alban/ansible-borgbackup
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

rename server group

Browse Source
This commit is contained in:
Luc Stroobant 2017-10-01 19:51:38 +02:00
parent dc72e03bb3
commit a1209ca8c2
8 changed files with 37 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
README.md
View File

@ -1,23 +1,22 @@
# Borg backup role # Borg backup role
This role installs Borg backup on backupservers and clients. The role contains a wrapper-script 'borg-backup' to ease the usage on the client. Supported options include borg-backup info | init | list | backup | mount. Automysqlbackup will run as pre-backup command if it's installed. This role installs Borg backup on borgbackup\_servers and clients. The role contains a wrapper-script 'borg-backup' to ease the usage on the client. Supported options include borg-backup info | init | list | backup | mount. Automysqlbackup will run as pre-backup command if it's installed.
The role supports both self hosted and rsync.net as Borg server. The role supports both self hosted and rsync.net as Borg server.
It's possible to configure append-only repositories to secure the backups against deletion from the client. It's possible to configure append-only repositories to secure the backups against deletion from the client.
## Required variables ## Required variables
Define a group backupservers in your inventory with one or multiple hosts. Define a group borgbackup\_servers in your inventory with one or multiple hosts. The group borgbackup\_management is only necessary if you want to enable append-only mode and prune the backups from a secured hosts.
``` ```
infra: [borgbackup_servers]
[backupservers]
backup1.fiaas.co backup1.fiaas.co
[borgbackup_management] [borgbackup_management]
supersecurehost supersecurehost
``` ```
group\_vars/all.yml: Define group- or hostvars for your backup endpoints and retention:
``` ```
backupservers: borgbackup_servers:
- fqdn: backup1.fiaas.co - fqdn: backup1.fiaas.co
user: borgbackup user: borgbackup
type: normal type: normal
@ -30,9 +29,14 @@ backupservers:
home: "" home: ""
pool: repos pool: repos
options: "--remote-path=borg1" options: "--remote-path=borg1"
borgbackup_retention:
hourly: 12
daily: 7
weekly: 4
monthly: 6
yearly: 1
``` ```
Contains the list of server you want to use on a certain client.
Allows to override backup servers on group or host level.
*WARNING: the trailing / in item.home is required.* *WARNING: the trailing / in item.home is required.*
Define a borg\_passphrase for every host. Define a borg\_passphrase for every host.

10
tasks/borg-client.yml
View File

@ -28,7 +28,7 @@
key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve {% if borgbackup_appendonly %}--append-only {% endif %}--restrict-to-path {{ item.home }}/{{ item.pool }}/{{ inventory_hostname }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc' key_options: 'command="cd {{ item.home }}{{ item.pool }}/{{ inventory_hostname }};borg serve {% if borgbackup_appendonly %}--append-only {% endif %}--restrict-to-path {{ item.home }}/{{ item.pool }}/{{ inventory_hostname }}",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,no-user-rc'
delegate_to: "{{ item.fqdn }}" delegate_to: "{{ item.fqdn }}"
when: item.type == 'normal' when: item.type == 'normal'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file # rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file
- name: client | get rsync.net authorized_keys file - name: client | get rsync.net authorized_keys file
@ -36,7 +36,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' when: item.type == 'rsync.net'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
changed_when: false changed_when: false
- name: client | modify local rsync.net authorized_keys - name: client | modify local rsync.net authorized_keys
@ -49,7 +49,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' when: item.type == 'rsync.net'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
register: authkeys register: authkeys
- name: client | upload local authorized_keys to rsync.net - name: client | upload local authorized_keys to rsync.net
@ -57,7 +57,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' and authkeys.changed when: item.type == 'rsync.net' and authkeys.changed
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
- name: client | remove tmp authorized_keys files - name: client | remove tmp authorized_keys files
file: file:
@ -65,7 +65,7 @@
state: absent state: absent
delegate_to: localhost delegate_to: localhost
become: no become: no
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
when: authkeys.changed when: authkeys.changed
changed_when: false changed_when: false

