ansible-role-borg-backup/EXAMPLES.md
Frank Dornheim dd960dcf4e
Restructure role, add Systemd timer option. By @conloos (#112)
* add full path

* Update Readme.me: reorder optional Arguments, update cron -> systemd timer

* remove ssh_key_file; change cron to timer

* Removed cronie from package installation because systemd timer is used

* docker.sh - Stops all or selected containers to save the persistent data intact. The containers are started in reverse order

* Created arguments_specs.yml

* Role restructured:
  - if needed creation of a service user incl. creation of the ssh-key,
  - add the ssh key to authorized_keys,
  - auto init of the repos,
  - creation and start of systemd timer and services and
  - installation of the Docker helperscript.

* restructure role add import logic

* cleanup: user backup_user

* - "borg_source_directories" is not longer a required Argument
- add "borg_keys_directory" to load key from Service user during starting borgmatic by sudo

* Add borgmatic_initialization_repo (bool) as option to disable init of repo

* cleanup

* fix ansible-lint errors and warnings

* fix letter turner

* add option: borgmatic_timer

* add:
  - borgmatic_timer_systemd: true
readd:
  - borgmatic_cron_name: "borgmatic"

* - renamed borgmatic_cron_name to borgmatic_timer_cron_name to be more convergent.
- Change recommendations implemented by m3nu so that creation of a timer (systemd or cron) is optional and can be selected via borgmatic_timer.

* Add description to borgmatic_timer_cron_name and borgmatic_timer

* Add variable borg_cron_package to install the cron-packages in case of using timer: cron

* reworked timer install logic

* reworked timer install logic

* Add comments for running backup with service account

* add new parameters for tests

* Switch created to perform the backup as root or service account. If a service account is to be used, it will be created.

* Refactored: Check for ssh-key if not present, genereate them.

* Refactored

* Refactored

* renamed tasks/03_configure.yml to tasks/04_create_links_to_borg_and_borgmatic.yml

* Refactored

* Refactored

* add example for service account

* Update Python version for testing

* No auto init

* Add description to install_backup

* Add description to install_backup

* set coverage back to: m3nu.ansible_role_borgbackup

* The initialization of the repository must be activated and does not take place automatically.

* The initialization of the repository must be activated and does not take place automatically.

* Removed install_backup as var (bool) to prevent that this role run

* Rename backup_ssh_command to borg_ssh_command, tis was a double definition

* Renamed backup_repository to borg_repository and add better explanations

* remove copy ssh-keys and cert parts

* Add comments to borg_ssh_key_file and borg_ssh_key_type

* Set allways the borg_ssh_key_file and borg_ssh_command to load the right ssh-key. Add borg_ssh_key_type to select the key type by user

* Add borg_ssh_key_type

* renamed id_rsa to backup

* generate ssh-keys (backup and backup.pub) and add better explanation

* Print out key if borgmatic_initialization_repo is false

* Remove 'su - {{ borgbackup_user }} -c' to execute the borgmatic by the right user

* Add Check frequency, therefore, we no longer need to distinguish between normal and large repos

* Add link to Article

* renamed backup_ssh_command and backup_ssh_key_file to borg_ssh_command and borg_ssh_key_file

* Removed: borgmatic_initialization_repo

* Removed: borgmatic_initialization_repo

* Removed: borgmatic_initialization_repo

* revert changes

* Add Full Automation

* polishing

* rename backup.timer and bakup.service to borgmatic.timer and borgmatic.service

* remove debug

* Try to find services in ansible_facts

* Forgot to install Cron

* change borg_ssh_key_type to ed25519

* remove conditional checks

* - add hint to using a service user
- renamed: borg_ssh_key_file to borg_ssh_key_file_path
- removed advanced example

* add borg_ssh_key_name, renamed borg_ssh_key_file to borg_ssh_key_file_path

* removed static pointing to ~/.ssh/backup SSH private key

* Add README-Advanced-Examples.md for storing more examples

* Fix test idempotence

* Dont symlink when using distro packages

* Remove old test targets, consistent wording, remove tag

* Remove helper scripts, fix absolute path

* Fix cron job, add assert to prevent duplicate timers

* nit-pick

* Create bin links as root, no borg_ssh_command by default.

