From 6cd39e43c912c830bb44fc1723148688892e3c4e Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 25 Apr 2024 14:57:24 +0200 Subject: [PATCH 01/40] chore: rpl yes/no with true/false in defaults --- defaults/main.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0fe9ab8..3d0376d 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,10 +4,10 @@ # The client has these configuration parameters. # Backup existing configurations. -bareos_fd_backup_configurations: no +bareos_fd_backup_configurations: false # Install debug packages. This requires the debug repositories to be enabled. -bareos_fd_install_debug_packages: no +bareos_fd_install_debug_packages: false # The hostname of the File Daemon. bareos_fd_hostname: "{{ inventory_hostname }}" @@ -22,10 +22,10 @@ bareos_fd_message: "Standard" bareos_fd_maximum_concurrent_jobs: 20 # Enable TLS. -bareos_fd_tls_enable: yes +bareos_fd_tls_enable: true # Verify the peer. -bareos_fd_tls_verify_peer: no +bareos_fd_tls_verify_peer: false # The inteval in seconds to send a heartbeat. bareos_fd_heartbeat_interval: 0 @@ -52,8 +52,8 @@ bareos_fd_messages: - "!restored" description: "Send relevant messages to the Director." -# For encryption of data, set this to `yes`. -bareos_fd_encryption_enabled: no +# For encryption of data, set this to `true`. +bareos_fd_encryption_enabled: false # You may bring your own private key. If not specified, a new one will be generated. bareos_fd_encryption_private_key: "" From 32c31a66e34e746f97eb2bf68f1a7d946b6ac5c1 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 25 Apr 2024 17:14:56 +0200 Subject: [PATCH 02/40] feat(plugin): additional tasks for postgresql add first tasks to prepare FD to use the PostgreSQL backup plugin. added all vars to defaults for now. might need to move some to vars instead. --- defaults/main.yml | 19 ++++++++++++++++++ handlers/main.yml | 7 +++++++ tasks/main.yml | 17 +++++++++++++++-- tasks/plugins_postgresql.yml | 37 ++++++++++++++++++++++++++++++++++++ 4 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 tasks/plugins_postgresql.yml diff --git a/defaults/main.yml b/defaults/main.yml index 3d0376d..c921a7a 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -60,3 +60,22 @@ bareos_fd_encryption_private_key: "" # The master public key to use. bareos_fd_encryption_master_public_key: "" + +## +# defaults used by the bareos postgresql backup plugin +## + +# postgresql major version +bareos_fd_plugin_psql_version: 15 + +# the location of the postgresql.conf file +bareos_fd_plugin_psql_config: >- + /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/postgresql.conf + +# the location of the pg_hba.conf file +bareos_fd_plugin_psql_config_hba: >- + /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/pg_hba.conf + +# where to store the WAL archive data +bareos_fd_plugin_psql_wal_archive_location: >- + /var/lib/postgresql/{{ bareos_fd_plugin_psql_version }}/wal_archive diff --git a/handlers/main.yml b/handlers/main.yml index 73dea73..40769bf 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -9,3 +9,10 @@ ansible.builtin.service: name: "{{ bareos_fd_service }}" state: restarted + +# required for the PostgreSQL backup plugin +# only used when PostgreSQL is installed on the FD +- name: Reload postgresql + ansible.builtin.service: + name: postgresql.service + state: reloaded diff --git a/tasks/main.yml b/tasks/main.yml index 93b9423..e86e201 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -65,18 +65,31 @@ - Check configuration - Restart bareos-filedaemon -- name: Import encryption tasklist +- name: Import encryption tasks ansible.builtin.import_tasks: file: encryption.yml when: - bareos_fd_encryption_enabled -- name: Import plugin tasklist +- name: Import plugin tasks ansible.builtin.import_tasks: file: plugins.yml when: - bareos_fd_plugins is defined - bareos_fd_plugins is iterable + tags: + - plugins + +- name: Import postgresql plugin tasks + ansible.builtin.import_tasks: + file: plugins_postgresql.yml + when: + - bareos_fd_plugins is defined + - bareos_fd_plugins is iterable + - '"postgresql" in bareos_fd_plugins' + tags: + - plugins + - plugins::postgresql - name: Start bareos-filedaemon ansible.builtin.service: diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml new file mode 100644 index 0000000..e5ce63b --- /dev/null +++ b/tasks/plugins_postgresql.yml @@ -0,0 +1,37 @@ +--- + +- name: postgresql | Enable local peer access for root user + ansible.builtin.lineinfile: + path: "{{ bareos_fd_plugin_psql_config_hba }}" + line: "local all root peer" + state: present + backup: true + notify: Reload postgresql + +- name: postgresql | Make sure WAL archive dir is present + ansible.builtin.file: + state: directory + owner: postgres + group: postgres + mode: 0751 + path: "{{ bareos_fd_plugin_psql_wal_archive_location }}" + +- name: postgresql | Enable archive mode in config + ansible.builtin.blockinfile: + path: "{{ bareos_fd_plugin_psql_config }}" + block: | + archive_mode = on + archive_command = 'test ! -f {{ bareos_fd_plugin_psql_wal_archive }}/%f && cp %p {{ bareos_fd_plugin_psql_wal_archive }}/%f' + state: present + backup: true + notify: Reload postgresql + +- name: postgresql | Create plugin_defaults file + ansible.builtin.copy: + content: | + {{ ansible_managed | comment }} + wal_archive_dir={{ bareos_fd_plugin_psql_wal_archive }} + dest: "/etc/bareos/bareos-fd.d/plugin_postgresql_defaults.ini" + owner: root + group: root + mode: 0644 From b1e902628a44da32f72ced49a8e94880a16abb95 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 26 Apr 2024 14:40:11 +0200 Subject: [PATCH 03/40] chore(vars): move distro-specifics from defaults to vars --- defaults/main.yml | 12 ------------ vars/Debian.yml | 16 ++++++++++++++++ vars/RedHat.yml | 17 +++++++++++++++++ vars/RedHat_7.yml | 16 ++++++++++++++++ 4 files changed, 49 insertions(+), 12 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index c921a7a..18ac044 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -67,15 +67,3 @@ bareos_fd_encryption_master_public_key: "" # postgresql major version bareos_fd_plugin_psql_version: 15 - -# the location of the postgresql.conf file -bareos_fd_plugin_psql_config: >- - /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/postgresql.conf - -# the location of the pg_hba.conf file -bareos_fd_plugin_psql_config_hba: >- - /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/pg_hba.conf - -# where to store the WAL archive data -bareos_fd_plugin_psql_wal_archive_location: >- - /var/lib/postgresql/{{ bareos_fd_plugin_psql_version }}/wal_archive diff --git a/vars/Debian.yml b/vars/Debian.yml index 15fef7d..a87985d 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -26,3 +26,19 @@ bareos_fd_plugin_list: - name: mysql_xtrabackup packages: - bareos-filedaemon-percona-xtrabackup-python-plugin + +## +# bareos postgresql backup plugin +## + +# the location of the postgresql.conf file +bareos_fd_plugin_psql_config: >- + /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/postgresql.conf + +# the location of the pg_hba.conf file +bareos_fd_plugin_psql_config_hba: >- + /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/pg_hba.conf + +# where to store the WAL archive data +bareos_fd_plugin_psql_wal_archive: >- + /var/lib/postgresql/{{ bareos_fd_plugin_psql_version }}/wal_archive diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 8e8291d..2ed33f9 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -26,3 +26,20 @@ bareos_fd_plugin_list: - name: mysql_xtrabackup packages: - bareos-filedaemon-percona-xtrabackup-python-plugin + + +## +# bareos postgresql backup plugin +# + +# the location of the postgresql.conf file +bareos_fd_plugin_psql_config: >- + /var/lib/pgsql/data/postgresql.conf + +# the location of the pg_hba.conf file +bareos_fd_plugin_psql_config_hba: >- + /var/lib/pgsql/data/pg_hba.conf + +# where to store the WAL archive data +bareos_fd_plugin_psql_wal_archive: >- + /var/lib/pgsql/wal_archive diff --git a/vars/RedHat_7.yml b/vars/RedHat_7.yml index bd3fb08..ed83ba3 100644 --- a/vars/RedHat_7.yml +++ b/vars/RedHat_7.yml @@ -28,3 +28,19 @@ bareos_fd_plugin_list: - name: mysql_xtrabackup packages: - bareos-filedaemon-percona-xtrabackup-python-plugin + +## +# bareos postgresql backup plugin +# + +# the location of the postgresql.conf file +bareos_fd_plugin_psql_config: >- + /var/lib/pgsql/data/postgresql.conf + +# the location of the pg_hba.conf file +bareos_fd_plugin_psql_config_hba: >- + /var/lib/pgsql/data/pg_hba.conf + +# where to store the WAL archive data +bareos_fd_plugin_psql_wal_archive: >- + /var/lib/pgsql/wal_archive From 4a44667d88466b2c6faed77d15cf7744ce1ca78d Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 26 Apr 2024 14:41:06 +0200 Subject: [PATCH 04/40] feat(molecule): add postgresql scenario add separate scenario to test postgresql plugin. * separate requirements file in scenario directory * change container images to geerlingguy's * add role geerlingguy.postgresql to be able to run postgresql tests --- molecule/postgresql/collections.yml | 5 ++ molecule/postgresql/converge.yml | 126 +++++++++++++++++++++++++++ molecule/postgresql/molecule.yml | 29 ++++++ molecule/postgresql/prepare.yml | 55 ++++++++++++ molecule/postgresql/requirements.yml | 10 +++ molecule/postgresql/verify.yml | 37 ++++++++ 6 files changed, 262 insertions(+) create mode 100644 molecule/postgresql/collections.yml create mode 100644 molecule/postgresql/converge.yml create mode 100644 molecule/postgresql/molecule.yml create mode 100644 molecule/postgresql/prepare.yml create mode 100644 molecule/postgresql/requirements.yml create mode 100644 molecule/postgresql/verify.yml diff --git a/molecule/postgresql/collections.yml b/molecule/postgresql/collections.yml new file mode 100644 index 0000000..020687f --- /dev/null +++ b/molecule/postgresql/collections.yml @@ -0,0 +1,5 @@ +--- + +collections: + - name: community.docker + - name: community.general diff --git a/molecule/postgresql/converge.yml b/molecule/postgresql/converge.yml new file mode 100644 index 0000000..28f9637 --- /dev/null +++ b/molecule/postgresql/converge.yml @@ -0,0 +1,126 @@ +--- +- name: Converge + hosts: all + become: true + gather_facts: true + + roles: + - role: ansible-role-bareos_fd + bareos_fd_backup_configurations: true + bareos_fd_install_debug_packages: true + bareos_fd_encryption_enabled: true + bareos_fd_encryption_private_key: | + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAvFS5DDxBm2Hgf6LM2QnU3eKTw6PHpCBESjuqoKDnwnjL9wXH + GAO77b3lPXKFPZfrXUH41FxJt1wWuRXWjJfR4XI7RLmG5XGgbvKamnhCK48aZelN + oFa2Midto1Gydnb/I2I7GTA2fmx65mS4DTlXPn/phZJx9akUwJ1kRWVJgzuzimJ8 + 0YPqKbLPBRz86PWjAfTmYP4a7iuCTOlPqNIxGgCFUi5KIeFQZ3V8eO4iwVE8FhSK + /d1ykdiKlPAWjhcjDsTaQmWQd+IGi20bdzDrOevNUvaR7xGYbPczHDRVYveuEddl + 4up8teWGczQxiIYhIR6n0F9wqFK2AzZGbXOKBLkiPKocKQ/X1glEgLc1jy16YYA4 + vNXc3D+wxKNgnEcZ/YtDOZ746/k+4y8QuLaycA62BaD0hV/UxRHhJX1/gCkjkuU/ + F4ZFP52nMDlyB9uMY1rkUJgNWvgT/GyycPDHFJl04rAM+zl/wFHajy9Dfi8WxzKl + NILvDmSpoyZJww1mhKAFzkRf9ThtoZvs9ctA12QQJdSWWL9kPjJjw0RlBAwKnmBu + C/1wzBL3O9z8OSbJh9LixtfzR6X96ojgUxwQYsXcvcUopCHIAti6INRghbx4AWY8 + 5Jq4C8/OiY2LdHDBoxHY3gnqyKnzCqHZRbE2XUxkPkHXjoOlFX6KqYy49CkCAwEA + AQKCAgAAnUlyA4l5oEr8E3MEcxVR2E7nXi2SMNlKtLEskYwd7irk+S7lhCZJj4TF + iUUv639MZD/CB4ui2ytKV8LE4zue7y7ua0AFi6Nq829KAhHKs3UbMhw9J/vPqwq7 + 5fNIIo3plCLAnLZc6LyaB5BQfnu8DHCKblOx4i77nFYV4jbpMRJpmvX8Em+FZSIa + OT1r3GMf2FzLl5ZUK+ScgmknikFLZ26V8Rncp6jxZ+3XoF/xiRCpm2+Vgm5MK1aK + StsWEFSp6THmSBgt6iK5BaWuLam40crvWYrKrHxMgwIC/x9o44CXOORlN8l2XH6F + T+uxYTqrS7pbuHeo6ZOzMhXZbP5CCpNQdMrJMgtOJsdxoC9viKfAvSbvl+tlwMeb + pAcSxBQ69DRcxbR/Mb5AdZ0KQObdxeeRdHfJBcZypzuARfhxIKqGKVKtxUSE+Gc1 + kq7X9rdqxEBmDHULxnDfqjtf2LVqZao3moCbMqs+sX2rP7pD7TSlnsLNdsDx3yud + X1583lSxSCWIt4i74Elep1BEelO1S+cv0n60czT6IPkpkhr+/X8Vzu48oaGwFvoO + XUFMvzjNZbUv4/FcbISjcnuuXFGQZY9vXvhGtgnwQ+twOyllaGMvogEg0gNSOy1+ + 8yLNrN3QiZlKjFhIBNsJLCvmq5l3u09ijlGl5AxNoYE4wyLg/QKCAQEA4XVLlYeR + zYXibWlYJHdxf7rHnnbUwdww8NRdi6If/48MjEkHrHHK1K+4j/JoKuaKT1kOT9Mk + DgFQJYWXYPo6gFEXLqmjrAVDrHUFPi0Va5F6u/6I18jVmwJzvAkdO79LGNewmawL + mluA/SZAq12nnncbJGA1zn2nTri1Ld/2az1IztYEZGpJf6SU7HQIGqV5hKYTS1NV + TL9wehaCht0RiZh+xOZTENpuCgslBPI7NN82kAAD3/jtbOf37QJ7pkVYhC38r8Vo + dhdOR1STC/30IybiPYacHFTOIhtpbAD5CMkH6/Y5+40LAboqP9uO1rKHSJamj2kn + NqUHIhoi3nz87QKCAQEA1dfisgifNE25MsS5QvFMffuJwe7fyrZlDPnfxuqjEYfw + /Oi/FJ8Ov1tu/9FSkDzFuu+gKHLQ06OVKLJXCdsKSz4uVK+5LLAxbHn8APEarHU/ + ZjC8NV0g+lJhSOAEHnYAZOBipCt0eBZA0eoxDLk3U7ZpvdgUA3VwaWxsSCfGdkcs + CtS3GVLKX5IvufY0DXEHTOXdM0lN0F7lzN2lNeqW/7eBItSUACmT5zaljhpRXWBO + ivdicD6jX5v8egwxRS1hIQr+8XRtY7xILBMlOw0y3oxtjv6jPdX0wpc1TdjyN2eB + RlyP5ifNMrve+3e5640rhtoAUdheSner6ncvexEorQKCAQBaE8sHCwst2fgFTrlw + mGg4aB+pKEEI0ziaf76AM14ldLnGssbmFvC62RocKPWFbmaEHUiii/Ezx0KGO0Gn + 9VG6QqvIcO57o/7NwFM/7DNKru0ifyedTxhIvkoPLnUHkf4nBsYAH8Ti/vwiKE5e + KST3Iw8tEWNuBLX7tcBte7WwUuPr/4XxuKV04gS+E/3I56QNY20CA2FpMHN309aC + m4COQOclNACsExkz2hAIUd9l2GisT9U8fvAdOvDLONq+K6aZ6OW0NGLwC4+y4A+A + Ew6fnMF3Y3iruRZCekE8bYcSA3+uvsmbv1ZOclq++LGxBdMXJVmWoqSQKI8ZCOg1 + jCphAoIBAEmpLuaiv6x1pXjOeP6NPgsbjW1nSmF6iL56iFHt2zQbvrBvv/pre9oA + tfCa+zTCKl5lUqb8PeDZNXUqUX8Mm7QlfDIhwciZ/LxgHKV6Z/TGAovB9+Lt7IEt + xWMj/2c6wJH/FRt1+I2xJKzqXfEDEALfD/ecKfCzEIDQH1CPmvZ9N7eXZGbttNZM + 9fG51F5Y8+nSOGsFMi+3sLLsGo/C+jal0G7eCQkxSUhY85hKioJ+vS9zXc5KVV6G + zeaAsqwgoJeQQReNQm0bm0TLZ4S63C3683ZRUovnWoN5MJxbQbxCBC7njY37Ydy7 + CGlY6YsxOrAeAgQvYvOF24tNeOaMl5UCggEBAJ7LRUjNlGZ4xcCLNRIV9imXxo48 + eQiDC298h+wPzKOjFNp7c/+QQZRsVaKJLIY2FnsEA4ZJZx+oT4wL/3smYCBP/aMD + vLWTarp6unKnzvopBMarFpk3RTqzv8txMjz3kr8WiIhr8geFagjE/ujcuBOu17k8 + /qc6HNLy0e4bK648oBAq4C5qxid33zc06eRed2EOSqXdHwHgfBKlRwqCIYkiWlq/ + SWAk+9svFT9HvziCtFzH5GdsM24W0KtOsTxUiil89ybQW2uWWm5HB3OuATmb0JZA + cz+WiXCcYLVId8gl/hXkKBjRVEhhKsmnab8Jg2HlwGXuAdwqP5/GwxsM41g= + -----END RSA PRIVATE KEY----- + bareos_fd_encryption_master_public_key: | + -----BEGIN CERTIFICATE----- + MIIDyjCCArKgAwIBAgIJAIAjOIGqAGRwMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD + VQQGEwJOTDEQMA4GA1UECAwHVVRSRUNIVDESMBAGA1UEBwwJQnJldWtlbGVuMSIw + IAYDVQQKDBlBZGZpbmlzIElUIE5lZGVybGFuZCBCLlYuMQ8wDQYDVQQDDAZiYXJl + b3MxKDAmBgkqhkiG9w0BCQEWGXJvYmVydC5kZWJvY2tAYWRmaW5pcy5jb20wHhcN + MjMwOTExMDg1MzA0WhcNMjMxMDExMDg1MzA0WjCBkjELMAkGA1UEBhMCTkwxEDAO + BgNVBAgMB1VUUkVDSFQxEjAQBgNVBAcMCUJyZXVrZWxlbjEiMCAGA1UECgwZQWRm + aW5pcyBJVCBOZWRlcmxhbmQgQi5WLjEPMA0GA1UEAwwGYmFyZW9zMSgwJgYJKoZI + hvcNAQkBFhlyb2JlcnQuZGVib2NrQGFkZmluaXMuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAxFjcLKHDTf8dcT4kKtyZlIh4Zh7zNglaa6SJNBGW + pmcvtgfR9aBCDbcEphcssdytrXIiLsCEfv1h63o58UXePKYJMtNzbn6NNyzamxB9 + CM4oHWr/td8i6fYaYXmqOxOimX707joWPlTB9+/rKWFrxwyg08oVGFdBNR6GmWek + Y5aRaEMwRBhh+bSVR9/Rj/QmqlF9pCB9/TtY3hhBdQkcy1tLTDo7Mf/Z4gLpk7d2 + vRmpvVY8JloXjzuJNgVNbzY09pylqe78m9UsrJGBlzocZO5+AnO7wsqMAtUvplOM + oE7GHrg1FpfLjY3bqTQka/fVd1bDt5eDjAJnPqO1RYpKjQIDAQABoyEwHzAdBgNV + HQ4EFgQURTeY0pPxExJwTelsdBXr5PxgOdAwDQYJKoZIhvcNAQELBQADggEBALCi + urw+j1Yg2QDkOzMxmr6r0O/kF3WfrfpcevOCGVN0GxdxP/nGcfAh8feq4xj4oAnS + 2CyhNfPPi+rIO1T0EkZWwL/kTByMGoR9Qc+juMgJ1HTYP6nEnBOXPMo1OyUdK5K3 + MefQpNgHdWNSjWtLuW3YW8rkIeF8ZjmlXOSmBdOmqFi7p3OwwF8FnuXze1RLTgPL + VeI8D8DtzbX+mocuYxfIAFEmRXAmMeimXgwrVyI+w8+3IRGw8rDje0pFZX5X2aED + Gcz2IVF2cw5k1ryYW5kN027oK9igd8qc6dcJC6nMJw1kLbBdo68Eq3EOx92Fljlg + Wa7Dw2pD6yQGl/dfgQg= + -----END CERTIFICATE----- + bareos_fd_directors: + - name: "bareos-dir" + password: "secretpassword" + monitor: false + connection_from_client_to_director: true + connection_from_director_to_client: false + tls_enable: true + tls_verify_peer: false + - name: "disabled-director" + enabled: false + bareos_fd_messages: + - name: "Standard" + director: + server: bareos-dir + messages: + - all + - "!skipped" + - "!restored" + description: "Send relevant messages to the Director." + append: + file: "/var/log/bareos/bareos.log" + messages: + - all + - "!skipped" + - "!terminate" + console: + - all + - "!skipped" + - "!saved" + - name: "disabled-message" + enabled: false + bareos_fd_plugins: + - mariabackup + - mysql + - mysql_xtrabackup + - postgresql + # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` + # has broken dependencies on Debian (python-ldap instead of python3-ldap) + # - ldap diff --git a/molecule/postgresql/molecule.yml b/molecule/postgresql/molecule.yml new file mode 100644 index 0000000..866550c --- /dev/null +++ b/molecule/postgresql/molecule.yml @@ -0,0 +1,29 @@ +--- +# +# Ansible managed +# + +dependency: + name: galaxy + options: + role-file: molecule/postgresql/requirements.yml + requirements-file: molecule/postgresql/requirements.yml +lint: | + set -e + yamllint . + ansible-lint +driver: + name: podman +platforms: + - name: "bareosfd-${MOLECULE_DISTRO:-fedora38}-${tag:-latest}${TOX_ENVNAME}" + image: "geerlingguy/docker-${MOLECULE_DISTRO:-fedora38}-ansible:latest" + command: /sbin/init + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + privileged: yes + pre_build_image: yes + systemd: true +provisioner: + name: ansible +verifier: + name: ansible diff --git a/molecule/postgresql/prepare.yml b/molecule/postgresql/prepare.yml new file mode 100644 index 0000000..b77b6f7 --- /dev/null +++ b/molecule/postgresql/prepare.yml @@ -0,0 +1,55 @@ +--- +- name: Prepare + hosts: all + become: true + gather_facts: true + + pre_tasks: + + - name: RPM Block + when: + - ansible_facts.os_family == "RedHat" or + ansible_facts.os_family == "Fedora" + block: + - name: Install locales + ansible.builtin.package: + name: + - glibc-common + - glibc-locale-source + state: present + + - name: Set locales + ansible.builtin.command: + cmd: localedef --inputfile=en_US --charmap=UTF-8 en_US.UTF-8 + + - name: DEB Block + when: + - ansible_facts.os_family == "Debian" or + ansible_facts.os_family == "Ubuntu" + block: + - name: Update Apt cache + ansible.builtin.apt: + update_cache: true + + - name: Install locales + ansible.builtin.package: + name: locales + state: present + + - name: Ensure locales exist + community.general.locale_gen: + name: en_US.UTF-8 + state: present + + roles: + - role: robertdebock.bootstrap + - role: adfinis.bareos_repository + bareos_repository_enable_tracebacks: true + + - role: geerlingguy.postgresql + postgresql_databases: + - name: test + postgresql_users: + - name: test + password: test + db: test diff --git a/molecule/postgresql/requirements.yml b/molecule/postgresql/requirements.yml new file mode 100644 index 0000000..5fe169b --- /dev/null +++ b/molecule/postgresql/requirements.yml @@ -0,0 +1,10 @@ +--- + +roles: + - name: robertdebock.bootstrap + - name: geerlingguy.postgresql + - name: adfinis.bareos_repository + +collections: + - name: community.crypto + - name: community.general diff --git a/molecule/postgresql/verify.yml b/molecule/postgresql/verify.yml new file mode 100644 index 0000000..ce04826 --- /dev/null +++ b/molecule/postgresql/verify.yml @@ -0,0 +1,37 @@ +--- +- name: Verify + hosts: all + become: true + gather_facts: true + + tasks: + - name: Check if port 9102 is listening + ansible.builtin.wait_for: + port: 9102 + + - name: Test configuration for warnings + ansible.builtin.command: + cmd: bareos-fd --test-config + become_user: bareos + register: bareos_fd_test_config + failed_when: + - bareos_fd_test_config.stdout_lines is search("There are configuration warnings") + + # have to be specified in converge.yml: `bareos_fd_plugins` + - name: Check if plugin packages were installed + ansible.builtin.package: + name: + - bareos-filedaemon-mariabackup-python-plugin + - bareos-filedaemon-postgresql-python-plugin + - bareos-filedaemon-postgresql-python-plugin + - bareos-filedaemon-percona-xtrabackup-python-plugin + # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` + # has broken dependencies on Debian (python-ldap instead of python3-ldap) + # - bareos-filedaemon-ldap-python-plugin + state: present + check_mode: true + diff: true + register: _result + failed_when: _result.changed + when: + - ansible_facts.os_family != "Archlinux" # not supported for FD Plugins From 8351db02b56ac644d5aef91e46f6be84b649b9a2 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 26 Apr 2024 14:44:17 +0200 Subject: [PATCH 05/40] fix(plugin): syntax fixes plugins_postgresql.yml --- requirements.yml | 1 + tasks/plugins_postgresql.yml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/requirements.yml b/requirements.yml index 0ee4cb4..c7f216c 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,4 +1,5 @@ --- + roles: - name: robertdebock.bootstrap - name: adfinis.bareos_repository diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index e5ce63b..a4ba122 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -14,7 +14,7 @@ owner: postgres group: postgres mode: 0751 - path: "{{ bareos_fd_plugin_psql_wal_archive_location }}" + path: "{{ bareos_fd_plugin_psql_wal_archive }}" - name: postgresql | Enable archive mode in config ansible.builtin.blockinfile: @@ -29,7 +29,7 @@ - name: postgresql | Create plugin_defaults file ansible.builtin.copy: content: | - {{ ansible_managed | comment }} + # File is managed by Ansible. Do not modify locally! wal_archive_dir={{ bareos_fd_plugin_psql_wal_archive }} dest: "/etc/bareos/bareos-fd.d/plugin_postgresql_defaults.ini" owner: root From d50d14d288af7f5808a305ca057f3f2060511ff1 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 26 Apr 2024 14:58:18 +0200 Subject: [PATCH 06/40] fix(ci): define molecule scenario to default postgresql scenario should be excluded from CI for now. --- .github/workflows/molecule.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 917b971..19fade5 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -65,3 +65,4 @@ jobs: with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} + scenario: default From b66a7108401e7a62829245e13ee5cc53db1faad9 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 26 Apr 2024 15:05:07 +0200 Subject: [PATCH 07/40] fix(ci): exclude scenario postgresql from lint --- .github/workflows/molecule.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 19fade5..85e84ea 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -21,6 +21,9 @@ jobs: uses: actions/checkout@v3 - name: ansible-lint uses: ansible-community/ansible-lint-action@main + with: + args: "--exclude=molecule/postgresql/*" + test: needs: - lint From 90ed8fb4ce9f6c6175a7540d897a002c79d6f201 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 13:52:54 +0200 Subject: [PATCH 08/40] fix(ci): exclude postgresql scenario, update ansible-lint action --- .ansible-lint | 1 + .github/workflows/molecule.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.ansible-lint b/.ansible-lint index 937b336..760a521 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -7,6 +7,7 @@ exclude_paths: - molecule/default/converge.yml - molecule/default/verify.yml - molecule/default/collections.yml + - molecule/postgresql - .tox - .cache - .github diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 85e84ea..2ab70eb 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -20,7 +20,8 @@ jobs: - name: checkout uses: actions/checkout@v3 - name: ansible-lint - uses: ansible-community/ansible-lint-action@main + #uses: ansible-community/ansible-lint-action@main + uses: ansible/ansible-lint@main with: args: "--exclude=molecule/postgresql/*" From 2a2e692fb90a39327945367fa1ef3ee967dcf3c3 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 13:54:25 +0200 Subject: [PATCH 09/40] fix(lint): task names, file mode --- tasks/plugins_postgresql.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index a4ba122..d3477bd 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -1,22 +1,22 @@ --- -- name: postgresql | Enable local peer access for root user +- name: plugins_postgresql | Enable local peer access for root user ansible.builtin.lineinfile: path: "{{ bareos_fd_plugin_psql_config_hba }}" - line: "local all root peer" + line: "local all root peer" state: present backup: true notify: Reload postgresql -- name: postgresql | Make sure WAL archive dir is present +- name: plugins_postgresql | Make sure WAL archive dir is present ansible.builtin.file: state: directory owner: postgres group: postgres - mode: 0751 + mode: "0751" path: "{{ bareos_fd_plugin_psql_wal_archive }}" -- name: postgresql | Enable archive mode in config +- name: plugins_postgresql | Enable archive mode in config ansible.builtin.blockinfile: path: "{{ bareos_fd_plugin_psql_config }}" block: | @@ -26,7 +26,7 @@ backup: true notify: Reload postgresql -- name: postgresql | Create plugin_defaults file +- name: plugins_postgresql | Create plugin_defaults file ansible.builtin.copy: content: | # File is managed by Ansible. Do not modify locally! @@ -34,4 +34,4 @@ dest: "/etc/bareos/bareos-fd.d/plugin_postgresql_defaults.ini" owner: root group: root - mode: 0644 + mode: "0644" From 8c8cf15ec9aeffb7410296c47b67df1b4c5ef561 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 17:22:55 +0200 Subject: [PATCH 10/40] feat(ci): separate scenarios to different jobs Run scenario "postgresql" separately after scenario "default" has passed successfully. Removed postgresql plugin from default scenario to avoid issues. --- .github/workflows/molecule.yml | 13 ++++++++++--- molecule/default/converge.yml | 1 - molecule/postgresql/converge.yml | 7 +------ molecule/postgresql/prepare.yml | 2 +- 4 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 2ab70eb..bc1cb35 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -20,10 +20,7 @@ jobs: - name: checkout uses: actions/checkout@v3 - name: ansible-lint - #uses: ansible-community/ansible-lint-action@main uses: ansible/ansible-lint@main - with: - args: "--exclude=molecule/postgresql/*" test: needs: @@ -60,13 +57,23 @@ jobs: uses: actions/checkout@v3 with: path: "${{ github.repository }}" + - name: disable apparmor for mysql run: sudo ln -s /etc/apparmor.d/usr.sbin.mysqld /etc/apparmor.d/disable/ + - name: parse apparmor for mysql run: sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld + - name: molecule uses: robertdebock/molecule-action@6.0.0 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} scenario: default + + - name: molecule postgresql plugin scenario + uses: robertdebock/molecule-action@6.0.0 + with: + image: ${{ matrix.config.image }} + tag: ${{ matrix.config.tag }} + scenario: postgresql diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 28f9637..dfc27bb 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -120,7 +120,6 @@ - mariabackup - mysql - mysql_xtrabackup - - postgresql # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` # has broken dependencies on Debian (python-ldap instead of python3-ldap) # - ldap diff --git a/molecule/postgresql/converge.yml b/molecule/postgresql/converge.yml index 28f9637..fdff7ed 100644 --- a/molecule/postgresql/converge.yml +++ b/molecule/postgresql/converge.yml @@ -1,4 +1,5 @@ --- + - name: Converge hosts: all become: true @@ -117,10 +118,4 @@ - name: "disabled-message" enabled: false bareos_fd_plugins: - - mariabackup - - mysql - - mysql_xtrabackup - postgresql - # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` - # has broken dependencies on Debian (python-ldap instead of python3-ldap) - # - ldap diff --git a/molecule/postgresql/prepare.yml b/molecule/postgresql/prepare.yml index b77b6f7..70c7641 100644 --- a/molecule/postgresql/prepare.yml +++ b/molecule/postgresql/prepare.yml @@ -5,7 +5,6 @@ gather_facts: true pre_tasks: - - name: RPM Block when: - ansible_facts.os_family == "RedHat" or @@ -43,6 +42,7 @@ roles: - role: robertdebock.bootstrap + - role: adfinis.bareos_repository bareos_repository_enable_tracebacks: true From b8b75fc624b1e609ec0d72fa313ddd9770dd10b1 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 17:28:58 +0200 Subject: [PATCH 11/40] fix(molecule): update verify.yml for both scenarios --- molecule/default/verify.yml | 3 +-- molecule/postgresql/verify.yml | 6 ------ 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index ce04826..f4d3bbc 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -22,9 +22,8 @@ ansible.builtin.package: name: - bareos-filedaemon-mariabackup-python-plugin - - bareos-filedaemon-postgresql-python-plugin - - bareos-filedaemon-postgresql-python-plugin - bareos-filedaemon-percona-xtrabackup-python-plugin + # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` # has broken dependencies on Debian (python-ldap instead of python3-ldap) # - bareos-filedaemon-ldap-python-plugin diff --git a/molecule/postgresql/verify.yml b/molecule/postgresql/verify.yml index ce04826..f03b011 100644 --- a/molecule/postgresql/verify.yml +++ b/molecule/postgresql/verify.yml @@ -21,13 +21,7 @@ - name: Check if plugin packages were installed ansible.builtin.package: name: - - bareos-filedaemon-mariabackup-python-plugin - bareos-filedaemon-postgresql-python-plugin - - bareos-filedaemon-postgresql-python-plugin - - bareos-filedaemon-percona-xtrabackup-python-plugin - # TODO disabled as package `bareos-filedaemon-ldap-python-plugin` - # has broken dependencies on Debian (python-ldap instead of python3-ldap) - # - bareos-filedaemon-ldap-python-plugin state: present check_mode: true diff: true From a9225b72d575a458835b3a069bd0052e6043af38 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 17:56:30 +0200 Subject: [PATCH 12/40] fix(ci): separate GitHub action for postgresql test --- .github/workflows/molecule.yml | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index bc1cb35..e5dc4d7 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -45,7 +45,7 @@ jobs: - image: "fedora" tag: "38" - image: "fedora" - tag: "latest" + tag: "39" - image: "opensuse" tag: "latest" - image: "ubuntu" @@ -71,9 +71,31 @@ jobs: tag: ${{ matrix.config.tag }} scenario: default + test_postgresql: + needs: + - lint + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + config: + - image: "debian" + tag: "latest" + - image: "fedora" + tag: "39" + - image: "ubuntu" + tag: "focal" + steps: + - name: checkout + uses: actions/checkout@v3 + with: + path: "${{ github.repository }}" + - name: molecule postgresql plugin scenario uses: robertdebock/molecule-action@6.0.0 with: image: ${{ matrix.config.image }} tag: ${{ matrix.config.tag }} - scenario: postgresql + options: "-s postgresql" + # TODO `scenario` option seems to be broken in robertdebock/molecule-actions + # scenario: postgresql From ccfed7b8d02b00f736cb84b97046a80f784fa62c Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 18:04:05 +0200 Subject: [PATCH 13/40] fix(ci): use different molecule action as scenario is not working --- .github/workflows/molecule.yml | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index e5dc4d7..d2cb977 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -92,10 +92,7 @@ jobs: path: "${{ github.repository }}" - name: molecule postgresql plugin scenario - uses: robertdebock/molecule-action@6.0.0 + uses: gofrolist/molecule-action@v2 with: - image: ${{ matrix.config.image }} - tag: ${{ matrix.config.tag }} - options: "-s postgresql" - # TODO `scenario` option seems to be broken in robertdebock/molecule-actions - # scenario: postgresql + molecule_command: test + molecule_args: "--scenario-name postgresql" From c90b4f233e44714dd5d4ee402c15eac7cc6a395b Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Thu, 2 May 2024 18:25:56 +0200 Subject: [PATCH 14/40] fix(molecule): switch back to docker driver --- molecule/postgresql/molecule.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/molecule/postgresql/molecule.yml b/molecule/postgresql/molecule.yml index 866550c..b3012d2 100644 --- a/molecule/postgresql/molecule.yml +++ b/molecule/postgresql/molecule.yml @@ -13,7 +13,7 @@ lint: | yamllint . ansible-lint driver: - name: podman + name: docker platforms: - name: "bareosfd-${MOLECULE_DISTRO:-fedora38}-${tag:-latest}${TOX_ENVNAME}" image: "geerlingguy/docker-${MOLECULE_DISTRO:-fedora38}-ansible:latest" From 6b90e134769b8ca1711f7e31661060d536192fd6 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 09:52:11 +0200 Subject: [PATCH 15/40] fix(ci): fix plattforms and images for postgresql scenario --- .github/workflows/molecule.yml | 9 +++------ molecule/postgresql/molecule.yml | 4 ++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index d2cb977..665eded 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -79,12 +79,9 @@ jobs: fail-fast: false matrix: config: - - image: "debian" - tag: "latest" - - image: "fedora" - tag: "39" - - image: "ubuntu" - tag: "focal" + - image: "debian12" + - image: "fedora39" + - image: "ubuntu2204" steps: - name: checkout uses: actions/checkout@v3 diff --git a/molecule/postgresql/molecule.yml b/molecule/postgresql/molecule.yml index b3012d2..e9b581e 100644 --- a/molecule/postgresql/molecule.yml +++ b/molecule/postgresql/molecule.yml @@ -15,8 +15,8 @@ lint: | driver: name: docker platforms: - - name: "bareosfd-${MOLECULE_DISTRO:-fedora38}-${tag:-latest}${TOX_ENVNAME}" - image: "geerlingguy/docker-${MOLECULE_DISTRO:-fedora38}-ansible:latest" + - name: "bareosfd-${image:-fedora38}-${tag:-latest}${TOX_ENVNAME}" + image: "geerlingguy/docker-${image:-fedora38}-ansible:latest" command: /sbin/init volumes: - /sys/fs/cgroup:/sys/fs/cgroup:ro From 0b1cedcd57a40e6e189d7a58856f697a5bee1ad0 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 10:08:43 +0200 Subject: [PATCH 16/40] fix(ci): fix postgresql scenario --- molecule/postgresql/prepare.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/molecule/postgresql/prepare.yml b/molecule/postgresql/prepare.yml index 70c7641..a1a8291 100644 --- a/molecule/postgresql/prepare.yml +++ b/molecule/postgresql/prepare.yml @@ -1,8 +1,16 @@ --- + - name: Prepare hosts: all become: true gather_facts: true + vars: + postgresql_databases: + - name: test + postgresql_users: + - name: test + password: test + db: test pre_tasks: - name: RPM Block @@ -47,9 +55,3 @@ bareos_repository_enable_tracebacks: true - role: geerlingguy.postgresql - postgresql_databases: - - name: test - postgresql_users: - - name: test - password: test - db: test From 16bf488c93c135d0c328f6c35be64aa7bca6aba8 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 10:13:21 +0200 Subject: [PATCH 17/40] fix(ci): add community.postgresql requirement --- molecule/postgresql/molecule.yml | 5 +---- molecule/postgresql/requirements.yml | 1 + 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/molecule/postgresql/molecule.yml b/molecule/postgresql/molecule.yml index e9b581e..a88df95 100644 --- a/molecule/postgresql/molecule.yml +++ b/molecule/postgresql/molecule.yml @@ -1,7 +1,4 @@ --- -# -# Ansible managed -# dependency: name: galaxy @@ -15,7 +12,7 @@ lint: | driver: name: docker platforms: - - name: "bareosfd-${image:-fedora38}-${tag:-latest}${TOX_ENVNAME}" + - name: "bareosfd-${image:-fedora38}${TOX_ENVNAME}" image: "geerlingguy/docker-${image:-fedora38}-ansible:latest" command: /sbin/init volumes: diff --git a/molecule/postgresql/requirements.yml b/molecule/postgresql/requirements.yml index 5fe169b..42f2b8f 100644 --- a/molecule/postgresql/requirements.yml +++ b/molecule/postgresql/requirements.yml @@ -8,3 +8,4 @@ roles: collections: - name: community.crypto - name: community.general + - name: community.postgresql From 4397e957d81c67554447baf408686a087cc943f7 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 10:37:53 +0200 Subject: [PATCH 18/40] fix(ci): set image env to use correct distro --- .github/workflows/molecule.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 665eded..e059982 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -93,3 +93,5 @@ jobs: with: molecule_command: test molecule_args: "--scenario-name postgresql" + env: + image: ${{ matrix.config.image }} From 39e891a4299eb004985f66813a34f511e471dc66 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 11:58:31 +0200 Subject: [PATCH 19/40] feat(plugin): rpl copy w template task, lineinfile regexp match --- tasks/plugins_postgresql.yml | 7 +++---- templates/plugin_postgresql_defaults.ini.j2 | 2 ++ 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 templates/plugin_postgresql_defaults.ini.j2 diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index d3477bd..6adafe5 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -4,6 +4,7 @@ ansible.builtin.lineinfile: path: "{{ bareos_fd_plugin_psql_config_hba }}" line: "local all root peer" + regexp: '^local\\s+all\\s+root\\s+peer$' # match for any amount of spaces state: present backup: true notify: Reload postgresql @@ -27,10 +28,8 @@ notify: Reload postgresql - name: plugins_postgresql | Create plugin_defaults file - ansible.builtin.copy: - content: | - # File is managed by Ansible. Do not modify locally! - wal_archive_dir={{ bareos_fd_plugin_psql_wal_archive }} + ansible.builtin.template: + src: "templates/plugin_postgresql_defaults.ini.j2" dest: "/etc/bareos/bareos-fd.d/plugin_postgresql_defaults.ini" owner: root group: root diff --git a/templates/plugin_postgresql_defaults.ini.j2 b/templates/plugin_postgresql_defaults.ini.j2 new file mode 100644 index 0000000..192e854 --- /dev/null +++ b/templates/plugin_postgresql_defaults.ini.j2 @@ -0,0 +1,2 @@ +{{ ansible_managed | comment }} +wal_archive_dir={{ bareos_fd_plugin_psql_wal_archive | default("") }} From dbc65a1f940fe44c612d204ff76b32207aff53a9 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 13:36:04 +0200 Subject: [PATCH 20/40] feat(plugin): update path vars postgresql --- vars/Debian.yml | 7 +++++-- vars/RedHat.yml | 9 ++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/vars/Debian.yml b/vars/Debian.yml index a87985d..75d1a32 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -31,13 +31,16 @@ bareos_fd_plugin_list: # bareos postgresql backup plugin ## +bareos_fd_plugin_psql_root_dir: >- + /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main + # the location of the postgresql.conf file bareos_fd_plugin_psql_config: >- - /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/postgresql.conf + {{ bareos_fd_plugin_psql_root_dir}}/postgresql.conf # the location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- - /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main/pg_hba.conf + {{ bareos_fd_plugin_psql_root_dir}}/pg_hba.conf # where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 2ed33f9..62cf90b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -32,14 +32,17 @@ bareos_fd_plugin_list: # bareos postgresql backup plugin # +bareos_fd_plugin_psql_root_dir: >- + /var/lib/pgsql/data + # the location of the postgresql.conf file bareos_fd_plugin_psql_config: >- - /var/lib/pgsql/data/postgresql.conf + {{ bareos_fd_plugin_psql_root_dir}}/postgresql.conf # the location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- - /var/lib/pgsql/data/pg_hba.conf + {{ bareos_fd_plugin_psql_root_dir}}/pg_hba.conf # where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- - /var/lib/pgsql/wal_archive + /var/lib/pgsql/wal_archive From b4d2cfdf017474d83bb1afab5d70a97d444519dd Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 13:37:44 +0200 Subject: [PATCH 21/40] feat(plugin): use template for postgresql config, improve lineinfile Add Ansible managed comments to lineinfile, update regexp --- tasks/plugins_postgresql.yml | 32 +++++++++++++++---- ...ugin_postgresql_bareos_wal_archive.conf.j2 | 3 ++ 2 files changed, 28 insertions(+), 7 deletions(-) create mode 100644 