Update docker image to use ansible v2.13.3

Dockerfile

@@ -1,23 +1,28 @@
-FROM ovski/ansible:v2.9.6
+FROM ovski/ansible:v2.13.3
 
 # Clone ansible playbooks
+RUN apt-get --allow-releaseinfo-change update && apt-get install -y git
+RUN git clone https://github.com/Ovski4/ansible-playbook-smtp-email.git /var/smtp-email-playbook
 RUN git clone https://github.com/Ovski4/ansible-playbook-mysql-dump.git /var/mysql-dump-playbook
 RUN git clone https://github.com/Ovski4/ansible-playbook-mongo-dump.git /var/mongo-dump-playbook
 RUN git clone https://github.com/Ovski4/ansible-playbook-borg-backup.git /var/borg-backup-playbook
+RUN git clone https://github.com/Ovski4/ansible-playbook-elasticsearch-snapshot.git /var/elasticsearch-snapshot-playbook
 
 # Install borg
-RUN apt install -y \
+RUN apt-get install -y \
     python3 \
     python3-dev \
     python3-pip \
-    python-virtualenv \
-    libssl-dev openssl \
+    python3-virtualenv \
     libacl1-dev libacl1 \
+    libssl-dev \
+    liblz4-dev libzstd-dev libxxhash-dev \
     build-essential \
+    pkg-config python3-pkgconfig \
     borgbackup
 
 # Install packages for mysqldump
-RUN apt-get install -y mariadb-client
+RUN apt-get install -y mariadb-client python3-apt
 RUN pip3 install PyMySql
 
 # Install cron

README.md

@@ -2,9 +2,25 @@ Borg backup cron
 =================
 
 A docker image to backup periodically a folder using borg.
-Additionnally this image can dump a mysql database in the same folder beforehand.
+Additionnally this image can:
+* dump a mysql database in the same folder beforehand
+* dump a mongo database
+* create an elasticsearch snapshot
+* end an email on failure
+
 You can also run the cron job directly by overriding the command with `/var/backup_script.sh`
 
+Table of contents
+-----------------
+
+- [Build](#build)
+- [Usage](#usage)
+  - [With mysql dump](#with-mysql-dump)
+  - [With mongo dump](#with-mongo-dump)
+  - [With elasticsearch snapshot](#with-elasticsearch-snapshot)
+  - [Sending an email on failure](#sending-an-email-on-failure)
+  - [Use secrets instead of env variables](#use-secrets-instead-of-env-variables)
+
 Build
 -----
 
@@ -36,7 +52,7 @@ docker run \
    ovski/borgbackup-cron
 ```
 
-With mysql dump
+### With mysql dump
 
 ```bash
 docker run \
@@ -48,7 +64,7 @@ docker run \
    ovski/borgbackup-cron
 ```
 
-With mongo dump
+### With mongo dump
 
 ```bash
 docker run \
@@ -59,10 +75,39 @@ docker run \
    ovski/borgbackup-cron
 ```
 
+### With elasticsearch snapshot
+
+```bash
+docker run \
+   # ... other options
+   -e ELASTICSEARCH_PORT=9200 \
+   -e ELASTICSEARCH_HOST=elasticsearch \
+   -e ELASTICSEARCH_REPOSITORY=backup \
+   ovski/borgbackup-cron
+```
+
+### Sending an email on failure
+
+```bash
+docker run \
+   # ... other options
+   -e SMTP_USER=smtpuser@gmail.com \
+   -e SMTP_PASSWORD=smtppassword \
+   -e SMTP_PORT=465 \
+   -e SMTP_HOST=smtp.gmail.com \
+   -e MAIL_TO=user@recipient.com \
+   -e MAIL_BODY="Email content" \
+   -e MAIL_SUBJECT="Email subject" \
+   ovski/borgbackup-cron
+```
+
+### Use secrets instead of env variables
+
 You can also use secrets in a stack to store sensitive information.
 Instead of specifiying environment variables, create the following secrets in /var/secrets (default location):
 
 ```
 /run/secrets/borg_passphrase instead of BORG_PASSPHRASE
 /run/secrets/db_password instead of MYSQL_PASSWORD
+/run/secrets/smtp_password instead of SMTP_PASSWORD
 ```

backup_script.sh

@@ -1,5 +1,22 @@
 #!/bin/bash
 
+send_email_on_error() {
+    ansible-playbook /var/smtp-email-playbook/main.yml \
+        -e "smtp_user=$SMTP_USER" \
+        -e "smtp_password=$SMTP_PASSWORD" \
+        -e "smtp_port=$SMTP_PORT" \
+        -e "smtp_host=$SMTP_HOST" \
+        -e "mail_to='$MAIL_TO'" \
+        -e "mail_body='$MAIL_BODY'" \
+        -e "mail_subject='$MAIL_SUBJECT'"
+}
+
+# Only handle errors if the required environment variables are defined to send an email
+if [[ ! -z "$SMTP_USER" && ! -z "$SMTP_PASSWORD" && ! -z "$SMTP_PORT" && ! -z "$SMTP_HOST" && ! -z "$MAIL_TO" && ! -z "$MAIL_BODY" && ! -z "$MAIL_SUBJECT" ]]; then
+    set -o errexit -o errtrace
+    trap send_email_on_error ERR
+fi
+
 if [[ ! -z "$MYSQL_USER" && ! -z "$MYSQL_DATABASE" && ! -z "$MYSQL_PASSWORD" && ! -z "$MYSQL_HOST" ]]; then
     ansible-playbook /var/mysql-dump-playbook/main.yml \
         -e "mysql_dumps_target_folder=$LOCAL_FOLDER" \
@@ -19,6 +36,13 @@ if [[ ! -z "$MONGO_HOST" && ! -z "$MONGO_DATABASE" && ! -z "$MONGO_PORT" ]]; the
         -e "db_name=$MONGO_DATABASE"
 fi
 
+if [[ ! -z "$ELASTICSEARCH_HOST" && ! -z "$ELASTICSEARCH_REPOSITORY" && ! -z "$ELASTICSEARCH_PORT" ]]; then
+    ansible-playbook /var/elasticsearch-snapshot-playbook/main.yml \
+        -e "elasticsearch_port=$ELASTICSEARCH_PORT" \
+        -e "elasticsearch_host=$ELASTICSEARCH_HOST" \
+        -e "elasticsearch_repository=$ELASTICSEARCH_REPOSITORY"
+fi
+
 ansible-playbook /var/borg-backup-playbook/main.yml \
     -e "ssh_connection=$SSH_CONNECTION" \
     -e "private_key_path=$PRIVATE_KEY_PATH" \

entrypoint.sh

@@ -9,7 +9,7 @@ if [[ -n "$SSH_KNOWN_HOSTS" ]]; then
     chmod 644 ~/.ssh/known_hosts
     while IFS=' ' read -ra entries; do
         for entry in "${entries[@]}"; do
-            ssh-keyscan -Ht rsa ${entry} >> ~/.ssh/known_hosts
+            ssh-keyscan ${entry} >> ~/.ssh/known_hosts
         done
     done <<< "$SSH_KNOWN_HOSTS"
 fi
@@ -27,6 +27,12 @@ if [[ -f /run/secrets/db_password ]]; then
     export MYSQL_PASSWORD=$(cat /run/secrets/db_password)
 fi
 
+
+if [[ -f /run/secrets/smtp_password ]]; then
+    echo "Setting SMTP_PASSWORD env variable from secret"
+    export SMTP_PASSWORD=$(cat /run/secrets/smtp_password)
+fi
+
 # Make env variables accessible in crontab
 declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /container.env