sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-09 21:18:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: slapd via slapcat backup

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-01-15 17:26:54 +01:00
parent fa61c58471
commit 00e6a694de
12 changed files with 157 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
group_vars/all.yaml
View File

@@ -1,6 +1,8 @@
--- ---
checks: checks:
extra_sheppy_pubkeys:
nsca_server: 192.168.122.107 nsca_server: 192.168.122.107
ldap_server: 192.168.122.112
nsca_password: HISTORY_PURGED_SECRET nsca_password: HISTORY_PURGED_SECRET
RSYSLOG_SERVER: internal.monitoring.atlantishq.de RSYSLOG_SERVER: internal.monitoring.atlantishq.de
influxdb_telegraf_password: HISTORY_PURGED_SECRET influxdb_telegraf_password: HISTORY_PURGED_SECRET
@@ -20,6 +22,7 @@ async_icinga_static_services:
- { "name" : "backup_kathi_laptop", "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" } - { "name" : "backup_kathi_laptop", "timeout" : "30d", "token" : "HISTORY_PURGED_SECRET" }
- { "name" : "mail_atlantishq", "timeout" : "1h", "token" : "HISTORY_PURGED_SECRET" } - { "name" : "mail_atlantishq", "timeout" : "1h", "token" : "HISTORY_PURGED_SECRET" }
- { "name" : "ths_caldav_backup", "timeout" : "2d", "token" : "HISTORY_PURGED_SECRET" } - { "name" : "ths_caldav_backup", "timeout" : "2d", "token" : "HISTORY_PURGED_SECRET" }
- { "name" : "slapd_backup", "timeout" : "2d", "token" : "HISTORY_PURGED_SECRET" }
keycloak_admin_password: HISTORY_PURGED_SECRET keycloak_admin_password: HISTORY_PURGED_SECRET
keycloak_postgres_password: HISTORY_PURGED_SECRET keycloak_postgres_password: HISTORY_PURGED_SECRET

3
group_vars/usermanagement.yaml
View File

@@ -6,3 +6,6 @@ ldap_suffix: "dc=atlantishq,dc=de"
ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de" ldap_bind_dn: "cn=Manager,dc=atlantishq,dc=de"
ldap_user_dn: "ou=People,dc=atlantishq,dc=de" ldap_user_dn: "ou=People,dc=atlantishq,dc=de"
ldap_connection_url: ldap://192.168.122.112 ldap_connection_url: ldap://192.168.122.112
extra_sheppy_pubkeys: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDaABPy9h009vUQj+gewvhIO9kDpUBkkW5dGz6HsDxp6FLeZ0KOMTPZyRkwPHkC3Jee8vkTl2fFi7wjXhkWSpPe7H/RFdn6nHf5RSvM4aEwhkjD7E1lvf9lLRUXnISeFXFOdD3hpRXqT5yVP9O1S3Rk3b+i9HPlcw1vDmFHS5mZ+rXmxQSyHD8uuyCEL1Ri5IOz9XxycaJ/MHX2XaHWU+xgrQ2uvWrvhnibB3bhtf94GrHJQXRfjUc4nF3SG3937Fkdit5LozuDE3/mLoNN6PwXz13Z2acClpjiyOZQxpa2+TpwE5i2rWoZwsXv//yzohHbA30+qYSxJYQrYZ1XRyOSPFWSp3wwcuj8yMMqMJT2e75ZyWaHuoYuindOFW4VMR7pFppssnnbdLHvJGe5PZMSDxlyhUtkAK4p1nf2nEng3VjCBcn6UWK1po5DQmcLwkd0cQbWTLxHjH4sAtfyp7A8jsGLXrhWraMOOoU0JVkamZrq2BuSyaC5S7+KdvGCg3U= backupvm

