diff --git a/README-Advanced-Examples.md b/EXAMPLES.md similarity index 83% rename from README-Advanced-Examples.md rename to EXAMPLES.md index baa57e4..1f94294 100644 --- a/README-Advanced-Examples.md +++ b/EXAMPLES.md @@ -1,14 +1,16 @@ -# Ansible Role: BorgBackup Client -The following example installs and configures the Borgmatic client and also initializes the repo on the BackupServer. +# Additional Examples + +## Use service user and copy SSH key to target server + +Installs and configures the Borgmatic client and also initializes the repo on the remote backup server. -## Fullautomated Playbook with service user -> this has sudo power ``` - name: Configure backup hosts: test.lab pre_tasks: - - name: Get home of {{ borgbackup_user }} + - name: Get home of {{ borg_user }} ansible.builtin.user: - name: "{{ borgbackup_user }}" + name: "{{ borg_user }}" state: present register: user_info changed_when: false @@ -21,9 +23,8 @@ The following example installs and configures the Borgmatic client and also init vars: borg_encryption_passphrase: "CHANGEME" borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP" - borgbackup_user: "srv_backup" - borgbackup_group: "srv_backup" - borg_repository: "{{ vault_borg.backup_user }}@{{ backup_server }}:{{ backup_path }}/{{ ansible_host }}" + borg_user: "srv_backup" + borg_group: "srv_backup" borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup" borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no" borgmatic_timer: systemd @@ -77,7 +78,7 @@ The following example installs and configures the Borgmatic client and also init - name: Init repository ansible.builtin.command: - cmd: "su - {{ borgbackup_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'" + cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'" - name: Activate systemd service and timer when: @@ -99,7 +100,7 @@ The following example installs and configures the Borgmatic client and also init when: "item in services" with_items: - borgmatic.service - + # bug: Need own section without masked else the timer are skipped - name: Start borgmatic timers ansible.builtin.systemd: @@ -109,4 +110,4 @@ The following example installs and configures the Borgmatic client and also init daemon_reload: true with_items: - "borgmatic.timer" -``` \ No newline at end of file +``` diff --git a/README.md b/README.md index a4ac4ca..da92218 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,7 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho Main features: - Set up Borg and Borgmatic -- Add systemd timer random time -- Provision new remote [BorgBase.com](https://www.borgbase.com) repo for storing backups (optional) +- Schedule regular backups using Cron or Systemd timer. ## Example Playbook with root as backup user and Cron timer @@ -19,7 +18,7 @@ Main features: roles: - role: m3nu.ansible_role_borgbackup borg_encryption_passphrase: CHANGEME - borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo + borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo borgmatic_timer: cron borg_source_directories: - /srv/www @@ -49,12 +48,12 @@ If you already use this role and use the user: "root" or the SSH key id_ed25519! roles: - role: m3nu.ansible_role_borgbackup borg_encryption_passphrase: CHANGEME - borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo + borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo borgmatic_timer: systemd borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup" borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no" - borgbackup_user: "srv_backup" - borgbackup_group: "srv_backup" + borg_user: "srv_backup" + borg_group: "srv_backup" borg_source_directories: - /srv/www - /var/lib/automysqlbackup @@ -89,26 +88,18 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl ## Tags: -This Role supports the following ansible tags: +This role supports the following Ansible tags: -- `install_backup`: Tag for only run that part. -- `backup_install_helper` Tag to additionally install the backup helper skripts. Currently only docker. - -### Example -To install the helper scrit. - -``` -$ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_install_helper -``` +- `backup_install_helper` Install optional helper scripts from `files` folder. Currently only Docker. ## Role Variables -### Required Arguments -- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo. Not required when using auto creation of repositories. Can be a list if you want to backup to multiple repositories. +### Required Variables +- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo. + Can be a list if you want to backup to multiple repositories. - -### Optional Arguments +### Optional Variables - `borg_dep_packages`: Dependancy Packages to install `borg(backup)` and `borgmatic`. - `borg_distro_packages`: contains the names of distributions packages for `borg(backup)` and `borgmatic`, only used if `borg_install_method` is set to `package`. - `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key. @@ -142,8 +133,8 @@ $ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_insta - `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true` - `borgmatic_version`: Force a specific borgmatic version to be installed -- `borgbackup_user`: Name of the User to create Backups (Service Account) -- `borgbackup_group`: Name of the Group to create Backups (Service Account) +- `borg_user`: Name of the User to create Backups (service account) +- `borg_group`: Name of the Group to create Backups (service account) ## Contributing diff --git a/defaults/main.yml b/defaults/main.yml index 9d5a2b9..ca94457 100755 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -36,9 +36,9 @@ borgmatic_hooks: # See: https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/#check-frequency borgmatic_checks: - name: repository - frequency: "2 Weeks" + frequency: "4 weeks" - name: archives - frequency: "1 month" + frequency: "6 weeks" borgmatic_check_last: 3 borgmatic_store_atime: true borgmatic_store_ctime: true @@ -46,6 +46,6 @@ borgmatic_relocated_repo_access_is_ok: false borgmatic_version: false borg_venv_path: "/opt/borgmatic" -borgbackup_user: "root" -borgbackup_group: "root" +borg_user: "root" +borg_group: "root" ... diff --git a/meta/arguments_specs.yml b/meta/arguments_specs.yml index d9ff145..2908b4f 100644 --- a/meta/arguments_specs.yml +++ b/meta/arguments_specs.yml @@ -16,7 +16,7 @@ argument_specs: type: str required: false description: | - Contains the names of distributions packages for borg(backup) and borgmatic, + Contains the names of distributions packages for borg(backup) and borgmatic, only used if `borg_install_method` is set to package borg_pip_packages: type: str @@ -32,8 +32,8 @@ argument_specs: default: pip description: | By default pip is used to install borgmatic. - To install via your distributions package manager set this to package and (if needed) - overwrite the borg_distro_packages variable to contain your distributions package names + To install via your distributions package manager set this to package and (if needed) + overwrite the borg_distro_packages variable to contain your distributions package names required to install borgmatic. Note that many distributions ship outdated versions of borgbackup and borgmatic; use at your own risk. borgmatic_config_name: @@ -41,11 +41,11 @@ argument_specs: required: false default: config.yaml description: Name to use for the borgmatic config file. - borgbackup_user: + borg_user: type: str default: root description: Name of the User to create Backups (Service Account) - borgbackup_group: + borg_group: type: str default: root description: Name of the Group to create Backups (Service Account) @@ -137,11 +137,11 @@ argument_specs: description: Number of weekly archives to keep. keep_monthly: type: int - required: false + required: false description: Number of monthly archives to keep. keep_yearly: type: int - required: false + required: false description: Number of yearly archives to keep. borgmatic_checks: type: List @@ -152,8 +152,8 @@ argument_specs: Defaults to "repository" and "archives". Set to "disabled" to disable all consistency checks. "repository" checks the consistency of the repository, - "archives" checks all of the archives, "data" verifies - the integrity of the data within the archives, and + "archives" checks all of the archives, "data" verifies + the integrity of the data within the archives, and "extract" does an extraction dry-run of the most recent archive. Note that "data" implies "archives". borgmatic_check_last: diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index be2f4f4..9c8fa0e 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -6,18 +6,12 @@ driver: platforms: - name: archlinux-latest image: archlinux:latest - - name: centos-7 - image: centos:7 - - name: almalinux-8 - image: almalinux:8 - name: almalinux-9 image: almalinux:9 - name: fedora-latest image: fedora:latest - name: debian-bullseye image: debian:bullseye - - name: ubuntu-bionic - image: ubuntu:bionic - name: ubuntu-latest image: ubuntu:latest provisioner: diff --git a/tasks/01_install.yml b/tasks/01_install.yml index bfa2088..e4478d9 100644 --- a/tasks/01_install.yml +++ b/tasks/01_install.yml @@ -1,7 +1,5 @@ --- - name: Install borgbackup - tags: - - install_backup block: - name: Ensure legacy hooks aren't used ansible.builtin.assert: diff --git a/tasks/02_user_management.yml b/tasks/02_user_management.yml index 936f1c3..fb396d1 100644 --- a/tasks/02_user_management.yml +++ b/tasks/02_user_management.yml @@ -3,13 +3,11 @@ # Since we cannot be sure that this FSH is compatible we will determine it. - name: Get home dir when: - - borgbackup_user == "root" - tags: - - install_backup + - borg_user == "root" block: - - name: Get home if borgbackup_user == "root" + - name: Get home if borg_user == "root" ansible.builtin.user: - name: "{{ borgbackup_user }}" + name: "{{ borg_user }}" state: present register: user_info changed_when: false @@ -19,11 +17,9 @@ ansible.builtin.set_fact: backup_user_info: "{{ user_info }}" -- name: Create User if borgbackup_user != "root" +- name: Create user if borg_user != "root" when: - - borgbackup_user != "root" - tags: - - install_backup + - borg_user != "root" ansible.builtin.include_tasks: file: noauto_create_backup_user_and_group.yml ... diff --git a/tasks/03_create_key.yml b/tasks/03_create_key.yml index eab2bac..3827d77 100644 --- a/tasks/03_create_key.yml +++ b/tasks/03_create_key.yml @@ -1,28 +1,23 @@ --- -# In this Play an ssh key pair is created for login to the backup server and secure data transfer. -# We do not want the possibly existing key to be used/distributed, -# so a backup-specific (backup/backup.pub) one is created. -- name: Create ssh-key (if neeeded) for {{ borgbackup_user }} - tags: - - install_backup +- name: Create SSH key (if neeeded) for {{ borg_user }} block: - name: Ensure directory exist ansible.builtin.file: path: "{{ backup_user_info.home }}/.ssh/" state: directory mode: "0700" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" - name: Generate an OpenSSH keypair community.crypto.openssh_keypair: path: "{{ borg_ssh_key_file_path }}" mode: "0600" type: "{{ borg_ssh_key_type }}" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" - - name: Read ssh key + - name: Read SSH key ansible.builtin.slurp: src: "{{ borg_ssh_key_file_path }}.pub" register: backup_local_ssh_key diff --git a/tasks/04_helper_scripts.yml b/tasks/04_helper_scripts.yml index 918ed9f..6a26af7 100644 --- a/tasks/04_helper_scripts.yml +++ b/tasks/04_helper_scripts.yml @@ -10,5 +10,5 @@ group: "{{ item.group }}" mode: "{{ item.mode }}" with_items: - - { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borgbackup_user }}", group: "{{ borgbackup_group }}", mode: "0770" } + - { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borg_user }}", group: "{{ borg_group }}", mode: "0770" } ... diff --git a/tasks/05_configure.yml b/tasks/05_configure.yml index a99c0ed..e055c20 100755 --- a/tasks/05_configure.yml +++ b/tasks/05_configure.yml @@ -1,21 +1,19 @@ --- -- name: Configure borgbackup - tags: - - install_backup +- name: Add Borgmatic config file block: - name: Ensure /etc/borgmatic exists ansible.builtin.file: path: /etc/borgmatic state: directory mode: "0700" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" - name: Add Borgmatic configuration ansible.builtin.template: src: config.yaml.j2 dest: "/etc/borgmatic/{{ borgmatic_config_name }}" mode: "0600" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" ... diff --git a/tasks/07_install_timer.yml b/tasks/07_install_timer.yml index 15f7487..8f273ce 100644 --- a/tasks/07_install_timer.yml +++ b/tasks/07_install_timer.yml @@ -2,8 +2,6 @@ - name: Create borgbackup timer when: - borgmatic_timer is defined and borgmatic_timer | length > 0 - tags: - - install_backup block: - name: Start timer install script ansible.builtin.include_tasks: diff --git a/tasks/noauto_create_backup_user_and_group.yml b/tasks/noauto_create_backup_user_and_group.yml index 