Mirrors/ansible-role-borg-backup
1
0
Fork 0
mirror of https://github.com/borgbase/ansible-role-borgbackup.git synced 2025-06-02 01:17:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove old test targets, consistent wording, remove tag

Browse Source
This commit is contained in:
Manu 2023-03-19 17:29:57 +00:00
parent 4428bbf4a7
commit adc2e40ccb
17 changed files with 70 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
README-Advanced-Examples.md → EXAMPLES.md
View File

@ -1,14 +1,16 @@
# Ansible Role: BorgBackup Client
The following example installs and configures the Borgmatic client and also initializes the repo on the BackupServer.
# Additional Examples
## Use service user and copy SSH key to target server
Installs and configures the Borgmatic client and also initializes the repo on the remote backup server.
## Fullautomated Playbook with service user -> this has sudo power
```
- name: Configure backup
hosts: test.lab
pre_tasks:
- name: Get home of {{ borgbackup_user }}
- name: Get home of {{ borg_user }}
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
state: present
register: user_info
changed_when: false
@ -21,9 +23,8 @@ The following example installs and configures the Borgmatic client and also init
vars:
borg_encryption_passphrase: "CHANGEME"
borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP"
borgbackup_user: "srv_backup"
borgbackup_group: "srv_backup"
borg_repository: "{{ vault_borg.backup_user }}@{{ backup_server }}:{{ backup_path }}/{{ ansible_host }}"
borg_user: "srv_backup"
borg_group: "srv_backup"
borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup"
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no"
borgmatic_timer: systemd
@ -77,7 +78,7 @@ The following example installs and configures the Borgmatic client and also init
- name: Init repository
ansible.builtin.command:
cmd: "su - {{ borgbackup_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"
cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"
- name: Activate systemd service and timer
when:

35
README.md
View File

@ -8,8 +8,7 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
Main features:
- Set up Borg and Borgmatic
- Add systemd timer random time
- Provision new remote [BorgBase.com](https://www.borgbase.com) repo for storing backups (optional)
- Schedule regular backups using Cron or Systemd timer.
## Example Playbook with root as backup user and Cron timer
@ -19,7 +18,7 @@ Main features:
roles:
- role: m3nu.ansible_role_borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
borgmatic_timer: cron
borg_source_directories:
- /srv/www
@ -49,12 +48,12 @@ If you already use this role and use the user: "root" or the SSH key id_ed25519!
roles:
- role: m3nu.ansible_role_borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
borgmatic_timer: systemd
borg_ssh_key_file_path: "{{ backup_user_info.home }}/.ssh/backup"
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=no"
borgbackup_user: "srv_backup"
borgbackup_group: "srv_backup"
borg_user: "srv_backup"
borg_group: "srv_backup"
borg_source_directories:
- /srv/www
- /var/lib/automysqlbackup
@ -89,26 +88,18 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
## Tags:
This Role supports the following ansible tags:
This role supports the following Ansible tags:
- `install_backup`: Tag for only run that part.
- `backup_install_helper` Tag to additionally install the backup helper skripts. Currently only docker.
### Example
To install the helper scrit.
```
$ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_install_helper
```
- `backup_install_helper` Install optional helper scripts from `files` folder. Currently only Docker.
## Role Variables
### Required Arguments
- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo. Not required when using auto creation of repositories. Can be a list if you want to backup to multiple repositories.
### Required Variables
- `borg_repository`: Full path to repository. Your own server or [BorgBase.com](https://www.borgbase.com) repo.
Can be a list if you want to backup to multiple repositories.
### Optional Arguments
### Optional Variables
- `borg_dep_packages`: Dependancy Packages to install `borg(backup)` and `borgmatic`.
- `borg_distro_packages`: contains the names of distributions packages for `borg(backup)` and `borgmatic`, only used if `borg_install_method` is set to `package`.
- `borg_encryption_passcommand`: The standard output of this command is used to unlock the encryption key.
