First stab at moving bacula over to ansible.

files/bacula/bacula-fd.conf.j2

@@ -0,0 +1,46 @@
+#
+# Default  Bacula File Daemon Configuration file
+#
+#  For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod)
+#
+# There is not much to change here except perhaps the
+# File daemon Name to
+#
+
+#
+# List Directors who are permitted to contact this File daemon
+#
+Director {
+  Name = bacula-dir
+  Password = "{{ bacula5PasswordDir }}"
+}
+
+#
+# Restricted Director, used by tray-monitor to get the
+#   status of the file daemon
+#
+Director {
+  Name = bacula-mon
+  Password = "{{ bacula5PasswordDir }}"
+  Monitor = yes
+}
+
+#
+# "Global" File daemon configuration specifications
+#
+FileDaemon {                          # this is me
+  Name = bacula-fd
+  FDport = 9102                  # where we listen for the director
+  WorkingDirectory = /var/spool/bacula
+  Pid Directory = /var/run
+  Maximum Concurrent Jobs = 10
+  Heartbeat Interval = 10
+  #Maximum Network Buffer Size = 131072
+}
+
+# Send all messages except skipped files back to Director
+Messages {
+  Name = Standard
+  director = bacula-dir = all, !skipped, !restored
+}
+

files/bacula/bacula-sd.conf.j2

@@ -0,0 +1,104 @@
+#
+# Default Bacula Storage Daemon Configuration file
+#
+#  For Bacula release 2.0.3 (06 March 2007) -- redhat (Zod)
+#
+# You may need to change the name of your tape drive
+#   on the "Archive Device" directive in the Device
+#   resource.  If you change the Name and/or the 
+#   "Media Type" in the Device resource, please ensure
+#   that dird.conf has corresponding changes.
+#
+
+Storage {                             # definition of myself
+  Name = bacula-sd
+  SDPort = 9103                  # Director's port      
+  WorkingDirectory = "/var/spool/bacula"
+  Pid Directory = "/var/run"
+  Maximum Concurrent Jobs = 10
+  Heartbeat Interval = 5
+}
+
+#
+# List Directors who are permitted to contact Storage daemon
+#
+Director {
+  Name = bacula-dir
+  Password = "{{ bacula5PasswordDir }}"
+}
+
+#
+# Restricted Director, used by tray-monitor to get the
+#   status of the storage daemon
+#
+Director {
+  Name = bacula-mon
+  Password = "{{ bacula5PasswordDir }}"
+  Monitor = yes
+}
+
+#
+# Devices supported by this Storage daemon
+# To connect, the Director's bacula-dir.conf must have the
+#  same Name and MediaType. 
+#
+
+Device {
+  Name = FileStorage
+  Media Type = File
+  Archive Device = /bacula/
+  LabelMedia = yes;                   # lets Bacula label unlabeled media
+  Random Access = Yes;
+  AutomaticMount = yes;               # when device opened, read it
+  RemovableMedia = no;
+  AlwaysOpen = no;
+}
+
+
+Device {
+  Name = FileStorage2
+  Media Type = File
+  Archive Device = /bacula2/
+  LabelMedia = yes;                   # lets Bacula label unlabeled media
+  Random Access = Yes;
+  AutomaticMount = yes;               # when device opened, read it
+  RemovableMedia = no;
+  AlwaysOpen = no;
+}
+
+#
+# An autochanger device with two drives
+
+Autochanger {
+  Name = Autochanger
+  Device = Drive-1
+  Changer Command = "/usr/libexec/bacula/mtx-changer %c %o %S %a %d"
+  Changer Device = /dev/sg1
+}
+
+Device {
+  Name = Drive-1                      #
+  Drive Index = 0
+  Media Type = LTO-5
+  Archive Device = /dev/nst0
+  AutomaticMount = yes;               # when device opened, read it
+  AlwaysOpen = yes;
+  RemovableMedia = yes;
+  RandomAccess = no;
+  AutoChanger = yes
+  SpoolDirectory = /bacula/bacula/spool/;
+  Maximum Spool Size = 1600G;
+#  Label Media = yes
+  # Enable the Alert command only if you have the mtx package loaded
+  Alert Command = "sh -c 'tapeinfo -f %c |grep TapeAlert|cat'"
+  # If you have smartctl, enable this, it has more info than tapeinfo 
+  Alert Command = "sh -c 'smartctl -H -l error %c'"  
+}
+# 
+# Send all messages to the Director, 
+# mount messages also are sent to the email address
+#
+Messages {
+  Name = Standard
+  director = bacula-dir = all
+}

files/bacula/bconsole.conf.j2

@@ -0,0 +1,10 @@
+#
+# Bacula User Agent (or Console) Configuration File
+#
+
+Director {
+  Name = bacula-dir
+  DIRport = 9101
+  address = localhost
+  Password = "{{ bacula5PasswordCon }}"
+}

files/bacula/fedora_delete_catalog_backup

@@ -0,0 +1,5 @@
+#!/bin/sh
+#
+# This script deletes a catalog dump
+#
+rm -f /bacula/bacula.sql

files/bacula/fedora_make_catalog_backup

@@ -0,0 +1,3 @@
+#!/bin/sh
+rm -f /bacula/bacula.sql
+/usr/bin/mysqldump -u bacula -f bacula > /bacula/bacula.sql

