diff --git a/docs/roles/database_backup/database_backup-mysql.md b/docs/roles/database_backup/database_backup-mysql.md index b2c79799..2766a4f3 100644 --- a/docs/roles/database_backup/database_backup-mysql.md +++ b/docs/roles/database_backup/database_backup-mysql.md @@ -12,7 +12,6 @@ mysql_backup: credentials_file: "/home/{{ deploy_user }}/.mysql.creds" handling: none # prevents the replica from being backed up is_replica: true # tells ce-deploy we are working with a replica, so it will implement a pause - pause_seconds: 30 # duration of the pause in seconds ``` @@ -43,8 +42,7 @@ mysql_backup: user: "{{ (project_name + '_' + build_type) | truncate(32, true, '', 0) }}" # 32 char limit credentials_file: "/home/{{ deploy_user }}/.mysql.creds" #handling: none # optional override to the main handling method on a per database basis - must be 'none' for replicas - #is_replica: true # tell ce-deploy this database is a replica - #pause_seconds: 30 # how long to allow for replication to catch up, required if 'is_replica' is set to 'true' + #is_replica: true # tell ce-deploy this database is a replica - can only be true, remove/comment out if not required ``` diff --git a/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/main.yml b/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/main.yml index ffd14157..e87cad12 100644 --- a/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/main.yml +++ b/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/main.yml @@ -4,7 +4,7 @@ # add a keep mechanism for backup scripts, like for the dumps themselves. # Nice to have more than anything. - name: Setup PATH in crontab. - cron: + ansible.builtin.cron: name: PATH env: true job: "/usr/bin:/usr/local/bin:/bin:/home/{{ deploy_user }}/.bin" @@ -13,7 +13,7 @@ - drupal.defer is defined - drupal.defer -- include_tasks: setup.yml +- ansible.builtin.include_tasks: setup.yml vars: database: database with_items: "{{ build_databases }}" diff --git a/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/setup.yml b/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/setup.yml index d09fbbac..f12301da 100644 --- a/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/setup.yml +++ b/roles/cron/cron_database_backup/cron_database_backup-mysql/tasks/setup.yml @@ -1,39 +1,40 @@ # Probably not worth adding more granularity (weeks, months) for backups, should be at least daily? -- set_fact: +- ansible.builtin.set_fact: _cron_mysql_backup_random_minute: "{{ 59 | random }}" -- set_fact: +- ansible.builtin.set_fact: _cron_mysql_backup_minute: "{{ database.original.backup.minute | default(_cron_mysql_backup_random_minute) }}" -- set_fact: +- ansible.builtin.set_fact: _cron_mysql_backup_hour: "{{ database.original.backup.hour | default(0) }}" -- set_fact: +- ansible.builtin.set_fact: _cron_mysql_backup_keep: "{{ database.original.backup.keep | default(10) }}" - name: Ensure backup directory exists. - file: + ansible.builtin.file: path: "{{ cron_mysql_backup.dumps_directory }}/{{ database.host }}" state: directory mode: 0700 recurse: true - name: Ensure cron directory exists. - file: + ansible.builtin.file: path: "/home/{{ deploy_user }}/cron/{{ project_name }}_{{ build_type }}" state: directory mode: 0700 recurse: true - name: Create backup script. - template: + ansible.builtin.template: src: "regular-backups.sh.j2" dest: "/home/{{ deploy_user }}/shared/{{ project_name }}_{{ build_type }}/{{ database.host }}-{{ database.original.database }}-regular-backups.sh" mode: 0700 + when: database.is_replica is not defined - name: Define backup cron job command. - set_fact: + ansible.builtin.set_fact: _backup_cron_job_command: "/bin/sh /home/{{ deploy_user }}/shared/{{ project_name }}_{{ build_type }}/{{ database.host }}-{{ database.original.database }}-regular-backups.sh" - name: Define backup cron job command if deferred (ASG). - set_fact: + ansible.builtin.set_fact: _backup_cron_job_command: "cd {{ _ce_deploy_base_dir }} && {{ _ce_deploy_ansible_location }} {{ drupal.defer_target }} -m shell -a \"{{ _backup_cron_job_command }}\"" when: - drupal.defer is defined @@ -42,9 +43,10 @@ - drupal.defer_target | length > 0 - name: Setup regular backup for MySQL. - cron: + ansible.builtin.cron: name: "cron_mysql_{{ database.host }}_{{ database.original.database }}" minute: "{{ _cron_mysql_backup_minute }}" hour: "{{ _cron_mysql_backup_hour }}" job: "{{ _backup_cron_job_command }}" delegate_to: "{{ 'localhost' if drupal.defer is defined and drupal.defer else inventory_hostname }}" + when: database.is_replica is not defined diff --git a/roles/database_backup/database_backup-mysql/README.md b/roles/database_backup/database_backup-mysql/README.md index b2c79799..2766a4f3 100644 --- a/roles/database_backup/database_backup-mysql/README.md +++ b/roles/database_backup/database_backup-mysql/README.md @@ -12,7 +12,6 @@ mysql_backup: credentials_file: "/home/{{ deploy_user }}/.mysql.creds" handling: none # prevents the replica from being backed up is_replica: true # tells ce-deploy we are working with a replica, so it will implement a pause - pause_seconds: 30 # duration of the pause in seconds ``` @@ -43,8 +42,7 @@ mysql_backup: user: "{{ (project_name + '_' + build_type) | truncate(32, true, '', 0) }}" # 32 char limit credentials_file: "/home/{{ deploy_user }}/.mysql.creds" #handling: none # optional override to the main handling method on a per database basis - must be 'none' for replicas - #is_replica: true # tell ce-deploy this database is a replica - #pause_seconds: 30 # how long to allow for replication to catch up, required if 'is_replica' is set to 'true' + #is_replica: true # tell ce-deploy this database is a replica - can only be true, remove/comment out if not required ``` diff --git a/roles/database_backup/database_backup-mysql/defaults/main.yml b/roles/database_backup/database_backup-mysql/defaults/main.yml index 23fa413a..e7351d89 100644 --- a/roles/database_backup/database_backup-mysql/defaults/main.yml +++ b/roles/database_backup/database_backup-mysql/defaults/main.yml @@ -23,5 +23,4 @@ mysql_backup: user: "{{ (project_name + '_' + build_type) | truncate(32, true, '', 0) }}" # 32 char limit credentials_file: "/home/{{ deploy_user }}/.mysql.creds" #handling: none # optional override to the main handling method on a per database basis - must be 'none' for replicas - #is_replica: true # tell ce-deploy this database is a replica - #pause_seconds: 30 # how long to allow for replication to catch up, required if 'is_replica' is set to 'true' + #is_replica: true # tell ce-deploy this database is a replica - can only be true, remove/comment out if not required diff --git a/roles/database_backup/database_backup-mysql/tasks/cleanup-rolling.yml b/roles/database_backup/database_backup-mysql/tasks/cleanup-rolling.yml index 6d132cd5..374e65ca 100644 --- a/roles/database_backup/database_backup-mysql/tasks/cleanup-rolling.yml +++ b/roles/database_backup/database_backup-mysql/tasks/cleanup-rolling.yml @@ -8,5 +8,3 @@ login_password: "{{ _mysql_password }}" with_sequence: start={{ [previous_build_number | int - cleanup_history_depth, 0] | max }} end={{ [previous_build_number | int - mysql_backup.keep, 0] | max }} run_once: true - when: - - database.is_replica is not defined diff --git a/roles/database_backup/database_backup-mysql/tasks/cleanup.yml b/roles/database_backup/database_backup-mysql/tasks/cleanup.yml index 89cbf171..23654247 100644 --- a/roles/database_backup/database_backup-mysql/tasks/cleanup.yml +++ b/roles/database_backup/database_backup-mysql/tasks/cleanup.yml @@ -14,6 +14,7 @@ _mysql_password: "{{ lookup('ini', 'password section=client file={{ _ce_deploy_build_dir }}/mysql_backup_credentials.ini') }}" - ansible.builtin.include_tasks: "cleanup-{{ mysql_backup.handling }}.yml" + when: database.is_replica is not defined - name: Delete mysql users. community.mysql.mysql_user: @@ -24,5 +25,7 @@ login_user: "{{ _mysql_user }}" login_password: "{{ _mysql_password }}" with_sequence: start={{ [previous_build_number | int - cleanup_history_depth, 0] | max }} end={{ [previous_build_number | int - mysql_backup.keep, 0] | max }} - when: mysql_backup.credentials_handling == 'rotate' + when: + - mysql_backup.credentials_handling == 'rotate' + - database.is_replica is not defined run_once: true diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy-dump.yml b/roles/database_backup/database_backup-mysql/tasks/deploy-dump.yml index 32108e0a..49bda27e 100644 --- a/roles/database_backup/database_backup-mysql/tasks/deploy-dump.yml +++ b/roles/database_backup/database_backup-mysql/tasks/deploy-dump.yml @@ -20,9 +20,7 @@ login_host: "{{ _mysql_host }}" login_user: "{{ _mysql_user }}" login_password: "{{ _mysql_password }}" - when: - - previous_build_number == 0 or _build_db_status.rc == 1 - - database.is_replica is not defined + when: previous_build_number == 0 or _build_db_status.rc == 1 run_once: true - name: Ensure the dump directory exists. diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy-none.yml b/roles/database_backup/database_backup-mysql/tasks/deploy-none.yml index fadc79bb..4c4b1624 100644 --- a/roles/database_backup/database_backup-mysql/tasks/deploy-none.yml +++ b/roles/database_backup/database_backup-mysql/tasks/deploy-none.yml @@ -20,7 +20,5 @@ login_host: "{{ _mysql_host }}" login_user: "{{ _mysql_user }}" login_password: "{{ _mysql_password }}" - when: - - previous_build_number == 0 or _build_db_status.rc == 1 - - database.is_replica is not defined + when: previous_build_number == 0 or _build_db_status.rc == 1 run_once: true diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml index 38e82fa4..30fbaa62 100644 --- a/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml +++ b/roles/database_backup/database_backup-mysql/tasks/deploy-rolling.yml @@ -20,8 +20,6 @@ config_file: "{{ database.credentials_file }}" config_overrides_defaults: true run_once: true - when: - - database.is_replica is not defined - name: Check if the previous database exists. ansible.builtin.shell: "set -o pipefail && mysql --defaults-extra-file={{ database.credentials_file }} -e 'SHOW DATABASES;' | grep -w {{ _mysql_previous_build_database_name }}" diff --git a/roles/database_backup/database_backup-mysql/tasks/deploy.yml b/roles/database_backup/database_backup-mysql/tasks/deploy.yml index 8d93c118..f8ac6f62 100644 --- a/roles/database_backup/database_backup-mysql/tasks/deploy.yml +++ b/roles/database_backup/database_backup-mysql/tasks/deploy.yml @@ -97,8 +97,10 @@ when: - database.handling is defined - database.handling | length > 0 + - name: Execute backup tasks. ansible.builtin.include_tasks: "deploy-{{ _mysql_handling }}.yml" + when: database.is_replica is not defined # We append privileges instead of replacing, # to allow this role to be looped over, @@ -107,12 +109,16 @@ # As of MySQL 8.0 the GRANT operation has no password option, you must CREATE your user first. - name: Create/update mysql user for TCP connections. ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'%' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `{{ _mysql_build_database_name }}`.* TO '{{ _mysql_build_user_name }}'@'%';" - when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' ) + when: + - ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' ) + - database.is_replica is not defined run_once: true - name: Create/update mysql user for unix socket connections. ansible.builtin.command: mysql --defaults-extra-file={{ database.credentials_file }} -e "CREATE USER IF NOT EXISTS '{{ _mysql_build_user_name }}'@'localhost' IDENTIFIED BY '{{ _mysql_build_password }}'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `{{ _mysql_build_database_name }}`.* TO '{{ _mysql_build_user_name }}'@'localhost';" - when: ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' ) + when: + - ( mysql_backup.credentials_handling == 'rotate' ) or ( mysql_backup.credentials_handling == 'static' ) + - database.is_replica is not defined run_once: true - ansible.builtin.set_fact: diff --git a/roles/database_backup/database_backup-mysql/tasks/revert-dump.yml b/roles/database_backup/database_backup-mysql/tasks/revert-dump.yml index e99a8bda..6040c73a 100644 --- a/roles/database_backup/database_backup-mysql/tasks/revert-dump.yml +++ b/roles/database_backup/database_backup-mysql/tasks/revert-dump.yml @@ -19,9 +19,7 @@ args: executable: /bin/bash run_once: true - when: - - previous_build_number > 0 - - database.is_replica is not defined + when: previous_build_number > 0 - name: Delete unpacked dump file. ansible.builtin.file: diff --git a/roles/database_backup/database_backup-mysql/tasks/revert.yml b/roles/database_backup/database_backup-mysql/tasks/revert.yml index f6076262..9e698c91 100644 --- a/roles/database_backup/database_backup-mysql/tasks/revert.yml +++ b/roles/database_backup/database_backup-mysql/tasks/revert.yml @@ -17,3 +17,4 @@ when: - previous_build_number > 0 - database_backup.revert + - database.is_replica is not defined