diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 9bc750b247..50352876ea 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -49,13 +49,6 @@ all: region_name: DFW public_ipv4: 104.239.149.165 public_ipv6: 2001:4800:7819:105:be76:4eff:fe01:e6ff - backup01.ca-ymq-1.vexxhost.opendev.org: - ansible_host: 199.204.45.119 - location: - cloud: openstackci-vexxhost - region_name: ca-ymq-1 - public_v4: 199.204.45.119 - public_v6: 2604:e100:1:0:f816:3eff:feab:d678 backup02.ca-ymq-1.vexxhost.opendev.org: ansible_host: 199.204.45.196 location: @@ -70,13 +63,6 @@ all: region_name: ORD public_v4: 23.253.160.180 public_v6: 2001:4801:7825:103:be76:4eff:fe10:1b1 - backup01.ord.rax.ci.openstack.org: - ansible_host: 23.253.20.173 - location: - cloud: openstackci-rax - region_name: ORD - public_v4: 23.253.20.173 - public_v6: 2001:4801:7824:101:be76:4eff:fe10:20cf bridge.openstack.org: ansible_host: 23.253.234.219 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 2c9dbc857f..b4c953a9da 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -19,27 +19,6 @@ groups: afs-admin: - mirror-update[0-9]*.openstack.org ask: ask*.open*.org -# NOTE: By default we keep the backup-server group empty as an -# emergency escape hatch if a problem were to propage through -# production servers. However, this also means if you add a server to -# the "backup" group to be backed up, you should uncomment the -# "backup-server" group for an Ansible pulse so the users & keys are -# setup on the server(s). You can submit a follow-on change to revert -# this at the same time. - backup: - - gitea01.opendev.org - - review[0-9]*.openstack.org - - review-dev[0-9]*.open*.org - - zuul[0-9]*.open*.org - # All these servers are "special-cased" in specifically - # as they are puppet and should be replaced "soon" - - ethercalc02.openstack.org - - ask01.openstack.org - - lists.openstack.org - - storyboard01.opendev.org - - translate01.openstack.org - backup-server: - - backup01.ca-ymq-1.vexxhost.opendev.org borg-backup: - etherpad[0-9]*.opendev.org - gitea01.opendev.org @@ -66,7 +45,6 @@ groups: control-plane-clouds: - bridge.openstack.org disabled: - - backup01.ord.rax.ci.openstack.org - corvustest - idp.openstackid.org - lists-dev01.openstack.org @@ -146,7 +124,6 @@ groups: - pbx[0-9]*.opendev.org puppet: - ask*.open*.org - - backup[0-9]*.openstack.org - cacti[0-9]*.open*.org - corvustest - eavesdrop[0-9]*.open*.org diff --git a/manifests/site.pp b/manifests/site.pp index fed35c6a76..79e6942088 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -355,14 +355,6 @@ node /^pbx\d*\.open.*\.org$/ { } } -# Node-OS: xenial -# A backup machine. Don't run cron or puppet agent on it. -node /^backup\d+\..*\.ci\.open.*\.org$/ { - $group = "ci-backup" - class { 'openstack_project::server': } - include openstack_project::backup_server -} - # Node-OS: xenial node /^openstackid\d*(\.openstack)?\.org$/ { $group = "openstackid" diff --git a/modules/openstack_project/manifests/backup_server.pp b/modules/openstack_project/manifests/backup_server.pp deleted file mode 100644 index d789b9dd5e..0000000000 --- a/modules/openstack_project/manifests/backup_server.pp +++ /dev/null @@ -1,7 +0,0 @@ -# == Class: openstack_project::backup_server -# -class openstack_project::backup_server { - package { 'bup': - ensure => present, - } -} diff --git a/modules/openstack_project/manifests/ethercalc.pp b/modules/openstack_project/manifests/ethercalc.pp index 2e0e875bd1..a86f96d40f 100644 --- a/modules/openstack_project/manifests/ethercalc.pp +++ b/modules/openstack_project/manifests/ethercalc.pp @@ -21,14 +21,4 @@ class openstack_project::ethercalc ( include ethercalc::redis - # Redis creates a snapshot at /var/lib/redis/dump.rdb periodically - # (at worst every 15 minutes if at least one change is made to redis) - # which can be used to recover the Redis DB. Bup will automagically - # pick this file up during its normal operation so no other DB dumping - # is required like with mysql. - include bup - bup::site { 'ord.rax': - backup_user => "bup-$::hostname", - backup_server => 'backup01.ord.rax.ci.openstack.org', - } } diff --git a/modules/openstack_project/manifests/lists.pp b/modules/openstack_project/manifests/lists.pp index 899f5d05c6..ffbb2bc737 100644 --- a/modules/openstack_project/manifests/lists.pp +++ b/modules/openstack_project/manifests/lists.pp @@ -42,12 +42,6 @@ class openstack_project::lists( user::virtual::disable { 'oubiwann': } user::virtual::disable { 'rockstar': } - include bup - bup::site { 'ord.rax': - backup_user => 'bup-lists', - backup_server => 'backup01.ord.rax.ci.openstack.org', - } - # Begin user servicable parts mailman::site { 'openstack': diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp index 623bc37a66..542fad3d49 100644 --- a/modules/openstack_project/manifests/storyboard.pp +++ b/modules/openstack_project/manifests/storyboard.pp @@ -86,9 +86,4 @@ class openstack_project::storyboard( source => $superusers, } - include bup - bup::site { 'ord.rax': - backup_user => 'bup-storyboard', - backup_server => 'backup01.ord.rax.ci.openstack.org', - } } diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp index 7719fcdacd..0ec9c0e2ea 100644 --- a/modules/openstack_project/manifests/wiki.pp +++ b/modules/openstack_project/manifests/wiki.pp @@ -75,14 +75,6 @@ class openstack_project::wiki ( require => File['/srv/mediawiki'], } - if $bup_user != undef { - include bup - bup::site { 'ord.rax': - backup_user => $bup_user, - backup_server => 'backup01.ord.rax.ci.openstack.org', - } - } - class { '::elasticsearch': es_template_config => { 'bootstrap.mlockall' => true, diff --git a/playbooks/roles/backup-server/README.rst b/playbooks/roles/backup-server/README.rst deleted file mode 100644 index c6560a0c64..0000000000 --- a/playbooks/roles/backup-server/README.rst +++ /dev/null @@ -1,15 +0,0 @@ -Setup backup server - -This role configures backup server(s) in the ``backup-server`` group -to accept backups from remote hosts. - -Note that the ``backup`` role must have run on each host in the -``backup`` group before this role. That role will create a -``bup_user`` tuple in the hostvars for for each host consisting of the -required username and public key. - -Each required user gets a separate home directory in ``/opt/backups``. -Their ``authorized_keys`` file is configured with the public key to -allow the remote host to log in and only run ``bup``. - -**Role Variables** diff --git a/playbooks/roles/backup-server/defaults/main.yaml b/playbooks/roles/backup-server/defaults/main.yaml deleted file mode 100644 index e5580b296a..0000000000 --- a/playbooks/roles/backup-server/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -bup_users: [] \ No newline at end of file diff --git a/playbooks/roles/backup-server/tasks/main.yaml b/playbooks/roles/backup-server/tasks/main.yaml deleted file mode 100644 index d5c7ee74be..0000000000 --- a/playbooks/roles/backup-server/tasks/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Create backup directory - file: - state: directory - path: /opt/backups - -- name: Install bup - package: - name: - - bup - state: present - -- name: Build all bup users from backup hosts - set_fact: - bup_users: '{{ bup_users }} + [ {{ hostvars[item]["bup_user"] }} ]' - with_inventory_hostnames: 'backup:!disabled' - -- name: Create bup users - include_tasks: user.yaml - loop: '{{ bup_users }}' - loop_control: - loop_var: bup_user diff --git a/playbooks/roles/backup-server/tasks/user.yaml b/playbooks/roles/backup-server/tasks/user.yaml deleted file mode 100644 index 36b3f18ee6..0000000000 --- a/playbooks/roles/backup-server/tasks/user.