Merge pull request #7 from FiaasCo/hotfix/clarify-appendonly-modes
Improve and clarify append-only
This commit is contained in:
commit
69ca2bf11d
11
README.md
11
README.md
@ -4,7 +4,7 @@ The role supports both self hosted and offsite backup-storage such as rsync.net
|
||||
|
||||
It's possible to configure append-only repositories to secure the backups against deletion from the client.
|
||||
|
||||
Ansible 2.4 is required to run this role.
|
||||
Ansible 2.4 or higher is required to run this role.
|
||||
|
||||
## Required variables
|
||||
Define a group borgbackup\_servers in your inventory with one or multiple hosts. The group borgbackup\_management is only necessary if you want to enable append-only mode and prune the backups from a secured hosts.
|
||||
@ -63,9 +63,11 @@ borgbackup_cron_hour: "{{ 5|random }}"
|
||||
```
|
||||
Override borgbackup\_client\_user where required, for example if you have a laptop with an encrypted homedir you'll have to run the backup as the user of that homedir.
|
||||
|
||||
Set borgbackup\_appendonly: True in host or group vars if you want append-only repositories. In that case it's possible to define a hostname in borgbackup\_management\_station where a borg prune script will be configured. Only the management station will have permission to prune old backups for (all) clients.
|
||||
Set borgbackup\_appendonly: True in host or group vars if you want append-only repositories. In that case it's possible to define a hostname in borgbackup\_management\_station where a borg prune script will be configured. Only the management station will have permission to prune old backups for (all) clients. This will generate serve with --append-only ssh key options.
|
||||
If you set borgbackup\_appendonly\_repoconfig to True, this will also disable the possibility to remove backups from the management station. (Or at least: it's not possible to remove them till you reconfigure the repository and this is currently not supported in the prune script)
|
||||
Be aware of the limitations of append-only mode: [pruned backups appear to be removed, but are only removed in the transaction log till something writes in normal mode to the repository](https://github.com/borgbackup/borg/issues/3504))
|
||||
|
||||
*Make sure to check the configured defaults for this role, which contains the list of default locations being backed up in backup_include.* Override this in your inventory where required.
|
||||
*Make sure to check the configured defaults for this role, which contains the list of default locations being backed up in backup\_include.* Override this in your inventory where required.
|
||||
|
||||
## Usage
|
||||
|
||||
@ -76,4 +78,5 @@ ansible-playbook -i inventory/test backup.yml -l client1.fiaas.co
|
||||
```
|
||||
|
||||
## Further reading
|
||||
* https://borgbackup.readthedocs.io/en/stable/
|
||||
* [Borg documentation](https://borgbackup.readthedocs.io/en/stable/)
|
||||
* [Append only mode information](http://borgbackup.readthedocs.io/en/stable/usage/notes.html#append-only-mode)
|
||||
|
@ -37,6 +37,7 @@ borgbackup_cron_hour: "{{ 5|random }}"
|
||||
borgbackup_cron_minute: "{{ 59|random }}"
|
||||
|
||||
borgbackup_appendonly: False
|
||||
borgbackup_appendonly_repoconfig: False
|
||||
borgbackup_management_station: ''
|
||||
borgbackup_management_user: ''
|
||||
borgbackup_management_ssh_pubkey: ''
|
||||
|
@ -18,3 +18,4 @@
|
||||
mode: "0770"
|
||||
delegate_to: "{{ item.fqdn }}"
|
||||
with_items: "{{ borgbackup_servers }}"
|
||||
when: item.type == 'normal'
|
||||
|
@ -48,7 +48,7 @@ if [ "$1" = "init" ]
|
||||
then
|
||||
{% for b in borgbackup_servers %}
|
||||
REPOSITORY={% if b.type == 'hetzner' %}ssh://{% endif %}{{ b.user }}@{{ b.fqdn }}:{% if b.type == 'hetzner' %}23/./{% endif %}{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
|
||||
/usr/local/bin/borg init --encryption={{ borgbackup_encryption_mode }} {{ b.options }} $REPOSITORY
|
||||
/usr/local/bin/borg init --encryption={{ borgbackup_encryption_mode }}{% if borgbackup_appendonly_repoconfig %} --append-only{% endif %} {{ b.options }} $REPOSITORY
|
||||
{% endfor %}
|
||||
exit 0
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user