38
roles/backup-vm/files/backup_priv_key Normal file
View File

@@ -0,0 +1,38 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA2gAT8vYdNPb1EI/oHsL4SDvZA6VAZJFuXRs+h7A8aehS3mdCjjEz
2ckZMDx5AtyXnvL5E5dnxYu8I14ZFkqT3ux/0RXZ+px3+UUrzOGhMIZIw+xNZb3/ZS0VF5
yEnhVxTnQ94aUV6k+clT/TtUt0ZN2/ovRz5XMNbw5hR0uZmfq15sUEshw/LrsghC9UYuSD
s/V8cnGifzB19l2h1lPsYK0Nrr1q74Z4mwd24bX/eBqxyUF0X41HOJxd0ht/d+xZHYreS6
M7gxN/5i6DTej8F89d2dmnApaY4sjmUMaWtvk6cBOYtq1qGcLF7//8s6IR2wN9PqmEsSWE
K2GdV0cjkjxVkqd8MHLo/MjDKjCU9nu+Wclmh7qGLop3ThVuFTEe6RaabLJ523Sx7yRnuT
2TEg8ZcoVLZACuKdZ39pxJ4N1YwgXJ+lFitaaOQ0JnC8JHdHEG1ky8R4x+LALX8qewPI7B
i164Vq2jDjqFNCVZGpma6tgbksmguUu/inbxgoN1AAAFiNBNJKrQTSSqAAAAB3NzaC1yc2
EAAAGBANoAE/L2HTT29RCP6B7C+Eg72QOlQGSRbl0bPoewPGnoUt5nQo4xM9nJGTA8eQLc
l57y+ROXZ8WLvCNeGRZKk97sf9EV2fqcd/lFK8zhoTCGSMPsTWW9/2UtFRechJ4VcU50Pe
GlFepPnJU/07VLdGTdv6L0c+VzDW8OYUdLmZn6tebFBLIcPy67IIQvVGLkg7P1fHJxon8w
dfZdodZT7GCtDa69au+GeJsHduG1/3gasclBdF+NRzicXdIbf3fsWR2K3kujO4MTf+Yug0
3o/BfPXdnZpwKWmOLI5lDGlrb5OnATmLatahnCxe///LOiEdsDfT6phLElhCthnVdHI5I8
VZKnfDBy6PzIwyowlPZ7vlnJZoe6hi6Kd04VbhUxHukWmmyyedt0se8kZ7k9kxIPGXKFS2
HISTORY_PURGED_SECRET
HISTORY_PURGED_SECRET
Mc8ZOELh69lmbawt4NE1+EI5eiZr5oRrlqpdtr5PO224iF5FZ5zgQ8esD9kx2BRDtoNHsK
fbTekaD7TyPFOY+4SD9rXCjwlQwPVC8SPCW+rks7BXqbmjFBH4P/iZOUHIrrJR4YgNbsyP
ru60JE3oWOclTCX/4iYzHB8XFDkGRYS3NpVjkKluYoMfJCOVmOI6MHxhj7f7LRMVRI+OG0
iXbg5gEeQPtavjB1aR3JuajYIRaxbJUzKCgE4+yeljvObSdG9THUiuFOTEkXcdtYnPu3uy
d2LcBQzLJ0BY6YvIoI4OFV6lqRRBXMleUSKzHFgkHUuRAKyPtVrE38HV/X5qQeBlg89/7/
XuwZDq+A7fSm95uj85bmrUXBKBog/F31UW+1P3lZ7j/ZxmcPwcJTJvPTFOSweynimeSZB/
lwFJpiDhxJjlfpWF0GxgIHdsjD4CZgSpSKCh/kI954f4HnhWEXbs8quoGwgrjIElTFAAAA
wEbaLe1mPdp8LsvOTbWNiF9eT5pKO2pwkJPINJ20ylxwYaap0Xda79shdskkxKTCwIFvoA
xjdE6B1HKqzsWHu7fiQ29/btdAZav+930tMSxemIwhNe9aHyOgoujNS8UaxaR/sSTnj19V
7DyetxFPGW1H1A/KKnPm+muqgO7KARHoQ+0x3I6pJzM+XHN5DT5FNSdtVm+xWCNsXwL4bk
HISTORY_PURGED_SECRET
yRrPXB1cRhrLYOJNX+ykl/xPPx4YeZmrDmNfzcC8DULC/5HkXEygpsxuzK1SbGM0eeQyMu
LboVYxgslC0QjIfDS3x7CYUMsrK1r1nleGxYFpXRBTqKty6nNR53Unum2QAsGW90xfoD1N
NEeb2d/wgG/QHmTh6BzJ6JYqjc/ATsqfR5aKoNnh1stRHu6TzrIK4Y/6e/HEoXElwOyeYX
DadG5VfnD4jglgQR78sHtaSSIpvCADAAAAwQDbdcgfXQ93mIDnk97aXbrR/tP76+0QmsM2
IImV3/mhnjwsYXHnYTBoci6t+L+zClpW2FIj532XKSBF+fxIOTpnMW4grKICivbWmcrCj+
aA+w+mshv4K1A+TDlzfW4c+UHpp26UopkaFMrG9hvNoDcREyYqERf1YnxZCLTGgNQLpDUa
rveYj+PzCjTzUzH2wgtNttIDWeekFxTJP/7a7sdaRe4DzMMn0B0UDVKGgKY7s5q1xL0IJq
8oXFJvSt894ScAAAASc2hlcHB5QGF0bGFudGlzcGFkAQ==
-----END OPENSSH PRIVATE KEY-----