templates/plugin_postgresql_bareos_wal_archive.conf.j2 diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index 6adafe5..8a0a21e 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -3,8 +3,10 @@ - name: plugins_postgresql | Enable local peer access for root user ansible.builtin.lineinfile: path: "{{ bareos_fd_plugin_psql_config_hba }}" - line: "local all root peer" - regexp: '^local\\s+all\\s+root\\s+peer$' # match for any amount of spaces + line: >- + local all root peer # Ansible managed: + Do NOT remove line manually! Managed by bareos_fd role + regexp: '^local\s+all\s+root\s+peer' # match for any amount of spaces state: present backup: true notify: Reload postgresql @@ -17,16 +19,32 @@ mode: "0751" path: "{{ bareos_fd_plugin_psql_wal_archive }}" -- name: plugins_postgresql | Enable archive mode in config - ansible.builtin.blockinfile: +- name: plugins_postgresql | Make sure postgres conf.d dir is present + ansible.builtin.file: + state: directory + owner: postgres + group: postgres + mode: "0755" + path: "{{ bareos_fd_plugin_psql_root_dir }}/conf.d" + +- name: plugins_postgresql | Include conf.d dir in postgresql.conf + ansible.builtin.lineinfile: path: "{{ bareos_fd_plugin_psql_config }}" - block: | - archive_mode = on - archive_command = 'test ! -f {{ bareos_fd_plugin_psql_wal_archive }}/%f && cp %p {{ bareos_fd_plugin_psql_wal_archive }}/%f' + line: >- + include_dir = 'conf.d' # Ansible managed: + Do NOT remove line manually! Managed by bareos_fd role + regexp: '^#?(\s+)?include_dir' # match also commented line state: present backup: true notify: Reload postgresql +- name: plugins_postgresql | Deploy config for wal archive mode + ansible.builtin.template: + src: "templates/plugin_postgresql_bareos_wal_archive.conf.j2" + dest: "{{ bareos_fd_plugin_psql_root_dir }}/conf.d/bareos_postgresql_wal_archive.conf" + backup: true + notify: Reload postgresql + - name: plugins_postgresql | Create plugin_defaults file ansible.builtin.template: src: "templates/plugin_postgresql_defaults.ini.j2" diff --git a/templates/plugin_postgresql_bareos_wal_archive.conf.j2 b/templates/plugin_postgresql_bareos_wal_archive.conf.j2 new file mode 100644 index 0000000..c3d1a58 --- /dev/null +++ b/templates/plugin_postgresql_bareos_wal_archive.conf.j2 @@ -0,0 +1,3 @@ +{{ ansible_managed | comment }} +archive_mode = on +archive_command = 'test ! -f {{ bareos_fd_plugin_psql_wal_archive | default("") }}/%f && cp %p {{ bareos_fd_plugin_psql_wal_archive | default("") }}/%f' From 0d908898f220336bd00a03e9decab1e753a71eba Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 13:43:57 +0200 Subject: [PATCH 22/40] chore(lint): file permissions for templates --- tasks/plugins_postgresql.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index 8a0a21e..d81be1d 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -43,12 +43,16 @@ src: "templates/plugin_postgresql_bareos_wal_archive.conf.j2" dest: "{{ bareos_fd_plugin_psql_root_dir }}/conf.d/bareos_postgresql_wal_archive.conf" backup: true + owner: root + group: root + mode: "0644" notify: Reload postgresql - name: plugins_postgresql | Create plugin_defaults file ansible.builtin.template: src: "templates/plugin_postgresql_defaults.ini.j2" dest: "/etc/bareos/bareos-fd.d/plugin_postgresql_defaults.ini" + backup: true owner: root group: root mode: "0644" From 1aa0dd836d9195b58cfaf534532e5694886eda5c Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 18:13:38 +0200 Subject: [PATCH 23/40] feat(plugin): determine postgresql major version --- .github/workflows/molecule.yml | 2 +- tasks/plugins_postgresql.yml | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index e059982..927a90b 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -80,7 +80,7 @@ jobs: matrix: config: - image: "debian12" - - image: "fedora39" + - image: "fedora38" - image: "ubuntu2204" steps: - name: checkout diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index d81be1d..829afb6 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -1,5 +1,18 @@ --- +- name: plugins_postgresql | Fetch postgresql version + ansible.builtin.command: + cmd: "/usr/bin/pg_config --version" + changed_when: false + register: _psql_version + # stdout example: "PostgreSQL 14.11 (Ubuntu 14.11-0ubuntu0.22.04.1)"" + +# var is used by `bareos_fd_plugin_psql_root_dir`in vars/.yml +# to determine file location for configs (Debian/Ubuntu). +- name: plugins_postgresql | Determine postgresql major version + ansible.builtin.set_fact: + bareos_fd_plugin_psql_version: "{{ ((_psql_version.stdout | split)[1] | split('.'))[0] }}" + - name: plugins_postgresql | Enable local peer access for root user ansible.builtin.lineinfile: path: "{{ bareos_fd_plugin_psql_config_hba }}" @@ -19,7 +32,7 @@ mode: "0751" path: "{{ bareos_fd_plugin_psql_wal_archive }}" -- name: plugins_postgresql | Make sure postgres conf.d dir is present +- name: plugins_postgresql | Make sure postgresql conf.d dir is present ansible.builtin.file: state: directory owner: postgres From 702869d58b9009fd2acc9c2cbbbcf753b3917d68 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 18:19:16 +0200 Subject: [PATCH 24/40] fix(plugin): rm absolute path of pg_config binary Path differs per distro, so we assume that pg_config is available in $PATH. --- tasks/plugins_postgresql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index 829afb6..dfba770 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -2,7 +2,7 @@ - name: plugins_postgresql | Fetch postgresql version ansible.builtin.command: - cmd: "/usr/bin/pg_config --version" + cmd: "pg_config --version" changed_when: false register: _psql_version # stdout example: "PostgreSQL 14.11 (Ubuntu 14.11-0ubuntu0.22.04.1)"" From 9cb1421c45e6b261de5d620896db75efd5051ebc Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 18:23:08 +0200 Subject: [PATCH 25/40] chore(lint): yamllint spacing --- vars/Debian.yml | 4 ++-- vars/RedHat.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vars/Debian.yml b/vars/Debian.yml index 75d1a32..3b4fa03 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -36,11 +36,11 @@ bareos_fd_plugin_psql_root_dir: >- # the location of the postgresql.conf file bareos_fd_plugin_psql_config: >- - {{ bareos_fd_plugin_psql_root_dir}}/postgresql.conf + {{ bareos_fd_plugin_psql_root_dir }}/postgresql.conf # the location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- - {{ bareos_fd_plugin_psql_root_dir}}/pg_hba.conf + {{ bareos_fd_plugin_psql_root_dir }}/pg_hba.conf # where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 62cf90b..9b530f2 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -37,11 +37,11 @@ bareos_fd_plugin_psql_root_dir: >- # the location of the postgresql.conf file bareos_fd_plugin_psql_config: >- - {{ bareos_fd_plugin_psql_root_dir}}/postgresql.conf + {{ bareos_fd_plugin_psql_root_dir }}/postgresql.conf # the location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- - {{ bareos_fd_plugin_psql_root_dir}}/pg_hba.conf + {{ bareos_fd_plugin_psql_root_dir }}/pg_hba.conf # where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- From 0c04fb0773ff1f630188e9ba841a0fdd048f25bd Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Fri, 3 May 2024 18:34:21 +0200 Subject: [PATCH 26/40] fix(plugin): only run version tasks for Debian/Ubuntu --- tasks/plugins_postgresql.yml | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/tasks/plugins_postgresql.yml b/tasks/plugins_postgresql.yml index dfba770..eb84bed 100644 --- a/tasks/plugins_postgresql.yml +++ b/tasks/plugins_postgresql.yml @@ -1,17 +1,26 @@ --- -- name: plugins_postgresql | Fetch postgresql version - ansible.builtin.command: - cmd: "pg_config --version" - changed_when: false - register: _psql_version - # stdout example: "PostgreSQL 14.11 (Ubuntu 14.11-0ubuntu0.22.04.1)"" +- name: plugins_postgresql | Determine postgresql version for Debian/Ubuntu + when: + - ansible_facts.os_family == "Debian" + block: + - name: plugins_postgresql | Fetch postgresql version + ansible.builtin.command: + cmd: "pg_config --version" + changed_when: false + register: _psql_version + # stdout example: "PostgreSQL 14.11 (Ubuntu 14.11-0ubuntu0.22.04.1)"" -# var is used by `bareos_fd_plugin_psql_root_dir`in vars/.yml -# to determine file location for configs (Debian/Ubuntu). -- name: plugins_postgresql | Determine postgresql major version - ansible.builtin.set_fact: - bareos_fd_plugin_psql_version: "{{ ((_psql_version.stdout | split)[1] | split('.'))[0] }}" + # var is used by `bareos_fd_plugin_psql_root_dir`in vars/.yml + # to determine file location for configs (Debian/Ubuntu). + - name: plugins_postgresql | Register postgresql major version + ansible.builtin.set_fact: + bareos_fd_plugin_psql_version: "{{ ((_psql_version.stdout | split)[1] | split('.'))[0] }}" + + - name: plugins_postgresql | Validate version number + ansible.builtin.assert: + that: + - ( bareos_fd_plugin_psql_version | int) is number - name: plugins_postgresql | Enable local peer access for root user ansible.builtin.lineinfile: From 426ba5525fe5369bf2f20852b8268c40b0929a01 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Mon, 6 May 2024 13:07:38 +0200 Subject: [PATCH 27/40] feat(plugin): add restore_command to postgresql conf template --- templates/plugin_postgresql_bareos_wal_archive.conf.j2 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/plugin_postgresql_bareos_wal_archive.conf.j2 b/templates/plugin_postgresql_bareos_wal_archive.conf.j2 index c3d1a58..0e777e0 100644 --- a/templates/plugin_postgresql_bareos_wal_archive.conf.j2 +++ b/templates/plugin_postgresql_bareos_wal_archive.conf.j2 @@ -1,3 +1,6 @@ {{ ansible_managed | comment }} archive_mode = on archive_command = 'test ! -f {{ bareos_fd_plugin_psql_wal_archive | default("") }}/%f && cp %p {{ bareos_fd_plugin_psql_wal_archive | default("") }}/%f' + +# Restore command for PostgreSQL >=12 (https://docs.bareos.org/TasksAndConcepts/Plugins.html#postgresql-12) +restore_command = 'cp {{ bareos_fd_plugin_psql_wal_archive | default("") }}/%f %p' From d01fe70354248ceabc1a74b03e39c5674e2ed5ac Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Mon, 6 May 2024 13:16:34 +0200 Subject: [PATCH 28/40] chore: assert for bareos_fd_plugins var Remove unnecessary collections.yml file in molecule scenario postgresql. --- molecule/postgresql/collections.yml | 5 ----- tasks/assert.yml | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) delete mode 100644 molecule/postgresql/collections.yml diff --git a/molecule/postgresql/collections.yml b/molecule/postgresql/collections.yml deleted file mode 100644 index 020687f..0000000 --- a/molecule/postgresql/collections.