Borg backup role
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
root a8a4360fc7 [fix] Modifies the template to allow custom ports. Replaces/handles Hetzner specific scenario 3 місяці тому
defaults [fix] Management server should have keys and should work 1 рік тому
meta Styleguide improvements 2 роки тому
molecule Dont gather facts 2 роки тому
tasks [fix] the management station should work 1 рік тому
templates [fix] Modifies the template to allow custom ports. Replaces/handles Hetzner specific scenario 3 місяці тому
.gitignore Replace goss tests with testinfra 2 роки тому
.travis.yml Rename scenario to extra_opts indicating flexible use 2 роки тому
.yamllint Initial molecule WIP 2 роки тому license 3 роки тому Reflect build url to be FiaasCo/Borgbackup 2 роки тому
backup.yml Styleguide improvements 2 роки тому

Build Status

Borg backup role

This role installs Borg backup on borgbackup_servers and clients. The role contains a wrapper-script ‘borg-backup’ to ease the usage on the client. Supported options include borg-backup info | init | list | backup | mount. Automysqlbackup will run as pre-backup command if it’s installed. The role supports both self hosted and offsite backup-storage such as and hetzner storage box as Borg server.

It’s possible to configure append-only repositories to secure the backups against deletion from the client.

Ansible 2.4 or higher is required to run this role.

Required variables

Define a group borgbackup_servers in your inventory with one or multiple hosts. The group borgbackup_management is only necessary if you want to enable append-only mode and prune the backups from a secured hosts.



Define group- or hostvars for your backup endpoints and retention:

  - fqdn:
    user: borgbackup
    type: normal
    home: /backup/
    pool: repos
    options: ""
  - fqdn:
    user: userid
    home: ""
    pool: repos
    options: "--remote-path=borg1"
  - fqdn:
    user: username
    type: hetzner
    home: ""
    pool: repos
    options: ""

  hourly: 12
  daily: 7
  weekly: 4
  monthly: 6
  yearly: 1

WARNING: the trailing / in item.home is required.

Define a borg_passphrase for every host. host_vars\client1:

borgbackup_passphrase: Ahl9EiNohr5koosh1Wohs3Shoo3ooZ6p

Per default the role creates a cronjob in /etc/cron.d/borg-backup running as root every day on a random hour between 0 and 5am on a random minute. Override the defaults if necessary:

borgbackup_client_user: root
borgbackup_cron_day: "*"
borgbackup_cron_minute: "{{ 59|random }}"
borgbackup_cron_hour: "{{ 5|random }}"

Override borgbackup_client_user where required, for example if you have a laptop with an encrypted homedir you’ll have to run the backup as the user of that homedir.

Set borgbackup_appendonly: True in host or group vars if you want append-only repositories. In that case it’s possible to define a hostname in borgbackup_management_station where a borg prune script will be configured. Only the management station will have permission to prune old backups for (all) clients. This will generate serve with --append-only ssh key options. If you set borgbackup_appendonly_repoconfig to True, this will also disable the possibility to remove backups from the management station. (Or at least: it’s not possible to remove them till you reconfigure the repository and this is currently not supported in the prune script) Be aware of the limitations of append-only mode: pruned backups appear to be removed, but are only removed in the transaction log till something writes in normal mode to the repository)

Make sure to check the configured defaults for this role, which contains the list of default locations being backed up in backup_include. Override this in your inventory where required.


Configure Borg on the server and on a client:

ansible-playbook -i inventory/test backup.yml -l
ansible-playbook -i inventory/test backup.yml -l

Further reading