From f88915db97c0ba225063e48cbbc3f0e4667c21dc Mon Sep 17 00:00:00 2001
From: jszwedko <jesse.szwedko@gmail.com>
Date: Wed, 24 Sep 2014 16:41:06 -0400
Subject: [PATCH 1/4] Fix logging defaults to use a single directory and expose
 barman groups

So that users of the role can create just one log directory and set the
user's group such that it can write/read it.
---
 defaults/main.yml | 7 ++++---
 tasks/main.yml    | 5 +++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 0cc0d0c..6c636b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,7 +1,8 @@
 ---
 barman_home: /var/barman
 barman_user: barman
-barman_log_file: /var/log/barman.log
+barman_groups: syslog # comma delimited list of groups
+barman_log_file: /var/log/barman/barman.log
 barman_log_level: INFO
 barman_compression: bzip2
 # Corresponding public key for the default:
@@ -10,9 +11,9 @@ barman_compression: bzip2
 # This key is used by Barman for SSH access onto the master
 barman_ssh_key_file: id_rsa
 barman_maintenance_schedule: '*/30 * * * *' # How often to run `barman cron`
-barman_maintenance_log_file: /var/log/barman-cron.log
+barman_maintenance_log_file: /var/log/barman/cron.log
 barman_backup_schedule: '0 1 * * *' # How often to run `barman backup all`
-barman_backup_log_file: /var/log/barman-backup.log
+barman_backup_log_file: /var/log/barman/backup.log
 
 # List of servers to maintain backups for.
 #
diff --git a/tasks/main.yml b/tasks/main.yml
index 2618d65..255b867 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -2,6 +2,7 @@
 - name: "create barman user"
   user:
     name='{{barman_user}}'
+    groups='{{barman_groups}}'
     state=present
   register: barman_create_barman_user
 - name: "add ssh key"
@@ -26,7 +27,7 @@
     day={{barman_maintenance_schedule.split()[2]}}
     month={{barman_maintenance_schedule.split()[3]}}
     weekday={{barman_maintenance_schedule.split()[4]}}
-    job="date >> {{barman_maintenance_log_file}}.log && barman cron >> {{barman_maintenance_log_file}}.log 2>&1"
+    job="date >> {{barman_maintenance_log_file}} && barman cron >> {{barman_maintenance_log_file}} 2>&1"
     user="{{barman_user}}"
     state=present
 - name: "add backup job"
@@ -37,6 +38,6 @@
     day={{barman_backup_schedule.split()[2]}}
     month={{barman_backup_schedule.split()[3]}}
     weekday={{barman_backup_schedule.split()[4]}}
-    job="date >> {{barman_backup_log_file}}.log && barman backup all >> {{barman_backup_log_file}}.log 2>&1"
+    job="date >> {{barman_backup_log_file}} && barman backup all >> {{barman_backup_log_file}} 2>&1"
     user="{{barman_user}}"
     state=present

From 776389da464769068969a292bf3cbefba6ff67b1 Mon Sep 17 00:00:00 2001
From: jszwedko <jesse.szwedko@gmail.com>
Date: Wed, 24 Sep 2014 16:42:09 -0400
Subject: [PATCH 2/4] Add ability to set an authorized key for the barman user