* Add breaking changes note to README

---------

Co-authored-by: Manu <manu@snapdragon.cc>
2023-03-28 18:01:12 +01:00

3.9 KiB

Additional Examples

Custom SSH key for backups only

- hosts: webservers
  roles:
  - role: m3nu.ansible_role_borgbackup
    borg_encryption_passphrase: CHANGEME
    borg_repository: ssh://m5vz9gp4@m5vz9gp4.repo.borgbase.com/./repo
    borgmatic_timer: systemd
    borg_ssh_key_name: id_backup
    borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new"
    borg_user: backupuser
    borg_group: backupuser

Use service user and copy SSH key to target server

Installs and configures the Borgmatic client and also initializes the repo on the remote backup server. (not tested)

- name: Configure backup
  hosts: test.lab
  pre_tasks:
  - name: Get home of {{ borg_user }}
    ansible.builtin.user:
      name: "{{ borg_user }}"
      state: present
    register: user_info
    changed_when: false
    check_mode: true  # Important, otherwise user will be created

  - name: Save the user_info, we need them for the home_dir
    ansible.builtin.set_fact:
      backup_user_info: "{{ user_info }}"
  vars_files: []
  vars:
    borg_encryption_passphrase: "CHANGEME"
    borg_repository: "USER@TARGET_SERVER:/PATH/TO/BACKUP"
    borg_user: "srv_backup"
    borg_group: "srv_backup"
    borg_ssh_key_name: id_backup
    borg_ssh_command: "ssh -i {{ borg_ssh_key_file_path }} -o StrictHostKeyChecking=accept-new"
    borgmatic_timer: systemd
    borg_source_directories:
      - /srv/www
      - /var/lib/automysqlbackup
    borg_exclude_patterns:
      - /srv/www/old-sites
    borg_retention_policy:
      keep_hourly: 3
      keep_daily: 7
      keep_weekly: 4
      keep_monthly: 6
    borgmatic_hooks:
      before_backup:
      - echo "`date` - Starting backup."
  tasks:
    - name: Configure Borg Backup and Backupmatic
      tags:
        - always
        - install_backup
      ansible.builtin.include_role:
        name: ansible_role_borgbackup
        apply:
          tags:
            - always


    - name: Copy SSH-Key to Target {{ borg_repository }} and Init Repo
      tags:
        - never
        - backup_init_repo
      block:
        - name: Read ssh key
          ansible.builtin.slurp:
            src: "{{ borg_ssh_key_file_path }}.pub"
          register: backup_local_ssh_key

        - name: Set authorized key taken from file
          ansible.posix.authorized_key:
            # example:
            #   borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
            #   have three parts: "username"@"FQDN":"path/to/store/backup", specific:
            #     a) user: m5vz9gp4
            #     b) fqdn: m5vz9gp4.repo.borgbase.co
            #     c) dir: repo
            user: "{{ borg_repository | regex_search('(.*)@', '\\1') | first }}" # part a)
            state: present
            key: "{{ backup_local_ssh_key['content'] | b64decode }}"
          delegate_to: "{{ borg_repository | regex_search('@(.*):', '\\1') | first }}" # part b)

        - name: Init repository
          ansible.builtin.command:
            cmd: "su - {{ borg_user }} -c '/usr/local/bin/borgmatic rcreate --encryption keyfile --append-only'"

    - name: Activate systemd service and timer
      when:
        - borgmatic_timer is defined and borgmatic_timer == "systemd"
      tags:
        - never
        - backup_init_repo
      block:
        - name: Populate service facts
          ansible.builtin.service_facts:

        - name: Start borgmatic services
          ansible.builtin.systemd:
            name: "{{ item }}"
            state: started
            enabled: true
            masked: false
            daemon_reload: true
          when: "item in services"
          with_items:
            - borgmatic.service

        # bug: Need own section without masked else the timer are skipped
        - name: Start borgmatic timers
          ansible.builtin.systemd:
            name: "{{ item }}"
            state: started
            enabled: true
            daemon_reload: true
          with_items:
            - "borgmatic.timer"