infra-automation/cheatsheets/playbooks/backup.md

Backup Playbook Cheatsheet

Quick reference for using the backup playbook.

Quick Start

# Run full backup on all hosts
ansible-playbook playbooks/backup.yml

# Backup specific environment
ansible-playbook -i inventories/production playbooks/backup.yml

# Dry-run
ansible-playbook playbooks/backup.yml --check

Common Usage

Full Backup

# Complete backup (config + data + databases)
ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"

# Production environment
ansible-playbook -i inventories/production playbooks/backup.yml \
  --extra-vars "backup_type=full"

Incremental Backup (Default)

# Configuration and databases only
ansible-playbook playbooks/backup.yml

Selective Backups

# Configuration files only
ansible-playbook playbooks/backup.yml --tags config

# Databases only
ansible-playbook playbooks/backup.yml --tags databases

# Application data only
ansible-playbook playbooks/backup.yml --tags data

# Log files
ansible-playbook playbooks/backup.yml --tags logs

Available Tags

Tag	Description
config	System configuration files (/etc, SSH, network)
data	Application data (/opt, /var/lib, /home)
databases	MySQL, PostgreSQL, MongoDB dumps
logs	Log files and audit logs
verify	Verify backup integrity
cleanup	Remove old backups

Extra Variables

Variable	Default	Description
backup_type	incremental	Backup type (full or incremental)
backup_retention_days	30	How long to keep backups
backup_compress	true	Compress backups
backup_verify	true	Verify backup integrity
backup_remote_dir	None	Remote backup destination

What Gets Backed Up

Configuration (--tags config)

• ✅ /etc directory
• ✅ SSH configuration
• ✅ Network configuration
• ✅ Firewall rules
• ✅ Cron jobs
• ✅ Systemd services

Application Data (--tags data)

• ✅ /opt directory
• ✅ /var/lib (excluding databases)
• ✅ /home directories

Databases (--tags databases)

• ✅ MySQL/MariaDB (all databases)
• ✅ PostgreSQL (all databases)
• ✅ MongoDB dumps

Logs (--tags logs)

• ✅ /var/log
• ✅ Audit logs

Backup Location

Local backups: /var/backups/

/var/backups/
├── config/
│   ├── etc_backup_<timestamp>.tar.gz
│   ├── ssh_backup_<timestamp>.tar.gz
│   └── ...
├── data/
│   ├── opt_backup_<timestamp>.tar.gz
│   └── ...
├── databases/
│   ├── mysql_dump_<timestamp>.sql.gz
│   └── ...
└── logs/
    └── var_log_backup_<timestamp>.tar.gz

Backup Verification

# Run backup with verification
ansible-playbook playbooks/backup.yml --tags verify

# Verify specific backup integrity
ansible all -m shell -a "gzip -t /var/backups/config/etc_backup_*.tar.gz"

Cleanup Old Backups

# Remove backups older than 30 days (default)
ansible-playbook playbooks/backup.yml --tags cleanup

# Custom retention period (keep 90 days)
ansible-playbook playbooks/backup.yml --tags cleanup \
  --extra-vars "backup_retention_days=90"

Remote Backup Transfer

# Transfer to remote backup server
ansible-playbook playbooks/backup.yml --tags remote \
  --extra-vars "backup_remote_dir=/mnt/backup-server/ansible"

Scheduling Backups

Cron Example

# Daily backup at 2 AM
0 2 * * * cd /opt/ansible && ansible-playbook playbooks/backup.yml

# Weekly full backup on Sunday
0 3 * * 0 cd /opt/ansible && ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"

SystemD Timer

# /etc/systemd/system/ansible-backup.timer
[Unit]
Description=Ansible Backup

[Timer]
OnCalendar=daily
OnCalendar=02:00
Persistent=true

[Install]
WantedBy=timers.target

Example Output

=========================================
Backup Summary
=========================================
Host: webserver01
Environment: production
Completed: 2025-01-11T02:30:00Z

=== Backup Details ===
Type: full
Files created: 12
Total size: 2.5G
Location: /var/backups

=== Retention ===
Retention period: 30 days
Old backups cleaned: 5

=== Verification ===
Integrity check: Passed

Manifest: /var/backups/backup_manifest_2025-01-11_0230.txt
=========================================

Troubleshooting

Insufficient disk space

Check available space:

ansible all -m shell -a "df -h /var/backups"

Clean old backups:

ansible-playbook playbooks/backup.yml --tags cleanup

Database backup fails

Check database connectivity:

# MySQL
ansible all -m shell -a "mysqldump --version"

# PostgreSQL
ansible all -m shell -a "sudo -u postgres pg_dumpall --version"

Backup integrity check fails

Manually verify:

ansible all -m shell -a "gzip -t /var/backups/config/*.gz"

Restore from Backup

See Disaster Recovery Playbook for restoration procedures.

# Quick restore example
ansible-playbook playbooks/disaster_recovery.yml \
  --limit failed_host \
  --extra-vars "dr_backup_date=2025-01-11"

Best Practices

1. Test restores regularly - Backups are useless if they can't be restored
2. Monitor backup sizes - Watch for unexpected growth
3. Use remote storage - Don't keep backups only on the same host
4. Verify backups - Always enable verification
5. Document retention - Follow compliance requirements
6. Encrypt sensitive backups - Use encryption for databases
7. Schedule appropriately - Run during low-activity periods

Quick Reference Commands

# Full backup with verification
ansible-playbook playbooks/backup.yml \
  --extra-vars "backup_type=full"

# Configuration only
ansible-playbook playbooks/backup.yml --tags config

# Databases only
ansible-playbook playbooks/backup.yml --tags databases

# Cleanup old backups (30+ days)
ansible-playbook playbooks/backup.yml --tags cleanup

# Custom retention (90 days)
ansible-playbook playbooks/backup.yml --tags cleanup \
  --extra-vars "backup_retention_days=90"

# Dry-run
ansible-playbook playbooks/backup.yml --check

# Specific host only
ansible-playbook playbooks/backup.yml --limit hostname

# Production environment
ansible-playbook -i inventories/production playbooks/backup.yml

See Also

• Backup Playbook
• Disaster Recovery Playbook
• Maintenance Playbook