From 39ffc685d689f4df9585edec6a30afe9f4a4f0f1 Mon Sep 17 00:00:00 2001 From: Ian Wienand Date: Fri, 11 Dec 2020 09:19:28 +1100 Subject: [PATCH] backups: remove all bup All hosts are now running thier backups via borg to servers in vexxhost and rax.ord. For reference, the servers being backed up at this time are: borg-ask01 borg-ethercalc02 borg-etherpad01 borg-gitea01 borg-lists borg-review-dev01 borg-review01 borg-storyboard01 borg-translate01 borg-wiki-update-test borg-zuul01 This removes the old bup backup hosts, the no-longer used ansible roles for the bup backup server and client roles, and any remaining bup related configuration. For simplicity, we will remove any remaining bup cron jobs on the above servers manually after this merges. Change-Id: I32554ca857a81ae8a250ce082421a7ede460ea3c --- inventory/base/hosts.yaml | 14 ----- inventory/service/groups.yaml | 23 -------- manifests/site.pp | 8 --- .../manifests/backup_server.pp | 7 --- .../openstack_project/manifests/ethercalc.pp | 10 ---- modules/openstack_project/manifests/lists.pp | 6 -- .../openstack_project/manifests/storyboard.pp | 5 -- modules/openstack_project/manifests/wiki.pp | 8 --- playbooks/roles/backup-server/README.rst | 15 ----- .../roles/backup-server/defaults/main.yaml | 1 - playbooks/roles/backup-server/tasks/main.yaml | 21 ------- playbooks/roles/backup-server/tasks/user.yaml | 32 ----------- playbooks/roles/backup/README.rst | 23 -------- playbooks/roles/backup/files/bup-excludes | 25 -------- playbooks/roles/backup/tasks/main.yaml | 57 ------------------- .../test-fixtures/results.yaml | 6 +- playbooks/service-backup.yaml | 8 --- playbooks/zuul/run-base.yaml | 2 - .../backup-test01.opendev.org.yaml.j2 | 1 - .../backup-test02.opendev.org.yaml.j2 | 2 - zuul.d/infra-prod.yaml | 13 ----- zuul.d/project.yaml | 3 - zuul.d/system-config-run.yaml | 24 -------- 23 files changed, 2 insertions(+), 312 deletions(-) delete mode 100644 modules/openstack_project/manifests/backup_server.pp delete mode 100644 playbooks/roles/backup-server/README.rst delete mode 100644 playbooks/roles/backup-server/defaults/main.yaml delete mode 100644 playbooks/roles/backup-server/tasks/main.yaml delete mode 100644 playbooks/roles/backup-server/tasks/user.yaml delete mode 100644 playbooks/roles/backup/README.rst delete mode 100644 playbooks/roles/backup/files/bup-excludes delete mode 100644 playbooks/roles/backup/tasks/main.yaml delete mode 100644 playbooks/service-backup.yaml delete mode 100644 playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 delete mode 100644 playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 diff --git a/inventory/base/hosts.yaml b/inventory/base/hosts.yaml index 9bc750b247..50352876ea 100644 --- a/inventory/base/hosts.yaml +++ b/inventory/base/hosts.yaml @@ -49,13 +49,6 @@ all: region_name: DFW public_ipv4: 104.239.149.165 public_ipv6: 2001:4800:7819:105:be76:4eff:fe01:e6ff - backup01.ca-ymq-1.vexxhost.opendev.org: - ansible_host: 199.204.45.119 - location: - cloud: openstackci-vexxhost - region_name: ca-ymq-1 - public_v4: 199.204.45.119 - public_v6: 2604:e100:1:0:f816:3eff:feab:d678 backup02.ca-ymq-1.vexxhost.opendev.org: ansible_host: 199.204.45.196 location: @@ -70,13 +63,6 @@ all: region_name: ORD public_v4: 23.253.160.180 public_v6: 2001:4801:7825:103:be76:4eff:fe10:1b1 - backup01.ord.rax.ci.openstack.org: - ansible_host: 23.253.20.173 - location: - cloud: openstackci-rax - region_name: ORD - public_v4: 23.253.20.173 - public_v6: 2001:4801:7824:101:be76:4eff:fe10:20cf bridge.openstack.org: ansible_host: 23.253.234.219 location: diff --git a/inventory/service/groups.yaml b/inventory/service/groups.yaml index 2c9dbc857f..b4c953a9da 100644 --- a/inventory/service/groups.yaml +++ b/inventory/service/groups.yaml @@ -19,27 +19,6 @@ groups: afs-admin: - mirror-update[0-9]*.openstack.org