-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #27 from ricsanfre/feature/backup
Adding cluster backup capability
- Loading branch information
Showing
42 changed files
with
1,571 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,3 @@ | ||
ansible/roles/ricsanfre.* | ||
ansible_collections | ||
certificates |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
--- | ||
|
||
- name: Configure Backup Server - S3 Storage | ||
hosts: node1 | ||
gather_facts: true | ||
tags: [backup] | ||
vars: | ||
ansible_become: true | ||
server_hostname: "{{ minio_hostname }}" | ||
ssl_key_size: 4096 | ||
ssl_certificate_provider: selfsigned | ||
key_type: RSA | ||
country_name: ES | ||
email_address: [email protected] | ||
organization_name: Ricsanfre | ||
|
||
pre_tasks: | ||
- name: Generate custom CA | ||
include_tasks: tasks/generate_custom_ca.yml | ||
args: | ||
apply: | ||
delegate_to: localhost | ||
become: false | ||
- name: Generate customCA-signed SSL certificates for minio | ||
include_tasks: tasks/generate_ca_signed_cert.yml | ||
args: | ||
apply: | ||
delegate_to: localhost | ||
become: false | ||
- name: Load tls key and cert | ||
set_fact: | ||
minio_key: "{{ lookup('file','certificates/' + server_hostname + '.key') }}" | ||
minio_cert: "{{ lookup('file','certificates/' + server_hostname + '.pem') }}" | ||
|
||
tasks: | ||
- name: Include S3 configuration variables | ||
include_vars: | ||
file: vars/backup/s3_minio.yml | ||
- name: Configure Minio S3 server | ||
include_role: | ||
name: ricsanfre.minio | ||
|
||
- name: Configure Pi-cluster nodes backup | ||
hosts: raspberrypi | ||
gather_facts: true | ||
tags: [backup] | ||
vars: | ||
ansible_become: true | ||
pre_tasks: | ||
- name: Load CA certificate for restic | ||
set_fact: | ||
restic_ca_cert: "{{ lookup('file','certificates/CA.pem') }}" | ||
roles: | ||
- role: ricsanfre.backup | ||
tags: [backup] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
velero_version: v1.7.1 | ||
velero_arch: arm64 |
30 changes: 30 additions & 0 deletions
30
ansible/roles/backup/velero/tasks/configure_velero_cli.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
--- | ||
- name: Get CLI configured namespace | ||
command: | ||
cmd: "velero client config get namespace" | ||
register: get_velero_namespace | ||
changed_when: false | ||
ignore_errors: true | ||
|
||
- name: Configure velero CLI namespace | ||
command: | ||
cmd: "velero client config set namespace={{ k3s_velero_namespace }}" | ||
when: | ||
- get_velero_namespace.rc==0 | ||
- '"namespace: <NOT SET>" in get_velero_namespace.stdout or "namespace: " + k3s_velero_namespace not in get_velero_namespace.stdout' | ||
changed_when: true | ||
|
||
- name: Get CLI configured colored | ||
command: | ||
cmd: "velero client config get colored" | ||
register: get_velero_colored | ||
changed_when: false | ||
ignore_errors: true | ||
|
||
- name: Configure velero CLI colored output | ||
command: | ||
cmd: "velero client config set colored=true" | ||
when: | ||
- get_velero_colored.rc==0 | ||
- '"colored: <NOT SET>" in get_velero_colored.stdout or "colored: true" not in get_velero_colored.stdout' | ||
changed_when: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
|
||
- name: Download Velero CLI | ||
get_url: | ||
url: https://github.com/vmware-tanzu/velero/releases/download/{{ velero_version }}/velero-{{ velero_version }}-linux-{{ velero_arch }}.tar.gz | ||
dest: /tmp/velero-{{ velero_version }}-linux-{{ velero_arch }}.tar.gz | ||
mode: '0766' | ||
|
||