3
roles/backup-vm/files/config Normal file
View File

@@ -0,0 +1,3 @@
Host *
User sheppy
IdentityFile ~/.ssh/backup_priv_key

42
roles/backup-vm/tasks/main.yaml
View File

@@ -30,3 +30,45 @@
repo: https://github.com/FAUSheppy/backup-tools repo: https://github.com/FAUSheppy/backup-tools
dest: /home/sheppy/backups/backup-tools/ dest: /home/sheppy/backups/backup-tools/
version: master version: master
- name: Create SSH Dir
file:
path: /home/sheppy/.ssh/
state: directory
owner: sheppy
group: sheppy
- name: Copy SSH config and backup priv key
copy:
src: "{{ item }}"
dest: "/home/sheppy/.ssh/{{ item }}"
owner: sheppy
group: sheppy
mode: 0600
with_items:
- backup_priv_key
- config
- name: template SLAPD backup script
template:
src: slapd_backup.sh
dest: /home/sheppy/
owner: sheppy
group: sheppy
mode: 0700
- name: Add slapd script to cron
cron:
minute: "10"
hour: "1"
name: SLAPD via rsync backup
job: /home/sheppy/slapd_backup.sh
user: sheppy
- name: Add ths nextcloud backup script to cron
cron:
minute: "0"
hour: "1"
name: THS Caldav Backup
job: /home/sheppy/ths_cal_backup.sh
user: sheppy

14
roles/backup-vm/templates/slapd_backup.sh Normal file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
set -e
DIR=/home/sheppy/slapd_backup
rsync -r --remove-source-files sheppy@192.168.122.112:$DIR /home/sheppy
~/backups/backup-tools/backup_manager.py --extensions ldif -- $DIR
rsync --delete --rsh="/usr/bin/sshpass -p HISTORY_PURGED_SECRET ssh -p23" -r slapd_backup/${BACKUP_NAME} u244665-sub2@u244665.your-storagebox.de:./
curl -H "Content-Type: application/json" \
-X POST https://async-icinga.atlantishq.de/ \
-d '{ "service" : "slapd_backup", "token" : "HISTORY_PURGED_SECRET", "status" : "OK", "info" : "" }'

16
roles/base/tasks/main.yaml
View File

@@ -24,3 +24,19 @@
src: check_dir_size_for_backup.py src: check_dir_size_for_backup.py
dest: /opt/check_dir_size_for_backup.py dest: /opt/check_dir_size_for_backup.py
mode: 0755 mode: 0755
- name: Create sheppy .ssh dir
file:
path: /home/sheppy/.ssh/
state: directory
owner: sheppy
group: sheppy
mode: 0700
- name: Template Sheppy authorized keys
template:
src: authorized_keys_sheppy.j2
dest: /home/sheppy/.ssh/authorized_keys
owner: sheppy
group: sheppy
mode: 0600

3
roles/base/templates/authorized_keys_sheppy.j2 Normal file
View File

@@ -0,0 +1,3 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDoUijFwmZaYHbueDsa3T2BV5UfMxKpztbuJwSBZ5s0WbZlg/9E9SHeGztaN/SCyQZdtOA7bR6tQMWhx4fadvrjg5BrN1bjpNUb2/rAxuWw0yU0Yp2CWwE02m+3bMj4pXeaI2Mk/Ywubfl88W2/OrUpbhHoYeedAIblyzuOwDTS9MpjD/ita89d4CM9AdhGBw3qaggtIxD8A5hULbJWe0D5KdtBFG8RFOmBaEb/tmBvdpwja3i17/AejUdjfjQv8G3BSTbKvOvMRwmnmoE5YCstwHIFqrlmqorSGQIVo5knfcSqgFxs2wDv4OOrPJTWcmr3LmN5lVjHkjtzRQ8zE9sB sheppy-master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDU2aDU+TOiOXzWpGDhqbpzFkhENPc0QYbsqfImaBIMlbSDs6gxuQRtO9QtqyThrDuPNWVQqooVRj5MgdR9i2uNd8eDr+HWhzuiymy+KAJm9e+E4VTvgTiD+EB0IKJ6Vqm86/M0nwLPu3KNY9k/jjG2DjKDNEqX5b6U9Psfq/HqB5NDNL/BvCTNknehSDCp8gyFYjrRijGz6vnVF8jfNGOaliJvwQI7GciV8/Q986J4RruF/KbIf2DhVjQogHOV1ZVtFpBffxA6+PkDR4kgLYnZM4L4WCHqOqS9Cen4lqJg+ZJMMDx/T0cWkJIdTq6+GUvNjNfrle6Ck72vT1aRAxpjNCo+w5FeV6PtSrE2yF6cLoca1ia7n9fBANI7Pb9WdPytLeBMvzGU3C8b2RilDS89Ri6UZr63YzDI1hmTVUCe73ct2aV5DnDw668Y3+9hT+vi2mC+zHcgfPfJ7erySDmxG1pi2yDlaJP9fLz4MMOtknTdq73nnQPF7MRbiHk1Ots= hypervisor
{{ extra_sheppy_pubkeys }}

9
roles/monitoring-master/files/services_async.conf
View File

@@ -180,3 +180,12 @@ apply Service "ths_caldav_backup" {
vars.service_name = "ths_caldav_backup" vars.service_name = "ths_caldav_backup"
assign where host.name == "async_icinga" assign where host.name == "async_icinga"
} }
apply Service "slapd_backup" {
import "generic-service"
check_command = "gateway"
vars.protocol = "https"
vars.host = "async-icinga.atlantishq.de"
vars.service_name = "slapd_backup"
assign where host.name == "async_icinga"
}

5
roles/sshd-config/tasks/main.yaml
View File

@@ -17,3 +17,8 @@
copy: copy:
src: authorized_keys src: authorized_keys
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
- name: Authorized Keys
copy:
src: authorized_keys_sheppy
dest: /home/sheppy/.ssh/authorized_keys

8
roles/usermanagement/files/slapd_backup.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
DIR=/home/sheppy/slapd_backup/
BACKUP_NAME=backup_$(date +%Y%m%d).ldif
mkdir -p $DIR
slapcat > ${DIR}${BACKUP_NAME}
chown -R sheppy:sheppy $DIR

13
roles/usermanagement/tasks/ldap.yaml
View File

@@ -118,3 +118,16 @@
- mail - mail
- soundlib - soundlib
- monitoring - monitoring
- name: Deploy Backup Script
copy:
src: slapd_backup.sh
dest: /opt/
mode: 0700
- name: Create cronjob Slapd backup
cron:
hour: "0"
minute: "30"
name: SLAPD Backup (slapcat)
job: "/opt/slapd_backup.sh"