@ -142,8 +133,8 @@ $ ANSIBLE_STDOUT_CALLBACK=yaml ansible-playbook test.example.com -t backup_insta
- `borgmatic_store_ctime`: Store ctime into archive. Defaults to `true`
- `borgmatic_version`: Force a specific borgmatic version to be installed
- `borgbackup_user`: Name of the User to create Backups (Service Account)
- `borgbackup_group`: Name of the Group to create Backups (Service Account)
- `borg_user`: Name of the User to create Backups (service account)
- `borg_group`: Name of the Group to create Backups (service account)
## Contributing

8
defaults/main.yml
View File

@ -36,9 +36,9 @@ borgmatic_hooks:
# See: https://torsion.org/borgmatic/docs/how-to/deal-with-very-large-backups/#check-frequency
borgmatic_checks:
- name: repository
frequency: "2 Weeks"
frequency: "4 weeks"
- name: archives
frequency: "1 month"
frequency: "6 weeks"
borgmatic_check_last: 3
borgmatic_store_atime: true
borgmatic_store_ctime: true
@ -46,6 +46,6 @@ borgmatic_relocated_repo_access_is_ok: false
borgmatic_version: false
borg_venv_path: "/opt/borgmatic"
borgbackup_user: "root"
borgbackup_group: "root"
borg_user: "root"
borg_group: "root"
...

4
meta/arguments_specs.yml
View File

@ -41,11 +41,11 @@ argument_specs:
required: false
default: config.yaml
description: Name to use for the borgmatic config file.
borgbackup_user:
borg_user:
type: str
default: root
description: Name of the User to create Backups (Service Account)
borgbackup_group:
borg_group:
type: str
default: root
description: Name of the Group to create Backups (Service Account)

6
molecule/default/molecule.yml
View File

@ -6,18 +6,12 @@ driver:
platforms:
- name: archlinux-latest
image: archlinux:latest
- name: centos-7
image: centos:7
- name: almalinux-8
image: almalinux:8
- name: almalinux-9
image: almalinux:9
- name: fedora-latest
image: fedora:latest
- name: debian-bullseye
image: debian:bullseye
- name: ubuntu-bionic
image: ubuntu:bionic
- name: ubuntu-latest
image: ubuntu:latest
provisioner:

2
tasks/01_install.yml
View File

@ -1,7 +1,5 @@
---
- name: Install borgbackup
tags:
- install_backup
block:
- name: Ensure legacy hooks aren't used
ansible.builtin.assert:

14
tasks/02_user_management.yml
View File

@ -3,13 +3,11 @@
# Since we cannot be sure that this FSH is compatible we will determine it.
- name: Get home dir
when:
- borgbackup_user == "root"
tags:
- install_backup
- borg_user == "root"
block:
- name: Get home if borgbackup_user == "root"
- name: Get home if borg_user == "root"
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
state: present
register: user_info
changed_when: false
@ -19,11 +17,9 @@
ansible.builtin.set_fact:
backup_user_info: "{{ user_info }}"
- name: Create User if borgbackup_user != "root"
- name: Create user if borg_user != "root"
when:
- borgbackup_user != "root"
tags:
- install_backup
- borg_user != "root"
ansible.builtin.include_tasks:
file: noauto_create_backup_user_and_group.yml
...

17
tasks/03_create_key.yml
View File

@ -1,28 +1,23 @@
---
# In this Play an ssh key pair is created for login to the backup server and secure data transfer.
# We do not want the possibly existing key to be used/distributed,
# so a backup-specific (backup/backup.pub) one is created.
- name: Create ssh-key (if neeeded) for {{ borgbackup_user }}
tags:
- install_backup
- name: Create SSH key (if neeeded) for {{ borg_user }}
block:
- name: Ensure directory exist
ansible.builtin.file:
path: "{{ backup_user_info.home }}/.ssh/"
state: directory
mode: "0700"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Generate an OpenSSH keypair
community.crypto.openssh_keypair:
path: "{{ borg_ssh_key_file_path }}"
mode: "0600"
type: "{{ borg_ssh_key_type }}"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Read ssh key
- name: Read SSH key
ansible.builtin.slurp:
src: "{{ borg_ssh_key_file_path }}.pub"
register: backup_local_ssh_key

2
tasks/04_helper_scripts.yml
View File

@ -10,5 +10,5 @@
group: "{{ item.group }}"
mode: "{{ item.mode }}"
with_items:
- { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borgbackup_user }}", group: "{{ borgbackup_group }}", mode: "0770" }
- { src: "docker.sh", dest: "/usr/local/bin/docker.sh", owner: "{{ borg_user }}", group: "{{ borg_group }}", mode: "0770" }
...

12
tasks/05_configure.yml
View File

@ -1,21 +1,19 @@
---
- name: Configure borgbackup
tags:
- install_backup
- name: Add Borgmatic config file
block:
- name: Ensure /etc/borgmatic exists
ansible.builtin.file:
path: /etc/borgmatic
state: directory
mode: "0700"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Add Borgmatic configuration
ansible.builtin.template:
src: config.yaml.j2
dest: "/etc/borgmatic/{{ borgmatic_config_name }}"
mode: "0600"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
...