- name: Extract archives | ||
unarchive: | ||
src: /tmp/velero-{{ velero_version }}-linux-{{ velero_arch }}.tar.gz | ||
dest: /tmp | ||
remote_src: true | ||
|
||
- name: Copy binary to /usr/local/bin | ||
copy: | ||
src: /tmp/velero-{{ velero_version }}-linux-{{ velero_arch }}/velero | ||
dest: /usr/local/bin/velero | ||
mode: '0755' | ||
remote_src: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
--- | ||
|
||
- name: Install velero client | ||
include_tasks: install_velero_cli.yml | ||
args: | ||
apply: | ||
become: true | ||
|
||
- name: Create velero namespace. | ||
kubernetes.core.k8s: | ||
name: "{{ k3s_velero_namespace }}" | ||
api_version: v1 | ||
kind: Namespace | ||
state: present | ||
|
||
|
||
- name: Configure velero CLI | ||
include_tasks: configure_velero_cli.yml | ||
|
||
- name: Add vmware-tanzu chart repo. | ||
kubernetes.core.helm_repository: | ||
name: vmware-tanzu | ||
repo_url: "https://vmware-tanzu.github.io/helm-charts" | ||
|
||
- name: Deploy Velero with Minio storage provider | ||
kubernetes.core.helm: | ||
name: velero | ||
chart_ref: vmware-tanzu/velero | ||
update_repo_cache: true | ||
release_namespace: "{{ k3s_velero_namespace }}" | ||
state: present | ||
release_values: | ||
# AWS backend plugin configuration | ||
initContainers: | ||
- name: velero-plugin-for-aws | ||
image: velero/velero-plugin-for-aws:v1.3.0 | ||
imagePullPolicy: IfNotPresent | ||
volumeMounts: | ||
- mountPath: /target | ||
name: plugins | ||
# Upgrading CRDs is causing issues | ||
upgradeCRDs: false | ||
# Use a kubectl image supporting ARM64 | ||
# bitnami default is not suppporting it | ||
# kubectl: | ||
# image: | ||
# repository: rancher/kubectl | ||
# tag: v1.21.5 | ||
# Disable volume snapshots. Longhorn deals with them | ||
snapshotsEnabled: false | ||
# Deploy restic | ||
deployRestic: true | ||
# Minio storage configuration | ||
configuration: | ||
# Cloud provider being used | ||
provider: aws | ||
backupStorageLocation: | ||
provider: aws | ||
bucket: "{{ minio_velero_bucket }}" | ||
caCert: "{{ lookup('file','certificates/CA.pem') | b64encode | replace('\n', '') }}" | ||
config: | ||
region: "{{ minio_site_region }}" | ||
s3ForcePathStyle: true | ||
s3Url: "{{ minio_url }}" | ||
insecureSkipTLSVerify: true | ||
credentials: | ||
secretContents: | ||
cloud: | | ||
[default] | ||
aws_access_key_id: "{{ minio_velero_user }}" | ||
aws_secret_access_key: "{{ minio_velero_key }}" | ||
- name: Create Full backup Schedule policy | ||
kubernetes.core.k8s: | ||
definition: "{{ lookup('template', 'templates/' + item ) }}" | ||
state: present | ||
with_items: | ||
- velero_full_schedule.yml.j2 |
20 changes: 20 additions & 0 deletions
20
ansible/roles/backup/velero/templates/velero_full_schedule.yml.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
--- | ||
apiVersion: velero.io/v1 | ||
kind: Schedule | ||
metadata: | ||
name: full | ||
namespace: velero-system | ||
spec: | ||
schedule: 0 4 * * * | ||
template: | ||
hooks: {} | ||
includedNamespaces: | ||
- '*' | ||
included_resources: | ||
- '*' | ||
includeClusterResources: true | ||
metadata: | ||
labels: | ||
type: 'full' | ||
schedule: 'daily' | ||
ttl: 720h0m0s |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
--- | ||
- name: Cleaning velero testing pod. | ||
hosts: k3s_master | ||
|
||
tasks: | ||
- name: Cleaning testing | ||
kubernetes.core.k8s: | ||
definition: "{{ lookup('file', 'files/' + item ) }}" | ||
state: absent | ||
with_items: | ||
- nginx_test_application.yml |
Oops, something went wrong.