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# note bup_user is the parent loop variable name; this works on each -# element from the bup_users global. -- name: Set variables - set_fact: - user_name: '{{ bup_user[0] }}' - user_key: '{{ bup_user[1] }}' - -- name: Create bup user - user: - name: '{{ user_name }}' - comment: 'Backup user' - shell: /bin/bash - home: '/opt/backups/{{ user_name }}' - create_home: yes - register: homedir - -- name: Create bup user authorized key - authorized_key: - user: '{{ user_name }}' - state: present - key: '{{ user_key }}' - key_options: 'command="BUP_DEBUG=0 BUP_FORCE_TTY=3 bup server",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty' - -# ansible-lint wants this in a handler, it should be done here and -# now; this isn't like a service restart where multiple things might -# call it. -- name: Initalise bup - shell: | - BUP_DIR=/opt/backups/{{ user_name }}/.bup bup init - become: yes - become_user: '{{ user_name }}' - when: homedir.changed \ No newline at end of file diff --git a/playbooks/roles/backup/README.rst b/playbooks/roles/backup/README.rst deleted file mode 100644 index 15cdcf254a..0000000000 --- a/playbooks/roles/backup/README.rst +++ /dev/null @@ -1,23 +0,0 @@ -Configure a host to be backed up - -This role setups a host to use ``bup`` for backup to any hosts in the -``backup-server`` group. - -A separate ssh key will be generated for root to connect to the backup -server(s) and the host key for the backup servers will be accepted to -the host. - -The ``bup`` tool is installed and a cron job is setup to run the -backup periodically. - -Note the ``backup-server`` role must run after this to create the user -correctly on the backup server. This role sets a tuple ``bup_user`` -with the username and public key; the ``backup-server`` role uses this -variable for each host in the ``backup`` group to initalise users. - -**Role Variables** - -.. zuul:rolevar:: bup_username - - The username to connect to the backup server. If this is left - undefined, it will be automatically set to ``bup-$(hostname)`` diff --git a/playbooks/roles/backup/files/bup-excludes b/playbooks/roles/backup/files/bup-excludes deleted file mode 100644 index 84aabab33f..0000000000 --- a/playbooks/roles/backup/files/bup-excludes +++ /dev/null @@ -1,25 +0,0 @@ -/proc/* -/sys/* -/dev/* -/tmp/* -/floppy/* -/cdrom/* -/var/spool/squid/* -/var/spool/exim/* -/media/* -/mnt/* -/var/agentx/* -/run/* -/root/backup-restore-* -/root/.bup -/etc/puppet/modules/* -/etc/puppet/hieradata/* -/var/cache/* -/var/lib/docker/* -/var/lib/puppet/reports/* -/var/lib/postgresql/* -/var/lib/lxcfs/* -/var/lib/zuul/backup/* -/var/lib/zuul/times/* -/opt/system-config/* -/afs/* diff --git a/playbooks/roles/backup/tasks/main.yaml b/playbooks/roles/backup/tasks/main.yaml deleted file mode 100644 index 88abd05e30..0000000000 --- a/playbooks/roles/backup/tasks/main.yaml +++ /dev/null @@ -1,57 +0,0 @@ -- name: Generate bup username for this host - set_fact: - bup_username: 'bup-{{ inventory_hostname.split(".", 1)[0] }}' - when: bup_username is not defined - -- debug: - var: bup_username - -- name: Install bup - package: - name: - - bup - state: absent - -- name: Remove old keypair - file: - path: /root/.ssh/id_backup_ed25519 - state: absent - -- name: Remove old keypair - file: - path: /root/.ssh/id_backup_ed25519.pub - state: absent - -- name: Remove old config directory - file: - path: /root/.bup - state: absent - -- name: Remove ssh config - blockinfile: - path: /root/.ssh/config - state: absent - create: false - block: | - Host {{ item }} - HostName {{ item }} - IdentityFile /root/.ssh/id_backup_ed25519 - User {{ bup_username }} - mode: 0600 - with_inventory_hostnames: backup-server - ignore_errors: True - -- name: Remove /etc/bup-excludes - file: - path: /etc/bup-excludes - state: absent - -- name: Remove backup cronjob - cron: - name: "Run bup backup" - job: "tar -X /etc/bup-excludes -cPF - / | bup split -r {{ bup_username }}@{{ item }}: -n root -q" - user: root - hour: '5' - minute: '{{ 59|random(seed=item) }}' - state: absent - with_inventory_hostnames: backup-server diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml index 405da5deb5..22fe624367 100644 --- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml +++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml @@ -38,15 +38,13 @@ results: - mirror review01.openstack.org: - - backup - borg-backup - gerrit - letsencrypt - review - backup01.ord.rax.ci.openstack.org: - - disabled - - puppet + backup01.ord.rax.opendev.org: + - borg-backup-server ze01.openstack.org: - afs-client diff --git a/playbooks/service-backup.yaml b/playbooks/service-backup.yaml deleted file mode 100644 index 9866cb65e8..0000000000 --- a/playbooks/service-backup.