commit 00090539b43ef6031c68dba21c92c0bd44cca442
parent 6f70b0002643e5f07a728ba2365e1022683133c7
Author: Christian Grothoff <christian@grothoff.org>
Date: Sun, 20 Apr 2025 15:26:12 +0200
tested backup/restore
Diffstat:
4 files changed, 39 insertions(+), 17 deletions(-)
diff --git a/deploy.sh b/deploy.sh
@@ -7,9 +7,14 @@ then
exit 1
fi
-ansible-playbook \
+ansible-playbook -v \
--inventory inventories/default \
--limit "$1" \
playbooks/setup.yml
+if [ -f root/postgres-backup.sql.gz ]
+then
+ echo "Remember to delete root/postgres-backup.sql.gz"
+fi
+
exit 0
diff --git a/roles/common_packages/tasks/main.yml b/roles/common_packages/tasks/main.yml
@@ -1,6 +1,21 @@
---
# Role: Install dependencies
+- name: Disable password authentication and X11 forwarding in SSH
+ ansible.builtin.lineinfile:
+ path: /etc/ssh/sshd_config
+ regexp: "{{ item.regexp }}"
+ line: "{{ item.line }}"
+ state: present
+ loop:
+ - { regexp: '^#?PasswordAuthentication.*', line: 'PasswordAuthentication no' }
+ - { regexp: '^#?X11Forwarding.*', line: 'X11Forwarding no' }
+
+- name: Restart SSH service
+ ansible.builtin.service:
+ name: ssh
+ state: restarted
+
- name: Deploy TSYS signing key
copy:
src: etc/apt/keyrings/taler-systems.gpg
diff --git a/roles/database/files/postgres-backup.sql.gz b/roles/database/files/postgres-backup.sql.gz
@@ -0,0 +1 @@
+../../../root/postgres-backup.sql.gz
+\ No newline at end of file
diff --git a/roles/database/tasks/main.yml b/roles/database/tasks/main.yml
@@ -48,20 +48,21 @@
# Check if the local backup file exists
- name: Check if postgres backup file exists locally
- ansible.builtin.stat:
- path: postgres-backup.sql.gz
- delegate_to: localhost
+ local_action:
+ module: stat
+ follow: yes
+ path: "{{ role_path }}/files/postgres-backup.sql.gz"
register: backup_file_status
- name: Set local backup existence fact
ansible.builtin.set_fact:
- local_backup_exists: "{{ backup_file_status.stat.exists }}"
+ local_backup_exists: "{{ backup_file_status.stat.exists | default(false) }}"
-- name: Fail if trying to import and versioning schema exists
- fail: msg="Import fact set but _v schema exists"
+- name: Fail if trying to import backup and versioning schema exists
+ fail: msg="Backup for import provided, but _v schema exists on target host"
when:
- - DISABLE_RESTORE_BACKUP
- - v_schema_exists | default(false) | bool
+ - not DISABLE_RESTORE_BACKUP
+ - versioning_schema_exists | default(false) | bool
- local_backup_exists | bool
# Note: the postgres-backup.sql.gz is a symbolic link in Git.
@@ -76,19 +77,18 @@
when:
- local_backup_exists | bool
-- name: Restore database from backup if restoring from backup
+- name: Restore PostgreSQL database from backup
become: true
become_user: postgres
- community.postgresql.postgresql_db:
- login_user: postgres
- db: taler-exchange
- state: restore
- target: /tmp/postgres-backup-sql.gz
- notify:
- - Restart postgresql
+ shell: "gunzip -c /tmp/postgres-backup.sql.gz | psql -X -d postgres"
when:
- local_backup_exists | bool
+- name: Remove backup from server (delete file)
+ ansible.builtin.file:
+ path: /tmp/postgres-backup.sql.gz
+ state: absent
+
- name: Create empty taler-exchange database (if first deployment)
become: true
become_user: postgres
