diff --git a/roles/matrix-awx/surveys/backup_server.json.j2 b/roles/matrix-awx/surveys/backup_server.json.j2 new file mode 100644 index 00000000..232d1968 --- /dev/null +++ b/roles/matrix-awx/surveys/backup_server.json.j2 @@ -0,0 +1,19 @@ +{ + "name": "Backup Server", + "description": "", + "spec": [ + { + "question_name": "Enable Backup", + "question_description": "Set if remote backup is enabled or not. If enabled a daily backup of your server will be sent to the backup server located in {{ backup_server_location }}.", + "required": true, + "min": null, + "max": null, + "default": "{{ matrix_awx_backup_enabled | string | lower }}", + "choices": "true\nfalse", + "new_question": true, + "variable": "matrix_awx_backup_enabled", + "type": "multiplechoice" + } + ] +} + diff --git a/roles/matrix-awx/surveys/configure_element.json.j2 b/roles/matrix-awx/surveys/configure_element.json.j2 index 121682f6..0ff02288 100755 --- a/roles/matrix-awx/surveys/configure_element.json.j2 +++ b/roles/matrix-awx/surveys/configure_element.json.j2 @@ -63,7 +63,7 @@ "type": "multiplechoice" }, { - "question_name": "Set Element Subdomain.", + "question_name": "Set Element Subdomain", "question_description": "Sets the subdomain of the Element web-client, you should only specify the subdomain, not the base domain you've already set. (Eg: 'element' for element.example.org) Note that if you change this value you'll need to reconfigure your DNS.", "required": false, "min": 0, diff --git a/roles/matrix-awx/surveys/configure_jitsi.json.j2 b/roles/matrix-awx/surveys/configure_jitsi.json.j2 index 87537f20..2eb0579b 100755 --- a/roles/matrix-awx/surveys/configure_jitsi.json.j2 +++ b/roles/matrix-awx/surveys/configure_jitsi.json.j2 @@ -15,7 +15,7 @@ "type": "multiplechoice" }, { - "question_name": "Set Default Language.", + "question_name": "Set Default Language", "question_description": "2 digit 639-1 language code to adjust the language of the web client. For a list of possible codes see: https://en.wikipedia.org/wiki/List_of_ISO_639-1_codes", "required": false, "min": 0, diff --git a/roles/matrix-awx/tasks/backup_server.yml b/roles/matrix-awx/tasks/backup_server.yml new file mode 100644 index 00000000..556c4497 --- /dev/null +++ b/roles/matrix-awx/tasks/backup_server.yml @@ -0,0 +1,69 @@ + +- name: Record Backup Server variables locally on AWX + delegate_to: 127.0.0.1 + lineinfile: + path: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + regexp: "^#? *{{ item.key | regex_escape() }}:" + line: "{{ item.key }}: {{ item.value }}" + insertafter: '# AWX Settings' + with_dict: + 'matrix_awx_backup_enabled': '{{ matrix_awx_backup_enabled }}' + +- name: Copy new 'matrix_vars.yml' to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/matrix_vars.yml' + dest: '/matrix/awx/matrix_vars.yml' + mode: '0660' + +- name: Save new 'Backup Server' survey.json to the AWX tower, template + delegate_to: 127.0.0.1 + template: + src: 'roles/matrix-awx/surveys/backup_server.json.j2' + dest: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' + +- name: Copy new 'Backup Server' survey.json to target machine + copy: + src: '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json' + dest: '/matrix/awx/backup_server.json' + mode: '0660' + +- name: Collect AWX admin token the hard way! + delegate_to: 127.0.0.1 + shell: | + curl -sku {{ tower_username }}:{{ tower_password }} -H "Content-Type: application/json" -X POST -d '{"description":"Tower CLI", "application":null, "scope":"write"}' https://{{ tower_host }}/api/v2/users/1/personal_tokens/ | jq '.token' | sed -r 's/\"//g' + register: tower_token + no_log: True + +- name: Recreate 'Backup Server' job template + delegate_to: 127.0.0.1 + awx.awx.tower_job_template: + name: "{{ matrix_domain }} - 0 - Backup Server" + description: "Performs a backup of the entire service to a remote location." + extra_vars: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/extra_vars.json') }}" + job_type: run + job_tags: "backup-server" + inventory: "{{ member_id }}" + project: "{{ member_id }} - Matrix Docker Ansible Deploy" + playbook: setup.yml + credential: "{{ member_id }} - AWX SSH Key" + survey_enabled: true + survey_spec: "{{ lookup('file', '/var/lib/awx/projects/clients/{{ member_id }}/{{ subscription_id }}/backup_server.json') }}" + become_enabled: yes + state: present + verbosity: 1 + tower_host: "https://{{ tower_host }}" + tower_oauthtoken: "{{ tower_token.stdout }}" + validate_certs: yes + +- name: Perform the borg backup + command: borgmatic + when: matrix_awx_backup_enabled|bool + +- name: Set boolean value to exit playbook + set_fact: + end_playbook: true + +- name: End playbook if this task list is called. + meta: end_play + when: end_playbook is defined and end_playbook|bool + diff --git a/roles/matrix-awx/tasks/import_awx.yml b/roles/matrix-awx/tasks/import_awx.yml index 8879cf1c..0100a5d0 100644 --- a/roles/matrix-awx/tasks/import_awx.yml +++ b/roles/matrix-awx/tasks/import_awx.yml @@ -1,12 +1,14 @@ - name: Ensure /matrix/awx is empty shell: rm -r /matrix/awx/* + ignore_errors: yes - name: Ensure /matrix/synapse is empty shell: rm -r /matrix/synapse/* + ignore_errors: yes -- name: Extract from /chroot/backup - shell: tar -xvzf /chroot/backup/matrix.tar.gz -C /matrix/ +- name: Extract from /chroot/export + shell: tar -xvzf /chroot/export/matrix.tar.gz -C /matrix/ - name: Ensure correct ownership of /matrix/awx shell: chown -R matrix:matrix /matrix/awx diff --git a/roles/matrix-awx/tasks/main.yml b/roles/matrix-awx/tasks/main.yml index 46aa0d45..f7f5bf1f 100755 --- a/roles/matrix-awx/tasks/main.yml +++ b/roles/matrix-awx/tasks/main.yml @@ -5,6 +5,12 @@ tags: - always +# Perform a backup of the server +- import_tasks: "{{ role_path }}/tasks/backup_server.yml" + when: run_setup|bool and matrix_awx_enabled|bool + tags: + - backup-server + # Create a user account if called - import_tasks: "{{ role_path }}/tasks/create_user.yml" when: run_setup|bool and matrix_awx_enabled|bool