feat: add backup script

defaults/main.yml

@@ -1,2 +1,8 @@
 ---
 vault_listener_address: 0.0.0.0
+# vault backup variable
+vault_snapshot: false
+vault_backup_location: /tmp
+vault_cron_hour: 1
+vault_roleID: ''
+vault_secretID: ''

files/vault-backup.sh

@@ -0,0 +1,31 @@
+export PATH_SNAPSHOT=$1
+export PATH_DIR="daily"
+export PATH_BACKUP=$PATH_SNAPSHOT"/"$PATH_DIR
+export VAULT_APPROLEID=$2
+export VAULT_SECRETID=$3
+export RETENTION=30
+export ENV="0"    # (0 = staging, 1 = production)
+export SNAPSHOT_FILE=$(date +%Y-%m-%d)
+
+
+create_snapshot_folder(){
+  mkdir -p $PATH_BACKUP
+}
+
+run_snapshot() {
+  VAULT_TOKEN=$(/usr/bin/vault write -field=token auth/approle/login role_id=$VAULT_APPROLEID secret_id=$VAULT_SECRETID)
+  /usr/bin/vault operator raft snapshot save $PATH_BACKUP/$SNAPSHOT_FILE.snap
+}
+
+retention() {
+find $PATH_BACKUP -name "*.snap" -mtime +${RETENTION} -print -exec rm {} \;
+}
+
+main() {
+  create_snapshot_folder
+  run_snapshot
+  retention
+}
+
+### START HERE ###
+main $@

tasks/main.yml

@@ -57,3 +57,20 @@
     name: '{{ vault_os_service }}'
     state: started
     enabled: true
+
+- name: configure backup
+  block:
+    - name: copy backup script
+      copy:
+        dest: "/opt/vault/vault-backup.sh"
+        mode: 0744
+        owner: vault
+        src: vault-backup.sh
+    - name: vault snaphot cron.d
+      cron:
+        name: vault backup
+        user: vault
+        state: present
+        job: "/opt/vault/vault-backup.sh {{ vault_backup_location }} {{vault_roleID}} {{vault_secretID}}"
+        hour: "{{vault_cron_hour}}"
+  when: vault_snapshot