6
tasks/borg-server.yml
View File

@ -8,7 +8,7 @@
mode: "0755" mode: "0755"
url: "{{ borgbackup_download_url }}" url: "{{ borgbackup_download_url }}"
delegate_to: "{{ item.fqdn }}" delegate_to: "{{ item.fqdn }}"
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
when: item.type == 'normal' when: item.type == 'normal'
- name: server | create user - name: server | create user
@ -18,7 +18,7 @@
home: "{{ item.home }}" home: "{{ item.home }}"
createhome: "yes" createhome: "yes"
delegate_to: "{{ item.fqdn }}" delegate_to: "{{ item.fqdn }}"
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
when: item.type == 'normal' when: item.type == 'normal'
- name: server | create directories - name: server | create directories
@ -28,4 +28,4 @@
owner: "{{ item.user }}" owner: "{{ item.user }}"
group: "{{ item.user }}" group: "{{ item.user }}"
mode: "0770" mode: "0770"
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"

8
tasks/main.yml
View File

@ -2,17 +2,17 @@
- include: install.yml - include: install.yml
when: > when: >
borgbackup_required == True or borgbackup_required == True or
inventory_hostname in groups.backupservers inventory_hostname in groups.borgbackup_servers
- include: borg-server.yml - include: borg-server.yml
when: inventory_hostname in groups.backupservers when: inventory_hostname in groups.borgbackup_servers
- include: borg-client.yml - include: borg-client.yml
when: > when: >
borgbackup_required == True and borgbackup_required == True and
inventory_hostname not in groups.backupservers inventory_hostname not in groups.borgbackup_servers
- include: management.yml - include: management.yml
when: > when: >
inventory_hostname in groups.borgbackup_management and inventory_hostname in groups.borgbackup_management and
inventory_hostname not in groups.backupservers inventory_hostname not in groups.borgbackup_servers

10
tasks/management.yml
View File

@ -13,7 +13,7 @@
key: "{{ borgbackup_management_sshkey }}" key: "{{ borgbackup_management_sshkey }}"
delegate_to: "{{ item.fqdn }}" delegate_to: "{{ item.fqdn }}"
when: item.type == 'normal' when: item.type == 'normal'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
# rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file # rsync.net has no python, so we can only use raw to manage ssh keys - workaround with local tmp file
@ -22,7 +22,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' when: item.type == 'rsync.net'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
changed_when: false changed_when: false
- name: management | modify local rsync.net authorized_keys - name: management | modify local rsync.net authorized_keys
@ -34,7 +34,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' when: item.type == 'rsync.net'
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
register: authkeys register: authkeys
- name: management | upload local authorized_keys to rsync.net - name: management | upload local authorized_keys to rsync.net
@ -42,7 +42,7 @@
delegate_to: localhost delegate_to: localhost
become: no become: no
when: item.type == 'rsync.net' and authkeys.changed when: item.type == 'rsync.net' and authkeys.changed
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
- name: management | remove tmp authorized_keys files - name: management | remove tmp authorized_keys files
file: file:
@ -50,6 +50,6 @@
state: absent state: absent
delegate_to: localhost delegate_to: localhost
become: no become: no
with_items: "{{ backupservers }}" with_items: "{{ borgbackup_servers }}"
when: authkeys.changed when: authkeys.changed
changed_when: false changed_when: false

10
templates/borg-backup.sh.j2
View File

@ -14,7 +14,7 @@ fi
if [ "$1" = "info" ] if [ "$1" = "info" ]
then then
if [ -z "$2" ]; then printf "run $0 with list and use the backup-tag to request information\n"; exit 1; fi if [ -z "$2" ]; then printf "run $0 with list and use the backup-tag to request information\n"; exit 1; fi
{% for b in backupservers %} {% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
/usr/local/bin/borg info $REPOSITORY::$2 {{ b.options }} /usr/local/bin/borg info $REPOSITORY::$2 {{ b.options }}
{% endfor %} {% endfor %}
@ -26,7 +26,7 @@ if [ "$1" = "mount" ]
if [ -z "$2" ]; then printf "Select the backup-server\n"; exit 1; fi if [ -z "$2" ]; then printf "Select the backup-server\n"; exit 1; fi
if [ -z "$3" ]; then printf "Select the backup to mount\n"; exit 1; fi if [ -z "$3" ]; then printf "Select the backup to mount\n"; exit 1; fi
if [ -z "$4" ]; then printf "Select the path to mount the backup on\n"; exit 1; fi if [ -z "$4" ]; then printf "Select the path to mount the backup on\n"; exit 1; fi
{% for b in backupservers %} {% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
/usr/local/bin/borg mount $REPOSITORY::$3 $4 {{ b.options }} /usr/local/bin/borg mount $REPOSITORY::$3 $4 {{ b.options }}
if [ "$?" = "0" ]; then printf "Backup mounted on $4, do not forget to unmount!\n"; fi if [ "$?" = "0" ]; then printf "Backup mounted on $4, do not forget to unmount!\n"; fi
@ -36,7 +36,7 @@ fi
if [ "$1" = "list" ] if [ "$1" = "list" ]
then then
{% for b in backupservers %} {% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
printf "Archives on {{ b.fqdn }} :\n" printf "Archives on {{ b.fqdn }} :\n"
/usr/local/bin/borg list -v $REPOSITORY {{ b.options }} /usr/local/bin/borg list -v $REPOSITORY {{ b.options }}
@ -46,7 +46,7 @@ fi
if [ "$1" = "init" ] if [ "$1" = "init" ]
then then
{% for b in backupservers %} {% for b in borgbackup_servers %}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}
borg init $REPOSITORY {{ b.options }} borg init $REPOSITORY {{ b.options }}
{% endfor %} {% endfor %}
@ -62,7 +62,7 @@ if [ "$1" = "backup" ]
{{ precommand }} {{ precommand }}
{% endfor %} {% endfor %}
{% for b in backupservers %} {% for b in borgbackup_servers %}
printf "Backing up to {{ b.fqdn }} :\n" printf "Backing up to {{ b.fqdn }} :\n"
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ inventory_hostname }}

4
templates/prune.sh.j2
View File

@ -5,9 +5,9 @@
# Don't put it on the backup server, it contains all borg secrets! # Don't put it on the backup server, it contains all borg secrets!
{% for h in groups['all'] %} {% for h in groups['all'] %}
{% if hostvars[h].borgbackup_required is defined and hostvars[h].borgbackup_required %} {% if hostvars[h].borgbackup_required | default(True) %}
# Host: {{ h }} # Host: {{ h }}
{% for b in hostvars[h].backupservers %} {% for b in hostvars[h].borgbackup_servers %}
{% if hostvars[h].borgbackup_managementstation is defined and inventory_hostname == hostvars[h].borgbackup_managementstation %} {% if hostvars[h].borgbackup_managementstation is defined and inventory_hostname == hostvars[h].borgbackup_managementstation %}
export BORG_PASSPHRASE={{ hostvars[h].borgbackup_passphrase }} export BORG_PASSPHRASE={{ hostvars[h].borgbackup_passphrase }}
REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ h }} REPOSITORY={{ b.user }}@{{ b.fqdn }}:{{ b.home }}{{ b.pool }}/{{ h }}

2
templates/ssh.config.j2
View File

@ -1,5 +1,5 @@
# backup hosts # backup hosts
{% for b in backupservers %} {% for b in borgbackup_servers %}
Host {{ b.fqdn }} Host {{ b.fqdn }}
StrictHostKeyChecking no StrictHostKeyChecking no
{% if b.port is defined %} {% if b.port is defined %}