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -collections: - - name: community.docker - - name: community.general diff --git a/tasks/assert.yml b/tasks/assert.yml index c938c38..2f9631d 100644 --- a/tasks/assert.yml +++ b/tasks/assert.yml @@ -98,3 +98,11 @@ quiet: true when: - bareos_fd_encryption_enabled + +- name: assert | Test bareos_fd_plugins + ansible.builtin.assert: + that: + - bareos_fd_plugins is iterable + quiet: true + when: + - bareos_fd_plugins is defined From 5aca7efa989ed30ff13ec237e2f7d1594d9395d5 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Mon, 6 May 2024 13:17:59 +0200 Subject: [PATCH 29/40] chore(molecule): postgreql update os_family condition --- molecule/postgresql/prepare.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/molecule/postgresql/prepare.yml b/molecule/postgresql/prepare.yml index a1a8291..4152880 100644 --- a/molecule/postgresql/prepare.yml +++ b/molecule/postgresql/prepare.yml @@ -15,8 +15,7 @@ pre_tasks: - name: RPM Block when: - - ansible_facts.os_family == "RedHat" or - ansible_facts.os_family == "Fedora" + - ansible_facts.os_family == "RedHat" block: - name: Install locales ansible.builtin.package: @@ -31,8 +30,7 @@ - name: DEB Block when: - - ansible_facts.os_family == "Debian" or - ansible_facts.os_family == "Ubuntu" + - ansible_facts.os_family == "Debian" block: - name: Update Apt cache ansible.builtin.apt: From b11935a676bc6100262d0785d36a46c08d166781 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:25:24 +0200 Subject: [PATCH 30/40] chore(vars): Clean-ups in var files --- defaults/main.yml | 6 ++++-- vars/Debian.yml | 8 ++++---- vars/RedHat.yml | 2 ++ vars/main.yml | 4 ---- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 18ac044..7a87964 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -62,8 +62,10 @@ bareos_fd_encryption_private_key: "" bareos_fd_encryption_master_public_key: "" ## -# defaults used by the bareos postgresql backup plugin +# Defaults used by the Bareos PostgreSQL backup plugin ## -# postgresql major version +# PostgreSQL major version +# This value will be overwritten on Debian based distros by the actual version in-use. +# On Red Hat based distros, the value is not required as of now. bareos_fd_plugin_psql_version: 15 diff --git a/vars/Debian.yml b/vars/Debian.yml index 3b4fa03..26a2766 100644 --- a/vars/Debian.yml +++ b/vars/Debian.yml @@ -28,20 +28,20 @@ bareos_fd_plugin_list: - bareos-filedaemon-percona-xtrabackup-python-plugin ## -# bareos postgresql backup plugin +# Bareos PostgreSQL backup plugin ## bareos_fd_plugin_psql_root_dir: >- /etc/postgresql/{{ bareos_fd_plugin_psql_version }}/main -# the location of the postgresql.conf file +# The location of the postgresql.conf file bareos_fd_plugin_psql_config: >- {{ bareos_fd_plugin_psql_root_dir }}/postgresql.conf -# the location of the pg_hba.conf file +# The location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- {{ bareos_fd_plugin_psql_root_dir }}/pg_hba.conf -# where to store the WAL archive data +# Where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- /var/lib/postgresql/{{ bareos_fd_plugin_psql_version }}/wal_archive diff --git a/vars/RedHat.yml b/vars/RedHat.yml index 9b530f2..b4313b3 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -1,5 +1,7 @@ --- +bareos_fd_service: bareos-fd + bareos_fd_debug_packages: - bareos-filedaemon-debuginfo - gdb diff --git a/vars/main.yml b/vars/main.yml index 5e17aa3..e03084a 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -7,7 +7,3 @@ bareos_fd_encryption_packages: bareos_fd_service: bareos-filedaemon bareos_fd_plugin_name: python3 bareos_fd_plugin_dir: "/usr/lib64/bareos/plugins" - -# define the following stuff on Distro level (vars/). If a Distro is not there, it's not supported. -# bareos_fd_plugin_list: every distro might have different package names and dependencies -# bareos_fd_plugin_dir: /usr/lib on Debian, /usr/lib64 on "others" From c3249823c61a49cb4970f877dc8b20664cdb0006 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:26:18 +0200 Subject: [PATCH 31/40] chore: remove unneeded tags from main tasks --- tasks/main.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index e86e201..7a26299 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -77,8 +77,6 @@ when: - bareos_fd_plugins is defined - bareos_fd_plugins is iterable - tags: - - plugins - name: Import postgresql plugin tasks ansible.builtin.import_tasks: @@ -87,12 +85,9 @@ - bareos_fd_plugins is defined - bareos_fd_plugins is iterable - '"postgresql" in bareos_fd_plugins' - tags: - - plugins - - plugins::postgresql - name: Start bareos-filedaemon ansible.builtin.service: name: "{{ bareos_fd_service }}" state: started - enabled: yes + enabled: true From 8b96f4db79b7740bbb40699b59123275ab8b0414 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:26:55 +0200 Subject: [PATCH 32/40] feat(molecule): include role vars in verify cycle Also extend testing for PostgreSQL scenario --- molecule/postgresql/verify.yml | 41 ++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/molecule/postgresql/verify.yml b/molecule/postgresql/verify.yml index f03b011..e26ed69 100644 --- a/molecule/postgresql/verify.yml +++ b/molecule/postgresql/verify.yml @@ -5,6 +5,27 @@ gather_facts: true tasks: + - name: Include default and main vars + ansible.builtin.include_vars: + file: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/{{ item }}/main.yml" + loop: + - defaults + - vars + + - name: Include OS-specific vars + ansible.builtin.include_vars: "{{ item }}" + with_first_found: + - "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/vars/{{ ansible_facts.distribution }}_{{ ansible_facts.distribution_major_version }}.yml" + - "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') }}/vars/{{ ansible_facts.os_family }}.yml" + + - name: Populate service facts + ansible.builtin.service_facts: + + - name: Check if service is running + ansible.builtin.assert: + that: + - ansible_facts.services[bareos_fd_service+".service"].state == "running" + - name: Check if port 9102 is listening ansible.builtin.wait_for: port: 9102 @@ -27,5 +48,21 @@ diff: true register: _result failed_when: _result.changed - when: - - ansible_facts.os_family != "Archlinux" # not supported for FD Plugins + + - name: Fetch file and directory stats + ansible.builtin.stat: + path: "{{ item }}" + loop: + - "{{ bareos_fd_plugin_psql_root_dir }}" + - "{{ bareos_fd_plugin_psql_config }}" + - "{{ bareos_fd_plugin_psql_config_hba }}" + - "{{ bareos_fd_plugin_psql_wal_archive }}" + register: _file_stats + + - name: Check if required files and directories exist + ansible.builtin.assert: + that: + - item.stat.exists + - item.stat.readable + - item.stat.isdir or item.stat.isreg + loop: "{{ _file_stats.results }}" From bc85b056ebc07cffee7bb35fc5908d085a831b67 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:32:50 +0200 Subject: [PATCH 33/40] feat(ci): add more distros to PostgreSQL scenario --- .github/workflows/molecule.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 927a90b..574adf5 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -79,9 +79,12 @@ jobs: fail-fast: false matrix: config: + - image: "debian11" - image: "debian12" - image: "fedora38" + - image: "fedora39" - image: "ubuntu2204" + - image: "rockylinux9" steps: - name: checkout uses: actions/checkout@v3 From 57cc916a79857bedca541716e31123ec36279474 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:39:04 +0200 Subject: [PATCH 34/40] chore(ci): rm .yamllint file --- .yamllint | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .yamllint diff --git a/.yamllint b/.yamllint deleted file mode 100644 index a7ff098..0000000 --- a/.yamllint +++ /dev/null @@ -1,16 +0,0 @@ ---- -extends: default - -rules: - braces: - max-spaces-inside: 1 - level: error - brackets: - max-spaces-inside: 1 - level: error - line-length: disable - truthy: disable - -ignore: | - .tox/ - .cache/ From 07c4aa899b194b42d83672d9f2f2c986b49b4317 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 13:42:29 +0200 Subject: [PATCH 35/40] chore(lint): line-length tasks/encryption.yml --- tasks/encryption.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tasks/encryption.yml b/tasks/encryption.yml index 1d118b3..72ff1b7 100644 --- a/tasks/encryption.yml +++ b/tasks/encryption.yml @@ -48,7 +48,10 @@ - name: encryption | Combine private and public key ansible.builtin.copy: - content: "{{ bareos_fd_encryption_private_key_generated.privatekey | default(bareos_fd_encryption_private_key) }}{{ bareos_fd_encryption_public_key.certificate }}" + content: >- + {{ bareos_fd_encryption_private_key_generated.privatekey | + default(bareos_fd_encryption_private_key) }} + {{ bareos_fd_encryption_public_key.certificate }} dest: /etc/bareos/{{ bareos_fd_hostname }}.pem owner: bareos group: bareos From 20f2a447f80352890d3cb636e63280e29ea80366 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 14:00:22 +0200 Subject: [PATCH 36/40] Revert "chore(lint): line-length tasks/encryption.yml" This reverts commit 07c4aa899b194b42d83672d9f2f2c986b49b4317. --- tasks/encryption.