ask: ask*.open*.org -# NOTE: By default we keep the backup-server group empty as an -# emergency escape hatch if a problem were to propage through -# production servers. However, this also means if you add a server to -# the "backup" group to be backed up, you should uncomment the -# "backup-server" group for an Ansible pulse so the users & keys are -# setup on the server(s). You can submit a follow-on change to revert -# this at the same time. - backup: - - gitea01.opendev.org - - review[0-9]*.openstack.org - - review-dev[0-9]*.open*.org - - zuul[0-9]*.open*.org - # All these servers are "special-cased" in specifically - # as they are puppet and should be replaced "soon" - - ethercalc02.openstack.org - - ask01.openstack.org - - lists.openstack.org - - storyboard01.opendev.org - - translate01.openstack.org - backup-server: - - backup01.ca-ymq-1.vexxhost.opendev.org borg-backup: - etherpad[0-9]*.opendev.org - gitea01.opendev.org @@ -66,7 +45,6 @@ groups: control-plane-clouds: - bridge.openstack.org disabled: - - backup01.ord.rax.ci.openstack.org - corvustest - idp.openstackid.org - lists-dev01.openstack.org @@ -146,7 +124,6 @@ groups: - pbx[0-9]*.opendev.org puppet: - ask*.open*.org - - backup[0-9]*.openstack.org - cacti[0-9]*.open*.org - corvustest - eavesdrop[0-9]*.open*.org diff --git a/manifests/site.pp b/manifests/site.pp index fed35c6a76..79e6942088 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -355,14 +355,6 @@ node /^pbx\d*\.open.*\.org$/ { } } -# Node-OS: xenial -# A backup machine. Don't run cron or puppet agent on it. -node /^backup\d+\..*\.ci\.open.*\.org$/ { - $group = "ci-backup" - class { 'openstack_project::server': } - include openstack_project::backup_server -} - # Node-OS: xenial node /^openstackid\d*(\.openstack)?\.org$/ { $group = "openstackid" diff --git a/modules/openstack_project/manifests/backup_server.pp b/modules/openstack_project/manifests/backup_server.pp deleted file mode 100644 index d789b9dd5e..0000000000 --- a/modules/openstack_project/manifests/backup_server.pp +++ /dev/null @@ -1,7 +0,0 @@ -# == Class: openstack_project::backup_server -# -class openstack_project::backup_server { - package { 'bup': - ensure => present, - } -} diff --git a/modules/openstack_project/manifests/ethercalc.pp b/modules/openstack_project/manifests/ethercalc.pp index 2e0e875bd1..a86f96d40f 100644 --- a/modules/openstack_project/manifests/ethercalc.pp +++ b/modules/openstack_project/manifests/ethercalc.pp @@ -21,14 +21,4 @@ class openstack_project::ethercalc ( include ethercalc::redis - # Redis creates a snapshot at /var/lib/redis/dump.rdb periodically - # (at worst every 15 minutes if at least one change is made to redis) - # which can be used to recover the Redis DB. Bup will automagically - # pick this file up during its normal operation so no other DB dumping - # is required like with mysql. - include bup - bup::site { 'ord.rax': - backup_user => "bup-$::hostname", - backup_server => 'backup01.ord.rax.ci.openstack.org', - } } diff --git a/modules/openstack_project/manifests/lists.pp b/modules/openstack_project/manifests/lists.pp index 899f5d05c6..ffbb2bc737 100644 --- a/modules/openstack_project/manifests/lists.pp +++ b/modules/openstack_project/manifests/lists.pp @@ -42,12 +42,6 @@ class openstack_project::lists( user::virtual::disable { 'oubiwann': } user::virtual::disable { 'rockstar': } - include bup - bup::site { 'ord.rax': - backup_user => 'bup-lists', - backup_server => 'backup01.ord.rax.ci.openstack.org', - } - # Begin user servicable parts mailman::site { 'openstack': diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp index 623bc37a66..542fad3d49 100644 --- a/modules/openstack_project/manifests/storyboard.pp +++ b/modules/openstack_project/manifests/storyboard.pp @@ -86,9 +86,4 @@ class openstack_project::storyboard( source => $superusers, } - include bup - bup::site { 'ord.rax': - backup_user => 'bup-storyboard', - backup_server => 'backup01.ord.rax.ci.openstack.org', - } } diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp index 7719fcdacd..0ec9c0e2ea 100644 --- a/modules/openstack_project/manifests/wiki.pp +++ b/modules/openstack_project/manifests/wiki.pp @@ -75,14 +75,6 @@ class openstack_project::wiki ( require => File['/srv/mediawiki'], } - if $bup_user != undef { - include bup - bup::site { 'ord.rax': - backup_user => $bup_user, - backup_server => 'backup01.ord.rax.ci.openstack.org', - } - } - class { '::elasticsearch': es_template_config => { 'bootstrap.mlockall' => true, diff --git a/playbooks/roles/backup-server/README.rst b/playbooks/roles/backup-server/README.rst deleted file mode 100644 index c6560a0c64..0000000000 --- a/playbooks/roles/backup-server/README.rst +++ /dev/null @@ -1,15 +0,0 @@ -Setup backup server - -This role configures backup server(s) in the ``backup-server`` group -to accept backups from remote hosts. - -Note that the ``backup`` role must have run on each host in the -``backup`` group before this role. That role will create a -``bup_user`` tuple in the hostvars for for each host consisting of the -required username and public key. - -Each required user gets a separate home directory in ``/opt/backups``. -Their ``authorized_keys`` file is configured with the public key to -allow the remote host to log in and only run ``bup``. - -**Role Variables** diff --git a/playbooks/roles/backup-server/defaults/main.yaml b/playbooks/roles/backup-server/defaults/main.yaml deleted file mode 100644 index e5580b296a..0000000000 --- a/playbooks/roles/backup-server/defaults/main.yaml +++ /dev/null @@ -1 +0,0 @@ -bup_users: [] \ No newline at end of file diff --git a/playbooks/roles/backup-server/tasks/main.yaml b/playbooks/roles/backup-server/tasks/main.yaml deleted file mode 100644 index d5c7ee74be..0000000000 --- a/playbooks/roles/backup-server/tasks/main.yaml +++ /dev/null @@ -1,21 +0,0 @@ -- name: Create backup directory - file: - state: directory - path: /opt/backups - -- name: Install bup - package: - name: - - bup - state: present - -- name: Build all bup users from backup hosts - set_fact: - bup_users: '{{ bup_users }} + [ {{ hostvars[item]["bup_user"] }} ]' - with_inventory_hostnames: 'backup:!disabled' - -- name: Create bup users - include_tasks: user.yaml - loop: '{{ bup_users }}' - loop_control: - loop_var: bup_user diff --git a/playbooks/roles/backup-server/tasks/user.yaml b/playbooks/roles/backup-server/tasks/user.yaml deleted file mode 100644 index 36b3f18ee6..0000000000 --- a/playbooks/roles/backup-server/tasks/user.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# note bup_user is the parent loop variable name; this works on each -# element from the bup_users global. -- name: Set variables - set_fact: - user_name: '{{ bup_user[0] }}' - user_key: '{{ bup_user[1] }}' - -- name: Create bup user - user: - name: '{{ user_name }}' - comment: 'Backup user' - shell: /bin/bash - home: '/opt/backups/{{ user_name }}' - create_home: yes - register: homedir - -- name: Create bup user authorized key - authorized_key: - user: '{{ user_name }}' - state: present - key: '{{ user_key }}' - key_options: 'command="BUP_DEBUG=0 BUP_FORCE_TTY=3 bup server",no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty' - -# ansible-lint wants this in a handler, it should be done here and -# now; this isn't like a service restart where multiple things might -# call it. -- name: Initalise bup - shell: | - BUP_DIR=/opt/backups/{{ user_name }}/.bup bup init - become: yes - become_user: '{{ user_name }}' - when: homedir.changed \ No newline at end of file diff --git a/playbooks/roles/backup/README.rst b/playbooks/roles/backup/README.rst deleted file mode 100644 index 15cdcf254a..0000000000 --- a/playbooks/roles/backup/README.rst +++ /dev/null @@ -1,23 +0,0 @@ -Configure a host to be backed up - -This role setups a host to use ``bup`` for backup to any hosts in the -``backup-server`` group. - -A separate ssh key will be generated for root to connect to the backup -server(s) and the host key for the backup servers will be accepted to -the host. - -The ``bup`` tool is installed and a cron job is setup to run the -backup periodically. - -Note the ``backup-server`` role must run after this to create the user -correctly on the backup server. This role sets a tuple ``bup_user`` -with the username and public key; the ``backup-server`` role uses this -variable for each host in the ``backup`` group to initalise users. - -**Role Variables** - -.. zuul:rolevar:: bup_username - - The username to connect to the backup server. If this is left - undefined, it will be automatically set to ``bup-$(hostname)`` diff --git a/playbooks/roles/backup/files/bup-excludes b/playbooks/roles/backup/files/bup-excludes deleted file mode 100644 index 84aabab33f..0000000000 --- a/playbooks/roles/backup/files/bup-excludes +++ /dev/null @@ -1,25 +0,0 @@ -/proc/* -/sys/* -/dev/* -/tmp/* -/floppy/* -/cdrom/* -/var/spool/squid/* -/var/spool/exim/* -/media/* -/mnt/* -/var/agentx/* -/run/* -/root/backup-restore-* -/root/.bup -/etc/puppet/modules/* -/etc/puppet/hieradata/* -/var/cache/* -/var/lib/docker/* -/var/lib/puppet/reports/* -/var/lib/postgresql/* -/var/lib/lxcfs/* -/var/lib/zuul/backup/* -/var/lib/zuul/times/* -/opt/system-config/* -/afs/* diff --git a/playbooks/roles/backup/tasks/main.yaml b/playbooks/roles/backup/tasks/main.yaml deleted file mode 100644 index 88abd05e30..0000000000 --- a/playbooks/roles/backup/tasks/main.yaml +++ /dev/null @@ -1,57 +0,0 @@ -- name: Generate bup username for this host - set_fact: - bup_username: 'bup-{{ inventory_hostname.split(".", 1)[0] }}' - when: bup_username is not defined - -- debug: - var: bup_username - -- name: Install bup - package: - name: - - bup - state: absent - -- name: Remove old keypair - file: - path: /root/.ssh/id_backup_ed25519 - state: absent - -- name: Remove old keypair - file: - path: /root/.ssh/id_backup_ed25519.pub - state: absent - -- name: Remove old config directory - file: - path: /root/.bup - state: absent - -- name: Remove ssh config - blockinfile: - path: /root/.ssh/config - state: absent - create: false - block: | - Host {{ item }} - HostName {{ item }} - IdentityFile /root/.ssh/id_backup_ed25519 - User {{ bup_username }} - mode: 0600 - with_inventory_hostnames: backup-server - ignore_errors: True - -- name: Remove /etc/bup-excludes - file: - path: /etc/bup-excludes - state: absent - -- name: Remove backup cronjob - cron: - name: "Run bup backup" - job: "tar -X /etc/bup-excludes -cPF - / | bup split -r {{ bup_username }}@{{ item }}: -n root -q" - user: root - hour: '5' - minute: '{{ 59|random(seed=item) }}' - state: absent - with_inventory_hostnames: backup-server diff --git a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml index 405da5deb5..22fe624367 100644 --- a/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml +++ b/playbooks/roles/install-ansible/files/inventory_plugins/test-fixtures/results.yaml @@ -38,15 +38,13 @@ results: - mirror review01.openstack.org: - - backup - borg-backup - gerrit - letsencrypt - review - backup01.ord.rax.ci.openstack.org: - - disabled - - puppet + backup01.ord.rax.opendev.org: + - borg-backup-server ze01.openstack.org: - afs-client diff --git a/playbooks/service-backup.yaml b/playbooks/service-backup.yaml deleted file mode 100644 index 9866cb65e8..0000000000 --- a/playbooks/service-backup.