jack
fc6b1c0cec
- Add vault_s3_access_key / vault_s3_secret_key to Ansible Vault - Expose via s3_access_key / s3_secret_key in all/main.yml - Add s3_endpoint + s3_bucket to backup role defaults - Install awscli via apt in backup role tasks - Extend backup.sh.j2: upload *.gz to S3 after local backup, prune S3 objects older than backup_retention_days Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
30 lines
698 B
YAML
30 lines
698 B
YAML
---
|
|
- name: Install awscli for S3 uploads
|
|
ansible.builtin.apt:
|
|
name: awscli
|
|
state: present
|
|
|
|
- name: Create backup directory
|
|
ansible.builtin.file:
|
|
path: "{{ backup_dir }}"
|
|
state: directory
|
|
owner: "{{ backup_user }}"
|
|
group: "{{ backup_user }}"
|
|
mode: "0750"
|
|
|
|
- name: Deploy backup script
|
|
ansible.builtin.template:
|
|
src: backup.sh.j2
|
|
dest: /usr/local/bin/backup-services
|
|
owner: root
|
|
group: root
|
|
mode: "0750"
|
|
|
|
- name: Schedule daily backup at 03:00
|
|
ansible.builtin.cron:
|
|
name: "Daily services backup"
|
|
minute: "0"
|
|
hour: "3"
|
|
job: "/usr/local/bin/backup-services >> /var/log/backup-services.log 2>&1"
|
|
user: root
|
|
state: present
|