Bedford Backup Master
Set Up Master Node for Borg Backup
This Ansible playbook configures the master node for Borg Backup in the Bedford environment. The playbook sets up a user, directories, and SSH keys required for the Borg Backup process. It ensures that the backup master is prepared to securely manage backups from other machines.
Play Variables
borg_username: The username for the Borg Backup user.borg_backup_location: The directory where Borg Backup data will be stored.borg_authorized_keys: List of authorized keys for remote hosts that are allowed to initiate backups.
Play Tasks
Check Existence of User
This task checks if the Borg Backup user already exists on the system.
Module:
ansible.builtin.command- name: Check existence of user ansible.builtin.command: "dscl . -read /Users/{{ borg_username }}" register: user_exists ignore_errors: trueCreate User
This task creates the Borg Backup user if it doesn’t exist.
Module:
ansible.builtin.command- name: Create user ansible.builtin.command: "dscl . -create /Users/{{ borg_username }}" when: user_exists.rc != 0Set User Shell, Real Name, Unique ID, Group ID, Home Directory
These tasks set various attributes for the Borg Backup user.
- name: Set User Shell ansible.builtin.command: "dscl . -create /Users/{{ borg_username }} UserShell /bin/bash" when: user_exists.rc != 0 - name: Set Real Name ansible.builtin.command: "dscl . -create /Users/{{ borg_username }} RealName '{{ borg_username }}'" when: user_exists.rc != 0 - name: Set Unique ID ansible.builtin.command: "dscl . -create /Users/{{ borg_username }} UniqueID 1337" when: user_exists.rc != 0 - name: Set Primary Group ID ansible.builtin.command: "dscl . -create /Users/{{ borg_username }} PrimaryGroupID 1337" when: user_exists.rc != 0 - name: Set Home Directory ansible.builtin.command: "dscl . -create /Users/{{ borg_username }} NFSHomeDirectory /Users/{{ borg_username }}" when: user_exists.rc != 0Give Admin Privileges
This task grants admin privileges to the Borg Backup user.
Module:
ansible.builtin.command- name: Give Admin Privileges ansible.builtin.command: "dscl . -append /Groups/admin GroupMembership {{ borg_username }}" when: user_exists.rc != 0Create Directories and Files
These tasks create necessary directories and files for the Borg Backup user.
- name: Create home directory ansible.builtin.file: path: "/Users/{{ borg_username }}" state: directory mode: "0700" owner: "{{ borg_username }}" when: user_exists.rc != 0 - name: Create SSH Directory ansible.builtin.file: path: "/Users/{{ borg_username }}/.ssh" state: directory mode: "0700" owner: "{{ borg_username }}" when: user_exists.rc != 0 - name: Create temp Directory ansible.builtin.file: path: "/Users/{{ borg_username }}/tmp" state: directory mode: "0700" owner: "{{ borg_username }}"Create BorgBackup Directory and Script
These tasks create the directory for Borg Backup and add a bootstrap script.
- name: Create borgbackup directory ansible.builtin.file: path: "{{ borg_backup_location }}" state: directory mode: "0700" owner: "{{ borg_username }}" - name: Add ssh bootstrap script ansible.builtin.template: src: "templates/borg_server.sh.j2" dest: "/Users/{{ borg_username }}/.ssh/borg_server.sh" mode: "0700" owner: "{{ borg_username }}"Add Authorized Keys
This task adds authorized keys to the Borg Backup user’s SSH configuration.
Module:
ansible.posix.authorized_key- name: Add authorized keys to master ansible.posix.authorized_key: user: "{{ borg_username }}" state: present key: "{{ item.key }}" key_options: 'command="/Users/{{ borg_username }}/.ssh/borg_server.sh {{ item.host }}",restrict' loop: "{{ borg_authorized_keys }}"
This playbook sets up the master node for Borg Backup, creating the necessary user, directories, and SSH keys to securely manage backup requests from remote hosts. It ensures that the master node is ready to coordinate backup operations.