0,0 +1,16 @@
+---
+openldap_pkg_state: present
+openldap_service_enabled: True
+openldap_pkg_list:
+  - slapd
+  - ldapvi
+  - ldap-utils
+  - ldapscripts
+
+openldap_slapd_tcp_port: 389
+openldap_slapd_ssl_port: 636
+openldap_slapd_ssl_only: False
+
+# openldap_allowed_clients:
+#   - ip/32
+#   - net/24