Basically:

- name: Get hostkey for backup server.
  set_fact:
    backup_hostkey: "{{ lookup('pipe', 'ssh-keyscan -t rsa backup.example.com') }}"

- name: Add backup server to known hosts.
  known_hosts:
    name: backup.example.com
    state: present
    key: "{{ backup_hostkey }}"
  become: yes
  become_user: "{{ backup_user }}"

It would be convenient if you could pass in one or more entries to be added to the server's known_hosts file; that way, the server could be assured that the first run of the backup.sh script doesn't get stalled waiting for someone to accept the remote host key (and it would be more secure to provide a known-good host key anyways!).

See Ansible's known_hosts module.

fatal: [instance]: FAILED! => {"changed": false, "failures": [], "msg": "Depsolve Error occurred: \n Problem: conflicting requests\n  - nothing provides sshpass needed by ansible-2.9.27-1.el8.noarch", "rc": 1, "results": []}

See: https://github.com/geerlingguy/ansible-role-backup/runs/6438618874?check_suite_focus=true#step:5:281

For the past few years, I've used a private role very much like this one, and have a pretty standard set of variables I override per type of server/app... so I should document a typical use case and also all the default variables.

First of all thanks for this role. I found that there are 2 issues with it though.

1. There's a whitespace after the = which causes the script to fail
2. The script doesn't create the database directory in the backup_path

I'll do a pull request fixing these. Perhaps you can merge it.

Thanks

Getting this in tests now:

{{ ansible_ssh_user }}: 'ansible_ssh_user' is undefined

Need to fix.

Would you be open to add encryption to the created backup archives, e.g.
$MYSQLDUMP $MYSQL_CREDENTIALS --single-transaction --quick --lock-tables=false $DB | gzip -f -6 | gpg --batch --no-use-agent --passphrase "{{ backup_passphrase }}" --symmetric --cipher-algo AES256 -o {{ backup_path }}/databases/$DB.sql.gz - 2>&1 | tee -a {{ backup_path }}
If so, would gpg the way to follow?

Hi,

I set the role with two folders to be synchronised through backup_directories. Checking the script outcome, I see that only the second folder's content is present in the target machine.
By fiddling the script, just deleting the --delete flag, the expected outcome (i.e. the content of both folders) is achieved.

Is this a bug?

Latest version of the role, rsync version 3.1.1 protocol version 31 on the sending machine.

Thank you,
Fabrizio

    backup_remote_host_name: '192.168.1.2'
    backup_remote_host_key: ['-----BEGIN RSA PRIVATE KEY-----
somekey
-----END RSA PRIVATE KEY-----']

When trying to run, it spits out the following error message, even without backup_remote_host_key it spits out this error:

fatal: [localhost]: FAILED! => {"msg": "The conditional check 'backup_remote_host_name' failed. The error was: error while evaluating conditional (backup_remote_host_name): float object has no element 1\n\nThe error appears to be in '/home/robert/.ansible/roles/geerlingguy.backup/tasks/main.yml': line 35, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Add backup remote host key to server.\n ^ here\n"}

Hi Jeff,

i found an issue in the mysql backup shell script.
The variable $MYSQL_CREDENTIALS contains the mysql user and password. The password is written into the variable with quotation marks. I think this is a problem when the Variable call in a Commandline.

DATABASES=`$MYSQL $MYSQL_CREDENTIALS -e "SHOW DATABASES;" | grep -Ev '(Database|information_schema|performance_schema|mysql)'

The password can then not be interpreted.

That Comman line works for me.

$MYSQLDUMP {% if backup_mysql_credential_file != '' %} --defaults-extra-file={{ backup_mysql_credential_file }} {% else %} -u {{ backup_mysql_user }} -p'{{ backup_mysql_password }}' {% endif %} --single-transaction --quick --lock-tables=false {{backup_database_name}} | gzip -f -6 > {{ backup_path }}/databases/{{backup_database_name}}_$TIMESTAMP.sql.gz

By the way. I have expand the shell script with a little file versioning. Files that older 10 days will be delete:-)

find {{ backup_path }}/databases -mtime +10 -type f -delete
$RSYNC -aqz -e 'ssh {{ backup_remote_connection_ssh_options }}' {{ backup_path }}/databases $REMOTE:{{ backup_remote_base_path }}/{{ backup_identifier }} --delete

Beste Regards
Manuel

P.S. The Role is very usefull. Thank you!