Mirrors/ansible-role-borg-backup
1
0
Fork 0
mirror of https://github.com/borgbase/ansible-role-borgbackup.git synced 2025-05-29 01:15:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove old test targets, consistent wording, remove tag

Browse Source
This commit is contained in:
Manu 2023-03-19 17:29:57 +00:00
parent 4428bbf4a7
commit adc2e40ccb
17 changed files with 70 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
README-Advanced-Examples.md → EXAMPLES.md
View File

@ -1,14 +1,16 @@
# Ansible Role: BorgBackup Client
The following example installs and configures the Borgmatic client and also initializes the repo on the BackupServer.
# Additional Examples
## Use service user and copy SSH key to target server
Installs and configures the Borgmatic client and also initializes the repo on the remote backup server.
## Fullautomated Playbook with service user -> this has sudo power
```
- name: Configure backup
hosts: test.lab
pre_tasks:
- name: Get home of {{ borgbackup_user }}
- name: Get home of {{ borg_user }}
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
state: present
register: user_info
changed_when: false
@ -21,9 +23,8 @@ The following example installs and configures the Borgmatic client and also init
vars:
borg_encryption_passphrase: "CHANGEME"
borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP"
borgbackup_user: "srv_backup"
borgbackup_group: "srv_backup"
borg_repository: "{{ vault_borg.backup_user }}@{{ backup_server }}:{{ backup_path }}/{{ ansible_host }}"
borg_user: "srv_backup"
borg_group: "srv_backup"
borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup"
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no"
borgmatic_timer: systemd
@ -77,7 +78,7 @@ The following example installs and configures the Borgmatic client and also init
- name: Init repository
ansible.builtin.command:
cmd: "su - {{ borgbackup_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"
cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"
- name: Activate systemd service and timer
when:
@ -99,7 +100,7 @@ The following example installs and configures the Borgmatic client and also init
when: "item in services"
with_items:
- borgmatic.service
# bug: Need own section without masked else the timer are skipped
- name: Start borgmatic timers
ansible.builtin.systemd:
@ -109,4 +110,4 @@ The following example installs and configures the Borgmatic client and also init
daemon_reload: true
with_items:
- "borgmatic.timer"
```
```

35
README.md
View File

@ -8,8 +8,7 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
Main features:
- Set up Borg and Borgmatic
- Add systemd timer random time
- Provision new remote [BorgBase.com](https://www.borgbase.com) repo for storing backups (optional)
- Schedule regular backups using Cron or Systemd timer.
## Example Playbook with root as backup user and Cron timer
@ -19,7 +18,7 @@ Main features:
roles:
- role: m3nu.ansible_role_borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
borgmatic_timer: cron
borg_source_directories:
- /srv/www
@ -49,12 +48,12 @@ If you already use this role and use the user: "root" or the SSH key id_ed25519!
roles:
- role: m3nu.ansible_role_borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
borgmatic_timer: systemd
borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup"
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no"
borgbackup_user: "srv_backup"
borgbackup_group: "srv_backup"
borg_user: "srv_backup"
borg_group: "srv_backup"
borg_source_directories:
- /srv/www
- /var/lib/automysqlbackup
@ -89,26 +88,18 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
## Tags:
This Role supports the following ansible tags:
This role supports the following Ansible tags:
- `install_backup`: Tag for only run that part.
- `backup_install_helper` Tag to additionally install the backup helper skripts. Currently only docker.
### Example
To install the helper scrit.
```
$ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_install_helper
```
- `backup_install_helper` Install optional helper scripts from `files` folder. Currently only Docker.
## Role Variables
### Required Arguments
- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo. Not required when using auto creation of repositories. Can be a list if you want to backup to multiple repositories.
### Required Variables
- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo.
Can be a list if you want to backup to multiple repositories.
### Optional Arguments
### Optional Variables
- `borg_dep_packages`: Dependancy Packages to install `borg(backup)` and `borgmatic`.
- `borg_distro_packages`: contains the names of distributions packages for `borg(backup)` and `borgmatic`, only used if `borg_install_method` is set to `package`.
- `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key.
@ -142,8 +133,8 @@ $ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_insta
- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
- `borgmatic_version`: Force a specific borgmatic version to be installed
- `borgbackup_user`: Name of the User to create Backups (Service Account)
- `borgbackup_group`: Name of the Group to create Backups (Service Account)
- `borg_user`: Name of the User to create Backups (service account)
- `borg_group`: Name of the Group to create Backups (service account)
## Contributing

8
defaults/main.yml
View File

@ -36,9 +36,9 @@ borgmatic_hooks:
# See: https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/#check-frequency
borgmatic_checks:
- name: repository
frequency: "2 Weeks"
frequency: "4 weeks"
- name: archives
frequency: "1 month"
frequency: "6 weeks"
borgmatic_check_last: 3
borgmatic_store_atime: true
borgmatic_store_ctime: true
@ -46,6 +46,6 @@ borgmatic_relocated_repo_access_is_ok: false
borgmatic_version: false
borg_venv_path: "/opt/borgmatic"
borgbackup_user: "root"
borgbackup_group: "root"
borg_user: "root"
borg_group: "root"
...

