tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

library/roles/mysql: better backup script. Now supports nagios and a retain interval. 

library/roles/iptables: special case for ldap.
library/roles/openldap-server: first bits of a openldap role
This commit is contained in:
Andrea Dell'Amico 2015-07-14 00:30:49 +02:00
parent d222d0cfdc
commit e1180b39a7
6 changed files with 110 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
iptables/templates/iptables-rules.v4.j2
View File

@ -74,6 +74,22 @@
-A INPUT -p tcp -m tcp --dport {{ mysql_db_port }} -j DROP -A INPUT -p tcp -m tcp --dport {{ mysql_db_port }} -j DROP
{% endif %} {% endif %}
{% if openldap_slapd_tcp_port is defined %}
{% if openldap_allowed_clients is defined %}
{% for addr in openldap_allowed_clients %}
{% if not openldap_slapd_ssl_only %}
-A INPUT -m state --state NEW -s {{ addr }} -p tcp -m tcp --dport {{ openldap_slapd_tcp_port }} -j ACCEPT
{% endif %}
-A INPUT -m state --state NEW -s {{ addr }} -p tcp -m tcp --dport {{ openldap_slapd_ssl_port }} -j ACCEPT
{% endfor %}
{% else %}
{% if not openldap_slapd_ssl_only %}
-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ openldap_slapd_tcp_port }} -j ACCEPT
{% endif %}
-A INPUT -m state --state NEW -p tcp -m tcp --dport {{ openldap_slapd_ssl_port }} -j ACCEPT
{% endif %}
{% endif %}
{% if mongodb_allowed_hosts is defined %} {% if mongodb_allowed_hosts is defined %}
# mongodb clients # mongodb clients
{% for ip in mongodb_allowed_hosts %} {% for ip in mongodb_allowed_hosts %}

8
mysql/defaults/main.yml
View File

@ -3,6 +3,8 @@ mysql_enabled: True
mysql_pkg_state: present mysql_pkg_state: present
mysql_conf_dir: /etc/mysql/conf.d mysql_conf_dir: /etc/mysql/conf.d
mysql_socket: /var/run/mysqld/mysqld.sock mysql_socket: /var/run/mysqld/mysqld.sock
mysql_data_dir: /var/lib/mysql
mysql_log_dir: /var/log/mysql
# python-mysqldb is needed by ansible to manage users and databases # python-mysqldb is needed by ansible to manage users and databases
mysql_packages_list: mysql_packages_list:
@ -36,3 +38,9 @@ mysql_listen_on_ext_int: False
#mysql_db_data: #mysql_db_data:
# - { name: '{{ mysql_db_name }}', collation: '{{ mysql_default_collation }}', encoding: '{{ mysql_default_encoding }}', user: '{{ mysql_db_user }}', pwd: '{{ mysql_db_pwd }}', user_grant: 'ALL', allowed_hosts: [ 'localhost', 'yyy.yyy.yyy.yyy/32' ] } # - { name: '{{ mysql_db_name }}', collation: '{{ mysql_default_collation }}', encoding: '{{ mysql_default_encoding }}', user: '{{ mysql_db_user }}', pwd: '{{ mysql_db_pwd }}', user_grant: 'ALL', allowed_hosts: [ 'localhost', 'yyy.yyy.yyy.yyy/32' ] }
mysql_backup_use_nagios: False
mysql_backup_logdir: '{{ mysql_log_dir }}'
mysql_backup_logfile: '{{ mysql_backup_logdir }}/my_backup.log'
mysql_backup_retain_copies: 15
mysql_backup_destdir: /var/lib/mysql-backup

71
mysql/files/mysql-backup.sh Executable file → Normal file
View File

@ -1,41 +1,82 @@
#!/bin/sh #!/bin/bash
RETVAL=0
MY_BACKUP_USE_NAGIOS="False"
MY_BACKUP_DIR=/var/lib/mysql-backup
MY_DATA_DIR=/var/lib/mysql
N_DAYS_TO_SPARE=7
if [ -f /etc/default/mysql_backup ] ; then
. /etc/default/mysql_backup
fi
if [ ! -f /root/.my.cnf ] ; then if [ ! -f /root/.my.cnf ] ; then
exit 1 exit 1
fi fi
MY_BACKUP_DIR=/var/lib/mysql-backup
umask 0077 umask 0077
MY_DATA_DIR=/var/lib/mysql # Year month day - hour minute second
LOCKFILE=$MY_DATA_DIR/.mysqldump.lock SAVE_TIME=$( date +%Y%m%d-%H%M%S )
TIMESTAMP=
TIMESTAMP_LOG=$MY_BACKUP_DIR/.timestamp
if [ ! -d $MY_BACKUP_DIR ] ; then if [ ! -d $MY_BACKUP_DIR ] ; then
mkdir -p $MY_BACKUP_DIR mkdir -p $MY_BACKUP_DIR
fi fi
if [ ! -d $MY_BACKUP_DIR/log ] ; then if [ ! -d $MY_BACKUP_LOG_DIR ] ; then
mkdir -p $MY_BACKUP_DIR/log mkdir -p $MY_BACKUP_LOG_DIR
fi fi
if [ ! -d $MY_BACKUP_DIR/old ] ; then if [ ! -d $MY_BACKUP_DIR/history ] ; then
mkdir -p $MY_BACKUP_DIR/old mkdir -p $MY_BACKUP_DIR/history
fi fi
chmod -R 700 $MY_BACKUP_DIR chmod -R 700 $MY_BACKUP_DIR
LOCKFILE=$MY_DATA_DIR/.mysqldump.lock
NAGIOS_LOG=$MY_BACKUP_DIR/.nagios-status
# Exclude list
EXCLUDE_LIST='performance_schema'
if [ ! -f $LOCKFILE ] ; then if [ ! -f $LOCKFILE ] ; then
touch $LOCKFILE touch $LOCKFILE
for db in $( /bin/ls -1 /var/lib/mysql/ ) ; do if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
> $NAGIOS_LOG
fi
for db in $( /bin/ls -1 /var/lib/mysql/ | grep -v $EXCLUDE_LIST ) ; do
if [ -d /var/lib/mysql/$db ] ; then if [ -d /var/lib/mysql/$db ] ; then
if [ -f $MY_BACKUP_DIR/$db.sql ] ; then if [ -f $MY_BACKUP_DIR/$db.sql ] ; then
mv -f $MY_BACKUP_DIR/$db.sql $MY_BACKUP_DIR/old mv -f $MY_BACKUP_DIR/$db.sql $MY_BACKUP_DIR/history
fi fi
#mysqldump -uroot -f --opt -p$MYSQLPASS $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log #mysqldump -uroot -f --opt -p$MYSQLPASS $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log
mysqldump -f --opt $db > $MY_BACKUP_DIR/$db.sql 2> $MY_BACKUP_DIR/log/$db.log mysqldump -f --opt $db > $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME} 2> $MY_BACKUP_LOG_DIR/$db.log
chmod 600 $MY_BACKUP_DIR/$db.sql DUMP_RESULT=$?
chmod 600 $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME}
if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
if [ $DUMP_RESULT -ne 0 ] ; then
echo "$db:FAILED" >> $NAGIOS_LOG
RETVAL=$DUMP_RESULT
else
echo "$db:OK" >> $NAGIOS_LOG
fi
fi
pushd ${MY_BACKUP_DIR}/ >/dev/null 2>&1
rm -f $db.sql
ln -s $MY_BACKUP_DIR/history/${db}.sql.${SAVE_TIME} ./$db.sql
popd >/dev/null 2>&1
fi fi
done done
# Do a "flush-hosts" after the backup # Do a "flush-hosts" after the backup
mysqladmin flush-hosts 2> $MY_BACKUP_DIR/log/flush-hosts.log mysqladmin flush-hosts 2> $MY_BACKUP_LOG_DIR/flush-hosts.log
TIMESTAMP=$( date +%s )
echo "$TIMESTAMP" > $TIMESTAMP_LOG
rm -f $LOCKFILE rm -f $LOCKFILE
else
RETVAL=2
if [ "${MY_BACKUP_USE_NAGIOS}" == "True" ] ; then
echo "old backup still running:WARNING" >> $NAGIOS_LOG
fi
fi fi
exit 0 # Remove the old backups
find ${MY_BACKUP_DIR}/history -ctime +$N_DAYS_TO_SPARE -exec rm -f {} \;
exit $RETVAL

10
mysql/tasks/mysql-backup.yml
View File

@ -1,10 +1,12 @@
--- ---
- name: Install a script that performs mysql dumps - name: Install a script that performs mysql dumps
copy: src=mysql-backup.sh dest=/usr/local/bin/mysql-backup owner=root group=root mode=0750 copy: src=mysql-backup.sh dest=/usr/local/bin/mysql-backup owner=root group=root mode=0750
tags: tags: [ 'mysql', 'mysql_backup' ]
- mysql
- name: Install the mysql backup defaults
template: src=mysql_backup-default.j2 dest=/etc/default/mysql_backup owner=root group=root mode=0440
tags: [ 'mysql', 'mysql_backup' ]
- name: Cron job that executes mysql nightly backups - name: Cron job that executes mysql nightly backups
copy: src=mysql-backup.cron dest=/etc/cron.d/mysql-backup owner=root group=root mode=0644 copy: src=mysql-backup.cron dest=/etc/cron.d/mysql-backup owner=root group=root mode=0644
tags: tags: [ 'mysql', 'mysql_backup' ]
- mysql

19
mysql/templates/mysql_backup-default.j2
View File

@ -1,13 +1,6 @@
PG_SERVICE='postgresql-{{ psql_version }}' MY_BACKUP_USE_NAGIOS='{{ mysql_backup_use_nagios }}'
PG_VERSION='{{ psql_version }}' MY_BACKUP_LOG_DIR='{{ mysql_backup_logdir }}'
PG_DUMP_BIN='{{ pg_backup_pgdump_bin }}' MY_BACKUP_LOG_FILE='{{ mysql_backup_logfile}}'
PG_BCK_BIN='{{ pg_backup_bin }}' N_DAYS_TO_SPARE='{{ mysql_backup_retain_copies }}'
USE_NAGIOS='{{ pg_backup_use_nagios }}' MY_BACKUP_DIR='{{ mysql_backup_destdir }}'
LOG_DIR='{{ pg_backup_logdir }}' MY_DATA_DIR='{{ mysql_data_dir }}'
LOG_FILE='{{ pg_backup_logfile}}'
N_DAYS_TO_SPARE='{{ pg_backup_retain_copies }}'
BUILD_DBLIST='{{ pg_backup_build_db_list }}'
DB_LIST="{{ pg_backup_db_list }}"
PG_USE_AUTH='{{ pg_backup_use_auth }}'
PG_PASS_FILE='{{ pg_backup_pass_file }}'
BACKUPDIR='{{ pg_backup_destdir }}'

16
openldap-server/defaults/main.yml Normal file
View File

@ -0,0 +1,16 @@
---
openldap_pkg_state: present
openldap_service_enabled: True
openldap_pkg_list:
- slapd
- ldapvi
- ldap-utils
- ldapscripts
openldap_slapd_tcp_port: 389
openldap_slapd_ssl_port: 636
openldap_slapd_ssl_only: False
# openldap_allowed_clients:
# - ip/32
# - net/24