This role wraps our old backup scripts. Scripts intentionally are included as templates to allow refactoring of the old code over time, without breaking anything.
This is a standalone role, not tied to our approach to infrustructure maintenance.
Example configuration
backup:
source_prefix: nfs.example.com:/volumepath
dest_prefix: /srv/mnt
target: /srv/backup
log_archive_pattern: '/srv/backup/logs/%profile/%Y/%m/%d.log'
maxnum: 14
profiles:
share1:
oncalendar: "*-*-* 01:05:01"
maxnum: 0
share2:
oncalendar: "*-*-* 01:35:01"
state: absent
share3:
oncalendar: "*-*-* 02:05:01"A prefix for mounting backup source volumes. Note: If this is set no local volumes are supported. If you need a mix of volumes already mounted, and to be mounted by this script leave this empty, and specify the path for each profile.
The prefix for the source volumes on the backup host.
The target directory for the backups.
The maximum number of copies to keep. If set to 0 or less expiration is disabled.
A pattern to a filename storing the log file after the current run. The variables %Y, %m and %d as documented for date as well as %profile are replaced. The base directory is created before writing the log file.
For this to work the backup needs to run as systemd service, and at most once per day. The script just redirects the output of journalctl -u backup@$_profile.service --since today to the log file.
The local mountpoint containing the data to back up. If src is set this will be mounted here, otherwise it is assumed the volume is already mounted. If the global key source_prefix is set the default behaviour changes to setting this to source_prefix/profile, i.e., volumes without mounting are no longer supported.
The remote or volume path to containing the data to be backed up. Optional, only required if the backup script needs to mount the volume. If the global option dest_prefix is set this defaults to dest_prefix/profile
Mount options, in case the volume needs to be mounted. The default is ro,X-mount.mkdir.
A list of files/patterns to be excluded. Each list entry is written as a line to a rsync exclude file. Optional.
The maximum number of copies to keep. Falls back to the global maxnum, see the documentation there. Optional.
See global parameter.
See global parameter.
Transport backend for restic. When set to rclone_ssh the rclone backend is used with an SSH connection to a server running rclone serve restic --stdio (e.g. via a forced command in authorized_keys). This sets RESTIC_REPOSITORY=rclone: and generates a dedicated SSH config file used only for this profile. Requires the rclone_ssh key to be configured.
Configuration block for the rclone_ssh transport. All sub-keys except strict_host_checking are required when restic_transport: rclone_ssh is set.
Example configuration:
backup:
profiles:
my-backup:
type: restic
restic_transport: rclone_ssh
oncalendar: "*-*-* 02:00:00"
rclone_ssh:
host: restic-rclone
user: ssh-user
hostname: restic-ssh.example.com
port: 23
identity_file: /root/.ssh/resticSSH Host alias used in both the generated SSH config and as the target for ssh -q <host>.
SSH username.
Actual hostname or IP address of the server.
SSH port. Defaults to 22.
Path to the SSH private key file.
Value for StrictHostKeyChecking in the SSH config. Defaults to accept-new.
Optional. Path in the password store to the SSH private key content. When set, the key is written to identity_file.
The SSH config file is written to {{backup.lib_dir}}/ssh/{{profile}}.conf and is passed via ssh -F so it does not interfere with the system or root SSH configuration.