33de866..d11526e 100644 --- a/tasks/noauto_create_backup_user_and_group.yml +++ b/tasks/noauto_create_backup_user_and_group.yml @@ -1,21 +1,19 @@ --- - name: Setup backup environment - tags: - - install_backup when: - backup_create_local_user is not defined or backup_create_local_user - - borgbackup_user != "root" + - borg_user != "root" block: - name: Add local backup group ansible.builtin.group: - name: "{{ borgbackup_group }}" + name: "{{ borg_group }}" state: present - name: Add local backup user ansible.builtin.user: - name: "{{ borgbackup_user }}" + name: "{{ borg_user }}" shell: "/bin/bash" - groups: "{{ borgbackup_group }}" + groups: "{{ borg_group }}" comment: "Backup User Account" append: true register: user_info @@ -28,9 +26,9 @@ community.general.sudoers: name: "backup" state: present - user: "{{ borgbackup_user }}" + user: "{{ borg_user }}" nopassword: true - commands: + commands: - "/opt/borgmatic/bin/borg" - "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}" ... diff --git a/tasks/noauto_create_timer_cron.yml b/tasks/noauto_create_timer_cron.yml index e53f47a..2b79ed7 100644 --- a/tasks/noauto_create_timer_cron.yml +++ b/tasks/noauto_create_timer_cron.yml @@ -4,16 +4,14 @@ name: "{{ borg_cron_package }}" state: present -- name: Add cron-job for borgmatic - tags: - - install_backup +- name: Add Cron job for borgmatic block: - name: Add cron job for create, check and prune cron: name: "{{ borgmatic_timer_cron_name }}" hour: "{{ borgmatic_timer_hour }}" minute: "{{ borgmatic_timer_minute }}" - user: "{{ borgbackup_user }}" + user: "{{ borg_user }}" cron_file: "{{ borgmatic_timer_cron_name }}" job: "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}" @@ -23,10 +21,8 @@ state: absent - name: Set PATH for borgmatic cron job. - tags: - - install_backup cron: - user: "{{ borgbackup_user }}" + user: "{{ borg_user }}" cron_file: "{{ borgmatic_timer_cron_name }}" name: PATH env: yes diff --git a/tasks/noauto_create_timer_systemd.yml b/tasks/noauto_create_timer_systemd.yml index 96f434f..047c94d 100644 --- a/tasks/noauto_create_timer_systemd.yml +++ b/tasks/noauto_create_timer_systemd.yml @@ -1,7 +1,5 @@ --- - name: Create borgbackup timer - tags: - - install_backup block: - name: Copy systemd files ansible.builtin.template: @@ -47,5 +45,5 @@ - name: Show hints when: "'backup_init_repo' not in ansible_run_tags" ansible.builtin.debug: - msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (bborgmatic.timer) are not activated." + msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (borgmatic.timer) are not activated." ... diff --git a/tasks/noauto_install_package.yml b/tasks/noauto_install_package.yml index c91aa6a..d07e30b 100644 --- a/tasks/noauto_install_package.yml +++ b/tasks/noauto_install_package.yml @@ -1,7 +1,5 @@ --- - name: Install borgbackup by distro - tags: - - install_backup block: - name: Check if EPEL repo is enabled, if installation from distro is requested when: ansible_os_family == 'RedHat' diff --git a/tasks/noauto_install_pip.yml b/tasks/noauto_install_pip.yml index 60f8578..8b8f400 100644 --- a/tasks/noauto_install_pip.yml +++ b/tasks/noauto_install_pip.yml @@ -1,7 +1,5 @@ --- - name: Install Borg and Borgmatic via pip - tags: - - install_backup block: - name: Install build dependencies ansible.builtin.package: @@ -32,8 +30,6 @@ loop: "{{ borg_python_packages }}" - name: Create links to Borgmatic and Borg binarys - tags: - - install_backup block: - name: Create borgmatic command in /usr/local/bin ansible.builtin.copy: @@ -43,8 +39,8 @@ borgmatic "$@" dest: /usr/local/bin/borgmatic mode: "0755" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" - name: Create borg command in /usr/local/bin ansible.builtin.copy: @@ -54,8 +50,8 @@ borg "$@" dest: /usr/local/bin/borg mode: "0755" - owner: "{{ borgbackup_user }}" - group: "{{ borgbackup_group }}" + owner: "{{ borg_user }}" + group: "{{ borg_group }}" ... diff --git a/templates/borgmatic.service.j2 b/templates/borgmatic.service.j2 index ebd9186..1fb08ce 100644 --- a/templates/borgmatic.service.j2 +++ b/templates/borgmatic.service.j2 @@ -11,7 +11,7 @@ ConditionACPower=true [Service] Type=oneshot -User={{ borgbackup_user }} +User={{ borg_user }} ExecStart=/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }} # Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service