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tasks/encryption.yml b/tasks/encryption.yml index 72ff1b7..1ef0608 100644 --- a/tasks/encryption.yml +++ b/tasks/encryption.yml @@ -48,10 +48,7 @@ - name: encryption | Combine private and public key ansible.builtin.copy: - content: >- - {{ bareos_fd_encryption_private_key_generated.privatekey | - default(bareos_fd_encryption_private_key) }} - {{ bareos_fd_encryption_public_key.certificate }} + content: "{{ bareos_fd_encryption_private_key_generated.privatekey | default(bareos_fd_encryption_private_key) }}{{ bareos_fd_encryption_public_key.certificate }}" # noqa yaml[line-length] dest: /etc/bareos/{{ bareos_fd_hostname }}.pem owner: bareos group: bareos From 376409c6cf552cf2b0185548ea54e143a590be48 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Wed, 8 May 2024 14:06:23 +0200 Subject: [PATCH 37/40] chore(vars): update RHEL vars, improve comments --- vars/RedHat.yml | 10 +++++----- vars/RedHat_7.yml | 19 +++++++++++-------- 2 files changed, 16 insertions(+), 13 deletions(-) diff --git a/vars/RedHat.yml b/vars/RedHat.yml index b4313b3..080200b 100644 --- a/vars/RedHat.yml +++ b/vars/RedHat.yml @@ -31,20 +31,20 @@ bareos_fd_plugin_list: ## -# bareos postgresql backup plugin -# +# Bareos PostgreSQL backup plugin +## bareos_fd_plugin_psql_root_dir: >- /var/lib/pgsql/data -# the location of the postgresql.conf file +# The location of the postgresql.conf file bareos_fd_plugin_psql_config: >- {{ bareos_fd_plugin_psql_root_dir }}/postgresql.conf -# the location of the pg_hba.conf file +# The location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- {{ bareos_fd_plugin_psql_root_dir }}/pg_hba.conf -# where to store the WAL archive data +# Where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- /var/lib/pgsql/wal_archive diff --git a/vars/RedHat_7.yml b/vars/RedHat_7.yml index ed83ba3..253e26e 100644 --- a/vars/RedHat_7.yml +++ b/vars/RedHat_7.yml @@ -30,17 +30,20 @@ bareos_fd_plugin_list: - bareos-filedaemon-percona-xtrabackup-python-plugin ## -# bareos postgresql backup plugin -# +# Bareos PostgreSQL backup plugin +## + +bareos_fd_plugin_psql_root_dir: >- + /var/lib/pgsql/data -# the location of the postgresql.conf file +# The location of the postgresql.conf file bareos_fd_plugin_psql_config: >- - /var/lib/pgsql/data/postgresql.conf + {{ bareos_fd_plugin_psql_root_dir }}/postgresql.conf -# the location of the pg_hba.conf file +# The location of the pg_hba.conf file bareos_fd_plugin_psql_config_hba: >- - /var/lib/pgsql/data/pg_hba.conf + {{ bareos_fd_plugin_psql_root_dir }}/pg_hba.conf -# where to store the WAL archive data +# Where to store the WAL archive data bareos_fd_plugin_psql_wal_archive: >- - /var/lib/pgsql/wal_archive + /var/lib/pgsql/wal_archive From 54d90092e8b55df69a657f19b2441b2fcd8a7e74 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Mon, 13 May 2024 12:52:44 +0200 Subject: [PATCH 38/40] fix(ci): remove fedora 39 for now Fedora 39 is not supported by geerlingguy.postgresql --- .github/workflows/molecule.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/molecule.yml b/.github/workflows/molecule.yml index 574adf5..bab0245 100644 --- a/.github/workflows/molecule.yml +++ b/.github/workflows/molecule.yml @@ -82,7 +82,8 @@ jobs: - image: "debian11" - image: "debian12" - image: "fedora38" - - image: "fedora39" + # TODO 39 not yet supported by geerlingguy.postgresql + # - image: "fedora39" - image: "ubuntu2204" - image: "rockylinux9" steps: From e0983a4d011cd0ccd65b37730a0db59218674594 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Mon, 13 May 2024 12:54:52 +0200 Subject: [PATCH 39/40] fix(molecule): remove broken file/dir check Check is not working as verify stage does not have the PostgreSQL version, which is determined in the role task `plugins_postgresql.yml`. Removed the checks for the files/dirs as they are created by the role if missing and if this does not work, Molecule will fail anyway. --- molecule/postgresql/verify.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/molecule/postgresql/verify.yml b/molecule/postgresql/verify.yml index e26ed69..4530ff3 100644 --- a/molecule/postgresql/verify.yml +++ b/molecule/postgresql/verify.yml @@ -38,7 +38,6 @@ failed_when: - bareos_fd_test_config.stdout_lines is search("There are configuration warnings") - # have to be specified in converge.yml: `bareos_fd_plugins` - name: Check if plugin packages were installed ansible.builtin.package: name: @@ -48,21 +47,3 @@ diff: true register: _result failed_when: _result.changed - - - name: Fetch file and directory stats - ansible.builtin.stat: - path: "{{ item }}" - loop: - - "{{ bareos_fd_plugin_psql_root_dir }}" - - "{{ bareos_fd_plugin_psql_config }}" - - "{{ bareos_fd_plugin_psql_config_hba }}" - - "{{ bareos_fd_plugin_psql_wal_archive }}" - register: _file_stats - - - name: Check if required files and directories exist - ansible.builtin.assert: - that: - - item.stat.exists - - item.stat.readable - - item.stat.isdir or item.stat.isreg - loop: "{{ _file_stats.results }}" From 4dd619ce279fe6e6ce774d65d60f962b8fbc50b1 Mon Sep 17 00:00:00 2001 From: Patrick Hasler Date: Tue, 14 May 2024 08:54:54 +0200 Subject: [PATCH 40/40] chore(molecule): shorter encryption key-pair Use shorter key-pair for better readabilty. --- molecule/default/converge.yml | 101 +++++++++---------------------- molecule/postgresql/converge.yml | 101 +++++++++---------------------- 2 files changed, 58 insertions(+), 144 deletions(-) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index dfc27bb..c6bb448 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -10,80 +10,37 @@ bareos_fd_install_debug_packages: true bareos_fd_encryption_enabled: true bareos_fd_encryption_private_key: | - -----BEGIN RSA PRIVATE KEY----- - MIIJKAIBAAKCAgEAvFS5DDxBm2Hgf6LM2QnU3eKTw6PHpCBESjuqoKDnwnjL9wXH - GAO77b3lPXKFPZfrXUH41FxJt1wWuRXWjJfR4XI7RLmG5XGgbvKamnhCK48aZelN - oFa2Midto1Gydnb/I2I7GTA2fmx65mS4DTlXPn/phZJx9akUwJ1kRWVJgzuzimJ8 - 0YPqKbLPBRz86PWjAfTmYP4a7iuCTOlPqNIxGgCFUi5KIeFQZ3V8eO4iwVE8FhSK - /d1ykdiKlPAWjhcjDsTaQmWQd+IGi20bdzDrOevNUvaR7xGYbPczHDRVYveuEddl - 4up8teWGczQxiIYhIR6n0F9wqFK2AzZGbXOKBLkiPKocKQ/X1glEgLc1jy16YYA4 - vNXc3D+wxKNgnEcZ/YtDOZ746/k+4y8QuLaycA62BaD0hV/UxRHhJX1/gCkjkuU/ - F4ZFP52nMDlyB9uMY1rkUJgNWvgT/GyycPDHFJl04rAM+zl/wFHajy9Dfi8WxzKl - NILvDmSpoyZJww1mhKAFzkRf9ThtoZvs9ctA12QQJdSWWL9kPjJjw0RlBAwKnmBu - C/1wzBL3O9z8OSbJh9LixtfzR6X96ojgUxwQYsXcvcUopCHIAti6INRghbx4AWY8 - 5Jq4C8/OiY2LdHDBoxHY3gnqyKnzCqHZRbE2XUxkPkHXjoOlFX6KqYy49CkCAwEA - AQKCAgAAnUlyA4l5oEr8E3MEcxVR2E7nXi2SMNlKtLEskYwd7irk+S7lhCZJj4TF - iUUv639MZD/CB4ui2ytKV8LE4zue7y7ua0AFi6Nq829KAhHKs3UbMhw9J/vPqwq7 - 5fNIIo3plCLAnLZc6LyaB5BQfnu8DHCKblOx4i77nFYV4jbpMRJpmvX8Em+FZSIa - OT1r3GMf2FzLl5ZUK+ScgmknikFLZ26V8Rncp6jxZ+3XoF/xiRCpm2+Vgm5MK1aK - StsWEFSp6THmSBgt6iK5BaWuLam40crvWYrKrHxMgwIC/x9o44CXOORlN8l2XH6F - T+uxYTqrS7pbuHeo6ZOzMhXZbP5CCpNQdMrJMgtOJsdxoC9viKfAvSbvl+tlwMeb - pAcSxBQ69DRcxbR/Mb5AdZ0KQObdxeeRdHfJBcZypzuARfhxIKqGKVKtxUSE+Gc1 - kq7X9rdqxEBmDHULxnDfqjtf2LVqZao3moCbMqs+sX2rP7pD7TSlnsLNdsDx3yud - X1583lSxSCWIt4i74Elep1BEelO1S+cv0n60czT6IPkpkhr+/X8Vzu48oaGwFvoO - XUFMvzjNZbUv4/FcbISjcnuuXFGQZY9vXvhGtgnwQ+twOyllaGMvogEg0gNSOy1+ - 8yLNrN3QiZlKjFhIBNsJLCvmq5l3u09ijlGl5AxNoYE4wyLg/QKCAQEA4XVLlYeR - zYXibWlYJHdxf7rHnnbUwdww8NRdi6If/48MjEkHrHHK1K+4j/JoKuaKT1kOT9Mk - DgFQJYWXYPo6gFEXLqmjrAVDrHUFPi0Va5F6u/6I18jVmwJzvAkdO79LGNewmawL - mluA/SZAq12nnncbJGA1zn2nTri1Ld/2az1IztYEZGpJf6SU7HQIGqV5hKYTS1NV - TL9wehaCht0RiZh+xOZTENpuCgslBPI7NN82kAAD3/jtbOf37QJ7pkVYhC38r8Vo - dhdOR1STC/30IybiPYacHFTOIhtpbAD5CMkH6/Y5+40LAboqP9uO1rKHSJamj2kn - NqUHIhoi3nz87QKCAQEA1dfisgifNE25MsS5QvFMffuJwe7fyrZlDPnfxuqjEYfw - /Oi/FJ8Ov1tu/9FSkDzFuu+gKHLQ06OVKLJXCdsKSz4uVK+5LLAxbHn8APEarHU/ - ZjC8NV0g+lJhSOAEHnYAZOBipCt0eBZA0eoxDLk3U7ZpvdgUA3VwaWxsSCfGdkcs - CtS3GVLKX5IvufY0DXEHTOXdM0lN0F7lzN2lNeqW/7eBItSUACmT5zaljhpRXWBO - ivdicD6jX5v8egwxRS1hIQr+8XRtY7xILBMlOw0y3oxtjv6jPdX0wpc1TdjyN2eB - RlyP5ifNMrve+3e5640rhtoAUdheSner6ncvexEorQKCAQBaE8sHCwst2fgFTrlw - mGg4aB+pKEEI0ziaf76AM14ldLnGssbmFvC62RocKPWFbmaEHUiii/Ezx0KGO0Gn - 9VG6QqvIcO57o/7NwFM/7DNKru0ifyedTxhIvkoPLnUHkf4nBsYAH8Ti/vwiKE5e - KST3Iw8tEWNuBLX7tcBte7WwUuPr/4XxuKV04gS+E/3I56QNY20CA2FpMHN309aC - m4COQOclNACsExkz2hAIUd9l2GisT9U8fvAdOvDLONq+K6aZ6OW0NGLwC4+y4A+A - Ew6fnMF3Y3iruRZCekE8bYcSA3+uvsmbv1ZOclq++LGxBdMXJVmWoqSQKI8ZCOg1 - jCphAoIBAEmpLuaiv6x1pXjOeP6NPgsbjW1nSmF6iL56iFHt2zQbvrBvv/pre9oA - tfCa+zTCKl5lUqb8PeDZNXUqUX8Mm7QlfDIhwciZ/LxgHKV6Z/TGAovB9+Lt7IEt - xWMj/2c6wJH/FRt1+I2xJKzqXfEDEALfD/ecKfCzEIDQH1CPmvZ9N7eXZGbttNZM - 9fG51F5Y8+nSOGsFMi+3sLLsGo/C+jal0G7eCQkxSUhY85hKioJ+vS9zXc5KVV6G - zeaAsqwgoJeQQReNQm0bm0TLZ4S63C3683ZRUovnWoN5MJxbQbxCBC7njY37Ydy7 - CGlY6YsxOrAeAgQvYvOF24tNeOaMl5UCggEBAJ7LRUjNlGZ4xcCLNRIV9imXxo48 - eQiDC298h+wPzKOjFNp7c/+QQZRsVaKJLIY2FnsEA4ZJZx+oT4wL/3smYCBP/aMD - vLWTarp6unKnzvopBMarFpk3RTqzv8txMjz3kr8WiIhr8geFagjE/ujcuBOu17k8 - /qc6HNLy0e4bK648oBAq4C5qxid33zc06eRed2EOSqXdHwHgfBKlRwqCIYkiWlq/ - SWAk+9svFT9HvziCtFzH5GdsM24W0KtOsTxUiil89ybQW2uWWm5HB3OuATmb0JZA - cz+WiXCcYLVId8gl/hXkKBjRVEhhKsmnab8Jg2HlwGXuAdwqP5/GwxsM41g= - -----END RSA PRIVATE KEY----- + -----BEGIN PRIVATE KEY----- + MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALnT/+JXRTeg0fgk + ef0y3tNGhN45rKoioNi40XVd7OOWzknHIf6Dz7js1c7RxPUJ4hOITZCWjBVQKzQe + MeFr8PUltqxNY7W3JFz4/QlIgF4/hvi8rTFAi2djHsOdNFEk31mh+K6G6LGfchuc + kCG3b86xZGDWaWafnyQicqqHOttjAgMBAAECgYAbZXPuLKuZve32xXnuqFdNkrH4 + CUy5cI2CJg1LXmOUUiFrox4R5eD0BIapDSgacDCSbJ/y1x8j7UPRVTpJX56QZUD/ + FByRAPc5+/nPuiltB9sSNmFx3FlTeF4N0oyglEioz3zM5ilUYkdVetj+vYnQJKkt + LGysJ46ZO7pBdmjsgQJBAO7e3Dj8umZfS9EC3Xr/ykxFKSSSUenFg6qNu1lADCUo + S9iJu5BY0R81ab7uWdgBPUHtW1vp/WhpnfoPMs80dOECQQDHJ2WJyXZtHSqBzXRZ + J/+Ki0E4uuYuJn9CCb2w5Fegq1BW+6FU0759s3RJCEbFt3B2Xy4G+y7QOjglb0DN + bFTDAkBQxshN9RjLmZo32fIvr+QnGpQpK9nLZeF6gWdDbScuQYw0c48b5w0Asr1J + taxoITMn4i4szNnGv0CO2SjjbOfBAkAQEO6REg6auNqgBBoZwy9LVvaZBALjwDlN + 84k5BwLGtGtTyRL3y+k3LM35wlArTSQmeIE3EPZy1++FnZcFu3KPAkEAtIZOonLt + EtRs4axJi3vnPnPCje92Usdd3QOCCJHt4zA5GITp866aiO0bW5lLc7ZzUNEUk3jt + ICo3CGGSXV7yiA== + -----END PRIVATE KEY----- bareos_fd_encryption_master_public_key: | -----BEGIN CERTIFICATE----- - MIIDyjCCArKgAwIBAgIJAIAjOIGqAGRwMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD - VQQGEwJOTDEQMA4GA1UECAwHVVRSRUNIVDESMBAGA1UEBwwJQnJldWtlbGVuMSIw - IAYDVQQKDBlBZGZpbmlzIElUIE5lZGVybGFuZCBCLlYuMQ8wDQYDVQQDDAZiYXJl - b3MxKDAmBgkqhkiG9w0BCQEWGXJvYmVydC5kZWJvY2tAYWRmaW5pcy5jb20wHhcN - MjMwOTExMDg1MzA0WhcNMjMxMDExMDg1MzA0WjCBkjELMAkGA1UEBhMCTkwxEDAO - BgNVBAgMB1VUUkVDSFQxEjAQBgNVBAcMCUJyZXVrZWxlbjEiMCAGA1UECgwZQWRm - aW5pcyBJVCBOZWRlcmxhbmQgQi5WLjEPMA0GA1UEAwwGYmFyZW9zMSgwJgYJKoZI - hvcNAQkBFhlyb2JlcnQuZGVib2NrQGFkZmluaXMuY29tMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEAxFjcLKHDTf8dcT4kKtyZlIh4Zh7zNglaa6SJNBGW - pmcvtgfR9aBCDbcEphcssdytrXIiLsCEfv1h63o58UXePKYJMtNzbn6NNyzamxB9 - CM4oHWr/td8i6fYaYXmqOxOimX707joWPlTB9+/rKWFrxwyg08oVGFdBNR6GmWek - Y5aRaEMwRBhh+bSVR9/Rj/QmqlF9pCB9/TtY3hhBdQkcy1tLTDo7Mf/Z4gLpk7d2 - vRmpvVY8JloXjzuJNgVNbzY09pylqe78m9UsrJGBlzocZO5+AnO7wsqMAtUvplOM - oE7GHrg1FpfLjY3bqTQka/fVd1bDt5eDjAJnPqO1RYpKjQIDAQABoyEwHzAdBgNV - HQ4EFgQURTeY0pPxExJwTelsdBXr5PxgOdAwDQYJKoZIhvcNAQELBQADggEBALCi - urw+j1Yg2QDkOzMxmr6r0O/kF3WfrfpcevOCGVN0GxdxP/nGcfAh8feq4xj4oAnS - 2CyhNfPPi+rIO1T0EkZWwL/kTByMGoR9Qc+juMgJ1HTYP6nEnBOXPMo1OyUdK5K3 - MefQpNgHdWNSjWtLuW3YW8rkIeF8ZjmlXOSmBdOmqFi7p3OwwF8FnuXze1RLTgPL - VeI8D8DtzbX+mocuYxfIAFEmRXAmMeimXgwrVyI+w8+3IRGw8rDje0pFZX5X2aED - Gcz2IVF2cw5k1ryYW5kN027oK9igd8qc6dcJC6nMJw1kLbBdo68Eq3EOx92Fljlg - Wa7Dw2pD6yQGl/dfgQg= + MIICSjCCAbOgAwIBAgIUd8WfhMKbB1MSc47VEsokPgViZKIwDQYJKoZIhvcNAQEL + BQAwNzELMAkGA1UEBhMCQ0gxEzARBgNVBAgMClNvbWUtU3RhdGUxEzARBgNVBAoM + CkFkZmluaXMgQUcwHhcNMjQwNTEzMTIwMDMwWhcNMjQwNjEyMTIwMDMwWjA3MQsw + CQYDVQQGEwJDSDETMBEGA1UECAwKU29tZS1TdGF0ZTETMBEGA1UECgwKQWRmaW5p + cyBBRzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAudP/4ldFN6DR+CR5/TLe + 00aE3jmsqiKg2LjRdV3s45bOScch/oPPuOzVztHE9QniE4hNkJaMFVArNB4x4Wvw + 9SW2rE1jtbckXPj9CUiAXj+G+LytMUCLZ2Mew500USTfWaH4robosZ9yG5yQIbdv + zrFkYNZpZp+fJCJyqoc622MCAwEAAaNTMFEwHQYDVR0OBBYEFK/HMqCU8j2Dqj0R + /c2Xrl/MGaq8MB8GA1UdIwQYMBaAFK/HMqCU8j2Dqj0R/c2Xrl/MGaq8MA8GA1Ud + EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAUO7icu1fG+mXUfJoMEpdhGCr + Zn0Ll4hplw9eANrGYnbC2FIWdh7tj23dFhm/kb0YRqI2arpPyYYagmu7eK89/22g + wyrW5xc17ivohUS+sN8lPqrKcXrRBveQ0FnvUbkjEmtmgHSYgjdCxoGMIcqpn8BC + m/1hu95J5z6/IZEm7oM= -----END CERTIFICATE----- bareos_fd_directors: - name: "bareos-dir" diff --git a/molecule/postgresql/converge.yml b/molecule/postgresql/converge.yml index fdff7ed..d729532 100644 --- a/molecule/postgresql/converge.yml +++ b/molecule/postgresql/converge.yml @@ -11,80 +11,37 @@ bareos_fd_install_debug_packages: true bareos_fd_encryption_enabled: true bareos_fd_encryption_private_key: | - -----BEGIN RSA PRIVATE KEY----- - MIIJKAIBAAKCAgEAvFS5DDxBm2Hgf6LM2QnU3eKTw6PHpCBESjuqoKDnwnjL9wXH - GAO77b3lPXKFPZfrXUH41FxJt1wWuRXWjJfR4XI7RLmG5XGgbvKamnhCK48aZelN - oFa2Midto1Gydnb/I2I7GTA2fmx65mS4DTlXPn/phZJx9akUwJ1kRWVJgzuzimJ8 - 0YPqKbLPBRz86PWjAfTmYP4a7iuCTOlPqNIxGgCFUi5KIeFQZ3V8eO4iwVE8FhSK - /d1ykdiKlPAWjhcjDsTaQmWQd+IGi20bdzDrOevNUvaR7xGYbPczHDRVYveuEddl - 4up8teWGczQxiIYhIR6n0F9wqFK2AzZGbXOKBLkiPKocKQ/X1glEgLc1jy16YYA4 - vNXc3D+wxKNgnEcZ/YtDOZ746/k+4y8QuLaycA62BaD0hV/UxRHhJX1/gCkjkuU/ - F4ZFP52nMDlyB9uMY1rkUJgNWvgT/GyycPDHFJl04rAM+zl/wFHajy9Dfi8WxzKl - NILvDmSpoyZJww1mhKAFzkRf9ThtoZvs9ctA12QQJdSWWL9kPjJjw0RlBAwKnmBu - C/1wzBL3O9z8OSbJh9LixtfzR6X96ojgUxwQYsXcvcUopCHIAti6INRghbx4AWY8 - 5Jq4C8/OiY2LdHDBoxHY3gnqyKnzCqHZRbE2XUxkPkHXjoOlFX6KqYy49CkCAwEA - AQKCAgAAnUlyA4l5oEr8E3MEcxVR2E7nXi2SMNlKtLEskYwd7irk+S7lhCZJj4TF - iUUv639MZD/CB4ui2ytKV8LE4zue7y7ua0AFi6Nq829KAhHKs3UbMhw9J/vPqwq7 - 5fNIIo3plCLAnLZc6LyaB5BQfnu8DHCKblOx4i77nFYV4jbpMRJpmvX8Em+FZSIa - OT1r3GMf2FzLl5ZUK+ScgmknikFLZ26V8Rncp6jxZ+3XoF/xiRCpm2+Vgm5MK1aK - StsWEFSp6THmSBgt6iK5BaWuLam40crvWYrKrHxMgwIC/x9o44CXOORlN8l2XH6F - T+uxYTqrS7pbuHeo6ZOzMhXZbP5CCpNQdMrJMgtOJsdxoC9viKfAvSbvl+tlwMeb - pAcSxBQ69DRcxbR/Mb5AdZ0KQObdxeeRdHfJBcZypzuARfhxIKqGKVKtxUSE+Gc1 - kq7X9rdqxEBmDHULxnDfqjtf2LVqZao3moCbMqs+sX2rP7pD7TSlnsLNdsDx3yud - X1583lSxSCWIt4i74Elep1BEelO1S+cv0n60czT6IPkpkhr+/X8Vzu48oaGwFvoO - XUFMvzjNZbUv4/FcbISjcnuuXFGQZY9vXvhGtgnwQ+twOyllaGMvogEg0gNSOy1+ - 8yLNrN3QiZlKjFhIBNsJLCvmq5l3u09ijlGl5AxNoYE4wyLg/QKCAQEA4XVLlYeR - zYXibWlYJHdxf7rHnnbUwdww8NRdi6If/48MjEkHrHHK1K+4j/JoKuaKT1kOT9Mk - DgFQJYWXYPo6gFEXLqmjrAVDrHUFPi0Va5F6u/6I18jVmwJzvAkdO79LGNewmawL - mluA/SZAq12nnncbJGA1zn2nTri1Ld/2az1IztYEZGpJf6SU7HQIGqV5hKYTS1NV - TL9wehaCht0RiZh+xOZTENpuCgslBPI7NN82kAAD3/jtbOf37QJ7pkVYhC38r8Vo - dhdOR1STC/30IybiPYacHFTOIhtpbAD5CMkH6/Y5+40LAboqP9uO1rKHSJamj2kn - NqUHIhoi3nz87QKCAQEA1dfisgifNE25MsS5QvFMffuJwe7fyrZlDPnfxuqjEYfw - /Oi/FJ8Ov1tu/9FSkDzFuu+gKHLQ06OVKLJXCdsKSz4uVK+5LLAxbHn8APEarHU/ - ZjC8NV0g+lJhSOAEHnYAZOBipCt0eBZA0eoxDLk3U7ZpvdgUA3VwaWxsSCfGdkcs - CtS3GVLKX5IvufY0DXEHTOXdM0lN0F7lzN2lNeqW/7eBItSUACmT5zaljhpRXWBO - ivdicD6jX5v8egwxRS1hIQr+8XRtY7xILBMlOw0y3oxtjv6jPdX0wpc1TdjyN2eB - RlyP5ifNMrve+3e5640rhtoAUdheSner6ncvexEorQKCAQBaE8sHCwst2fgFTrlw - mGg4aB+pKEEI0ziaf76AM14ldLnGssbmFvC62RocKPWFbmaEHUiii/Ezx0KGO0Gn - 9VG6QqvIcO57o/7NwFM/7DNKru0ifyedTxhIvkoPLnUHkf4nBsYAH8Ti/vwiKE5e - KST3Iw8tEWNuBLX7tcBte7WwUuPr/4XxuKV04gS+E/3I56QNY20CA2FpMHN309aC - m4COQOclNACsExkz2hAIUd9l2GisT9U8fvAdOvDLONq+K6aZ6OW0NGLwC4+y4A+A - Ew6fnMF3Y3iruRZCekE8bYcSA3+uvsmbv1ZOclq++LGxBdMXJVmWoqSQKI8ZCOg1 - jCphAoIBAEmpLuaiv6x1pXjOeP6NPgsbjW1nSmF6iL56iFHt2zQbvrBvv/pre9oA - tfCa+zTCKl5lUqb8PeDZNXUqUX8Mm7QlfDIhwciZ/LxgHKV6Z/TGAovB9+Lt7IEt - xWMj/2c6wJH/FRt1+I2xJKzqXfEDEALfD/ecKfCzEIDQH1CPmvZ9N7eXZGbttNZM - 9fG51F5Y8+nSOGsFMi+3sLLsGo/C+jal0G7eCQkxSUhY85hKioJ+vS9zXc5KVV6G - zeaAsqwgoJeQQReNQm0bm0TLZ4S63C3683ZRUovnWoN5MJxbQbxCBC7njY37Ydy7 - CGlY6YsxOrAeAgQvYvOF24tNeOaMl5UCggEBAJ7LRUjNlGZ4xcCLNRIV9imXxo48 - eQiDC298h+wPzKOjFNp7c/+QQZRsVaKJLIY2FnsEA4ZJZx+oT4wL/3smYCBP/aMD - vLWTarp6unKnzvopBMarFpk3RTqzv8txMjz3kr8WiIhr8geFagjE/ujcuBOu17k8 - /qc6HNLy0e4bK648oBAq4C5qxid33zc06eRed2EOSqXdHwHgfBKlRwqCIYkiWlq/ - SWAk+9svFT9HvziCtFzH5GdsM24W0KtOsTxUiil89ybQW2uWWm5HB3OuATmb0JZA - cz+WiXCcYLVId8gl/hXkKBjRVEhhKsmnab8Jg2HlwGXuAdwqP5/GwxsM41g= - -----END RSA PRIVATE KEY----- + -----BEGIN PRIVATE KEY----- + MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALnT/+JXRTeg0fgk + ef0y3tNGhN45rKoioNi40XVd7OOWzknHIf6Dz7js1c7RxPUJ4hOITZCWjBVQKzQe + MeFr8PUltqxNY7W3JFz4/QlIgF4/hvi8rTFAi2djHsOdNFEk31mh+K6G6LGfchuc + kCG3b86xZGDWaWafnyQicqqHOttjAgMBAAECgYAbZXPuLKuZve32xXnuqFdNkrH4 + CUy5cI2CJg1LXmOUUiFrox4R5eD0BIapDSgacDCSbJ/y1x8j7UPRVTpJX56QZUD/ + FByRAPc5+/nPuiltB9sSNmFx3FlTeF4N0oyglEioz3zM5ilUYkdVetj+vYnQJKkt + LGysJ46ZO7pBdmjsgQJBAO7e3Dj8umZfS9EC3Xr/ykxFKSSSUenFg6qNu1lADCUo + S9iJu5BY0R81ab7uWdgBPUHtW1vp/WhpnfoPMs80dOECQQDHJ2WJyXZtHSqBzXRZ + J/+Ki0E4uuYuJn9CCb2w5Fegq1BW+6FU0759s3RJCEbFt3B2Xy4G+y7QOjglb0DN + bFTDAkBQxshN9RjLmZo32fIvr+QnGpQpK9nLZeF6gWdDbScuQYw0c48b5w0Asr1J + taxoITMn4i4szNnGv0CO2SjjbOfBAkAQEO6REg6auNqgBBoZwy9LVvaZBALjwDlN + 84k5BwLGtGtTyRL3y+k3LM35wlArTSQmeIE3EPZy1++FnZcFu3KPAkEAtIZOonLt + EtRs4axJi3vnPnPCje92Usdd3QOCCJHt4zA5GITp866aiO0bW5lLc7ZzUNEUk3jt + ICo3CGGSXV7yiA== + -----END PRIVATE KEY----- bareos_fd_encryption_master_public_key: | -----BEGIN CERTIFICATE----- - MIIDyjCCArKgAwIBAgIJAIAjOIGqAGRwMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYD - VQQGEwJOTDEQMA4GA1UECAwHVVRSRUNIVDESMBAGA1UEBwwJQnJldWtlbGVuMSIw - IAYDVQQKDBlBZGZpbmlzIElUIE5lZGVybGFuZCBCLlYuMQ8wDQYDVQQDDAZiYXJl - b3MxKDAmBgkqhkiG9w0BCQEWGXJvYmVydC5kZWJvY2tAYWRmaW5pcy5jb20wHhcN - MjMwOTExMDg1MzA0WhcNMjMxMDExMDg1MzA0WjCBkjELMAkGA1UEBhMCTkwxEDAO - BgNVBAgMB1VUUkVDSFQxEjAQBgNVBAcMCUJyZXVrZWxlbjEiMCAGA1UECgwZQWRm - aW5pcyBJVCBOZWRlcmxhbmQgQi5WLjEPMA0GA1UEAwwGYmFyZW9zMSgwJgYJKoZI - hvcNAQkBFhlyb2JlcnQuZGVib2NrQGFkZmluaXMuY29tMIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEAxFjcLKHDTf8dcT4kKtyZlIh4Zh7zNglaa6SJNBGW - pmcvtgfR9aBCDbcEphcssdytrXIiLsCEfv1h63o58UXePKYJMtNzbn6NNyzamxB9 - CM4oHWr/td8i6fYaYXmqOxOimX707joWPlTB9+/rKWFrxwyg08oVGFdBNR6GmWek - Y5aRaEMwRBhh+bSVR9/Rj/QmqlF9pCB9/TtY3hhBdQkcy1tLTDo7Mf/Z4gLpk7d2 - vRmpvVY8JloXjzuJNgVNbzY09pylqe78m9UsrJGBlzocZO5+AnO7wsqMAtUvplOM - oE7GHrg1FpfLjY3bqTQka/fVd1bDt5eDjAJnPqO1RYpKjQIDAQABoyEwHzAdBgNV - HQ4EFgQURTeY0pPxExJwTelsdBXr5PxgOdAwDQYJKoZIhvcNAQELBQADggEBALCi - urw+j1Yg2QDkOzMxmr6r0O/kF3WfrfpcevOCGVN0GxdxP/nGcfAh8feq4xj4oAnS - 2CyhNfPPi+rIO1T0EkZWwL/kTByMGoR9Qc+juMgJ1HTYP6nEnBOXPMo1OyUdK5K3 - MefQpNgHdWNSjWtLuW3YW8rkIeF8ZjmlXOSmBdOmqFi7p3OwwF8FnuXze1RLTgPL - VeI8D8DtzbX+mocuYxfIAFEmRXAmMeimXgwrVyI+w8+3IRGw8rDje0pFZX5X2aED - Gcz2IVF2cw5k1ryYW5kN027oK9igd8qc6dcJC6nMJw1kLbBdo68Eq3EOx92Fljlg - Wa7Dw2pD6yQGl/dfgQg= + MIICSjCCAbOgAwIBAgIUd8WfhMKbB1MSc47VEsokPgViZKIwDQYJKoZIhvcNAQEL + BQAwNzELMAkGA1UEBhMCQ0gxEzARBgNVBAgMClNvbWUtU3RhdGUxEzARBgNVBAoM + CkFkZmluaXMgQUcwHhcNMjQwNTEzMTIwMDMwWhcNMjQwNjEyMTIwMDMwWjA3MQsw + CQYDVQQGEwJDSDETMBEGA1UECAwKU29tZS1TdGF0ZTETMBEGA1UECgwKQWRmaW5p + cyBBRzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAudP/4ldFN6DR+CR5/TLe + 00aE3jmsqiKg2LjRdV3s45bOScch/oPPuOzVztHE9QniE4hNkJaMFVArNB4x4Wvw + 9SW2rE1jtbckXPj9CUiAXj+G+LytMUCLZ2Mew500USTfWaH4robosZ9yG5yQIbdv + zrFkYNZpZp+fJCJyqoc622MCAwEAAaNTMFEwHQYDVR0OBBYEFK/HMqCU8j2Dqj0R + /c2Xrl/MGaq8MB8GA1UdIwQYMBaAFK/HMqCU8j2Dqj0R/c2Xrl/MGaq8MA8GA1Ud + EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAUO7icu1fG+mXUfJoMEpdhGCr + Zn0Ll4hplw9eANrGYnbC2FIWdh7tj23dFhm/kb0YRqI2arpPyYYagmu7eK89/22g + wyrW5xc17ivohUS+sN8lPqrKcXrRBveQ0FnvUbkjEmtmgHSYgjdCxoGMIcqpn8BC + m/1hu95J5z6/IZEm7oM= -----END CERTIFICATE----- bareos_fd_directors: - name: "bareos-dir"