For use on the postgres master to rsync the archives
---
 defaults/main.yml |  5 +++--
 tasks/main.yml    | 11 +++++++++++
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 6c636b5..ce80ef7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,8 +5,9 @@ barman_groups: syslog # comma delimited list of groups
 barman_log_file: /var/log/barman/barman.log
 barman_log_level: INFO
 barman_compression: bzip2
-# Corresponding public key for the default:
-# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aLw6EQNion1jk60RrhmKjW5swmEA0EVZUOzTLVmYfSnEMFKOZ3hPpuxSjvJ3HRPQM1XqzSJN0RuG4yaZT6EZ+sxGJ5vs+ckcKCP4UT38QJp1MMNl65Q2GScyOMA9SRnQhID4PPMgCrHkL8bcOEXiYlvtDTAweT58Xmi4ZJ5Et/4faRRb0o4gxOa4V1dcUCFgR36K+DbcDeR/+KiLuIziXlniAzx9nJIrHCp2Lb6JNquXTmk7SPqBsPJ2bs1O1nNQNtrJwvFQET5M2KOETt+U+nKRQLLOVx7fJs5GE/odABskcy441n+jiSvNYjWjGI+LD2Zo1cKQXlxxBEsgmOOR barman
+# Key for use by master to send archive segments
+# (the default is also corresponding public key for the default barman_ssh_key_file)
+barman_archive_pub_key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aLw6EQNion1jk60RrhmKjW5swmEA0EVZUOzTLVmYfSnEMFKOZ3hPpuxSjvJ3HRPQM1XqzSJN0RuG4yaZT6EZ+sxGJ5vs+ckcKCP4UT38QJp1MMNl65Q2GScyOMA9SRnQhID4PPMgCrHkL8bcOEXiYlvtDTAweT58Xmi4ZJ5Et/4faRRb0o4gxOa4V1dcUCFgR36K+DbcDeR/+KiLuIziXlniAzx9nJIrHCp2Lb6JNquXTmk7SPqBsPJ2bs1O1nNQNtrJwvFQET5M2KOETt+U+nKRQLLOVx7fJs5GE/odABskcy441n+jiSvNYjWjGI+LD2Zo1cKQXlxxBEsgmOOR barman'
 # Writes as ~{{barman_user}}/.ssh/id_rsa
 # This key is used by Barman for SSH access onto the master
 barman_ssh_key_file: id_rsa
diff --git a/tasks/main.yml b/tasks/main.yml
index 255b867..35b2cde 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -5,10 +5,21 @@
     groups='{{barman_groups}}'
     state=present
   register: barman_create_barman_user
+- name: "create ssh directory"
+  file:
+    path='{{barman_create_barman_user.home}}/.ssh'
+    state=directory
+    owner='{{barman_user}}'
+    group='{{barman_user}}'
 - name: "add ssh key"
   copy:
     src='{{barman_ssh_key_file}}'
     dest='{{barman_create_barman_user.home}}/.ssh/id_rsa'
+- name: "add authorized ssh key"
+  authorized_key:
+    key='{{barman_archive_pub_key}}'
+    user="{{barman_user}}"
+    state=present
 - name: "write barman.conf"
   template: src=barman.conf.j2 dest=/etc/barman.conf owner='{{barman_user}}'
 - name: "create home directory"

From ce5f4d7a62610b8ae6d08f7e79c76b61ef153786 Mon Sep 17 00:00:00 2001
From: jszwedko <jesse.szwedko@gmail.com>
Date: Wed, 24 Sep 2014 16:43:49 -0400
Subject: [PATCH 3/4] Update example rsync command to use for archiving

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8f202f7..57d2e88 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ Upstream server should be configured to send WAL archives to this server. This c
 ```ini
 wal_level = 'archive'
 archive_mode = on
-archive_command = 'rsync -az %p {{barman_user}}@{{this host}}:{{barman_home}}/{{name}}/%f'
+archive_command = 'rsync -ap --bwlimit=1000 %p {{barman_user}}@{{this host}}:{{barman_home}}/{{name}}/%f'
 ```
 
 The barman server should have pip and postgres installed.

From 14f46fb146c1534b47d4db38b4a8fa8b1d195941 Mon Sep 17 00:00:00 2001
From: jszwedko <jesse.szwedko@gmail.com>
Date: Wed, 24 Sep 2014 16:55:17 -0400
Subject: [PATCH 4/4] Remove SSH defaults and force the user to specify them

---
 defaults/main.yml | 12 ++++++------
 files/id_rsa      | 27 ---------------------------
 2 files changed, 6 insertions(+), 33 deletions(-)
 delete mode 100644 files/id_rsa

diff --git a/defaults/main.yml b/defaults/main.yml
index ce80ef7..e4c252e 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,16 +1,16 @@
 ---
+# Key for use by master to send archive segments
+barman_archive_pub_key: # required
+# Writes as ~{{barman_user}}/.ssh/id_rsa
+# This key is used by Barman for SSH access onto the master
+barman_ssh_key_file: #required
+
 barman_home: /var/barman
 barman_user: barman
 barman_groups: syslog # comma delimited list of groups
 barman_log_file: /var/log/barman/barman.log
 barman_log_level: INFO
 barman_compression: bzip2
-# Key for use by master to send archive segments
-# (the default is also corresponding public key for the default barman_ssh_key_file)
-barman_archive_pub_key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7aLw6EQNion1jk60RrhmKjW5swmEA0EVZUOzTLVmYfSnEMFKOZ3hPpuxSjvJ3HRPQM1XqzSJN0RuG4yaZT6EZ+sxGJ5vs+ckcKCP4UT38QJp1MMNl65Q2GScyOMA9SRnQhID4PPMgCrHkL8bcOEXiYlvtDTAweT58Xmi4ZJ5Et/4faRRb0o4gxOa4V1dcUCFgR36K+DbcDeR/+KiLuIziXlniAzx9nJIrHCp2Lb6JNquXTmk7SPqBsPJ2bs1O1nNQNtrJwvFQET5M2KOETt+U+nKRQLLOVx7fJs5GE/odABskcy441n+jiSvNYjWjGI+LD2Zo1cKQXlxxBEsgmOOR barman'
-# Writes as ~{{barman_user}}/.ssh/id_rsa
-# This key is used by Barman for SSH access onto the master
-barman_ssh_key_file: id_rsa
 barman_maintenance_schedule: '*/30 * * * *' # How often to run `barman cron`
 barman_maintenance_log_file: /var/log/barman/cron.log
 barman_backup_schedule: '0 1 * * *' # How often to run `barman backup all`
diff --git a/files/id_rsa b/files/id_rsa
deleted file mode 100644
index 7fd2d3d..0000000
--- a/files/id_rsa
+++ /dev/null
@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAu2i8OhEDYqJ9Y5OtEa4Zio1ubMJhANBFWVDs0y1ZmH0pxDBS
-jmd4T6bsUo7ydx0T0DNV6s0iTdEbhuMmmU+hGfrMRieb7PnJHCgj+FE9/ECadTDD
-ZeuUNhknMjjAPUkZ0ISA+DzzIAqx5C/G3DhF4mJb7Q0wMHk+fF5ouGSeRLf+H2kU
-W9KOIMTmuFdXXFAhYEd+ivg23A3kf/ioi7iM4l5Z4gM8fZySKxwqdi2+iTarl05p
-O0j6gbDydm7NTtZzUDbaycLxUBE+TNijhE7flPpykUCyzlce3ybORhP6HQAbJHMu
-ONZ/o4krzWI1oxiPiw9maNXCkF5ccQRLIJjjkQIDAQABAoIBAQCXeP25yQp9bGwA
-UdnuklMeg1WfHjSdHbkPibMAtITYFUHuykfPxZ2ec4JK8DLVR3E+NF/bGdYCI2Mm
-UO5ft9a0UttMULNchD+iPGdmSvPYsLamxbUI6bGvUAE4PFpUroLo4FAFU+4GFd7W
-Wi9WyzzgzzMRlDlA1J5Gk1/8uYaabuBBq4me0xLVong8cOjTHTdqDTc5wn+gwfjG
-2NOPT4dVwKebBBQzG/zFMxNfEI1bNuJ5fVI/+AOYi+SVxrx8JjJ3N0nBO+Z5bIpk
-GKghEC02G1JMbI/jl9QIWQgJgDYXJtss73Yji7V2UGiP/PJ7h8NCAOlpfdyuyXN9
-vUC6oyQBAoGBAPL4B4mfHhXfMjnbqkSsdObRG18kYhRy7LSyy3vJOBv07fomM/UW
-mykTpn2xDAQg48fkFr3O9ZbunZjhduEt2i3KQ8LOfmzGIVqgY8vgtcEOF2yP5BYp
-VEkfiIceTHFsPuGbKtRel1dNLv3qlaMGkMevZSz9hiI8SkG0ZXORvLvhAoGBAMV1
-3mO0Zg1oC+A9w5Qhwi6WObJu0raXerRTclnya3QVAFcYDWovG2SU5OWkqh7z6rPp
-CbM6F07jCyrKh7rHySLiOJEt104B4qXlaYXFSrLqZ2A/NZlZB3nzeuYqasDhkBAK
-shIjAJXtuFb2wHWIxa/IFMOcIIiOldQVVvbqIp2xAoGAfngObFsvrNDV8vndQgvG
-edLEfZyRlPVRMqmSc2eE1kCCkt/J0bwnnZUF54z9pTR9fDHEiJ4uhZbE36wUVheo
-5obPCJq1gecLu4GbEKdx1ACCvtaTMdnnbnyEc1iZD7z5ajN7crmd6ypY2IB/zTEA
-sYAhmO6KIE3jlRnSaPqmE+ECgYA004TMjc2jlote0YdKUQG/Lud+qhFrUfk81vpH
-wAgpRRkTM9ca6kFc1kyqdzQgFcdbnGPA9DCaJTmumAJZ4OsZjwXtKSNpti1pjod9
-hzulw/omEKMJRH0wjgf6HazzryS4dfQP0BdvBOsFMPxqNU4V6eRMNK+reOHynEbo
-xdi+8QKBgQC5WW9yOZdKe13btrItdHE5LZ7EHJNZT893A2o0NGZnVS4LoX9NV8t3
-6Aasp4xxddMK8QFZIXhth/iG69UowG4IVQrGpe94MCrfJissJfkErjP3pbFyGiPZ
-B6FBZA7vuCHM8ePRUrU9VKb7iRy5OjAKzUOk8FHGOeKNdNck+NTVZQ==
------END RSA PRIVATE KEY-----