files/mysql/my.cnf

@@ -0,0 +1,74 @@
+[mysqld]
+datadir=/var/lib/mysql
+socket=/var/lib/mysql/mysql.sock
+user=mysql
+# Default to using old password format for compatibility with mysql 3.x
+# clients (those using the mysqlclient10 compatibility package).
+old_passwords=1
+max_connections=900
+query_cache_size=64M
+query_cache_limit=2M
+ft_min_word_len=3
+
+log-slow-queries=/var/log/mysqld/slow-queries.log
+long_query_time = 2
+general_log = 1
+general_log_file = /var/log/mysqld/mysql-transfer.log
+
+skip-locking
+key_buffer = 384M
+key_buffer_size=64M
+max_allowed_packet = 16M
+table_cache = 2048
+sort_buffer_size = 8M
+join_buffer_size = 8M
+read_buffer_size = 2M
+read_rnd_buffer_size = 16M
+bulk_insert_buffer_size = 64M
+myisam_sort_buffer_size = 128M
+myisam_max_sort_file_size=15G
+myisam_max_extra_sort_file_size = 10G
+thread_cache_size = 8
+# Try number of CPU's*2 for thread_concurrency
+thread_concurrency = 16
+thread_stack = 192K
+
+transaction_isolation = REPEATABLE-READ
+
+back_log = 50
+binlog_cache_size = 1M
+max_heap_table_size = 128M
+
+tmp_table_size = 128M
+
+innodb_additional_mem_pool_size = 16M
+innodb_buffer_pool_size = 4G
+innodb_file_io_threads = 4
+innodb_thread_concurrency = 16
+innodb_flush_log_at_trx_commit = 1
+innodb_log_buffer_size = 8M
+#innodb_log_file_size = 2G
+#innodb_log_files_in_group = 3
+innodb_max_dirty_pages_pct = 90
+
+
+[mysqld_safe]
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+open-files-limit = 8192
+
+[isamchk]
+key_buffer = 512M
+sort_buffer_size = 512M
+read_buffer = 8M
+write_buffer = 8M
+
+[myisamchk]
+key_buffer = 512M
+sort_buffer_size = 512M
+read_buffer = 8M
+write_buffer = 8M
+
+[mysqlhotcopy]
+interactive-timeout
+

playbooks/groups/backup-server.yml

@@ -0,0 +1,32 @@
+# create a new backup server system
+# NOTE: should be used with --limit most of the time
+# NOTE: make sure there is room/space for this instance on the buildvmhost
+# NOTE: most of these vars come from group_vars/backup_server or from hostvars
+
+- name: make backup server system
+  hosts: backup-server
+  user: root
+  gather_facts: False
+
+  vars_files: 
+   - /srv/web/infra/ansible/vars/global.yml
+   - ${private}/vars.yml
+   - ${vars}/${ansible_distribution}.yml
+
+  tasks:
+  tasks:
+  - include: $tasks/hosts.yml
+  - include: $tasks/yumrepos.yml
+  - include: $tasks/base.yml
+  - include: $tasks/fas_client.yml
+  - include: $tasks/2fa_client.yml
+  - include: $tasks/motd.yml
+  - include: $tasks/sudo.yml
+  - include: $tasks/rkhunter.yml
+  - include: $tasks/denyhosts.yml
+  - include: $tasks/nagios_client.yml
+  - include: $tasks/mysql_server.yml
+  - include: $tasks/bacula_server.yml
+
+  handlers:
+  - include: $handlers/restart_services.yml

tasks/bacula_server.yml

@@ -0,0 +1,58 @@
+---
+# tasklist for setting up the backup server.
+- name: install bacula
+  yum: pkg=$item state=installed
+  with_items:
+  - bacula-director-mysql
+  - bacula-sd
+  - bacula-storage-mysql
+  - bacula-console
+  - bacula-client
+  - mysql-server
+  - mtx
+  tags:
+  - packages
+
+# install bacula config files. 
+- name: install bacula storage director configs
+  template: src=$files/bacula/bacula-sd.conf.j2 dest=/etc/bacula/bacula-sd.conf mode=640
+  notify:
+  - restart bacula-sd
+  tags:
+  - config
+
+- name: install bacula director configs
+  template: src=$files/bacula/bacula-dir.conf.j2 dest=/etc/bacula/bacula-dir.conf mode=640
+  notify:
+  - restart bacula-dir
+  tags:
+  - config
+
+- name: install bacula file configs
+  template: src=$files/bacula/bacula-fd.conf.j2 dest=/etc/bacula/bacula-fd.conf mode=640
+  notify:
+  - restart bacula-fd
+  tags:
+  - config
+
+- name: install bacula console config
+  template: src=$files/bacula/bconsole.conf.j2 dest=/etc/bacula/bconsole.conf mode=640
+  tags:
+  - config
+
+- name: install bacula scripts
+  copy: src=$files/bacula/$item dest=/usr/local/bin/$item mode=0755
+  with_items:
+  - fedora_make_catalog_backup
+  - fedora_delete_catalog_backup
+  tags:
+  - config
+
+- name: enable bacula-sd service
+  service: name=bacula-sd state=started enabled=yes
+
+- name: enable bacula-dir service
+  service: name=bacula-dir state=started enabled=yes
+
+- name: enable bacula-fd service
+  service: name=bacula-fd state=started enabled=yes

tasks/mysql_server.yml

@@ -0,0 +1,18 @@
+---
+#
+# Setup mysql server. 
+#
+- name: install mysql server packages
+  yum: name=$item state=installed
+  with_items:
+  - mysql-server
+  tags:
+  - packages
+
+- name: install our my.cnf
+  copy: src=$files/mysql/my.cnf dest=/etc/my.cnf owner=root group=root mode=0644
+
+- name: Set mysql-server to run
+  service: name=mysqld enabled=yes state=running
+  tags:
+  - service