From 14ea1f8bde5c7ef0d513330353a523f88f0c2d14 Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 9 Dec 2024 11:51:18 +0100 Subject: [PATCH 01/14] refs #8280 fix debian-qemu when condition --- playbooks/debian.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/debian.yml b/playbooks/debian.yml index bbf97bb..1180f9d 100644 --- a/playbooks/debian.yml +++ b/playbooks/debian.yml @@ -15,4 +15,4 @@ - name: Configure virtual machine import_role: name: debian-qemu - when: ansible_virtualization_type == 'kvm' + when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm' From b4c2898b408a72639e61a5008a64ed21fa19285e Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 9 Dec 2024 11:54:50 +0100 Subject: [PATCH 02/14] refs #8280 autofs: don't restart nslcd --- roles/debian-qemu/handlers/main.yml | 4 ---- roles/debian-qemu/tasks/autofs.yml | 1 - 2 files changed, 5 deletions(-) diff --git a/roles/debian-qemu/handlers/main.yml b/roles/debian-qemu/handlers/main.yml index 0079561..0bca163 100644 --- a/roles/debian-qemu/handlers/main.yml +++ b/roles/debian-qemu/handlers/main.yml @@ -1,7 +1,3 @@ -- name: restart-nslcd - service: - name: nslcd - state: restarted - name: restart-autofs service: name: autofs diff --git a/roles/debian-qemu/tasks/autofs.yml b/roles/debian-qemu/tasks/autofs.yml index b6688cf..cc7815a 100644 --- a/roles/debian-qemu/tasks/autofs.yml +++ b/roles/debian-qemu/tasks/autofs.yml @@ -11,7 +11,6 @@ lineinfile: path: /etc/nsswitch.conf line: "automount: files" - notify: restart-nslcd - name: Add file homes.autofs configured to autofs template: src: homes.autofs From ffc7963fcad6574a1cbc9139cc505ec752fe600f Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Mon, 9 Dec 2024 12:33:01 +0100 Subject: [PATCH 03/14] refs #8280 root: passbolt uri minifix --- roles/debian-base/tasks/root.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/debian-base/tasks/root.yml b/roles/debian-base/tasks/root.yml index eccf51d..9f3d548 100644 --- a/roles/debian-base/tasks/root.yml +++ b/roles/debian-base/tasks/root.yml @@ -26,7 +26,7 @@ lookup(passbolt, inventory_hostname_short, username='root', password=root_password, - uri='ssh://'+hostname_fqdn + uri='ssh://'+hostname_fqdn+'/' ) }} environment: From 67f01fd74ca0466aae2df1b46f4945447888805a Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Tue, 10 Dec 2024 15:25:40 +0100 Subject: [PATCH 04/14] refs #8280 fix timesync conditions, move grub to qemu --- roles/debian-base/tasks/main.yml | 2 - roles/debian-base/tasks/timesync.yml | 51 ++++++++++--------- .../tasks/grub_startup.yml | 0 roles/debian-qemu/tasks/main.yml | 2 + 4 files changed, 30 insertions(+), 25 deletions(-) rename roles/{debian-base => debian-qemu}/tasks/grub_startup.yml (100%) diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml index bbdc17a..dcd5f94 100644 --- a/roles/debian-base/tasks/main.yml +++ b/roles/debian-base/tasks/main.yml @@ -32,5 +32,3 @@ tags: bacula - import_tasks: vn-repo.yml tags: vn-repo -- import_tasks: grub_startup.yml - tags: grub_startup diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian-base/tasks/timesync.yml index 57974cf..57d45df 100644 --- a/roles/debian-base/tasks/timesync.yml +++ b/roles/debian-base/tasks/timesync.yml @@ -1,23 +1,28 @@ -- name: Ensure directory for timesyncd custom configuration exists - file: - path: /etc/systemd/timesyncd.conf.d/ - state: directory - owner: root - group: root - mode: u=rwx,g=rx,o=rx -- name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf - copy: - dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf - content: | - [Time] - NTP={{ time_server }} - FallbackNTP={{ time_server_spain }} - owner: root - group: root - mode: u=rw,g=r,o=r - notify: restart systemd-timesyncd -- name: Ensure systemd-timesyncd service is enabled and started - service: - name: systemd-timesyncd - enabled: yes - state: started +- name: Getting service facts to check for timesyncd + service_facts: +- when: "'systemd-timesyncd.service' in ansible_facts.services" + block: + - name: Ensure directory for timesyncd custom configuration exists + file: + path: /etc/systemd/timesyncd.conf.d/ + state: directory + owner: root + group: root + mode: u=rwx,g=rx,o=rx + - name: Configure timesyncd service + copy: + dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf + content: | + [Time] + NTP={{ time_server }} + FallbackNTP={{ time_server_spain }} + owner: root + group: root + mode: u=rw,g=r,o=r + notify: restart systemd-timesyncd + - name: Ensure timesyncd service is enabled and started + when: "ansible_facts.services['systemd-timesyncd.service'].status == 'enabled'" + service: + name: systemd-timesyncd + enabled: yes + state: started diff --git a/roles/debian-base/tasks/grub_startup.yml b/roles/debian-qemu/tasks/grub_startup.yml similarity index 100% rename from roles/debian-base/tasks/grub_startup.yml rename to roles/debian-qemu/tasks/grub_startup.yml diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml index bcb11ce..1b49a8d 100644 --- a/roles/debian-qemu/tasks/main.yml +++ b/roles/debian-qemu/tasks/main.yml @@ -6,3 +6,5 @@ tags: autofs - import_tasks: blacklist.yml tags: blacklist +- import_tasks: grub_startup.yml + tags: grub_startup From e67b7663745b58346fa8e4f0a127cd46600f761b Mon Sep 17 00:00:00 2001 From: Juan Ferrer Toribio Date: Wed, 18 Dec 2024 09:32:41 +0100 Subject: [PATCH 05/14] fix(debian): refs #8318 check por apparmor and postfix services --- roles/debian-base/tasks/relayhost.yml | 62 ++++++++++++++------------- roles/debian-host/tasks/apparmor.yml | 28 ++++++------ 2 files changed, 49 insertions(+), 41 deletions(-) diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml index dc04fe1..f912812 100644 --- a/roles/debian-base/tasks/relayhost.yml +++ b/roles/debian-base/tasks/relayhost.yml @@ -1,29 +1,33 @@ -- name: Install exim packages - apt: - name: exim4 - state: present -- name: Prepare exim configuration - blockinfile: - path: /etc/exim4/update-exim4.conf.conf - marker_begin: '--- BEGIN VN ---' - marker_end: '--- END VN ---' - marker: "# {mark}" - block: | - dc_eximconfig_configtype='satellite' - dc_other_hostnames='{{ ansible_fqdn }}' - dc_local_interfaces='127.0.0.1' - dc_readhost='{{ ansible_fqdn }}' - dc_smarthost='{{ smtp_server }}' - dc_hide_mailname='true' - state: present - create: yes - mode: u=rw,g=r,o=r - notify: update exim configuration - register: exim_config -- name: Force execution of handlers immediately - meta: flush_handlers -- name: Sending mail to verify relay host configuration works - shell: > - sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ - | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}" - when: exim_config.changed +- name: Getting service facts to check for postfix + service_facts: +- when: "'postfix.service' not in ansible_facts.services" + block: + - name: Install exim packages + apt: + name: exim4 + state: present + - name: Prepare exim configuration + blockinfile: + path: /etc/exim4/update-exim4.conf.conf + marker_begin: '--- BEGIN VN ---' + marker_end: '--- END VN ---' + marker: "# {mark}" + block: | + dc_eximconfig_configtype='satellite' + dc_other_hostnames='{{ ansible_fqdn }}' + dc_local_interfaces='127.0.0.1' + dc_readhost='{{ ansible_fqdn }}' + dc_smarthost='{{ smtp_server }}' + dc_hide_mailname='true' + state: present + create: yes + mode: u=rw,g=r,o=r + notify: update exim configuration + register: exim_config + - name: Force execution of handlers immediately + meta: flush_handlers + - name: Sending mail to verify relay host configuration works + shell: > + sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \ + | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}" + when: exim_config.changed diff --git a/roles/debian-host/tasks/apparmor.yml b/roles/debian-host/tasks/apparmor.yml index a239254..887d95f 100644 --- a/roles/debian-host/tasks/apparmor.yml +++ b/roles/debian-host/tasks/apparmor.yml @@ -1,12 +1,16 @@ -- name: Stop AppArmor - systemd: - name: apparmor - state: stopped -- name: Disable AppArmor service - systemd: - name: apparmor - enabled: no -- name: Mask AppArmor service - systemd: - name: apparmor - masked: yes \ No newline at end of file +- name: Getting service facts to check for apparmor + service_facts: +- when: "'apparmor.service' in ansible_facts.services" + block: + - name: Stop AppArmor + systemd: + name: apparmor + state: stopped + - name: Disable AppArmor service + systemd: + name: apparmor + enabled: no + - name: Mask AppArmor service + systemd: + name: apparmor + masked: yes \ No newline at end of file From 9cc756287bcccbaf5dbf22b4d487e08a120cd37a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 7 Jan 2025 14:18:47 +0100 Subject: [PATCH 06/14] Refs #8359: 8359-Backup_node_PVE - Initial approche --- scripts/backup_pve.sh | 1 + 1 file changed, 1 insertion(+) create mode 100644 scripts/backup_pve.sh diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/scripts/backup_pve.sh @@ -0,0 +1 @@ +1 From c3e9c5cfa8240bc9fdc7bcc69769daaeffd36579 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Tue, 7 Jan 2025 16:08:05 +0100 Subject: [PATCH 07/14] Refs #8359: 8359-Backup_node_PVE - Initial Script --- scripts/backup_pve.sh | 60 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index d00491f..7b6b496 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -1 +1,59 @@ -1 +#!/bin/bash + +# Configuración +IP_MACHINE=10.29.1.11 +POOL=backup-pool +TARGET_DIR=/etc/pve +INTERFACES_FILE=/etc/network +BACKUP_NAME=etc-pve.pxar +BACKUP_NAME_INTERFACES=interfaces.pxar +LOG_FILE=/var/log/proxmox-backup-node-pve.log +KEY_FILE="key.key" + +show_help() { + echo "Uso: $0 [--standard | --encrypt]" + echo + echo "Opciones:" + echo " --standard Realiza un respaldo estándar." + echo " --encrypt Realiza un respaldo encriptado (requiere un archivo de clave)." + echo " --help Muestra esta ayuda." + exit 0 +} + +if [ $# -eq 0 ]; then + show_help +fi + +case "$1" in + --standard) + echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo estándar de $TARGET_DIR al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" && + proxmox-backup-client backup "$BACKUP_NAME_INTERFACES:$INTERFACES_FILE" --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" + ;; + --encrypt) + # Comprobar si el archivo de clave existe + if [ ! -f "$KEY_FILE" ]; then + echo "Error: El archivo de clave $KEY_FILE no existe." | tee -a "$LOG_FILE" + exit 1 + fi + + echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo encriptado de $TARGET_DIR al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" 2>>"$LOG_FILE" && + proxmox-backup-client backup "$BACKUP_NAME_INTERFACES:$INTERFACES_FILE" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" 2>>"$LOG_FILE" + ;; + --help) + show_help + ;; + *) + echo "Error: Opción no reconocida." + show_help + ;; +esac + +# Verificar el resultado del respaldo +if [ $? -eq 0 ]; then + echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Respaldo completado con éxito. Puede revisar el log en $LOG_FILE\n" | tee -a "$LOG_FILE" +else + echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Error durante el respaldo. Puede revisar el log en $LOG_FILE\n" | tee -a "$LOG_FILE" + exit 1 +fi From c8afa76994ce5c47f24b3b109ec4946067a2f1ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 8 Jan 2025 09:57:31 +0100 Subject: [PATCH 08/14] Refs #8359: 8359-Backup_node_PVE - Final Script --- scripts/backup_pve.sh | 118 +++++++++++++++++++++++++++++------------- 1 file changed, 83 insertions(+), 35 deletions(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index 7b6b496..17eb5c3 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -1,56 +1,104 @@ #!/bin/bash +# Script to automate Proxmox PVE node backups to a PBS machine. +# +# Author: Xavi Lleó +# Copyright (c) 2025 Verdnatura S.L. All rights reserved. +# Version: 1.0.0 +# ¿Juan Wants add GPL License? +# +# A configuration file is required in the user's home directory who runs this command. +# The file should be sourced using CONFIG_FILE before execution. +# +# Example of a configuration file: +# +# Default values +# IP_MACHINE="root@pam@192.168.1.250" +# POOL="backup-pool" +# BACKUP_ITEMS="etc-pve.pxar:/etc/pve,interfaces.pxar:/etc/network" +# LOG_FILE="/var/log/proxmox-backup-node-pve.log" +# KEY_FILE="mykeyfile.key" +# PBS_PASSWORD='mypass' +# PBS_FINGERPRINT='b0:69:24:75:f0:92:a2:72:37:7c:c1:cb:0d:ba:8e:14:EE:XX:AA:MM:PP:LL:EE:e4:2b:07:02:18:86:9a:df:45' +# +# If you prefer to use switches in a one-liner, refer to the help section (--help) for available options. -# Configuración -IP_MACHINE=10.29.1.11 -POOL=backup-pool -TARGET_DIR=/etc/pve -INTERFACES_FILE=/etc/network -BACKUP_NAME=etc-pve.pxar -BACKUP_NAME_INTERFACES=interfaces.pxar -LOG_FILE=/var/log/proxmox-backup-node-pve.log -KEY_FILE="key.key" +CONFIG_FILE="$HOME/.backup_config.conf" + +# https://pbs.proxmox.com/docs/backup-client.html#environment-variables +export PBS_PASSWORD +export PBS_FINGERPRINT + +if [ -f "$CONFIG_FILE" ]; then + source "$CONFIG_FILE" +fi show_help() { - echo "Uso: $0 [--standard | --encrypt]" + echo "Usage: $0 [options]" echo - echo "Opciones:" - echo " --standard Realiza un respaldo estándar." - echo " --encrypt Realiza un respaldo encriptado (requiere un archivo de clave)." - echo " --help Muestra esta ayuda." + echo "Options:" + echo " --standard Perform a standard backup." + echo " --encrypt Perform an encrypted backup (requires a key file)." + echo " --ip Repository IP address (overrides configuration)." + echo " --pool Name of the backup pool (overrides configuration)." + echo " --items List of backup items in 'name1:source1,name2:source2' format." + echo " --help Show this help." exit 0 } -if [ $# -eq 0 ]; then +while [[ $# -gt 0 ]]; do + case "$1" in + --standard) + MODE="standard" + ;; + --encrypt) + MODE="encrypt" + ;; + --ip) + IP_MACHINE="$2" + shift + ;; + --pool) + POOL="$2" + shift + ;; + --items) + BACKUP_ITEMS="$2" + shift + ;; + --help) + show_help + ;; + *) + echo "Error: Opción no reconocida '$1'" + show_help + ;; + esac + shift +done + +if [ -z "$MODE" ]; then + echo "Error: Debes especificar --standard o --encrypt." show_help fi -case "$1" in - --standard) - echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo estándar de $TARGET_DIR al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" - proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" && - proxmox-backup-client backup "$BACKUP_NAME_INTERFACES:$INTERFACES_FILE" --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" - ;; - --encrypt) +echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" +for item in $(echo "$BACKUP_ITEMS" | tr ',' '\n'); do + BACKUP_NAME=$(echo "$item" | cut -d':' -f1) + TARGET_DIR=$(echo "$item" | cut -d':' -f2) + + if [ "$MODE" == "encrypt" ]; then # Comprobar si el archivo de clave existe if [ ! -f "$KEY_FILE" ]; then echo "Error: El archivo de clave $KEY_FILE no existe." | tee -a "$LOG_FILE" exit 1 fi - echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo encriptado de $TARGET_DIR al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" - proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" 2>>"$LOG_FILE" && - proxmox-backup-client backup "$BACKUP_NAME_INTERFACES:$INTERFACES_FILE" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" 2>>"$LOG_FILE" - ;; - --help) - show_help - ;; - *) - echo "Error: Opción no reconocida." - show_help - ;; -esac + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" --backup-type "host" 2>>"$LOG_FILE" +else + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --backup-type "host" 2>>"$LOG_FILE" + fi +done -# Verificar el resultado del respaldo if [ $? -eq 0 ]; then echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Respaldo completado con éxito. Puede revisar el log en $LOG_FILE\n" | tee -a "$LOG_FILE" else From 85680e4c507c332daae3a98cb0c2f656848045fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 8 Jan 2025 10:56:30 +0100 Subject: [PATCH 09/14] Refs #8359: 8359-Backup_node_PVE - Final Script - minor changes --- scripts/backup_pve.sh | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index 17eb5c3..f03200f 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -45,6 +45,10 @@ show_help() { exit 0 } +exit_from_repo() { + proxmox-backup-client logout --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" && echo "$(date '+%Y-%m-%d %H:%M:%S') - Logged out from repository $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" +} + while [[ $# -gt 0 ]]; do case "$1" in --standard) @@ -69,7 +73,7 @@ while [[ $# -gt 0 ]]; do show_help ;; *) - echo "Error: Opción no reconocida '$1'" + echo "Error: Unrecognized option '$1'" show_help ;; esac @@ -77,19 +81,18 @@ while [[ $# -gt 0 ]]; do done if [ -z "$MODE" ]; then - echo "Error: Debes especificar --standard o --encrypt." + echo "You must specify --standard or --encrypt." show_help fi -echo "$(date '+%Y-%m-%d %H:%M:%S') - Iniciando respaldo al repositorio $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" +echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting backup to repository $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" for item in $(echo "$BACKUP_ITEMS" | tr ',' '\n'); do BACKUP_NAME=$(echo "$item" | cut -d':' -f1) TARGET_DIR=$(echo "$item" | cut -d':' -f2) if [ "$MODE" == "encrypt" ]; then - # Comprobar si el archivo de clave existe if [ ! -f "$KEY_FILE" ]; then - echo "Error: El archivo de clave $KEY_FILE no existe." | tee -a "$LOG_FILE" + echo "The key file $KEY_FILE does not exist." | tee -a "$LOG_FILE" exit 1 fi @@ -100,8 +103,10 @@ else done if [ $? -eq 0 ]; then - echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Respaldo completado con éxito. Puede revisar el log en $LOG_FILE\n" | tee -a "$LOG_FILE" + exit_from_repo + echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Backup completed successfully. You can check the log at $LOG_FILE\n" | tee -a "$LOG_FILE" else - echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Error durante el respaldo. Puede revisar el log en $LOG_FILE\n" | tee -a "$LOG_FILE" + exit_from_repo + echo -e "$(date '+%Y-%m-%d %H:%M:%S') - Error during backup. You can check the log at $LOG_FILE\n" | tee -a "$LOG_FILE" exit 1 fi From 5951d626ca314732df6ad861ae3a853550bc2f63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 8 Jan 2025 13:10:56 +0100 Subject: [PATCH 10/14] Refs #8359: 8359-Backup_node_PVE - Final Script - Adding support for API authentication --- scripts/backup_pve.sh | 51 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index f03200f..6204903 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -3,7 +3,7 @@ # # Author: Xavi Lleó # Copyright (c) 2025 Verdnatura S.L. All rights reserved. -# Version: 1.0.0 +# Version: 1.0.2 # ¿Juan Wants add GPL License? # # A configuration file is required in the user's home directory who runs this command. @@ -12,7 +12,9 @@ # Example of a configuration file: # # Default values -# IP_MACHINE="root@pam@192.168.1.250" +# USER_API="root@pam!api" +# USER="root@pam" +# IP_PBS="192.168.1.250" # POOL="backup-pool" # BACKUP_ITEMS="etc-pve.pxar:/etc/pve,interfaces.pxar:/etc/network" # LOG_FILE="/var/log/proxmox-backup-node-pve.log" @@ -21,6 +23,9 @@ # PBS_FINGERPRINT='b0:69:24:75:f0:92:a2:72:37:7c:c1:cb:0d:ba:8e:14:EE:XX:AA:MM:PP:LL:EE:e4:2b:07:02:18:86:9a:df:45' # # If you prefer to use switches in a one-liner, refer to the help section (--help) for available options. +# Remember to add the port after the IP address when using an API user for authentication. +# Example: IP_PBS="192.168.1.250:8007" + CONFIG_FILE="$HOME/.backup_config.conf" @@ -30,6 +35,9 @@ export PBS_FINGERPRINT if [ -f "$CONFIG_FILE" ]; then source "$CONFIG_FILE" +else + echo "Error: Configuration file not found at $CONFIG_FILE" + exit 1 fi show_help() { @@ -41,14 +49,22 @@ show_help() { echo " --ip Repository IP address (overrides configuration)." echo " --pool Name of the backup pool (overrides configuration)." echo " --items List of backup items in 'name1:source1,name2:source2' format." + echo " --user-api Specify user API credentials for backup." + echo " --user Specify user credentials for backup." echo " --help Show this help." exit 0 } exit_from_repo() { - proxmox-backup-client logout --repository "$IP_MACHINE:$POOL" 2>>"$LOG_FILE" && echo "$(date '+%Y-%m-%d %H:%M:%S') - Logged out from repository $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" + proxmox-backup-client logout --repository "$REPOSITORY" 2>>"$LOG_FILE" && echo "$(date '+%Y-%m-%d %H:%M:%S') - Logged out from repository $REPOSITORY" | tee -a "$LOG_FILE" } +# Check if PBS_PASSWORD and PBS_FINGERPRINT are set +if [ -z "$PBS_PASSWORD" ] || [ -z "$PBS_FINGERPRINT" ]; then + echo "Error: PBS_PASSWORD or PBS_FINGERPRINT is not set." + exit 1 +fi + while [[ $# -gt 0 ]]; do case "$1" in --standard) @@ -58,7 +74,7 @@ while [[ $# -gt 0 ]]; do MODE="encrypt" ;; --ip) - IP_MACHINE="$2" + IP_ADDRESS="$2" shift ;; --pool) @@ -69,6 +85,14 @@ while [[ $# -gt 0 ]]; do BACKUP_ITEMS="$2" shift ;; + --user-api) + USER_API="$2" + shift + ;; + --user) + USER="$2" + shift + ;; --help) show_help ;; @@ -85,7 +109,13 @@ if [ -z "$MODE" ]; then show_help fi -echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting backup to repository $IP_MACHINE:$POOL" | tee -a "$LOG_FILE" +if [ -n "$USER_API" ]; then + REPOSITORY="$USER_API@$IP_PBS:$POOL" +else + REPOSITORY="$USER@$IP_PBS:$POOL" +fi + +echo "$(date '+%Y-%m-%d %H:%M:%S') - Starting backup to repository $REPOSITORY" | tee -a "$LOG_FILE" for item in $(echo "$BACKUP_ITEMS" | tr ',' '\n'); do BACKUP_NAME=$(echo "$item" | cut -d':' -f1) TARGET_DIR=$(echo "$item" | cut -d':' -f2) @@ -96,9 +126,14 @@ for item in $(echo "$BACKUP_ITEMS" | tr ',' '\n'); do exit 1 fi - proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --crypt-mode encrypt --keyfile "$KEY_FILE" --backup-type "host" 2>>"$LOG_FILE" -else - proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$IP_MACHINE:$POOL" --backup-type "host" 2>>"$LOG_FILE" + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$REPOSITORY" --crypt-mode encrypt --keyfile "$KEY_FILE" --backup-type 'host' 2>>"$LOG_FILE" + else + proxmox-backup-client backup "$BACKUP_NAME:$TARGET_DIR" --repository "$REPOSITORY" --backup-type 'host' 2>>"$LOG_FILE" + fi + + if [ $? -ne 0 ]; then + echo "Backup failed for $BACKUP_NAME" | tee -a "$LOG_FILE" + exit 1 fi done From e00697dcad675d46c1acb272dc53cc1569679ecd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 8 Jan 2025 13:13:53 +0100 Subject: [PATCH 11/14] Refs #8359: 8359-Backup_node_PVE - Final Script - --ip in cases null pointer IP_PBS --- scripts/backup_pve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index 6204903..f2e3029 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -3,7 +3,7 @@ # # Author: Xavi Lleó # Copyright (c) 2025 Verdnatura S.L. All rights reserved. -# Version: 1.0.2 +# Version: 1.0.3 # ¿Juan Wants add GPL License? # # A configuration file is required in the user's home directory who runs this command. @@ -74,7 +74,7 @@ while [[ $# -gt 0 ]]; do MODE="encrypt" ;; --ip) - IP_ADDRESS="$2" + IP_PBS="$2" shift ;; --pool) From de22ad7efe88f090c8ecc7d469ff7cdbba05f008 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Wed, 8 Jan 2025 13:23:49 +0100 Subject: [PATCH 12/14] Refs #8359: 8359-Backup_node_PVE - Final Script - Adding better description options --- scripts/backup_pve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index f2e3029..ae7027e 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -18,8 +18,8 @@ # POOL="backup-pool" # BACKUP_ITEMS="etc-pve.pxar:/etc/pve,interfaces.pxar:/etc/network" # LOG_FILE="/var/log/proxmox-backup-node-pve.log" -# KEY_FILE="mykeyfile.key" -# PBS_PASSWORD='mypass' +# KEY_FILE="mykeyfile.key" #In case you want encrypted backups +# PBS_PASSWORD='mypass or api token' # PBS_FINGERPRINT='b0:69:24:75:f0:92:a2:72:37:7c:c1:cb:0d:ba:8e:14:EE:XX:AA:MM:PP:LL:EE:e4:2b:07:02:18:86:9a:df:45' # # If you prefer to use switches in a one-liner, refer to the help section (--help) for available options. From 82b96bcd542135b38f7090e37132e6cc77906e81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 9 Jan 2025 09:41:41 +0100 Subject: [PATCH 13/14] Refs #8359: 8359-Backup_node_PVE - Final Script - Adding a sleep command in the for loop to prevent bugs caused by the loop running too quickly. --- scripts/backup_pve.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/backup_pve.sh b/scripts/backup_pve.sh index ae7027e..326058a 100644 --- a/scripts/backup_pve.sh +++ b/scripts/backup_pve.sh @@ -135,6 +135,7 @@ for item in $(echo "$BACKUP_ITEMS" | tr ',' '\n'); do echo "Backup failed for $BACKUP_NAME" | tee -a "$LOG_FILE" exit 1 fi + sleep 5 done if [ $? -eq 0 ]; then From aab45431ceb0495c266fc60d3e9901e3e725b6d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Xavi=20Lle=C3=B3=20Tom=C3=A1s?= Date: Thu, 9 Jan 2025 10:31:34 +0100 Subject: [PATCH 14/14] Refs #8343: New-machine-id - Initial approach --- playbooks/new-machine-id.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 playbooks/new-machine-id.yml diff --git a/playbooks/new-machine-id.yml b/playbooks/new-machine-id.yml new file mode 100644 index 0000000..f61bfdf --- /dev/null +++ b/playbooks/new-machine-id.yml @@ -0,0 +1,22 @@ +- name: Change machine-id in Debian + hosts: all + gather_facts: no + become: yes + tasks: + - name: Remove files with old machine-id + file: + path: "{{ item }}" + state: absent + loop: + - /etc/machine-id + - /var/lib/dbus/machine-id + + - name: Ensure a new UUID is generated for /etc/machine-id + command: + cmd: dbus-uuidgen --ensure=/etc/machine-id + + - name: Create symbolic link for /var/lib/dbus/machine-id + file: + src: /etc/machine-id + dest: /var/lib/dbus/machine-id + state: link