From 50a2795c3a6c72203262400db5029f5afdf1d49c Mon Sep 17 00:00:00 2001
From: Colin Wilk <colin.wilk@tum.de>
Date: Fri, 3 Nov 2023 19:45:20 +0100
Subject: Migrate role from cron to systemd

Systemd gives us the ability to monitor backup job status using existing
monitoring solutions (node exporter) and allows us greater control over
the scheduling of the backup jobs.

This introduces a breaking change that requires users to manually remove
the old repositories from the clients and redeploying them with the
role. You will have to remove the Cron job that was created by the
Ansible script, everything else will be overwritten with a run from the
newer version.

- name: Remove backup cron jobs
  ansible.builtin.cron:
    name: BORG (Application level backups)
    state: absent
  become: true
- name: Remove env for backup cron job
  ansible.builtin.cron:
    name: BORG_PASSPHRASE
    env: true
    state: absent
  become: true

Performing manual migrations on the Borg server is not required.

We now additionally support multiple Borg repositories per client host
using the `borg_backup_argument` variable.

Signed-off-by: Colin Wilk <colin.wilk@tum.de>
---
 tasks/client_create_scripts_each.yml | 31 ++++++++++++++++++++
 tasks/client_setup.yml               | 57 +++++++++++++++++++++---------------
 tasks/installation.yml               |  1 -
 3 files changed, 65 insertions(+), 24 deletions(-)
 create mode 100644 tasks/client_create_scripts_each.yml

(limited to 'tasks')

diff --git a/tasks/client_create_scripts_each.yml b/tasks/client_create_scripts_each.yml
new file mode 100644
index 0000000..dcf379f
--- /dev/null
+++ b/tasks/client_create_scripts_each.yml
@@ -0,0 +1,31 @@
+---
+- name: Create script for automatic borg backup
+  ansible.builtin.file:
+    dest: '{{ script_location }}'
+    state: touch
+    owner: root
+    group: root
+    modification_time: preserve
+    access_time: preserve
+    mode: '0711'
+  become: true
+
+- name: Insert shebang into backup script
+  ansible.builtin.lineinfile:
+    path: '{{ script_location }}'
+    line: '#!/bin/bash'
+    insertbefore: BOF
+    state: present
+  become: true
+
+- name: Insert Backup job block into scripts
+  ansible.builtin.blockinfile:
+    path: '{{ script_location }}'
+    marker: '## {mark} ANSIBLE MANAGED BLOCK for server: {{ borg_server_host_url }}'
+    block: |
+      export BORG_PASSPHRASE={{ borg_passphrase }}
+      borg create -C {{ borg_compression }} \
+      borg@{{ borg_server_host_url }}:{{ borg_server_user_home }}/{{ borg_repo_name }}::{{ borg_backup_name_format }} \
+      {{ borg_included_dirs | map('quote') | join(' ') }} \
+      {% for e in (borg_excluded_dirs | map('quote')) %} --exclude {{ e }} {% endfor %}
+  become: true
diff --git a/tasks/client_setup.yml b/tasks/client_setup.yml
index d3e9f75..eb6c9a1 100644
--- a/tasks/client_setup.yml
+++ b/tasks/client_setup.yml
@@ -92,29 +92,40 @@
   delegate_to: localhost
   become: false
 
-- name: Set up env for cron job
-  ansible.builtin.cron:
-    name: BORG_PASSPHRASE
-    job: '{{ borg_passphrase }}'
-    state: '{{ "present" if (borg_included_dirs | length > 0) else "absent" }}'
-    env: true
-    user: root
+- name: Create backup scripts
+  ansible.builtin.include_tasks: client_create_scripts_each.yml
+  loop:
+    - '{{ borg_backup_script_location }}'
+    - '{{ borg_backup_script_location }}{{ "@" if borg_backup_argument != "" }}{{ borg_backup_argument }}'
+  loop_control:
+    loop_var: script_location
+
+- name: Configure systemd borg_backup service
+  ansible.builtin.template:
+    src: borg_backup.service.j2
+    dest: /etc/systemd/system/{{ borg_backup_timer_name }}{{ "@" if borg_backup_argument != "" }}{{ borg_backup_argument }}.service
+    mode: '0644'
+    owner: root
+    group: root
+  notify: Reload systemd
+  become: true
+
+- name: Configure systemd borg_backup timer
+  ansible.builtin.template:
+    src: borg_backup.timer.j2
+    dest: /etc/systemd/system/{{ borg_backup_timer_name }}{{ "@" if borg_backup_argument != "" }}{{ borg_backup_argument }}.timer
+    mode: '0644'
+    owner: root
+    group: root
+  notify: Reload systemd
   become: true
 
-- name: Set up backup cron jobs
-  ansible.builtin.cron:
-    name: BORG (Application level backups)
-    job: >
-      borg create -C {{ borg_compression }}
-      borg@{{ borg_server_host_url }}:{{ borg_server_user_home }}/{{ borg_repo_name }}::{{ borg_backup_name_format }}
-      {{ borg_included_dirs | map('quote') | join(' ') }}
-      {% for e in (borg_excluded_dirs | map('quote')) %} --exclude {{ e }} {% endfor %}
-    user: root
-    state: '{{ "present" if (borg_included_dirs | length > 0) else "absent" }}'
-    minute: '{{ borg_cron_time.minute | default(omit) }}'
-    hour: '{{ borg_cron_time.hour | default(omit) }}'
-    weekday: '{{ borg_cron_time.weekday | default(omit) }}'
-    day: '{{ borg_cron_time.day | default(omit) }}'
-    month: '{{ borg_cron_time.month | default(omit) }}'
-    special_time: '{{ borg_cron_time.special_time | default(omit) }}'
+- name: Reload systemd now before enabling services
+  ansible.builtin.meta: flush_handlers
+
+- name: Enable borg_backup systemd timer
+  ansible.builtin.systemd:
+    name: '{{ borg_backup_timer_name }}{{ "@" if borg_backup_argument != "" }}{{ borg_backup_argument }}.timer'
+    state: started
+    enabled: true
   become: true
diff --git a/tasks/installation.yml b/tasks/installation.yml
index 8ee0835..7e64ff3 100644
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@@ -13,7 +13,6 @@
   ansible.builtin.apt:
     name:
       - borgbackup
-      - cron
       - ssh
     state: present
     update_cache: true
-- 
cgit v1.2.3