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# NOTE(ianw) : we are removing bup for borg. This just needs to run -# once to remove bup parts from the backup clients, then we will -# remove it completely. -- hosts: "backup:!disabled" - name: "Base: Generate backup users and keys" - roles: - - iptables - - backup diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index 87a322edde..fb3bd1d458 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -83,8 +83,6 @@ - host_vars/mirror01.openafs.provider.opendev.org.yaml - host_vars/mirror02.openafs.provider.opendev.org.yaml - host_vars/mirror-update01.opendev.org.yaml - - host_vars/backup-test01.opendev.org.yaml - - host_vars/backup-test02.opendev.org.yaml - host_vars/refstack01.openstack.org.yaml - name: Display group membership command: ansible localhost -m debug -a 'var=groups' diff --git a/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 b/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 deleted file mode 100644 index 3a9ccef467..0000000000 --- a/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 +++ /dev/null @@ -1 +0,0 @@ -bup_username: bup-backup01 \ No newline at end of file diff --git a/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 b/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 deleted file mode 100644 index 152cdee1e0..0000000000 --- a/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# Intentionally left blank to test autogeneration of name -#bup_username: bup-backup-test02 \ No newline at end of file diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 6234107979..d5b1698342 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -275,19 +275,6 @@ - playbooks/roles/static/ - playbooks/roles/zuul-user/ -- job: - name: infra-prod-service-backup - parent: infra-prod-service-base - description: Run service-backup.yaml playbook. - vars: - playbook_name: service-backup.yaml - files: - - inventory/ - - playbooks/service-backup.yaml - - playbooks/roles/backup/ - - playbooks/roles/backup-server/ - - playbooks/roles/iptables/ - - job: name: infra-prod-service-borg-backup parent: infra-prod-service-base diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index ca53fb2007..0c83220da2 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -13,7 +13,6 @@ - system-config-run-base - system-config-run-base-ansible-devel: voting: false - - system-config-run-backup - system-config-run-borg-backup - system-config-run-dns - system-config-run-eavesdrop: @@ -271,7 +270,6 @@ - infra-prod-service-mirror-update - infra-prod-service-mirror - infra-prod-service-static - - infra-prod-service-backup - infra-prod-service-borg-backup - infra-prod-service-registry - infra-prod-service-refstack @@ -316,7 +314,6 @@ - infra-prod-service-mirror - infra-prod-service-static - infra-prod-service-borg-backup - - infra-prod-service-backup - infra-prod-service-zookeeper - infra-prod-service-review - infra-prod-service-review-dev diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index 5f83ffe52d..deea17b1c4 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -305,30 +305,6 @@ - testinfra/test_adns.py - testinfra/test_ns.py -- job: - name: system-config-run-backup - parent: system-config-run - description: | - Run the playbook for backup configuration - nodeset: - nodes: - - name: bridge.openstack.org - label: ubuntu-bionic - - name: backup01.region.provider.opendev.org - label: ubuntu-bionic - - name: backup-test01.opendev.org - label: ubuntu-bionic - - name: backup-test02.opendev.org - label: ubuntu-xenial - vars: - run_playbooks: - - playbooks/service-backup.yaml - files: - - playbooks/install-ansible.yaml - - playbooks/roles/backup - - playbooks/zuul/templates/host_vars/backup - - testinfra/test_backups.py - - job: name: system-config-run-borg-backup parent: system-config-run