bugfix: server creation was broken due to backupuser

group_vars/all/plain.yml

@@ -64,6 +64,8 @@ awx_credential_machine_hetzner_name: hetzner-ansible-ssh
 
 gitlab_ansible_user_name: "gitlabci"
 
+backupuser_user_name: backupuser
+
 # used for root-access by hetzner on server creation (@see cloud console/security/ssh-keys)
 hetzner_ssh_keys:
   - "claus.paetow@netgo.de"
@@ -99,15 +101,14 @@ sudo_group: "{{ sudo_groups
   | replace('.','-') }}"
 
 # whitelist for outdated user detection - they wont't be deleted at all
-default_plattform_users:
+default_users:
   - 'nobody'
   - 'elastic'
   - 'postgres'
   - 'administrator'
   - '{{ admin_user }}'
-  - '{{ backupuser_username }}'
 
-smardigo_plattform_users:
+default_plattform_users:
   - 'claus.paetow'
   - 'friedrich.goerz'
   - 'peter.heise'
@@ -115,6 +116,8 @@ smardigo_plattform_users:
   - '{{ awx_ansible_user_name }}'
   - '{{ gitlab_ansible_user_name }}'
 
+smardigo_plattform_users: "{{ default_plattform_users + custom_plattform_users | default([]) }}"
+
 ip_whitelist_admins:
   - "79.215.10.239/32" # sven
   - "212.86.56.112/32" # peter
@@ -197,9 +200,6 @@ blackbox_http_2xx_additional_targets: []
 prometheus_federation_enabled: true
 kubernetes_prometheus_endpoint: "{{ stage }}-kube-prometheus.{{ domain }}"
 
-backupuser_username: backupuser
-backupuser_ssh_pubkey: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAFRYAy3PqimYUWcO4Q9pdTvDQTsq7hKjWYoQEsJICnRRv+W+5d2lJvC3gqMpmWy9XxtrYePkVHCgIvfJSas9Jv7n7eeYoeWLWJq0nRSKg6EKFCH9y3v8tGPJQQf7wogOhHwr6m79c+lpNVUsVR+QOf76+47ZuwnuEBzK6xbDkmwyt7SPrJ59IFxOlmtz2HgVlTLczLalMygM4qlXqIt+lwuuFz4CsGcr4TwMKp9Uk6SCP3OV12oLnUUUOA3r72qmE4+JeUN6VNbXoBXEANfXm5kbM8w+dFhulCi1fQZCssB8PStA7Cs0gVqL6DYNUKRZaFL8e77hljGkPlOQDxOsBexPuceSDmmr6s5qT1wA6bnEFoeWbLlxixGlFA+1Q/LqWsYzoOZiTHDoaXvsc4VizlPp4Fn0OgJefPjuzBsWOyf0ob5oucfnmCAvEh/k+ioq0bIQDcliAM1UezitblHQgGHhqnKPMi664i0ULLiExARe4IV3KJiaG++RJyzUL5HNz3Qru+K5/pdj2jffluYTC4w+6ZYfjWEZS/DAumExv9T97kFOsapHCQJwTBa368Ch6uKkPCZO8p/ra3xTIUh/PibHaVCadgX2NR9q6jdiQtmc0SOyNJlMlPZD/Q1NrjXJ18ASny7gCBFItMyMtinVx9xQxQ+PFLB8oNYERw1ejIw== storage-server-smardigo'
-
 current_date_time: "{{ lookup('pipe','date +%Y-%m-%d_%H:%M') }}"
 
 hcloud_firewall_objects:

group_vars/maria/plain.yml

@@ -10,3 +10,6 @@ mysql_users: []
 docker_enabled: false
 traefik_enabled: false
 filebeat_enabled: false
+
+custom_plattform_users:
+  - '{{ backupuser_user_name }}'

group_vars/postgres/plain.yml

@@ -8,3 +8,6 @@ postgres_acls: []
 docker_enabled: false
 traefik_enabled: false
 filebeat_enabled: false
+
+custom_plattform_users:
+  - '{{ backupuser_user_name }}'

roles/common/tasks/main.yml

@@ -59,7 +59,7 @@
 - name: "Remove outdated users"
   user: name={{ item }} state=absent remove=yes
   with_items: "{{ current_users.stdout_lines }}"
-  when: not ((item in default_plattform_users) or (item in smardigo_plattform_users))
+  when: not ((item in default_users) or (item in smardigo_plattform_users))
   tags:
     - users
 
@@ -97,25 +97,6 @@
   tags:
     - users
 
-- name: "Create stuff for backups on database servers"
-  block:
-  - name: "Create system user for remote_backup"
-    become: yes
-    ansible.builtin.user:
-      name: '{{ backupuser_username }}'
-      comment: "user for backup"
-      shell: /bin/bash
-
-  - name: "Add SSH pub key to auth_keys"
-    authorized_key:
-      user: '{{ backupuser_username }}'
-      key: '{{ backupuser_ssh_pubkey }}'
-  when:
-    - inventory_hostname in groups['postgres'] or
-      inventory_hostname in groups['maria']
-  tags:
-    - users
-
 - name: "Ensure docker configuration directory exists"
   file:
     path: '/home/{{ item }}/.docker/'

roles/maria/tasks/_create_backup.yml

@@ -46,8 +46,8 @@
   become: yes
   ansible.builtin.file:
     path: '{{ backup_dest_dir }}'
-    owner: '{{ backupuser_username }}'
+    owner: '{{ backupuser_user_name }}'
-    group: '{{ backupuser_username }}'
+    group: '{{ backupuser_user_name }}'
     recurse: yes
 
 - name: "Remove {{ my_cnf_file }} file"

roles/postgres/tasks/_create_backup.yml

@@ -42,6 +42,6 @@
   become: yes
   ansible.builtin.file:
     path: '{{ backup_dest_dir }}'
-    owner: '{{ backupuser_username }}'
+    owner: '{{ backupuser_user_name }}'
-    group: '{{ backupuser_username }}'
+    group: '{{ backupuser_user_name }}'
     recurse: yes

users/backupuser/ssh.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAFRYAy3PqimYUWcO4Q9pdTvDQTsq7hKjWYoQEsJICnRRv+W+5d2lJvC3gqMpmWy9XxtrYePkVHCgIvfJSas9Jv7n7eeYoeWLWJq0nRSKg6EKFCH9y3v8tGPJQQf7wogOhHwr6m79c+lpNVUsVR+QOf76+47ZuwnuEBzK6xbDkmwyt7SPrJ59IFxOlmtz2HgVlTLczLalMygM4qlXqIt+lwuuFz4CsGcr4TwMKp9Uk6SCP3OV12oLnUUUOA3r72qmE4+JeUN6VNbXoBXEANfXm5kbM8w+dFhulCi1fQZCssB8PStA7Cs0gVqL6DYNUKRZaFL8e77hljGkPlOQDxOsBexPuceSDmmr6s5qT1wA6bnEFoeWbLlxixGlFA+1Q/LqWsYzoOZiTHDoaXvsc4VizlPp4Fn0OgJefPjuzBsWOyf0ob5oucfnmCAvEh/k+ioq0bIQDcliAM1UezitblHQgGHhqnKPMi664i0ULLiExARe4IV3KJiaG++RJyzUL5HNz3Qru+K5/pdj2jffluYTC4w+6ZYfjWEZS/DAumExv9T97kFOsapHCQJwTBa368Ch6uKkPCZO8p/ra3xTIUh/PibHaVCadgX2NR9q6jdiQtmc0SOyNJlMlPZD/Q1NrjXJ18ASny7gCBFItMyMtinVx9xQxQ+PFLB8oNYERw1ejIw== backupuser@netgo.de