service-borg-backup: preload backup server facts

As described inline, ensure that minimal facts for the backup servers'
are loaded before running the backup roles on hosts, so they can read
the ansible_ssh_host_key_ed25519_public fact for each backup server
and ensure it is accepted.

Update the other comments slightly as well.

Change-Id: I1f207ca0770d58f61a89f9ade0bd26cebc982c62
This commit is contained in:
Ian Wienand 2021-02-23 11:29:02 +11:00
parent 1e18cd0163
commit 08dba9d026

View File

@ -1,10 +1,22 @@
# This needs to happen in order. Backup hosts export their username/key # This ensures fact population so the borg-backup role, run on the
# combos which are installed onto the backup server # backup-clients, can add the public key for each backup server in
# "borg-backup-server" to it's known_hosts.
- hosts: "borg-backup-server:!disabled"
name: "Populate backup server host keys"
tasks:
- name: 'Gather minimal host facts'
setup:
gather_subset: '!all'
# These two steps needs to happen in order. Backup hosts export their
# username/key combos in this step, then the following role uses that
# info to authorizes these users on the backup servers.
- hosts: "borg-backup:!disabled" - hosts: "borg-backup:!disabled"
name: "Base: Generate borg backup users and keys" name: "Generate borg backup users and keys"
roles: roles:
- iptables - iptables
- borg-backup - borg-backup
- hosts: "borg-backup-server:!disabled" - hosts: "borg-backup-server:!disabled"
name: "Generate borg configuration" name: "Generate borg configuration"
roles: roles: