diff options
| -rw-r--r-- | files/bacula/bacula-dir.conf.j2 | 1167 | ||||
| -rw-r--r-- | files/bacula/bacula-fd.conf.j2 | 46 | ||||
| -rw-r--r-- | files/bacula/bacula-sd.conf.j2 | 104 | ||||
| -rw-r--r-- | files/bacula/bconsole.conf.j2 | 10 | ||||
| -rwxr-xr-x | files/bacula/fedora_delete_catalog_backup | 5 | ||||
| -rwxr-xr-x | files/bacula/fedora_make_catalog_backup | 3 | ||||
| -rw-r--r-- | files/mysql/my.cnf | 74 | ||||
| -rw-r--r-- | playbooks/groups/backup-server.yml | 32 | ||||
| -rw-r--r-- | tasks/bacula_server.yml | 58 | ||||
| -rw-r--r-- | tasks/mysql_server.yml | 18 |
10 files changed, 1517 insertions, 0 deletions
diff --git a/files/bacula/bacula-dir.conf.j2 b/files/bacula/bacula-dir.conf.j2 new file mode 100644 index 000000000..8c6f453a8 --- /dev/null +++ b/files/bacula/bacula-dir.conf.j2 @@ -0,0 +1,1167 @@ + +# Default Bacula Director Configuration file +# +# The only thing that MUST be changed is to add one or more +# file or directory names in the Include directive of the +# FileSet resource. +# +# For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod) +# +# You might also want to change the default email address +# from root to your address. See the "mail" and "operator" +# directives in the Messages resource. +# + +Director { # define myself + Name = bacula-dir + DIRport = 9101 # where we listen for UA connections + QueryFile = "/etc/bacula/query.sql" + WorkingDirectory = "/var/spool/bacula" + PidDirectory = "/var/run" + Maximum Concurrent Jobs = 10 + Password = "{{ bacula5PasswordCon }}" # Console password + Messages = Daemon +} + +# Should catch most common files (basically pulls /) +JobDefs { + Name = "LightJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "Light Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes + Priority = 10 + Maximum Concurrent Jobs = 10 +} + +JobDefs { + Name = "PeopleJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "People Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes + Priority = 10 + Maximum Concurrent Jobs = 10 +} + + +JobDefs { + Name = "PuppetJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "Puppet Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes + Priority = 10 + Maximum Concurrent Jobs = 10 +} + +# Should catch most common files (basically pulls /) +JobDefs { + Name = "DefaultJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "Full Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes + Priority = 10 + Maximum Concurrent Jobs = 10 +} +# job for log servers. +JobDefs { + Name = "DefaultLogJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "Full Log Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes + Priority = 10 + Maximum Concurrent Jobs = 10 +} + +# For the CVS/GIT box +JobDefs { + Name = "SCMJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "SCM Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes +# Full Backup Pool = Full-Pool +# Incremental Backup Pool = Inc-Pool +# Differential Backup Pool = Diff-Pool + Priority = 10 + Maximum Concurrent Jobs = 10 +} + + +# Should catch most common files (basically pulls /) +JobDefs { + Name = "CatalogJob" + Type = Backup + Level = Incremental + Client = bacula-fd + FileSet = "Full Set" + Schedule = "WeeklyCycle" + Storage = TapeDrive-1 + Messages = Standard + Pool = Full-Pool + SpoolData = yes +# Full Backup Pool = Full-Pool-Catalog + Priority = 10 + Maximum Concurrent Jobs = 10 +} + +# For the koji mount + +#Job { +# Name = "fedorapeople.org" +# Client = "fedorapeople.org" +# JobDefs = "DefaultJob" +# Write Bootstrap = "/var/spool/bacula/fedorapeople.org.bsr" +#} + +Job { + Name = "db05" + Client = "db05" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/db05.bsr" +} + +Job { + Name = "db01" + Client = "db01" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/db02.bsr" +} + +Job { + Name = "db-fas01" + Client = "db-fas01" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/db-fas01.bsr" +} + +#Job { +# Name = "db02" +# Client = "db02" +# JobDefs = "DefaultJob" +# Write Bootstrap = "/var/spool/bacula/db02.bsr" +#} + +Job { + Name = "db04" + Client = "db04" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/db04.bsr" +} + +Job { + Name = "fas01" + Client = "fas01" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/fas01.bsr" +} + +#Job { +# Name = "cvs1" +# Client = "cvs1" +# JobDefs = "SCMJob" +# Write Bootstrap = "/var/spool/bacula/cvs1.bsr" +#} + +Job { + Name = "pkgs01" + Client = "pkgs01" + JobDefs = "SCMJob" + Write Bootstrap = "/var/spool/bacula/pkgs01.bsr" +} + +Job { + Name = "collab04" + Client = "collab04" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/collab04.bsr" +} + + +Job { + Name = "hosted-lists01" + Client = "hosted-lists01" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/hosted-lists01.bsr" +} + +Job { + Name = "hosted04" + Client = "hosted04" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/hosted04.bsr" +} + +#Job { +# Name = "hosted04" +# Client = "hosted04" +# JobDefs = "LightJob" +# Write Bootstrap = "/var/spool/bacula/hosted04.bsr" +#} + +Job { + Name = "noc01" + Client = "noc01" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/noc01.bsr" +} + +Job { + Name = "lockbox01" + Client = "lockbox01" + JobDefs = "PuppetJob" + Write Bootstrap = "/var/spool/bacula/lockbox01.bsr" +} + +Job { + Name = "ask01" + Client = "ask01" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/ask01.bsr" +} + +Job { + Name = "bastion01" + Client = "bastion01" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/bastion01.bsr" +} + +Job { + Name = "bastion02" + Client = "bastion02" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/bastion02.bsr" +} + + +Job { + Name = "proxy01" + Client = "proxy01" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/proxy01.bsr" +} + + +Job { + Name = "proxy02" + Client = "proxy02" + JobDefs = "LightJob" + Write Bootstrap = "/var/spool/bacula/proxy02.bsr" +} + +#Job { +# Name = "people02" +# Client = "people02" +# JobDefs = "PeopleJob" +# Write Bootstrap = "/var/spool/bacula/people02.bsr" +#} + +Job { + Name = "people03" + Client = "people03" + JobDefs = "PeopleJob" + Write Bootstrap = "/var/spool/bacula/people03.bsr" +} + +Job { + Name = "releng03" + Client = "releng03" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/releng03.bsr" +} + +Job { + Name = "releng04" + Client = "releng04" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/releng04.bsr" +} + +Job { + Name = "relepel01" + Client = "relepel01" + JobDefs = "DefaultJob" + Write Bootstrap = "/var/spool/bacula/relepel01.bsr" +} + +#Job { +# Name = "koji" +# Client = "nfs01" +# JobDefs = "KojiJob" +# Write Bootstrap = "/var/spool/bacula/koji.bsr" +#} + +Job { + Name = "log02" + Client = "log02" + JobDefs = "DefaultLogJob" + Write Bootstrap = "/var/spool/bacula/log02.bsr" +} + +#Job { +# Name = "backup03" +# Client = "backup03" +# JobDefs = "LightJob" +# Write Bootstrap = "/var/spool/bacula/backup03.bsr" +#} + +# Backup the catalog database (after the nightly save) +Job { + Name = "BackupCatalog" + JobDefs = "CatalogJob" + Level = Full + FileSet="Catalog" + Schedule = "WeeklyCycleAfterBackup" + # This creates an ASCII copy of the catalog + RunBeforeJob = "/usr/local/bin/fedora_make_catalog_backup" + # This deletes the copy of the catalog + RunAfterJob = "/usr/local/bin/fedora_delete_catalog_backup" + Write Bootstrap = "/var/spool/bacula/BackupCatalog.bsr" + Priority = 11 # run after main backup +} + +# +# Standard Restore