More backup solution engineering

2025-08-20 17:32:18 -04:00
parent 752353cc41
commit 16e9c32e41
2 changed files with 106 additions and 2 deletions
--- a/playbooks/backup_protocol.yml
+++ b/playbooks/backup_protocol.yml
@@ -1,6 +1,90 @@
 ---
- name: Backup Protocol
-  hosts: all
+# Bits an pieces of this play are stolen from https://github.com/gavinwill/ansible-role-pfsense-backup/tree/main
+- name: PFSense Backups
+  hosts: pfsense_nodes
+  tasks:
+    - name: Get Cookies and CSRF Token
+      ansible.builtin.uri:
+        url: "https://{{ backup_url }}/diag_backup.php"
+        validate_certs: false
+        method: GET
+        return_content: true
+      register: pfsense_cookie_token
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+      delegate_to: blacktide
+
+    - name: Set CSRF Token and Cookie Fact
+      ansible.builtin.set_fact:
+        pfsense_backup_csrf: "{{ pfsense_cookie_token.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}"
+        pfsense_backup_cookie: "{{ pfsense_cookie_token.set_cookie }}"
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+
+    - name: Authenticate with backup page and register backup CSRF
+      ansible.builtin.uri:
+        url: "https://{{ backup_url }}/diag_backup.php"
+        validate_certs: false
+        follow_redirects: false
+        method: POST
+        return_content: true
+        body_format: form-urlencoded
+        status_code: 302
+        body:
+          login: Login
+          usernamefld: "{{ backup_user }}"
+          passwordfld: "{{ backup_user_password }}"
+          __csrf_magic: "{{ pfsense_backup_csrf }}"
+        headers:
+          Cookie: "{{ pfsense_backup_cookie }}"
+      register: pfsense_cookie_token_2
+      delegate_to: blacktide
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+
+    - name: Set Cookie Fact from Backup page
+      ansible.builtin.set_fact:
+        pfsense_backup_cookie_1: "{{ pfsense_cookie_token_2.set_cookie }}"
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+
+    - name: Fetch Target page for new CSRF token
+      ansible.builtin.uri:
+        url: "https://{{ backup_url }}/diag_backup.php"
+        validate_certs: false
+        follow_redirects: false
+        method: GET
+        return_content: true
+        headers:
+          Cookie: "{{ pfsense_backup_cookie_1 }}"
+      register: pfsense_cookie_token_3
+      delegate_to: blacktide
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+
+    - name: Set fact for CSRF Token and Cookie
+      ansible.builtin.set_fact:
+        pfsense_backup_csrf_1: "{{ pfsense_cookie_token3.content | regex_search('var\\s+csrfMagicToken\\s+=\\s+\\\"([a-f0-9sidp:;,]+)\\\"', '\\1') }}"
+        pfsense_backup_cookie_2: "{{ pfsense_cookie_token_3.set_cookie }}"
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+
+    - name: Download Backup Configuration
+      ansible.builtin.uri:
+        url: "https://{{ backup_url }}/diag_backup.php"
+        validate_certs: false
+        follow_redirects: false
+        method: "POST"
+        return_content: true
+        body_format: form-urlencoded
+        body:
+          download: download
+          backupssh: "yes"
+          backupdata: "yes"
+          donotbackuprrd: "yes"
+          __csrf_magic: "{{ pfsense_backup_csrf_1 }}"
+        headers:
+          Cookie: "{{ pfsense_backup_cookie_2 }}"
+        dest: "{{ backup_location }}/{{ inventory_hostname }}_{{ now().strftime('%Y%m%d%H%M%S') }}.xml"
+      changed_when: false
+      no_log: "{{ pfsense_backup_disable_logging | default(false) }}"
+    
+- name: Docker Infrastructure Compose Backups
+  hosts: docker_nodes
  become: true
  become_method: sudo
  collections: