create & start docker container running fphammerle/mysqldump-sshd:2.0.0-mariadb10.5.8r0-openssh8.4p1r3-amd64; fetch ssh host keys

README.md

@@ -0,0 +1,35 @@
+# Ansible Role: mysqldump-sshd 💾 🐳
+
+Single-user [OpenSSH server](https://www.openssh.com/)
+launching `mysqldump` to backup
+[mariadb](https://mariadb.com/kb/en/backup-and-restore-overview/)
+and [mysql](https://dev.mysql.com/doc/refman/5.7/en/backup-types.html)
+databases via SSH.
+
+## Required Variables
+
+```yaml
+mysqldump_sshd_container_name: mysqldump_sshd
+mysqldump_sshd_published_port: 2200
+mysqldump_sshd_client_public_keys: |-
+  ssh-rsa ...
+  ssh-rsa ...
+mysqldump_sshd_mysqldump_args: >-
+  --host=dbhost
+  --all-databases
+  --single-transaction
+  ...
+mysqldump_sshd_network_name: database
+```
+
+## Optional Variables
+
+```yaml
+mysqldump_sshd_container_image: fphammerle/mysqldump-sshd@sha256:2ac782a8e35742a0f90ea71423567df92d0772ebc04845fdc5d141987d8fe078
+```
+
+## Returned Variables
+
+```yaml
+mysqldump_sshd_host_keys
+```

defaults/main.yml

@@ -0,0 +1,4 @@
+# https://github.com/fphammerle/docker-mysqldump-sshd/tags
+# object cd2d5d3957ec35102af796f27feae74cf059343f
+# tag docker/2.0.0-mariadb10.5.8r0-openssh8.4p1r3-amd64
+mysqldump_sshd_container_image: fphammerle/mysqldump-sshd@sha256:9af937be3414618a37a0e70d9e23b2f5e0d59390e4a6a0af797a168f91ba2ed4

tasks/main.yml

@@ -0,0 +1,44 @@
+- docker_container:
+    name: '{{ mysqldump_sshd_container_name }}'
+    image: '{{ mysqldump_sshd_container_image }}'
+    env:
+      SSH_CLIENT_PUBLIC_KEYS: '{{ mysqldump_sshd_client_public_keys }}'
+      MYSQLDUMP_ARGS: '{{ mysqldump_sshd_mysqldump_args }}'
+    read_only: yes
+    mounts:
+    - type: volume
+      source: '{{ mysqldump_sshd_container_name }}_host_keys'
+      target: /etc/ssh/host_keys
+      read_only: no
+    - type: tmpfs
+      target: /home/dump/.ssh # authorized_keys
+      tmpfs_size: 16k
+      tmpfs_mode: '1777'
+    networks: [name: '{{ mysqldump_sshd_network_name }}']
+    purge_networks: yes
+    published_ports: ['0.0.0.0:{{ mysqldump_sshd_published_port }}:2200']
+    cap_drop: [ALL]
+    security_opts: [no-new-privileges]
+    cpu_quota: 2000
+    cpu_period: 10000
+    memory: 64M
+    restart_policy: unless-stopped
+    state: started
+  register:  _container
+- name: wait for host keys
+  wait_for:
+    path: >-
+      {{ (_container.container.Mounts
+          | items2dict(key_name='Destination', value_name='Source'))
+         ['/etc/ssh/host_keys'] }}/{{ item }}.pub
+  loop: [rsa, ed25519]
+  register: _host_keys_files
+- name: read host keys
+  slurp:
+    src: '{{ item }}'
+  loop: "{{ _host_keys_files.results | map(attribute='path') | list }}"
+  register: _host_keys_base64
+- name: decode host keys
+  set_fact:
+    mysqldump_sshd_host_keys: >-
+      {{ _host_keys_base64.results | map(attribute='content') | map('b64decode') | map('trim') | list }}