template, to be changed by Console program +# Only one such job is needed for all Jobs/Clients/Storage ... +# +Job { + Name = "RestoreFiles" + Type = Restore + Client=bacula-fd + FileSet="Full Set" + Storage = TapeDrive-1 + Pool = Default +# Full Backup Pool = Full-Pool +# Incremental Backup Pool = Inc-Pool +# Differential Backup Pool = Diff-Pool + Messages = Standard + Where = /tmp/bacula-restores +} + + + +FileSet { + Name = "Light Set" + Include { + Options { + signature = SHA1 + Compression = GZIP9 + } + File = /etc + File = /root + File = /home + File = /var + File = /srv + } + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /srv/torrent/btholding + File = /srv/web/docroot/epel + File = /srv/rpmbuild/epel + File = /srv/gitweb-cache + File = /var/tmp + File = /glusterfs + } +} + +FileSet { + Name = "People Set" + Include { + Options { + signature = SHA1 + Compression = GZIP9 + } + File = /etc + File = /root + File = /var + File = /srv + } + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /srv/torrent/btholding + File = /var/tmp + } +} + +FileSet { + Name = "Puppet Set" + Include { + Options { + signature = SHA1 + Compression = GZIP9 + WildDir=.snapshot + Exclude=yes + } + File = /etc + File = /root + File = /home + File = /var + File = /srv + File = /git + File = /mnt/fedora/app + File = /mnt/fedora/cvs + } + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /mnt/fedora/app/fi-repo/rhel + File = /var/tmp + } +} + +FileSet { + Name = "SCM Set" + Include { + Options { + signature = SHA1 + Compression = GZIP9 + } + File = / + File = /srv + File = /srv/cache/lookaside/ + } + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /var/tmp + File = /srv/gitweb-cache + } +} + + +# List of files to be backed up +FileSet { + Name = "Full Set" + Include { + Options { + Compression = GZIP9 + signature = SHA1 + } + +# +# Put your list of files here, preceded by 'File =', one per line +# or include an external list with: +# +# File = <file-name +# +# Note: / backs up everything on the root partition. +# if you have other partitons such as /usr or /home +# you will probably want to add them too. +# +# This File-directive would backup your whole filesystem. +# It is disabled by default +# + File = / + File = /boot + } + +# +# If you backup the root directory, the following two excluded +# files can be useful +# + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /var/lib/pgsql/data + File = /var/lib/mysql + File = /var/tmp + File = /srv/gitweb-cache + } +} +# +# Set for log servers. +# +FileSet { + Name = "Full Log Set" + Include { + Options { + Compression = GZIP9 + signature = SHA1 + } + +# +# Put your list of files here, preceded by 'File =', one per line +# or include an external list with: +# +# File = <file-name +# +# Note: / backs up everything on the root partition. +# if you have other partitons such as /usr or /home +# you will probably want to add them too. +# +# This File-directive would backup your whole filesystem. +# It is disabled by default +# + File = / + File = /boot + File = /var/log + } + +# +# If you backup the root directory, the following two excluded +# files can be useful +# + Exclude { + File = /proc + File = /tmp + File = /.journal + File = /.fsck + File = /dev + File = /sys + File = /.swap + File = /var/lib/pgsql/data + File = /var/lib/mysql + File = /var/tmp + File = /srv/gitweb-cache + } +} + + +# Monthly backups for koji +Schedule { + Name = "MonthlyCycle" + Run = Full 1st sun at 23:05 + Run = level=Incremental 2nd-5th sun at 20:05 +# Run = Differential 2nd-5th sun at 23:05 +# Run = Incremental mon-sat at 23:05 +# Run = level=Full sat at 22:05 +# Run = level=Incremental sun-fri at 22:05 +} + +# +# When to do the backups, full