From 08dba9d0261494e8ee1d03585bf37ed5b647640e Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Tue, 23 Feb 2021 11:29:02 +1100 Subject: [PATCH] service-borg-backup: preload backup server facts As described inline, ensure that minimal facts for the backup servers' are loaded before running the backup roles on hosts, so they can read the ansible_ssh_host_key_ed25519_public fact for each backup server and ensure it is accepted. Update the other comments slightly as well. Change-Id: I1f207ca0770d58f61a89f9ade0bd26cebc982c62 --- playbooks/service-borg-backup.yaml | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/playbooks/service-borg-backup.yaml b/playbooks/service-borg-backup.yaml index f0f7f3470e..7fa6e1a244 100644 --- a/playbooks/service-borg-backup.yaml +++ b/playbooks/service-borg-backup.yaml @@ -1,10 +1,22 @@ -# This needs to happen in order. Backup hosts export their username/key -# combos which are installed onto the backup server +# This ensures fact population so the borg-backup role, run on the +# backup-clients, can add the public key for each backup server in +# "borg-backup-server" to it's known_hosts. +- hosts: "borg-backup-server:!disabled" + name: "Populate backup server host keys" + tasks: + - name: 'Gather minimal host facts' + setup: + gather_subset: '!all' + +# These two steps needs to happen in order. Backup hosts export their +# username/key combos in this step, then the following role uses that +# info to authorizes these users on the backup servers. - hosts: "borg-backup:!disabled" - name: "Base: Generate borg backup users and keys" + name: "Generate borg backup users and keys" roles: - iptables - borg-backup + - hosts: "borg-backup-server:!disabled" name: "Generate borg configuration" roles: