feat(backup_restore): restore backup files

!26

Author: jon-nfc

docs/projects/ansible/playbooks/backup.md

@@ -15,4 +15,9 @@ backup for:
 
 - mariaDB
 
-- PostgresDB
+- PostgresDB
+
+
+## Files Backup
+
+Backup files created by the playbook can be restored with our [restore](restore.md) playbook 

docs/projects/ansible/playbooks/index.md

@@ -23,6 +23,8 @@ Available Playbooks:
 
 1. [postgresdb.yaml](postgresdb.md)
 
+1. [restore.yaml](restore.md)
+
 
 ## Docs ToDo
 

docs/projects/ansible/playbooks/restore.md

@@ -0,0 +1,49 @@
+---
+title: Restore Backup Playbook
+description: No Fuss Computings Ansible playbook restore backup
+date: 2023-10-30
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks
+---
+
+!!! Note
+    Docs Still under development
+
+This Playbook is designed to restore backups to various systems. It uses the configuration as defined in the Ansible Inventory. The specific backup details are from our [backup playbook](backup.md). Currently the following restoration of backups is supported:
+
+- Files
+
+
+## Files Restoration Task
+
+The file restoration tasks within the playbook will restore backups created by our [backup playbook](backup.md).
+
+
+### Playbook Variables
+
+The following is the minimum required defined variables in inventory
+
+``` yaml
+
+restore:
+  backup_storage_directory: /backup
+  files:
+    - name: ""        # Mandatory, String. {backup_file_name}-{inventory_hostname}
+      root_directory: '' # Optional, string. root directory where to restore. default=/
+
+backup:
+  encryption_algorithm: aes256
+
+```
+
+during the running of this playbook, you must specify additional variables `backup_storage_directory` and `restore_backup_date`. for example
+
+``` bash
+clear; ansible-playbook --limit {the ansible host to restore the backup to} \
+  -i inventory/production \
+  /playbooks/restore.yaml \
+  --vault-id recovery@recovery_vault \
+  --extra-vars "restore_backup_date=2023-10-24-13:14:08-+0000" \
+  --extra-vars "backup_storage_directory=/backup" \
+  --tags files
+```

mkdocs.yml

@@ -37,6 +37,8 @@ nav:
 
       - projects/ansible/playbooks/postgresdb.md
 
+      - projects/ansible/playbooks/restore.md
+
     - Roles:
 
       - projects/ansible/roles/index.md

restore.yaml

@@ -0,0 +1,90 @@
+---
+#
+# No Fuss Computing
+# https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks
+#
+# Playbook for restoring backups various systems.
+# tags are optional, with each task only running if applicable variabls are set.
+#
+# image: nofusscomputing/ansible-ee >= 0.1.0
+#
+# Tags:
+#
+#   - files
+#     Restore Specified backup files to path
+#
+#
+- name: Conduct Restoration of Backup(s)
+  hosts: all
+  gather_facts: "{% if task_nfc_common_required | default(false) | bool %}false{% else %}true{% endif %}"
+
+  tasks:
+
+    - name: Common tasks
+      ansible.builtin.include_role:
+        name: nfc_common
+      vars:
+        common_gather_facts: true
+      when: task_nfc_common_required | default(false) | bool
+
+
+    - name: Restore Files
+      ansible.builtin.include_tasks:
+        file: tasks/restore-files.yaml
+        apply:
+          tags:
+            - files
+      when: restore.files | default([]) | length | int > 0
+      tags:
+        - files
+
+  vars:
+    # restore_backup_date:
+    # backup_storage_directory: /backup
+
+    nfc_pb_awx_tower_template:
+      - name: "Restore specified backup from Inventory config"
+        ask_limit_on_launch: true
+        ask_tags_on_launch: true
+        ask_credentials_on_launch: true
+        description: |
+          Playbook to restore backups to various systems using config from inventory
+          Available tags:
+            'files' Restore Specified file(s),
+          If no tag is specified, all tasks will run if the applicable variables are set.
+        execution_environment: "No Fuss Computing EE"
+        job_type: "run"
+        job_tags: files
+        labels:
+          - restore
+          - files
+        # credentials:
+        #   - "Local"
+        verbosity: 2
+        use_fact_cache: true
+        survey_enabled: true
+        survey: |
+          {
+            "max": 25,
+            "min": 25,
+            "type": "text",
+            "choices": "",
+            "default": "",
+            "required": true,
+            "variable": "restore_backup_date",
+            "new_question": true,
+            "question_name": "Date of backup to restore",
+            "question_description": "Enter the backup Date-Time stamp. this is the suffix of the backup file."
+          },
+          {
+              "max": 100,
+              "min": 1,
+              "type": "text",
+              "choices": "",
+              "default": "/backup",
+              "required": true,
+              "variable": "backup_storage_directory",
+              "new_question": true,
+              "question_name": "Backup Storage Directory",
+              "question_description": "The root directory of where the backups are stored"
+          }

tasks/restore-files.yaml

@@ -0,0 +1,55 @@
+---
+#
+# No Fuss Computing
+# https://gitlab.com/nofusscomputing/projects/ansible/ansible_playbooks
+#
+# description:
+#              Task file for Restoring files to specified path.
+#
+# image: nofusscomputing/ansible-ee >= 0.1.0
+# tags: nil
+#
+- name: Set Global Facts
+  ansible.builtin.set_fact:
+    filename_date_time: "{{ '%Y-%m-%d-%H:%M:%S-%z' | strftime(ansible_date_time.epoch) }}"
+  when: filename_date_time | default('does_not_exist') == 'does_not_exist'
+
+
+- name: File Restore
+  block:
+
+
+    - name: Set Task Facts
+      ansible.builtin.set_fact:
+        directory_tasks: '/tmp/task_restore'
+
+
+    - name: Create Task Directory
+      ansible.builtin.file:
+        name: "{{ directory_tasks }}"
+        state: directory
+        mode: '700'
+
+
+    - name: Prepare Decryption Certificate
+      ansible.builtin.copy:
+        content: "{{ file_decryption_key | indent(0) }}"
+        dest: "{{ directory_tasks }}/decryption_certificate"
+        mode: '700'
+
+
+    - name: Backup Files
+      ansible.builtin.include_tasks:
+        file: restore/files.yaml
+      loop: "{{ restore.files }}"
+      loop_control:
+        loop_var: restore_file
+
+  always:
+
+    - name: Remove Task Temp Files
+      ansible.builtin.file:
+        name: "{{ directory_tasks }}"
+        state: absent
+
+    # Secure erase cert. possible???

tasks/restore/files.yaml

@@ -0,0 +1,42 @@
+---
+
+- name: File Restoration
+  block:
+
+
+    - name: Check/Create Restore Path
+      ansible.builtin.file:
+        name: "{{ restore_file.root_directory | default('/') }}"
+        state: directory
+
+
+    - name: Restore file
+      ansible.builtin.shell:
+        cmd: |
+          openssl smime -decrypt \
+            -in {{ backup_storage_directory | default('/backup') }}/{{ restore_backup_date }}-files-{{ restore_file.name }}-{{ backup.encryption_algorithm }}.enc.tar.gz \
+            -binary -inform DEM \
+            -inkey {{ directory_tasks }}/decryption_certificate \
+            -out {{ directory_tasks }}/{{ restore_backup_date }}-files-{{ restore_file.name }}.tar.gz; \
+          tar -xzf \
+            {{ directory_tasks }}/{{ restore_backup_date }}-files-{{ restore_file.name }}.tar.gz \
+            -C {{ restore_file.root_directory | default('/') }};
+          # rm {{ directory_tasks }}/{{ restore_backup_date }}-files-{{ restore_file.name }}.tar.gz
+      args:
+        executable: bash
+      changed_when: false
+      register: file_restoration
+      become: true
+      failed_when: "'Error' in file_restoration.stderr"
+
+
+  always:
+
+    - name: Remove Task Temp Files
+      ansible.builtin.file:
+        name: "{{ item }}"
+        state: absent
+      loop: "{{ tmp_files }}"
+      vars:
+        tmp_files:
+          - "{{ directory_tasks }}/{{ restore_backup_date }}-files-{{ restore_file.name }}.tar.gz"