mirror of
https://github.com/natelandau/ansible-homelab-config.git
synced 2025-11-18 01:43:40 -05:00
42 lines
1.3 KiB
YAML
42 lines
1.3 KiB
YAML
---
|
|
# TASK DESCRIPTION:
|
|
# Nomad jobs which can not run with NFS storage use pre-start and post-stop tasks to invoke
|
|
# shell scripts which keep the job's filesystem in sync. This task does the following:
|
|
#
|
|
# 1. Copies a backup and restore shellscript to /usr/local/bin
|
|
# 2. Edits the sudoers file to allow the script to be invoked with sudo privileges
|
|
|
|
- name: Copy backup shellscript to server
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: scripts/service_backups.sh.j2
|
|
dest: /usr/local/bin/service_backups
|
|
mode: 0755
|
|
when:
|
|
- is_nomad_client or is_nomad_server
|
|
|
|
- name: Copy restore shellscript to server
|
|
become: true
|
|
ansible.builtin.template:
|
|
src: scripts/service_restore.sh.j2
|
|
dest: /usr/local/bin/service_restore
|
|
mode: 0755
|
|
when:
|
|
- is_nomad_client or is_nomad_server
|
|
|
|
- name: "SUDO: Confirm users can run service_backups"
|
|
become: true
|
|
ansible.builtin.lineinfile:
|
|
path: "/etc/sudoers.d/010_{{ item }}-backups-nopasswd"
|
|
line: "{{ item }} ALL=(ALL) NOPASSWD: /usr/local/bin/service_backups, /usr/local/bin/service_restore"
|
|
state: present
|
|
create: true
|
|
mode: "0440"
|
|
validate: "/usr/sbin/visudo -cf %s"
|
|
loop:
|
|
- nomad
|
|
- "{{ ansible_user }}"
|
|
when:
|
|
- is_nomad_client or is_nomad_server
|
|
- "'pis' in group_names"
|