backup on first sunday of the month, +# differential (i.e. incremental since full) every other sunday, +# and incremental backups other days +Schedule { + Name = "WeeklyCycle" +# Run = Full 1st sun at 23:05 +# Run = Differential 2nd-5th sun at 23:05 +# Run = Incremental mon-sat at 23:05 + Run = level=Full sat at 22:05 + Run = level=Incremental sun-fri at 22:05 +} + +# This schedule does the catalog. It starts after the WeeklyCycle +Schedule { + Name = "WeeklyCycleAfterBackup" + Run = Full sun-sat at 22:10 +} + +# This is the backup of the catalog +FileSet { + Name = "Catalog" + Include { + Options { + signature = MD5 + } + File = /bacula/bacula.sql + } +} + +# Client (File Services) to backup +Client { + Name = bacula-fd + Address = backup03.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" # password for FileDaemon + File Retention = 90 days # 30 days + Job Retention = 365 days # six months + AutoPrune = yes # Prune expired Jobs/Files + Maximum Concurrent Jobs = 10 +} + +# +# Second Client (File Services) to backup +# You should change Name, Address, and Password before using +# + +#Client { +# Name = fedorapeople.org +# Address = fedorapeople.org +# FDPort = 9102 +# Catalog = backup03 +# Password = "<%= bacula5PasswordDir }}" +# File Retention = 15 days +# Job Retention = 20 days +# AutoPrune = Yes +#} + + +Client { + Name = db05 + Address = db05.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = db01 + Address = db01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = db02 + Address = db02.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = db04 + Address = db04.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = fas01 + Address = fas01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = db-fas01 + Address = db-fas01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +#Client { +# Name = cvs1 +# Address = 10.5.127.37 +# FDPort = 9102 +# Catalog = backup03 +# Password = "{{ bacula5PasswordDir }}" +# File Retention = 13 days +# Job Retention = 20 days +# AutoPrune = Yes +# Maximum Concurrent Jobs = 10 +#} + +Client { + Name = pkgs01 + Address = 10.5.125.44 + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + + +Client { + Name = collab03 + Address = collab03.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = collab04 + Address = collab04.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = hosted04 + Address = hosted04.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = hosted03 + Address = hosted03.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = hosted-lists01 + Address = hosted-lists01.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = noc01 + Address = noc01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = lockbox01 + Address = lockbox01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = ask01 + Address = ask01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = bastion01 + Address = bastion01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = bastion02 + Address = bastion02.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = proxy01 + Address = proxy01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + + +Client { + Name = proxy02 + Address = proxy02.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = people01 + Address = people01.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = people02 + Address = people02.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = people03 + Address = people03.vpn.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = releng02 + Address = 10.5.127.54 + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = releng03 + Address = releng03.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = releng04 + Address = releng04.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = relepel01 + Address = 10.5.125.65 + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + + + +Client { + Name = nfs01 + Address = nfs01.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +Client { + Name = log02 + Address = log02.phx2.fedoraproject.org + FDPort = 9102 + Catalog = backup03 + Password = "{{ bacula5PasswordDir }}" + File Retention = 90 days + Job Retention = 365 days + AutoPrune = Yes + Maximum Concurrent Jobs = 10 +} + +#Client { +# Name = backup03 +# Address = localhost +# FDPort = 9102 +# Catalog = backup03 +# Password = "{{ bacula5PasswordDir }}" +# File Retention = 15 days +# Job Retention = 20 days +# AutoPrune = Yes +# Maximum Concurrent Jobs = 10 +#} + +# Definition of file storage device +Storage { + Name = File +# Do not use "localhost" here + Address = backup03 + SDPort = 9103 + Password = "{{ bacula5PasswordDir }}" + Device = FileStorage + Media Type = File + Maximum Concurrent Jobs = 10 +} + + +Storage { + Name = TapeDrive-1 +# Do not use "localhost" here + Address = backup03 + SDPort = 9103 + Password = "{{ bacula5PasswordDir }}" + Device = Autochanger + Media Type = LTO-5 + Autochanger = yes + Maximum Concurrent Jobs = 10 +} + + +# Generic catalog service +Catalog { + Name = backup03 + dbname = bacula; user = root; password = "" +} + +# Reasonable message delivery -- send most everything to email address +# and to the console +Messages { + Name = Standard +# +# NOTE! If you send to two email or more email addresses, you will need +# to replace the %r in the from field (-f part) with a single valid +# email address in both the mailcommand and the operatorcommand. +# What this does is, it sets the email address that emails would display +# in the FROM field, which is by default the same email as they're being +# sent to. However, if you send email to more than one address, then +# you'll have to set the FROM address manually, to a single address. +# for example, a 'no-reply@mydomain.com', is better since that tends to +# tell (most) people that its coming from an automated source. + +# + mailcommand = "/usr/sbin/bsmtp -h bastion -f \"\(Bacula\) %r\" -s \"[backup03] Bacula: %t %e of %c %l\" %r" + operatorcommand = "/usr/sbin/bsmtp -h bastion -f \"\(Bacula\) %r\" -s \"[backup03] Bacula: Intervention needed for %j\" %r" + mail = sysadmin-backup-members@fedoraproject.org = all, !skipped + operator = sysadmin-backup-members@fedoraproject.org = mount + console = all, !skipped, !saved +# +# WARNING! the following will create a file that you must cycle from +# time to time as it will grow indefinitely. However, it will +# also keep all your messages if they scroll off the console. +# + append = "/var/spool/bacula/log" = all, !skipped +} + + +# +# Message delivery for daemon messages (no job). +Messages { + Name = Daemon + mailcommand = "/usr/sbin/bsmtp -h localhost -f \"\(Bacula\) %r\" -s \"Bacula daemon message\" %r" + mail = mmcgrath@redhat.com = all, !skipped + console = all, !skipped, !saved + append = "/var/log/bacula.log" = all, !skipped +} + + + + +# Default pool definition +Pool { + Name = Default + Pool Type = Backup + Recycle = yes # Bacula can automatically recycle Volumes + AutoPrune = yes # Prune expired volumes + Cleaning Prefix = CLNU +# Volume Retention = 20h # 12 hours +# Use Volume Once = yes +} + +Pool { + Name = Full-Pool + Pool Type = Backup + Recycle = yes + AutoPrune = yes + Volume Retention = 20 days +# Use Volume Once = yes +# Accept Any Volume = yes +# Maximum Volume Jobs = 1 +# Label Format = "Full-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}-" +# Maximum Volumes = 2 +# VolumeUseDuration = 6d + Cleaning Prefix = CLNU +} + +Pool { + Name = Diff-Pool + Pool Type = Backup + Recycle = yes + AutoPrune = yes + Volume Retention = 20 days +# Use Volume Once = yes +# Accept Any Volume = yes +# Maximum Volume Jobs = 1 +# Label Format = "Diff-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}-" +# Maximum Volumes = 10 +} + +Pool { + Name = Inc-Pool + Pool Type = Backup + Recycle = yes + AutoPrune = yes + Volume Retention = 12 days +# Use Volume Once = yes +# Accept Any Volume = yes +# Maximum Volume Jobs = 1 +# Label Format = "Inc-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}-" +# Maximum Volumes = 13 + VolumeUseDuration = 20h +} + +Pool { + Name = Full-Pool-Catalog + Pool Type = Backup + Recycle = yes + AutoPrune = yes + Volume Retention = 8 days +# Use Volume Once = yes +# Accept Any Volume = yes +# Maximum Volume Jobs = 1 +# Label Format = "FullCatalog-${Year}-${Month:p/2/0/r}-${Day:p/2/0/r}-" +# Maximum Volumes = 14 + VolumeUseDuration = 20h +} + + + +# +# Restricted console used by tray-monitor to get the status of the director +# +Console { + Name = bacula-mon + Password = "{{ bacula5PasswordDir }}" + CommandACL = status, .status +} diff --git a/files/bacula/bacula-fd.conf.j2 b/files/bacula/bacula-fd.conf.j2 new file mode 100644 index 000000000..1b53d1617 --- /dev/null +++ b/files/bacula/bacula-fd.conf.j2 @@ -0,0 +1,46 @@ +# +# Default Bacula File Daemon Configuration file +# +# For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod) +# +# There is not much to change here except perhaps the +# File daemon Name to +# + +# +# List Directors who are permitted to contact this File daemon +# +Director { + Name = bacula-dir + Password = "{{ bacula5PasswordDir }}" +} + +# +# Restricted Director, used by tray-monitor to get the +# status of the file daemon +# +Director { + Name = bacula-mon + Password = "{{ bacula5PasswordDir }}" + Monitor = yes +} + +# +# "Global" File daemon configuration specifications +# +FileDaemon { # this is me + Name = bacula-fd + FDport = 9102 # where we listen for the director + WorkingDirectory = /var/spool/bacula + Pid Directory = /var/run + Maximum Concurrent Jobs = 10 + Heartbeat Interval = 10 + #Maximum Network Buffer Size = 131072 +} + +# Send all messages except skipped files back to Director +Messages { + Name = Standard + director = bacula-dir = all, !skipped, !restored +} + diff --git a/files/bacula/bacula-sd.conf.j2 b/files/bacula/bacula-sd.conf.j2 new file mode 100644 index 000000000..127f2f4d4 --- /dev/null +++ b/files/bacula/bacula-sd.conf.j2 @@ -0,0 +1,104 @@ +# +# Default Bacula Storage Daemon Configuration file +# +# For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod) +# +# You may need to change the name of your tape drive +# on the "Archive Device" directive in the Device +# resource. If you change the Name and/or the +# "Media Type" in the Device resource, please ensure +# that dird.conf has corresponding changes. +# + +Storage { # definition of myself + Name = bacula-sd + SDPort = 9103 # Director's port + WorkingDirectory = "/var/spool/bacula" + Pid Directory = "/var/run" + Maximum Concurrent Jobs = 10 + Heartbeat Interval = 5 +} + +# +# List Directors who are permitted to contact Storage daemon +# +Director { + Name = bacula-dir + Password = "{{ bacula5PasswordDir }}" +} + +# +# Restricted Director, used by tray-monitor to get the +# status of the storage daemon +# +Director { + Name = bacula-mon + Password = "{{ bacula5PasswordDir }}" + Monitor = yes +} + +# +# Devices supported by this Storage daemon +# To connect, the Director's bacula-dir.conf must have the +# same Name and MediaType. +# + +Device { + Name = FileStorage + Media Type = File + Archive Device = /bacula/ + LabelMedia = yes; # lets Bacula label unlabeled media + Random Access = Yes; + AutomaticMount = yes; # when device opened, read it + RemovableMedia = no; + AlwaysOpen = no; +} + + +Device { + Name = FileStorage2 + Media Type = File + Archive Device = /bacula2/ + LabelMedia = yes; # lets Bacula label unlabeled media + Random Access = Yes; + AutomaticMount = yes; # when device opened, read it + RemovableMedia = no; + AlwaysOpen = no; +} + +# +# An autochanger device with two drives + +Autochanger { + Name = Autochanger + Device = Drive-1 + Changer Command = "/usr/libexec/bacula/mtx-changer %c %o %S %a %d" + Changer Device = /dev/sg1 +} + +Device { + Name = Drive-1 # + Drive Index = 0 + Media Type = LTO-5 + Archive Device = /dev/nst0 + AutomaticMount = yes; # when device opened, read it + AlwaysOpen = yes; + RemovableMedia = yes; + RandomAccess = no; + AutoChanger = yes + SpoolDirectory = /bacula/bacula/spool/; + Maximum Spool Size = 1600G; +# Label Media = yes + # Enable the Alert command only if you have the mtx package loaded + Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'" + # If you have smartctl, enable this, it has more info than tapeinfo + Alert Command = "sh -c 'smartctl -H -l error %c'" +} +# +# Send all messages to the Director, +# mount messages also are sent to the email address +# +Messages { + Name = Standard + director = bacula-dir = all +} diff --git a/files/bacula/bconsole.conf.j2 b/files/bacula/bconsole.conf.j2 new file mode 100644 index 000000000..3c46b83d2 --- /dev/null +++ b/files/bacula/bconsole.conf.j2 @@ -0,0 +1,10 @@ +# +# Bacula User Agent (or Console) Configuration File +# + +Director { + Name = bacula-dir + DIRport = 9101 + address = localhost + Password = "{{ bacula5PasswordCon }}" +} diff --git a/files/bacula/fedora_delete_catalog_backup b/files/bacula/fedora_delete_catalog_backup new file mode 100755 index 000000000..7f7a760fe --- /dev/null +++ b/files/bacula/fedora_delete_catalog_backup @@ -0,0 +1,5 @@ +#!/bin/sh +# +# This script deletes a catalog dump +# +rm -f /bacula/bacula.sql diff --git a/files/bacula/fedora_make_catalog_backup b/files/bacula/fedora_make_catalog_backup new file mode 100755 index 000000000..5a6d38340 --- /dev/null +++ b/files/bacula/fedora_make_catalog_backup @@ -0,0 +1,3 @@ +#!/bin/sh +rm -f /bacula/bacula.sql +/usr/bin/mysqldump -u bacula -f bacula > /bacula/bacula.sql diff --git a/files/mysql/my.cnf b/files/mysql/my.cnf new file mode 100644 index 000000000..fb4a7de97 --- /dev/null +++ b/files/mysql/my.cnf @@ -0,0 +1,74 @@ +[mysqld] +datadir=/var/lib/mysql +socket=/var/lib/mysql/mysql.sock +user=mysql +# Default to using old password format for compatibility with mysql 3.x +# clients (those using the mysqlclient10 compatibility package). +old_passwords=1 +max_connections=900 +query_cache_size=64M +query_cache_limit=2M +ft_min_word_len=3 + +log-slow-queries=/var/log/mysqld/slow-queries.log +long_query_time = 2 +general_log = 1 +general_log_file = /var/log/mysqld/mysql-transfer.log + +skip-locking +key_buffer = 384M +key_buffer_size=64M +max_allowed_packet = 16M +table_cache = 2048 +sort_buffer_size = 8M +join_buffer_size = 8M +read_buffer_size = 2M +read_rnd_buffer_size = 16M +bulk_insert_buffer_size = 64M +myisam_sort_buffer_size = 128M +myisam_max_sort_file_size=15G +myisam_max_extra_sort_file_size = 10G +thread_cache_size = 8 +# Try number of CPU's*2 for thread_concurrency +thread_concurrency = 16 +thread_stack = 192K + +transaction_isolation = REPEATABLE-READ + +back_log = 50 +binlog_cache_size = 1M +max_heap_table_size = 128M + +tmp_table_size = 128M + +innodb_additional_mem_pool_size = 16M +innodb_buffer_pool_size = 4G +innodb_file_io_threads = 4 +innodb_thread_concurrency = 16 +innodb_flush_log_at_trx_commit = 1 +innodb_log_buffer_size = 8M +#innodb_log_file_size = 2G +#innodb_log_files_in_group = 3 +innodb_max_dirty_pages_pct = 90 + + +[mysqld_safe] +log-error=/var/log/mysqld.log +pid-file=/var/run/mysqld/mysqld.pid +open-files-limit = 8192 + +[isamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[myisamchk] +key_buffer = 512M +sort_buffer_size = 512M +read_buffer = 8M +write_buffer = 8M + +[mysqlhotcopy] +interactive-timeout + diff --git a/playbooks/groups/backup-server.yml b/playbooks/groups/backup-server.yml new file mode 100644 index 000000000..a807bddbd --- /dev/null +++ b/playbooks/groups/backup-server.yml @@ -0,0 +1,32 @@ +# create a new backup server system +# NOTE: should be used with --limit most of the time +# NOTE: make sure there is room/space for this instance on the buildvmhost +# NOTE: most of these vars come from group_vars/backup_server or from hostvars + +- name: make backup server system + hosts: backup-server + user: root + gather_facts: False + + vars_files: + - /srv/web/infra/ansible/vars/global.yml + - ${private}/vars.yml + - ${vars}/${ansible_distribution}.yml + + tasks: + tasks: + - include: $tasks/hosts.yml + - include: $tasks/yumrepos.yml + - include: $tasks/base.yml + - include: $tasks/fas_client.yml + - include: $tasks/2fa_client.yml + - include: $tasks/motd.yml + - include: $tasks/sudo.yml + - include: $tasks/rkhunter.yml + - include: $tasks/denyhosts.yml + - include: $tasks/nagios_client.yml + - include: $tasks/mysql_server.yml + - include: $tasks/bacula_server.yml + + handlers: + - include: $handlers/restart_services.yml diff --git a/tasks/bacula_server.yml b/tasks/bacula_server.yml new file mode 100644 index 000000000..30eb41c4c --- /dev/null +++ b/tasks/bacula_server.yml @@ -0,0 +1,58 @@ +--- +# tasklist for setting up the backup server. +- name: install bacula + yum: pkg=$item state=installed + with_items: + - bacula-director-mysql + - bacula-sd + - bacula-storage-mysql + - bacula-console + - bacula-client + - mysql-server + - mtx + tags: + - packages + +# install bacula config files. +- name: install bacula storage director configs + template: src=$files/bacula/bacula-sd.conf.j2 dest=/etc/bacula/bacula-sd.conf mode=640 + notify: + - restart bacula-sd + tags: + - config + +- name: install bacula director configs + template: src=$files/bacula/bacula-dir.conf.j2 dest=/etc/bacula/bacula-dir.conf mode=640 + notify: + - restart bacula-dir + tags: + - config + +- name: install bacula file configs + template: src=$files/bacula/bacula-fd.conf.j2 dest=/etc/bacula/bacula-fd.conf mode=640 + notify: + - restart bacula-fd + tags: + - config + +- name: install bacula console config + template: src=$files/bacula/bconsole.conf.j2 dest=/etc/bacula/bconsole.conf mode=640 + tags: + - config + +- name: install bacula scripts + copy: src=$files/bacula/$item dest=/usr/local/bin/$item mode=0755 + with_items: + - fedora_make_catalog_backup + - fedora_delete_catalog_backup + tags: + - config + +- name: enable bacula-sd service + service: name=bacula-sd state=started enabled=yes + +- name: enable bacula-dir service + service: name=bacula-dir state=started enabled=yes + +- name: enable bacula-fd service + service: name=bacula-fd state=started enabled=yes diff --git a/tasks/mysql_server.yml b/tasks/mysql_server.yml new file mode 100644 index 000000000..0ff3c2375 --- /dev/null +++ b/tasks/mysql_server.yml @@ -0,0 +1,18 @@ +--- +# +# Setup mysql server. +# +- name: install mysql server packages + yum: name=$item state=installed + with_items: + - mysql-server + tags: + - packages + +- name: install our my.cnf + copy: src=$files/mysql/my.cnf dest=/etc/my.cnf owner=root group=root mode=0644 + +- name: Set mysql-server to run + service: name=mysqld enabled=yes state=running + tags: + - service |