mirror of
https://github.com/borgbase/ansible-role-borgbackup.git
synced 2024-11-19 19:07:42 +01:00
dd960dcf4e
* add full path * Update Readme.me: reorder optional Arguments, update cron -> systemd timer * remove ssh_key_file; change cron to timer * Removed cronie from package installation because systemd timer is used * docker.sh - Stops all or selected containers to save the persistent data intact. The containers are started in reverse order * Created arguments_specs.yml * Role restructured: - if needed creation of a service user incl. creation of the ssh-key, - add the ssh key to authorized_keys, - auto init of the repos, - creation and start of systemd timer and services and - installation of the Docker helperscript. * restructure role add import logic * cleanup: user backup_user * - "borg_source_directories" is not longer a required Argument - add "borg_keys_directory" to load key from Service user during starting borgmatic by sudo * Add borgmatic_initialization_repo (bool) as option to disable init of repo * cleanup * fix ansible-lint errors and warnings * fix letter turner * add option: borgmatic_timer * add: - borgmatic_timer_systemd: true readd: - borgmatic_cron_name: "borgmatic" * - renamed borgmatic_cron_name to borgmatic_timer_cron_name to be more convergent. - Change recommendations implemented by m3nu so that creation of a timer (systemd or cron) is optional and can be selected via borgmatic_timer. * Add description to borgmatic_timer_cron_name and borgmatic_timer * Add variable borg_cron_package to install the cron-packages in case of using timer: cron * reworked timer install logic * reworked timer install logic * Add comments for running backup with service account * add new parameters for tests * Switch created to perform the backup as root or service account. If a service account is to be used, it will be created. * Refactored: Check for ssh-key if not present, genereate them. * Refactored * Refactored * renamed tasks/03_configure.yml to tasks/04_create_links_to_borg_and_borgmatic.yml * Refactored * Refactored * add example for service account * Update Python version for testing * No auto init * Add description to install_backup * Add description to install_backup * set coverage back to: m3nu.ansible_role_borgbackup * The initialization of the repository must be activated and does not take place automatically. * The initialization of the repository must be activated and does not take place automatically. * Removed install_backup as var (bool) to prevent that this role run * Rename backup_ssh_command to borg_ssh_command, tis was a double definition * Renamed backup_repository to borg_repository and add better explanations * remove copy ssh-keys and cert parts * Add comments to borg_ssh_key_file and borg_ssh_key_type * Set allways the borg_ssh_key_file and borg_ssh_command to load the right ssh-key. Add borg_ssh_key_type to select the key type by user * Add borg_ssh_key_type * renamed id_rsa to backup * generate ssh-keys (backup and backup.pub) and add better explanation * Print out key if borgmatic_initialization_repo is false * Remove 'su - {{ borgbackup_user }} -c' to execute the borgmatic by the right user * Add Check frequency, therefore, we no longer need to distinguish between normal and large repos * Add link to Article * renamed backup_ssh_command and backup_ssh_key_file to borg_ssh_command and borg_ssh_key_file * Removed: borgmatic_initialization_repo * Removed: borgmatic_initialization_repo * Removed: borgmatic_initialization_repo * revert changes * Add Full Automation * polishing * rename backup.timer and bakup.service to borgmatic.timer and borgmatic.service * remove debug * Try to find services in ansible_facts * Forgot to install Cron * change borg_ssh_key_type to ed25519 * remove conditional checks * - add hint to using a service user - renamed: borg_ssh_key_file to borg_ssh_key_file_path - removed advanced example * add borg_ssh_key_name, renamed borg_ssh_key_file to borg_ssh_key_file_path * removed static pointing to ~/.ssh/backup SSH private key * Add README-Advanced-Examples.md for storing more examples * Fix test idempotence * Dont symlink when using distro packages * Remove old test targets, consistent wording, remove tag * Remove helper scripts, fix absolute path * Fix cron job, add assert to prevent duplicate timers * nit-pick * Create bin links as root, no borg_ssh_command by default. * Add breaking changes note to README --------- Co-authored-by: Manu <manu@snapdragon.cc>
3.9 KiB
3.9 KiB
Additional Examples
Custom SSH key for backups only
- hosts: webservers
roles:
- role: m3nu.ansible_role_borgbackup
borg_encryption_passphrase: CHANGEME
borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
borgmatic_timer: systemd
borg_ssh_key_name: id_backup
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new"
borg_user: backupuser
borg_group: backupuser
Use service user and copy SSH key to target server
Installs and configures the Borgmatic client and also initializes the repo on the remote backup server. (not tested)
- name: Configure backup
hosts: test.lab
pre_tasks:
- name: Get home of {{ borg_user }}
ansible.builtin.user:
name: "{{ borg_user }}"
state: present
register: user_info
changed_when: false
check_mode: true # Important, otherwise user will be created
- name: Save the user_info, we need them for the home_dir
ansible.builtin.set_fact:
backup_user_info: "{{ user_info }}"
vars_files: []
vars:
borg_encryption_passphrase: "CHANGEME"
borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP"
borg_user: "srv_backup"
borg_group: "srv_backup"
borg_ssh_key_name: id_backup
borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new"
borgmatic_timer: systemd
borg_source_directories:
- /srv/www
- /var/lib/automysqlbackup
borg_exclude_patterns:
- /srv/www/old-sites
borg_retention_policy:
keep_hourly: 3
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
borgmatic_hooks:
before_backup:
- echo "`date` - Starting backup."
tasks:
- name: Configure Borg Backup and Backupmatic
tags:
- always
- install_backup
ansible.builtin.include_role:
name: ansible_role_borgbackup
apply:
tags:
- always
- name: Copy SSH-Key to Target {{ borg_repository }} and Init Repo
tags:
- never
- backup_init_repo
block:
- name: Read ssh key
ansible.builtin.slurp:
src: "{{ borg_ssh_key_file_path }}.pub"
register: backup_local_ssh_key
- name: Set authorized key taken from file
ansible.posix.authorized_key:
# example:
# borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
# have three parts: "username"@"FQDN":"path/to/store/backup", specific:
# a) user: m5vz9gp4
# b) fqdn: m5vz9gp4.repo.borgbase.co
# c) dir: repo
user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a)
state: present
key: "{{ backup_local_ssh_key['content'] | b64decode }}"
delegate_to: "{{ borg_repository | regex_search('@(.*):', '\\1') | first }}" # part b)
- name: Init repository
ansible.builtin.command:
cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"
- name: Activate systemd service and timer
when:
- borgmatic_timer is defined and borgmatic_timer == "systemd"
tags:
- never
- backup_init_repo
block:
- name: Populate service facts
ansible.builtin.service_facts:
- name: Start borgmatic services
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
masked: false
daemon_reload: true
when: "item in services"
with_items:
- borgmatic.service
# bug: Need own section without masked else the timer are skipped
- name: Start borgmatic timers
ansible.builtin.systemd:
name: "{{ item }}"
state: started
enabled: true
daemon_reload: true
with_items:
- "borgmatic.timer"