18
meta/arguments_specs.yml
View File

@ -16,7 +16,7 @@ argument_specs:
type: str
required: false
description: |
Contains the names of distributions packages for borg(backup) and borgmatic,
Contains the names of distributions packages for borg(backup) and borgmatic,
only used if `borg_install_method` is set to package
borg_pip_packages:
type: str
@ -32,8 +32,8 @@ argument_specs:
default: pip
description: |
By default pip is used to install borgmatic.
To install via your distributions package manager set this to package and (if needed)
overwrite the borg_distro_packages variable to contain your distributions package names
To install via your distributions package manager set this to package and (if needed)
overwrite the borg_distro_packages variable to contain your distributions package names
required to install borgmatic.
Note that many distributions ship outdated versions of borgbackup and borgmatic; use at your own risk.
borgmatic_config_name:
@ -41,11 +41,11 @@ argument_specs:
required: false
default: config.yaml
description: Name to use for the borgmatic config file.
borgbackup_user:
borg_user:
type: str
default: root
description: Name of the User to create Backups (Service Account)
borgbackup_group:
borg_group:
type: str
default: root
description: Name of the Group to create Backups (Service Account)
@ -137,11 +137,11 @@ argument_specs:
description: Number of weekly archives to keep.
keep_monthly:
type: int
required: false
required: false
description: Number of monthly archives to keep.
keep_yearly:
type: int
required: false
required: false
description: Number of yearly archives to keep.
borgmatic_checks:
type: List
@ -152,8 +152,8 @@ argument_specs:
Defaults to "repository" and "archives".
Set to "disabled" to disable all consistency checks.
"repository" checks the consistency of the repository,
"archives" checks all of the archives, "data" verifies
the integrity of the data within the archives, and
"archives" checks all of the archives, "data" verifies
the integrity of the data within the archives, and
"extract" does an extraction dry-run of the most recent archive.
Note that "data" implies "archives".
borgmatic_check_last:

6
molecule/default/molecule.yml
View File

@ -6,18 +6,12 @@ driver:
platforms:
- name: archlinux-latest
image: archlinux:latest
- name: centos-7
image: centos:7
- name: almalinux-8
image: almalinux:8
- name: almalinux-9
image: almalinux:9
- name: fedora-latest
image: fedora:latest
- name: debian-bullseye
image: debian:bullseye
- name: ubuntu-bionic
image: ubuntu:bionic
- name: ubuntu-latest
image: ubuntu:latest
provisioner:

2
tasks/01_install.yml
View File

@ -1,7 +1,5 @@
---
- name: Install borgbackup
tags:
- install_backup
block:
- name: Ensure legacy hooks aren't used
ansible.builtin.assert:

14
tasks/02_user_management.yml
View File

@ -3,13 +3,11 @@
# Since we cannot be sure that this FSH is compatible we will determine it.
- name: Get home dir
when:
- borgbackup_user == "root"
tags:
- install_backup
- borg_user == "root"
block:
- name: Get home if borgbackup_user == "root"
- name: Get home if borg_user == "root"
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
state: present
register: user_info
changed_when: false
@ -19,11 +17,9 @@
ansible.builtin.set_fact:
backup_user_info: "{{ user_info }}"
- name: Create User if borgbackup_user != "root"
- name: Create user if borg_user != "root"
when:
- borgbackup_user != "root"
tags:
- install_backup
- borg_user != "root"
ansible.builtin.include_tasks:
file: noauto_create_backup_user_and_group.yml
...

17
tasks/03_create_key.yml
View File

@ -1,28 +1,23 @@
---
# In this Play an ssh key pair is created for login to the backup server and secure data transfer.
# We do not want the possibly existing key to be used/distributed,
# so a backup-specific (backup/backup.pub) one is created.
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }}
tags:
- install_backup
- name: Create SSH key (if neeeded) for {{ borg_user }}
block:
- name: Ensure directory exist
ansible.builtin.file:
path: "{{ backup_user_info.home }}/.ssh/"
state: directory
mode: "0700"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Generate an OpenSSH keypair
community.crypto.openssh_keypair:
path: "{{ borg_ssh_key_file_path }}"
mode: "0600"
type: "{{ borg_ssh_key_type }}"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Read ssh key
- name: Read SSH key
ansible.builtin.slurp:
src: "{{ borg_ssh_key_file_path }}.pub"
register: backup_local_ssh_key

2
tasks/04_helper_scripts.yml
View File

@ -10,5 +10,5 @@
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borgbackup_user }}", group: "{{ borgbackup_group }}", mode: "0770" }
- { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borg_user }}", group: "{{ borg_group }}", mode: "0770" }
...