2
tasks/07_install_timer.yml
View File

@ -2,8 +2,6 @@
- name: Create borgbackup timer
when:
- borgmatic_timer is defined and borgmatic_timer | length > 0
tags:
- install_backup
block:
- name: Start timer install script
ansible.builtin.include_tasks:

12
tasks/noauto_create_backup_user_and_group.yml
View File

@ -1,21 +1,19 @@
---
- name: Setup backup environment
tags:
- install_backup
when:
- backup_create_local_user is not defined or backup_create_local_user
- borgbackup_user != "root"
- borg_user != "root"
block:
- name: Add local backup group
ansible.builtin.group:
name: "{{ borgbackup_group }}"
name: "{{ borg_group }}"
state: present
- name: Add local backup user
ansible.builtin.user:
name: "{{ borgbackup_user }}"
name: "{{ borg_user }}"
shell: "/bin/bash"
groups: "{{ borgbackup_group }}"
groups: "{{ borg_group }}"
comment: "Backup User Account"
append: true
register: user_info
@ -28,7 +26,7 @@
community.general.sudoers:
name: "backup"
state: present
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
nopassword: true
commands:
- "/opt/borgmatic/bin/borg"

10
tasks/noauto_create_timer_cron.yml
View File

@ -4,16 +4,14 @@
name: "{{ borg_cron_package }}"
state: present
- name: Add cron-job for borgmatic
tags:
- install_backup
- name: Add Cron job for borgmatic
block:
- name: Add cron job for create, check and prune
cron:
name: "{{ borgmatic_timer_cron_name }}"
hour: "{{ borgmatic_timer_hour }}"
minute: "{{ borgmatic_timer_minute }}"
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
cron_file: "{{ borgmatic_timer_cron_name }}"
job: "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}"
@ -23,10 +21,8 @@
state: absent
- name: Set PATH for borgmatic cron job.
tags:
- install_backup
cron:
user: "{{ borgbackup_user }}"
user: "{{ borg_user }}"
cron_file: "{{ borgmatic_timer_cron_name }}"
name: PATH
env: yes

4
tasks/noauto_create_timer_systemd.yml
View File

@ -1,7 +1,5 @@
---
- name: Create borgbackup timer
tags:
- install_backup
block:
- name: Copy systemd files
ansible.builtin.template:
@ -47,5 +45,5 @@
- name: Show hints
when: "'backup_init_repo' not in ansible_run_tags"
ansible.builtin.debug:
msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (bborgmatic.timer) are not activated."
msg: "Attention: Since the repo was not initialized automatically, the systemd service (borgmatic.service) and the timer (borgmatic.timer) are not activated."
...

2
tasks/noauto_install_package.yml
View File

@ -1,7 +1,5 @@
---
- name: Install borgbackup by distro
tags:
- install_backup
block:
- name: Check if EPEL repo is enabled, if installation from distro is requested
when: ansible_os_family == 'RedHat'

12
tasks/noauto_install_pip.yml
View File

@ -1,7 +1,5 @@
---
- name: Install Borg and Borgmatic via pip
tags:
- install_backup
block:
- name: Install build dependencies
ansible.builtin.package:
@ -32,8 +30,6 @@
loop: "{{ borg_python_packages }}"
- name: Create links to Borgmatic and Borg binarys
tags:
- install_backup
block:
- name: Create borgmatic command in /usr/local/bin
ansible.builtin.copy:
@ -43,8 +39,8 @@
borgmatic "$@"
dest: /usr/local/bin/borgmatic
mode: "0755"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
- name: Create borg command in /usr/local/bin
ansible.builtin.copy:
@ -54,8 +50,8 @@
borg "$@"
dest: /usr/local/bin/borg
mode: "0755"
owner: "{{ borgbackup_user }}"
group: "{{ borgbackup_group }}"
owner: "{{ borg_user }}"
group: "{{ borg_group }}"
...

2
templates/borgmatic.service.j2
View File

@ -11,7 +11,7 @@ ConditionACPower=true
[Service]
Type=oneshot
User={{ borgbackup_user }}
User={{ borg_user }}
ExecStart=/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}
# Source: https://projects.torsion.org/borgmatic-collective/borgmatic/raw/branch/master/sample/systemd/borgmatic.service