From 0fe6352cf739c2cb6b7d301f26134e7282c015fa Mon Sep 17 00:00:00 2001 From: foxcris <361299+foxcris@users.noreply.github.com> Date: Thu, 11 Feb 2021 17:18:25 +0100 Subject: [PATCH] - Added role to setup https://github.com/prodrigestivill/docker-postgres-backup-local container to backup all postgres databases --- .../matrix-postgres-backup/defaults/main.yml | 140 ++++++++++++++ .../tasks/build_database_list.yml | 176 ++++++++++++++++++ roles/matrix-postgres-backup/tasks/init.yml | 3 + roles/matrix-postgres-backup/tasks/main.yml | 17 ++ .../tasks/setup_postgres_backup.yml | 108 +++++++++++ .../util/detect_existing_postgres_version.yml | 56 ++++++ .../tasks/validate_config.yml | 27 +++ .../templates/env-postgres-backup.j2 | 12 ++ .../systemd/matrix-postgres-backup.service.j2 | 31 +++ setup.yml | 2 + 10 files changed, 572 insertions(+) create mode 100644 roles/matrix-postgres-backup/defaults/main.yml create mode 100644 roles/matrix-postgres-backup/tasks/build_database_list.yml create mode 100644 roles/matrix-postgres-backup/tasks/init.yml create mode 100644 roles/matrix-postgres-backup/tasks/main.yml create mode 100644 roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml create mode 100644 roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml create mode 100644 roles/matrix-postgres-backup/tasks/validate_config.yml create mode 100644 roles/matrix-postgres-backup/templates/env-postgres-backup.j2 create mode 100644 roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 diff --git a/roles/matrix-postgres-backup/defaults/main.yml b/roles/matrix-postgres-backup/defaults/main.yml new file mode 100644 index 00000000..d01534d0 --- /dev/null +++ b/roles/matrix-postgres-backup/defaults/main.yml @@ -0,0 +1,140 @@ +matrix_postgres_backaup_enabled: false + +matrix_postgres_connection_hostname: "matrix-postgres" +matrix_postgres_connection_port: 5432 +matrix_postgres_connection_username: "matrix" +matrix_postgres_connection_password: "" + +matrix_postgres_backup_extra_opts: "-Z9 --schema=public --blobs" +matrix_postgres_backup_schedule: "@daily" +matrix_postgres_backup_keep_days: "7" +matrix_postgres_backup_keep_weeks: "4" +matrix_postgres_backup_keep_months: "12" +matrix_postgres_backup_healthcheck_port: "8080" +matrix_postgres_backup_db_list: "" +matrix_postgres_backup_path: "{{ matrix_base_data_path }}/postgres-backup" + +matrix_postgres_base_path: "{{ matrix_base_data_path }}/postgres" +matrix_postgres_data_path: "{{ matrix_postgres_base_path }}/data" + +# uses sqlite per default +matrix_postgres_backup_matrix_reminder_bot_enabled: false +matrix_bot_matrix_reminder_bot_database_name: 'matrix_reminder_bot' + +# uses sqlite per default +matrix_postgres_backup_matrix_appservice_discord_enabled: false +matrix_appservice_discord_database_name: 'matrix_appservice_discord' + +# uses nedb per default +matrix_postgres_backup_matrix_appservice_irc_enabled: false +matrix_appservice_irc_database_name: 'matrix_appservice_irc' + +# uses nedb per default +matrix_postgres_backup_matrix_appservice_slack_enabled: false +matrix_appservice_slack_database_name: 'matrix_appservice_slack' + +# uses postgres per default +matrix_postgres_backup_matrix_mautrix_facebook_enabled: false +matrix_mautrix_facebook_database_name: 'matrix_mautrix_facebook' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_hangouts_enabled: false +matrix_mautrix_hangouts_database_name: 'matrix_mautrix_hangouts' + +# uses postgres per default +matrix_postgres_backup_matrix_mautrix_signal_enabled: false +matrix_mautrix_signal_database_name: 'matrix_mautrix_signal' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_telegram_enabled: false +matrix_mautrix_telegram_database_name: 'matrix_mautrix_telegram' + +# uses sqlite per default +matrix_postgres_backup_matrix_mautrix_whatsapp_enabled: false +matrix_mautrix_whatsapp_database_name: 'matrix_mautrix_whatsapp' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_discord_enabled: false +matrix_mx_puppet_discord_database_name: 'matrix_mx_puppet_discord' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_instagram_enabled: false +matrix_postgres_backup_matrix_mx_puppet_instagram_name: 'matrix_mx_puppet_instagram' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_skype_enabled: false +matrix_mx_puppet_skype_database_name: 'matrix_mx_puppet_skype' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_slack_enabled: false +matrix_mx_puppet_slack_database_name: 'matrix_mx_puppet_slack' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_steam_enabled: false +matrix_mx_puppet_steam_database_name: 'matrix_mx_puppet_steam' + +# uses sqlite per default +matrix_postgres_backup_matrix_mx_puppet_twitter_enabled: false +matrix_mx_puppet_twitter_database_name: 'matrix_mx_puppet_twitter' + +# uses sqlite per default +matrix_postgres_backup_matrix_dimension_enabled: false +matrix_dimension_database_name: 'matrix_dimension' + +# uses sqlite per default +matrix_postgres_backup_matrix_etherpad_enabled: false +matrix_etherpad_database_name: 'matrix_etherpad' + +# uses sqlite per default +matrix_postgres_backup_matrix_ma1sd_enabled: false +matrix_ma1sd_database_name: 'matrix_ma1sd' + +# uses sqlite per default +matrix_postgres_backup_matrix_registration_enabled: false +matrix_registration_database_engine: 'matrix_registration' + +# uses postgres per default +matrix_postgres_backup_matrix_synapse_enabled: true +matrix_postgres_db_name: 'matrix' + +matrix_postgres_backup_db_dict: + - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } + - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } + - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } + + +matrix_postgres_backup_architecture: amd64 + +# matrix_postgres_docker_image_suffix controls whether we use Alpine-based images (`-alpine`) or the normal Debian-based images. +# Alpine-based Postgres images are smaller and we usually prefer them, but they don't work on ARM32 (tested on a Raspberry Pi 3 running Raspbian 10.7). +# On ARM32, `-alpine` images fail with the following error: +# > LOG: startup process (PID 37) was terminated by signal 11: Segmentation fault +matrix_postgres_backup_docker_image_suffix: "{{ '-alpine' if matrix_postgres_backup_architecture in ['amd64', 'arm64'] else '' }}" + +matrix_postgres_backup_docker_image_v9: "docker.io/prodrigestivill/postgres-backup-local:9.6{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v10: "docker.io/prodrigestivill/postgres-backup-local:10{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v11: "docker.io/prodrigestivill/postgres-backup-local:11{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v12: "docker.io/prodrigestivill/postgres-backup-local:12{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_v13: "docker.io/prodrigestivill/postgres-backup-local:13{{ matrix_postgres_backup_docker_image_suffix }}" +matrix_postgres_backup_docker_image_latest: "{{ matrix_postgres_backup_docker_image_v13 }}" + +# This variable is assigned at runtime. Overriding its value has no effect. +matrix_postgres_backup_docker_image_to_use: '{{ matrix_postgres_backup_docker_image_latest }}' + +matrix_postgres_backup_docker_image_force_pull: "{{ matrix_postgres_backup_docker_image_to_use.endswith(':latest') }}" \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/build_database_list.yml b/roles/matrix-postgres-backup/tasks/build_database_list.yml new file mode 100644 index 00000000..9937c4d0 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/build_database_list.yml @@ -0,0 +1,176 @@ + +--- + +# Detect wich databases have to backuped +# Default value is the "matrix_postgres_db_name" +# has to be extended for each service using a seperate db in postgres +# - name: Check if matrix_reminder_bot uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_bot_matrix_reminder_bot_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_bot_matrix_reminder_bot_database_engine == 'postgres' + +# - name: Check if matrix_appservice_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_discord_database_engine == 'postgres' + +# - name: Check if matrix_appservice_irc uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_irc_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_irc_database_engine == 'postgres' + +# - name: Check if matrix_appservice_slack_database uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_appservice_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_appservice_slack_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_facebook uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_facebook_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_facebook_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_hangouts uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_hangouts_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_hangouts_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_signal uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_signal_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_signal_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_telegram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_telegram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_telegram_database_engine == 'postgres' + +# - name: Check if matrix_mautrix_whatsapp uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mautrix_whatsapp_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mautrix_whatsapp_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_discord uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_discord_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_discord_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_instagram uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_instagram_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_instagram_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_skype uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_skype_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_skype_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_slack uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_slack_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_slack_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_steam uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_steam_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_steam_database_engine == 'postgres' + +# - name: Check if matrix_mx_puppet_twitter uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_mx_puppet_twitter_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_mx_puppet_twitter_database_engine == 'postgres' + +# - name: Check if matrix_dimension uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_dimension_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_dimension_database_engine == 'postgres' + +# - name: Check if matrix_etherpad uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_etherpad_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_etherpad_database_engine == 'postgres' + +# - name: Check if matrix_ma1sd uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_ma1sd_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_ma1sd_database_engine == 'postgres' + +# - name: Check if matrix_registration uses postgres database +# set_fact: +# matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list }},{{ matrix_registration_database_name }}" +# when: +# - matrix_postgres_backup_enabled|bool +# - matrix_registration_database_engine == 'postgres' + +#- name: Build list of all databases to backup - part 1 +# set_fact: +# matrix_postgres_backup_db_list: '{% if item.enabled %}{% if matrix_postgres_backup_db_list=="" %}{{item.dbname}}{% else %}{{ matrix_postgres_backup_db_list }},{{item.dbname}}{% endif %}{% else %}{% endif %}' +# loop: +# - { enabled: '{{matrix_postgres_backup_matrix_reminder_bot_enabled|bool}}' , dbname: '{{ matrix_bot_matrix_reminder_bot_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_discord_enabled|bool}}' , dbname: '{{ matrix_appservice_discord_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_irc_enabled|bool}}' , dbname: '{{ matrix_appservice_irc_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_appservice_slack_enabled|bool}}' , dbname: '{{ matrix_appservice_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_facebook_enabled|bool}}' , dbname: '{{ matrix_mautrix_facebook_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_hangouts_enabled|bool}}' , dbname: '{{ matrix_mautrix_hangouts_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_signal_enabled|bool}}' , dbname: '{{ matrix_mautrix_signal_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_telegram_enabled|bool}}' , dbname: '{{ matrix_mautrix_telegram_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mautrix_whatsapp_enabled|bool}}' , dbname: '{{ matrix_mautrix_whatsapp_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_instagram_enabled|bool}}' , dbname: '{{ matrix_postgres_backup_matrix_mx_puppet_instagram_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_skype_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_skype_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_slack_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_slack_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_steam_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_steam_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_mx_puppet_twitter_enabled|bool}}' , dbname: '{{ matrix_mx_puppet_twitter_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_dimension_enabled|bool}}' , dbname: '{{ matrix_dimension_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_etherpad_enabled|bool}}' , dbname: '{{ matrix_etherpad_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_ma1sd_enabled|bool}}' , dbname: '{{ matrix_ma1sd_database_name }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_registration_enabled|bool}}' , dbname: '{{ matrix_registration_database_engine }}' } +# - { enabled: '{{matrix_postgres_backup_matrix_synapse_enabled|bool}}' , dbname: '{{ matrix_postgres_db_name }}' } + +- name: Build list of all databases to backup - part 2 + set_fact: + matrix_postgres_backup_db_list_prepare: "{% set res = [ ] %}{% for db in matrix_postgres_backup_db_dict %}{% if db.enabled %}{% set ignored = res.append(db.dbname) %}{% endif %}{% endfor %}{{ res }}" + +- name: Build list of all databases to backup - part 1 + set_fact: + matrix_postgres_backup_db_list: "{{ matrix_postgres_backup_db_list_prepare | join(',') }}" + +- name: Going to backup the following list of databases + debug: + msg: "{{ matrix_postgres_backup_db_list }}" + when: matrix_postgres_backup_enabled|bool + \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/init.yml b/roles/matrix-postgres-backup/tasks/init.yml new file mode 100644 index 00000000..c6a9bd7e --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/init.yml @@ -0,0 +1,3 @@ +- set_fact: + matrix_systemd_services_list: "{{ matrix_systemd_services_list + ['matrix-postgres-backup.service'] }}" + when: matrix_postgres_backup_enabled|bool diff --git a/roles/matrix-postgres-backup/tasks/main.yml b/roles/matrix-postgres-backup/tasks/main.yml new file mode 100644 index 00000000..f819b8e9 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/main.yml @@ -0,0 +1,17 @@ +--- + +- import_tasks: "{{ role_path }}/tasks/init.yml" + tags: + - always + +- import_tasks: "{{ role_path }}/tasks/validate_config.yml" + when: "run_setup|bool and matrix_postgres_enabled|bool" + tags: + - setup-all + - setup-postgres-backup + +- import_tasks: "{{ role_path }}/tasks/setup_postgres_backup.yml" + when: run_setup|bool + tags: + - setup-all + - setup-postgres-backup \ No newline at end of file diff --git a/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml new file mode 100644 index 00000000..dc6e68c4 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/setup_postgres_backup.yml @@ -0,0 +1,108 @@ +--- + +# +# Tasks related to setting up an internal postgres server +# + +- import_tasks: "{{ role_path }}/tasks/util/detect_existing_postgres_version.yml" + when: matrix_postgres_enabled|bool + +# If we have found an existing version (installed from before), we use its corresponding Docker image. +# If not, we install using the latest Postgres. +# +# Upgrading is supposed to be performed separately and explicitly (see `upgrade_postgres.yml`). +- set_fact: + matrix_postgres_backup_docker_image_to_use: "{{ matrix_postgres_backup_docker_image_latest if matrix_postgres_backup_detected_version_corresponding_docker_image == '' else matrix_postgres_backup_detected_version_corresponding_docker_image }}" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure postgres backup Docker image is pulled + docker_image: + name: "{{ matrix_postgres_backup_docker_image_to_use }}" + source: "{{ 'pull' if ansible_version.major > 2 or ansible_version.minor > 7 else omit }}" + force_source: "{{ matrix_postgres_backup_docker_image_force_pull if ansible_version.major > 2 or ansible_version.minor >= 8 else omit }}" + force: "{{ omit if ansible_version.major > 2 or ansible_version.minor >= 8 else matrix_postgres_backup_docker_image_force_pull }}" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure Postgres backup paths exist + file: + path: "{{ item }}" + state: directory + mode: 0700 + owner: "{{ matrix_user_username }}" + group: "{{ matrix_user_groupname }}" + with_items: + - "{{ matrix_postgres_backup_path }}" + when: matrix_postgres_backup_enabled|bool + +#Build database list to backup +- import_tasks: "{{ role_path }}/tasks/build_database_list.yml" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure Postgres environment variables file created + template: + src: "{{ role_path }}/templates/{{ item }}.j2" + dest: "{{ matrix_postgres_backup_path }}/{{ item }}" + mode: 0640 + with_items: + - "env-postgres-backup" + when: matrix_postgres_backup_enabled|bool + +- name: Ensure matrix-postgres-backup.service installed + template: + src: "{{ role_path }}/templates/systemd/matrix-postgres-backup.service.j2" + dest: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + mode: 0644 + register: matrix_postgres_backup_systemd_service_result + when: matrix_postgres_backup_enabled|bool + +- name: Ensure systemd reloaded after matrix-postgres-backup.service installation + service: + daemon_reload: yes + when: "matrix_postgres_backup_enabled|bool and matrix_postgres_backup_systemd_service_result.changed" + +# +# Tasks related to getting rid of the internal postgres backup server (if it was previously enabled) +# + +- name: Check existence of matrix-postgres-backup service + stat: + path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + register: matrix_postgres_backup_service_stat + when: "not matrix_postgres_backup_enabled|bool" + +- name: Ensure matrix-postgres-backup is stopped + service: + name: matrix-postgres-backup + state: stopped + daemon_reload: yes + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Ensure matrix-postgres-backup.service doesn't exist + file: + path: "{{ matrix_systemd_path }}/matrix-postgres-backup.service" + state: absent + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Ensure systemd reloaded after matrix-postgres-backup.service removal + service: + daemon_reload: yes + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_service_stat.stat.exists" + +- name: Check existence of matrix-postgres-backup backup path + stat: + path: "{{ matrix_postgres_backup_path }}" + register: matrix_postgres_backup_path_stat + when: "not matrix_postgres_backup_enabled|bool" + +# We just want to notify the user. Deleting data is too destructive. +- name: Inject warning if matrix-postgres backup data remains + set_fact: + matrix_playbook_runtime_results: | + {{ + matrix_playbook_runtime_results|default([]) + + + [ + "NOTE: You are not using the local backup service to backup the PostgreSQL database, but some old data remains from before in `{{ matrix_postgres_backup_path }}`. Feel free to delete it." + ] + }} + when: "not matrix_postgres_backup_enabled|bool and matrix_postgres_backup_path_stat.stat.exists" diff --git a/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml new file mode 100644 index 00000000..da15a287 --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/util/detect_existing_postgres_version.yml @@ -0,0 +1,56 @@ +--- + +# This utility aims to determine if there is some existing Postgres version in use or not. +# If there is, it also tries to detect the Docker image that corresponds to that version. + +- name: Initialize Postgres version determination variables (default to empty) + set_fact: + matrix_postgres_detection_pg_version_path: "{{ matrix_postgres_data_path }}/PG_VERSION" + matrix_postgres_detected_existing: false + matrix_postgres_detected_version: "" + matrix_postgres_detected_version_corresponding_docker_image: "" + +- name: Determine existing Postgres version (check PG_VERSION file) + stat: + path: "{{ matrix_postgres_detection_pg_version_path }}" + register: result_pg_version_stat + +- set_fact: + matrix_postgres_detected_existing: true + when: "result_pg_version_stat.stat.exists" + +- name: Determine existing Postgres version (read PG_VERSION file) + slurp: + src: "{{ matrix_postgres_detection_pg_version_path }}" + register: result_pg_version + when: matrix_postgres_detected_existing|bool + +- name: Determine existing Postgres version (make sense of PG_VERSION file) + set_fact: + matrix_postgres_detected_version: "{{ result_pg_version['content']|b64decode|replace('\n', '') }}" + when: matrix_postgres_detected_existing|bool + +- name: Determine corresponding Docker image to detected version (assume default of latest) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_latest }}" + when: "matrix_postgres_detected_version != ''" + +- name: Determine corresponding Docker image to detected version (use 9.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v9 }}" + when: "matrix_postgres_detected_version.startswith('9.')" + +- name: Determine corresponding Docker image to detected version (use 10.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v10 }}" + when: "matrix_postgres_detected_version == '10' or matrix_postgres_detected_version.startswith('10.')" + +- name: Determine corresponding Docker image to detected version (use 11.