Skip to content
Snippets Groups Projects

over, under: add cri.rclone role and configure some backups replication on srv-1.v102.stg-irn

Merged Charles Decoux requested to merge backup-stg into main
+ 55
0
---
hostname_use_fqdn: true
nft_filter_input_rules:
- comment: "Drop invalid connection"
raw: ct state invalid drop
- iif: lo
comment: "Accept all traffic from localhost"
- comment: "Allow ICMP"
raw: ip protocol icmp accept
- proto: tcp
dport: 22
comment: "Always allow SSH"
rclone_version: 1.59.2
rclone_alerting_mail_default: true
rclone_alerting_mail_default_dest: prod@cri.epita.fr
rclone_alerting_mail_from: rclone@cri.epita.fr
rclone_default_additional_args:
- "--ignore-existing"
# yamllint disable rule:line-length
rclone_backend_s3_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'restic/data/srv-1.v102.stg-irn.sm.cri.epita.fr/backup') }}"
rclone_backend_s3_access_key: "{{ rclone_backend_s3_secrets['accesskey'] }}"
rclone_backend_s3_secret_key: "{{ rclone_backend_s3_secrets['secretkey'] }}"
# yamllint enable
.rclone_job_template: &rclone_job_template
local_path: "/srv/backups/data/{rclone_job_name}"
backend:
type: s3
provider: Other
acl: private
access_key_id: "{{ rclone_backend_s3_access_key }}"
secret_access_key: "{{ rclone_backend_s3_secret_key }}"
endpoint: "https://restic-backup.undercloud.cri.epita.fr/"
enabled: true
backend_path: "/{rclone_job_name}"
source: "remote"
backup_cron:
minute: 20
hour: 02
rclone_jobs_list:
- {<<: *rclone_job_template, name: k3s-1.undercloud.cri.epita.fr-data}
- {<<: *rclone_job_template, name: k8s-prod-1-velero, backend_path: "/{rclone_job_name}/prod-1/restic"} # yamllint disable rule:line-length
- {<<: *rclone_job_template, name: moodle.cri.openstack.epita.fr-data}
- {<<: *rclone_job_template, name: reverse-1.srv.cri.epita.fr-config}
- {<<: *rclone_job_template, name: reverse-1.srv.cri.epita.fr-data}
- {<<: *rclone_job_template, name: reverse-1.srv.cri.epita.fr-logs}
- {<<: *rclone_job_template, name: rt-2.srv.cri.epita.fr-data}