12
tasks/05_configure.yml
View File

@ -1,21 +1,19 @@
---
- name: Configure borgbackup
tags:
- install_backup
- name: Add Borgmatic config file
block:
- name: Ensure /etc/borgmatic exists
ansible.builtin.file:
path: /etc/borgmatic
state: directory
mode: "0700"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Add Borgmatic configuration
ansible.builtin.template:
src: config.yaml.j2
dest: "/etc/borgmatic/{{ borgmatic_config_name }}"
mode: "0600"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
...

2
tasks/07_install_timer.yml
View File

@ -2,8 +2,6 @@
- name: Create borgbackup timer
when:
- borgmatic_timer is defined and borgmatic_timer | length > 0
tags:
- install_backup
block:
- name: Start timer install script
ansible.builtin.include_tasks:

14
tasks/noauto_create_backup_user_and_group.yml
View File

@ -1,21 +1,19 @@
---
- name: Setup backup environment
tags:
- install_backup
when:
- backup_create_local_user is not defined or backup_create_local_user
- borgbackup_user != "root"
- borg_user != "root"
block:
- name: Add local backup group
ansible.builtin.group:
name: "{{ borgbackup_group }}"
name: "{{ borg_group }}"
state: present
- name: Add local backup user
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
shell: "/bin/bash"
groups: "{{ borgbackup_group }}"
groups: "{{ borg_group }}"
comment: "Backup User Account"
append: true
register: user_info
@ -28,9 +26,9 @@
community.general.sudoers:
name: "backup"
state: present
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
nopassword: true
commands:
commands:
- "/opt/borgmatic/bin/borg"
- "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}"
...

10
tasks/noauto_create_timer_cron.yml
View File

@ -4,16 +4,14 @@
name: "{{ borg_cron_package }}"
state: present
- name: Add cron-job for borgmatic
tags:
- install_backup
- name: Add Cron job for borgmatic
block:
- name: Add cron job for create, check and prune
cron:
name: "{{ borgmatic_timer_cron_name }}"
hour: "{{ borgmatic_timer_hour }}"
minute: "{{ borgmatic_timer_minute }}"
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
cron_file: "{{ borgmatic_timer_cron_name }}"
job: "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}"
@ -23,10 +21,8 @@
state: absent
- name: Set PATH for borgmatic cron job.
tags:
- install_backup
cron:
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
cron_file: "{{ borgmatic_timer_cron_name }}"
name: PATH
env: yes

4
tasks/noauto_create_timer_systemd.yml
View File

@ -1,7 +1,5 @@
---
- name: Create borgbackup timer
tags:
- install_backup
block:
- name: Copy systemd files
ansible.builtin.template:
@ -47,5 +45,5 @@
- name: Show hints
when: "'backup_init_repo' not in ansible_run_tags"
ansible.builtin.debug:
msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (bborgmatic.timer) are not activated."
msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (borgmatic.timer) are not activated."
...

2
tasks/noauto_install_package.yml
View File

@ -1,7 +1,5 @@
---
- name: Install borgbackup by distro
tags:
- install_backup
block:
- name: Check if EPEL repo is enabled, if installation from distro is requested
when: ansible_os_family == 'RedHat'

12
tasks/noauto_install_pip.yml
View File

@ -1,7 +1,5 @@
---
- name: Install Borg and Borgmatic via pip
tags:
- install_backup
block:
- name: Install build dependencies
ansible.builtin.package:
@ -32,8 +30,6 @@
loop: "{{ borg_python_packages }}"
- name: Create links to Borgmatic and Borg binarys
tags:
- install_backup
block:
- name: Create borgmatic command in /usr/local/bin
ansible.builtin.copy:
@ -43,8 +39,8 @@
borgmatic "$@"
dest: /usr/local/bin/borgmatic
mode: "0755"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Create borg command in /usr/local/bin
ansible.builtin.copy:
@ -54,8 +50,8 @@
borg "$@"
dest: /usr/local/bin/borg
mode: "0755"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
...

2
templates/borgmatic.service.j2
View File

@ -11,7 +11,7 @@ ConditionACPower=true
[Service]
Type=oneshot
User={{ borgbackup_user }}
User={{ borg_user }}
ExecStart=/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service