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v11 }}" + when: "matrix_postgres_detected_version == '11' or matrix_postgres_detected_version.startswith('11.')" + +- name: Determine corresponding Docker image to detected version (use 12.x, if detected) + set_fact: + matrix_postgres_backup_detected_version_corresponding_docker_image: "{{ matrix_postgres_backup_docker_image_v12 }}" + when: "matrix_postgres_detected_version == '12' or matrix_postgres_detected_version.startswith('12.')" diff --git a/roles/matrix-postgres-backup/tasks/validate_config.yml b/roles/matrix-postgres-backup/tasks/validate_config.yml new file mode 100644 index 00000000..91d1783b --- /dev/null +++ b/roles/matrix-postgres-backup/tasks/validate_config.yml @@ -0,0 +1,27 @@ +--- + +# This is separate (from the other required variables below), +# because we'd like to have a friendlier message for our existing users. +- name: Fail if matrix_postgres_connection_password not defined + fail: + msg: >- + The playbook no longer has a default Postgres password defined in the `matrix_postgres_connection_password` variable, among lots of other Postgres changes. + You need to perform multiple manual steps to resolve this. + See our changelog for more details: + https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/master/CHANGELOG.md#breaking-change-postgres-changes-that-require-manual-intervention + when: "matrix_postgres_connection_password == ''" + +- name: Fail if required Postgres settings not defined + fail: + msg: >- + You need to define a required configuration setting (`{{ item }}`). + when: "vars[item] == ''" + with_items: + - "matrix_postgres_connection_hostname" + - "matrix_postgres_connection_username" + - "matrix_postgres_connection_password" + - "matrix_postgres_backup_schedule" + - "matrix_postgres_backup_keep_days" + - "matrix_postgres_backup_keep_weeks" + - "matrix_postgres_backup_keep_months" + - "matrix_postgres_backup_path" diff --git a/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 new file mode 100644 index 00000000..1d617fd3 --- /dev/null +++ b/roles/matrix-postgres-backup/templates/env-postgres-backup.j2 @@ -0,0 +1,12 @@ +#jinja2: lstrip_blocks: "True" +POSTGRES_USER={{ matrix_postgres_connection_username }} +POSTGRES_PASSWORD={{ matrix_postgres_connection_password }} +POSTGRES_HOST={{ matrix_postgres_connection_hostname }} +POSTGRES_DB={{ matrix_postgres_backup_db_list }} +POSTGRES_EXTRA_OPTS={{ matrix_postgres_backup_extra_opts }} +SCHEDULE={{ matrix_postgres_backup_schedule }} +BACKUP_KEEP_DAYS={{ matrix_postgres_backup_keep_days }} +BACKUP_KEEP_WEEKS={{ matrix_postgres_backup_keep_weeks }} +BACKUP_KEEP_MONTHS={{ matrix_postgres_backup_keep_months }} +HEALTHCHECK_PORT={{ matrix_postgres_backup_healthcheck_port }} +POSTGRES_PORT={{ matrix_postgres_connection_port }} \ No newline at end of file diff --git a/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 new file mode 100644 index 00000000..97c9ae7f --- /dev/null +++ b/roles/matrix-postgres-backup/templates/systemd/matrix-postgres-backup.service.j2 @@ -0,0 +1,31 @@ +#jinja2: lstrip_blocks: "True" +[Unit] +Description=Automatic Backup of Matrix Postgres server +After=docker.service +Requires=docker.service +DefaultDependencies=no + +[Service] +Type=simple +Environment="HOME={{ matrix_systemd_unit_home_path }}" +ExecStartPre=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStartPre=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' + +ExecStart={{ matrix_host_command_docker }} run --rm --name matrix-postgres-backup \ + --log-driver=none \ + --user={{ matrix_user_uid }}:{{ matrix_user_gid }} \ + --cap-drop=ALL \ + --read-only \ + --network={{ matrix_docker_network }} \ + --env-file={{ matrix_postgres_backup_path }}/env-postgres-backup \ + --mount type=bind,src={{ matrix_postgres_backup_path }},dst=/backups \ + {{ matrix_postgres_backup_docker_image_to_use }} + +ExecStop=-{{ matrix_host_command_docker }} stop matrix-postgres-backup +ExecStop=-{{ matrix_host_command_sh }} -c '{{ matrix_host_command_docker }} rm matrix-postgres-backup 2>/dev/null' +Restart=always +RestartSec=30 +SyslogIdentifier=matrix-postgres-backup + +[Install] +WantedBy=multi-user.target diff --git a/setup.yml b/setup.yml index 9bb1788f..386db939 100755 --- a/setup.yml +++ b/setup.yml @@ -38,4 +38,6 @@ - matrix-nginx-proxy - matrix-coturn - matrix-aux + - matrix-postgres-backup - matrix-common-after +