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# NOTE(ianw) : we are removing bup for borg. This just needs to run -# once to remove bup parts from the backup clients, then we will -# remove it completely. -- hosts: "backup:!disabled" - name: "Base: Generate backup users and keys" - roles: - - iptables - - backup diff --git a/playbooks/zuul/run-base.yaml b/playbooks/zuul/run-base.yaml index 87a322edde..fb3bd1d458 100644 --- a/playbooks/zuul/run-base.yaml +++ b/playbooks/zuul/run-base.yaml @@ -83,8 +83,6 @@ - host_vars/mirror01.openafs.provider.opendev.org.yaml - host_vars/mirror02.openafs.provider.opendev.org.yaml - host_vars/mirror-update01.opendev.org.yaml - - host_vars/backup-test01.opendev.org.yaml - - host_vars/backup-test02.opendev.org.yaml - host_vars/refstack01.openstack.org.yaml - name: Display group membership command: ansible localhost -m debug -a 'var=groups' diff --git a/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 b/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 deleted file mode 100644 index 3a9ccef467..0000000000 --- a/playbooks/zuul/templates/host_vars/backup-test01.opendev.org.yaml.j2 +++ /dev/null @@ -1 +0,0 @@ -bup_username: bup-backup01 \ No newline at end of file diff --git a/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 b/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 deleted file mode 100644 index 152cdee1e0..0000000000 --- a/playbooks/zuul/templates/host_vars/backup-test02.opendev.org.yaml.j2 +++ /dev/null @@ -1,2 +0,0 @@ -# Intentionally left blank to test autogeneration of name -#bup_username: bup-backup-test02 \ No newline at end of file diff --git a/zuul.d/infra-prod.yaml b/zuul.d/infra-prod.yaml index 6234107979..d5b1698342 100644 --- a/zuul.d/infra-prod.yaml +++ b/zuul.d/infra-prod.yaml @@ -275,19 +275,6 @@ - playbooks/roles/static/ - playbooks/roles/zuul-user/ -- job: - name: infra-prod-service-backup - parent: infra-prod-service-base - description: Run service-backup.yaml playbook. - vars: - playbook_name: service-backup.yaml - files: - - inventory/ - - playbooks/service-backup.yaml - - playbooks/roles/backup/ - - playbooks/roles/backup-server/ - - playbooks/roles/iptables/ - - job: name: infra-prod-service-borg-backup parent: infra-prod-service-base diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml index ca53fb2007..0c83220da2 100644 --- a/zuul.d/project.yaml +++ b/zuul.d/project.yaml @@ -13,7 +13,6 @@ - system-config-run-base - system-config-run-base-ansible-devel: voting: false - - system-config-run-backup - system-config-run-borg-backup - system-config-run-dns - system-config-run-eavesdrop: @@ -271,7 +270,6 @@ - infra-prod-service-mirror-update - infra-prod-service-mirror - infra-prod-service-static - - infra-prod-service-backup - infra-prod-service-borg-backup - infra-prod-service-registry - infra-prod-service-refstack @@ -316,7 +314,6 @@ - infra-prod-service-mirror - infra-prod-service-static - infra-prod-service-borg-backup - - infra-prod-service-backup - infra-prod-service-zookeeper - infra-prod-service-review - infra-prod-service-review-dev diff --git a/zuul.d/system-config-run.yaml b/zuul.d/system-config-run.yaml index 5f83ffe52d..deea17b1c4 100644 --- a/zuul.d/system-config-run.yaml +++ b/zuul.d/system-config-run.yaml @@ -305,30 +305,6 @@ - testinfra/test_adns.py - testinfra/test_ns.py -- job: - name: system-config-run-backup - parent: system-config-run - description: | - Run the playbook for backup configuration - nodeset: - nodes: - - name: bridge.openstack.org - label: ubuntu-bionic - - name: backup01.region.provider.opendev.org - label: ubuntu-bionic - - name: backup-test01.opendev.org - label: ubuntu-bionic - - name: backup-test02.opendev.org - label: ubuntu-xenial - vars: - run_playbooks: - - playbooks/service-backup.yaml - files: - - playbooks/install-ansible.yaml - - playbooks/roles/backup - - playbooks/zuul/templates/host_vars/backup - - testinfra/test_backups.py - - job: name: system-config-run-borg-backup parent: system-config-run