# Backup Playbook Cheatsheet

Quick reference for using the backup playbook.

## Quick Start

```bash
# Run full backup on all hosts
ansible-playbook playbooks/backup.yml

# Backup specific environment
ansible-playbook -i inventories/production playbooks/backup.yml

# Dry-run
ansible-playbook playbooks/backup.yml --check
```

## Common Usage

### Full Backup

```bash
# Complete backup (config + data + databases)
ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"

# Production environment
ansible-playbook -i inventories/production playbooks/backup.yml \
  --extra-vars "backup_type=full"
```

### Incremental Backup (Default)

```bash
# Configuration and databases only
ansible-playbook playbooks/backup.yml
```

### Selective Backups

```bash
# Configuration files only
ansible-playbook playbooks/backup.yml --tags config

# Databases only
ansible-playbook playbooks/backup.yml --tags databases

# Application data only
ansible-playbook playbooks/backup.yml --tags data

# Log files
ansible-playbook playbooks/backup.yml --tags logs
```

## Available Tags

| Tag | Description |
|-----|-------------|
| `config` | System configuration files (/etc, SSH, network) |
| `data` | Application data (/opt, /var/lib, /home) |
| `databases` | MySQL, PostgreSQL, MongoDB dumps |
| `logs` | Log files and audit logs |
| `verify` | Verify backup integrity |
| `cleanup` | Remove old backups |

## Extra Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `backup_type` | `incremental` | Backup type (full or incremental) |
| `backup_retention_days` | `30` | How long to keep backups |
| `backup_compress` | `true` | Compress backups |
| `backup_verify` | `true` | Verify backup integrity |
| `backup_remote_dir` | `None` | Remote backup destination |

## What Gets Backed Up

### Configuration (`--tags config`)
- ✅ /etc directory
- ✅ SSH configuration
- ✅ Network configuration
- ✅ Firewall rules
- ✅ Cron jobs
- ✅ Systemd services

### Application Data (`--tags data`)
- ✅ /opt directory
- ✅ /var/lib (excluding databases)
- ✅ /home directories

### Databases (`--tags databases`)
- ✅ MySQL/MariaDB (all databases)
- ✅ PostgreSQL (all databases)
- ✅ MongoDB dumps

### Logs (`--tags logs`)
- ✅ /var/log
- ✅ Audit logs

## Backup Location

Local backups: `/var/backups/`

```
/var/backups/
├── config/
│   ├── etc_backup_<timestamp>.tar.gz
│   ├── ssh_backup_<timestamp>.tar.gz
│   └── ...
├── data/
│   ├── opt_backup_<timestamp>.tar.gz
│   └── ...
├── databases/
│   ├── mysql_dump_<timestamp>.sql.gz
│   └── ...
└── logs/
    └── var_log_backup_<timestamp>.tar.gz
```

## Backup Verification

```bash
# Run backup with verification
ansible-playbook playbooks/backup.yml --tags verify

# Verify specific backup integrity
ansible all -m shell -a "gzip -t /var/backups/config/etc_backup_*.tar.gz"
```

## Cleanup Old Backups

```bash
# Remove backups older than 30 days (default)
ansible-playbook playbooks/backup.yml --tags cleanup

# Custom retention period (keep 90 days)
ansible-playbook playbooks/backup.yml --tags cleanup \
  --extra-vars "backup_retention_days=90"
```

## Remote Backup Transfer

```bash
# Transfer to remote backup server
ansible-playbook playbooks/backup.yml --tags remote \
  --extra-vars "backup_remote_dir=/mnt/backup-server/ansible"
```

## Scheduling Backups

### Cron Example

```bash
# Daily backup at 2 AM
0 2 * * * cd /opt/ansible && ansible-playbook playbooks/backup.yml

# Weekly full backup on Sunday
0 3 * * 0 cd /opt/ansible && ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"
```

### SystemD Timer

```ini
# /etc/systemd/system/ansible-backup.timer
[Unit]
Description=Ansible Backup

[Timer]
OnCalendar=daily
OnCalendar=02:00
Persistent=true

[Install]
WantedBy=timers.target
```

## Example Output

```
=========================================
Backup Summary
=========================================
Host: webserver01
Environment: production
Completed: 2025-01-11T02:30:00Z

=== Backup Details ===
Type: full
Files created: 12
Total size: 2.5G
Location: /var/backups

=== Retention ===
Retention period: 30 days
Old backups cleaned: 5

=== Verification ===
Integrity check: Passed

Manifest: /var/backups/backup_manifest_2025-01-11_0230.txt
=========================================
```

## Troubleshooting

### Insufficient disk space

Check available space:
```bash
ansible all -m shell -a "df -h /var/backups"
```

Clean old backups:
```bash
ansible-playbook playbooks/backup.yml --tags cleanup
```

### Database backup fails

Check database connectivity:
```bash
# MySQL
ansible all -m shell -a "mysqldump --version"

# PostgreSQL
ansible all -m shell -a "sudo -u postgres pg_dumpall --version"
```

### Backup integrity check fails

Manually verify:
```bash
ansible all -m shell -a "gzip -t /var/backups/config/*.gz"
```

## Restore from Backup

See [Disaster Recovery Playbook](disaster_recovery.md) for restoration procedures.

```bash
# Quick restore example
ansible-playbook playbooks/disaster_recovery.yml \
  --limit failed_host \
  --extra-vars "dr_backup_date=2025-01-11"
```

## Best Practices

1. **Test restores regularly** - Backups are useless if they can't be restored
2. **Monitor backup sizes** - Watch for unexpected growth
3. **Use remote storage** - Don't keep backups only on the same host
4. **Verify backups** - Always enable verification
5. **Document retention** - Follow compliance requirements
6. **Encrypt sensitive backups** - Use encryption for databases
7. **Schedule appropriately** - Run during low-activity periods

## Quick Reference Commands

```bash
# Full backup with verification
ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"

# Configuration only
ansible-playbook playbooks/backup.yml --tags config

# Databases only
ansible-playbook playbooks/backup.yml --tags databases

# Cleanup old backups (30+ days)
ansible-playbook playbooks/backup.yml --tags cleanup

# Custom retention (90 days)
ansible-playbook playbooks/backup.yml --tags cleanup \
  --extra-vars "backup_retention_days=90"

# Dry-run
ansible-playbook playbooks/backup.yml --check

# Specific host only
ansible-playbook playbooks/backup.yml --limit hostname

# Production environment
ansible-playbook -i inventories/production playbooks/backup.yml
```

## See Also

- [Backup Playbook](../../playbooks/backup.yml)
- [Disaster Recovery Playbook](../../playbooks/disaster_recovery.yml)
- [Maintenance Playbook](../../playbooks/maintenance.yml)