08dba9d026
As described inline, ensure that minimal facts for the backup servers' are loaded before running the backup roles on hosts, so they can read the ansible_ssh_host_key_ed25519_public fact for each backup server and ensure it is accepted. Update the other comments slightly as well. Change-Id: I1f207ca0770d58f61a89f9ade0bd26cebc982c62
25 lines
800 B
YAML
25 lines
800 B
YAML
# This ensures fact population so the borg-backup role, run on the
|
|
# backup-clients, can add the public key for each backup server in
|
|
# "borg-backup-server" to it's known_hosts.
|
|
- hosts: "borg-backup-server:!disabled"
|
|
name: "Populate backup server host keys"
|
|
tasks:
|
|
- name: 'Gather minimal host facts'
|
|
setup:
|
|
gather_subset: '!all'
|
|
|
|
# These two steps needs to happen in order. Backup hosts export their
|
|
# username/key combos in this step, then the following role uses that
|
|
# info to authorizes these users on the backup servers.
|
|
- hosts: "borg-backup:!disabled"
|
|
name: "Generate borg backup users and keys"
|
|
roles:
|
|
- iptables
|
|
- borg-backup
|
|
|
|
- hosts: "borg-backup-server:!disabled"
|
|
name: "Generate borg configuration"
|
|
roles:
|
|
- iptables
|
|
- borg-backup-server
|