From 0f62ce72646f32b9bcd97af1c101f6356951f785 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 22 Nov 2023 14:18:57 +0100 Subject: [PATCH 01/16] Adding support for PHP session lifetime. (#1240) * Adding support for PHP session lifetime. * Updating module namespaces. --- .gitignore | 1 + roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml | 2 +- roles/aws/aws_ec2_with_eip/tasks/main.yml | 2 +- roles/aws/aws_iam_role/tasks/main.yml | 2 +- roles/aws/aws_iam_saml/tasks/main.yml | 8 ++++---- roles/aws/aws_s3_bucket/tasks/main.yml | 2 +- roles/php-cli/defaults/main.yml | 1 + roles/php-cli/templates/php.cli.ini.j2 | 2 +- roles/php-fpm/defaults/main.yml | 1 + roles/php-fpm/templates/php.fpm.ini.j2 | 2 +- 10 files changed, 13 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index e7f2aff69..609ae422a 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ /ce-dev/ansible/vars/_common/*_exporter.yml /test.yml /ce-dev/ansible/plays/provision-target/indexer +/roles/contrib diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml index f7e5dd8d9..62ac05cc5 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml @@ -291,7 +291,7 @@ - aws_ec2_autoscale_cluster.deploy_cluster - name: Gather IAM role info. - community.aws.iam_role_info: + amazon.aws.iam_role_info: profile: "{{ aws_ec2_autoscale_cluster.aws_profile }}" region: "{{ aws_ec2_autoscale_cluster.region }}" name: "{{ aws_ec2_autoscale_cluster.iam_role_name }}" diff --git a/roles/aws/aws_ec2_with_eip/tasks/main.yml b/roles/aws/aws_ec2_with_eip/tasks/main.yml index 4ecf47a8c..df46827d6 100644 --- a/roles/aws/aws_ec2_with_eip/tasks/main.yml +++ b/roles/aws/aws_ec2_with_eip/tasks/main.yml @@ -13,7 +13,7 @@ _aws_ec2_with_eip_image_latest: "{{ _aws_ec2_with_eip_image.images | sort(attribute='creation_date') | last }}" - name: Gather IAM role info. - community.aws.iam_role_info: + amazon.aws.iam_role_info: profile: "{{ aws_ec2_with_eip.aws_profile }}" region: "{{ aws_ec2_with_eip.region }}" name: "{{ aws_ec2_with_eip.iam_role_name }}" diff --git a/roles/aws/aws_iam_role/tasks/main.yml b/roles/aws/aws_iam_role/tasks/main.yml index 9c9e6349f..e82a47acb 100644 --- a/roles/aws/aws_iam_role/tasks/main.yml +++ b/roles/aws/aws_iam_role/tasks/main.yml @@ -1,5 +1,5 @@ - name: Create an IAM role. - community.aws.iam_role: + amazon.aws.iam_role: profile: "{{ aws_iam_role.aws_profile }}" name: "{{ aws_iam_role.name }}" assume_role_policy_document: "{{ lookup('file', aws_iam_role.policy_document + '_document_policy.json') }}" diff --git a/roles/aws/aws_iam_saml/tasks/main.yml b/roles/aws/aws_iam_saml/tasks/main.yml index 81fd4876d..fefb04709 100644 --- a/roles/aws/aws_iam_saml/tasks/main.yml +++ b/roles/aws/aws_iam_saml/tasks/main.yml @@ -23,7 +23,7 @@ register: _aws_account_info - name: Create a role for administrative access - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ aws_iam_saml.admin_role }}" profile: "{{ aws_iam_saml.aws_profile }}" tags: "{{ aws_iam_saml.tags }}" @@ -37,7 +37,7 @@ - aws_iam_saml.admin_groups[0] is defined - name: Create a role for read-only access - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ aws_iam_saml.readonly_role }}" profile: "{{ aws_iam_saml.aws_profile }}" tags: "{{ aws_iam_saml.tags }}" @@ -51,7 +51,7 @@ - aws_iam_saml.readonly_groups[0] is defined - name: Create a customer managed policy for billing access - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: policy_name: "{{ aws_iam_saml.billing_policy }}" policy_description: "Custom policy for billing access" profile: "{{ aws_iam_saml.aws_profile }}" @@ -64,7 +64,7 @@ - aws_iam_saml.billing_groups[0] is defined - name: Create a role for billing access - community.aws.iam_role: + amazon.aws.iam_role: name: "{{ aws_iam_saml.billing_role }}" profile: "{{ aws_iam_saml.aws_profile }}" tags: "{{ aws_iam_saml.tags }}" diff --git a/roles/aws/aws_s3_bucket/tasks/main.yml b/roles/aws/aws_s3_bucket/tasks/main.yml index a6d6cf8f1..d5ae0ce71 100644 --- a/roles/aws/aws_s3_bucket/tasks/main.yml +++ b/roles/aws/aws_s3_bucket/tasks/main.yml @@ -8,7 +8,7 @@ register: _aws_s3_bucket_bucket - name: Create a matching policy. - community.aws.iam_managed_policy: + amazon.aws.iam_managed_policy: profile: "{{ aws_s3_bucket.aws_profile }}" region: "{{ aws_s3_bucket.region }}" policy_name: "{{ aws_s3_bucket.name }}" diff --git a/roles/php-cli/defaults/main.yml b/roles/php-cli/defaults/main.yml index 6460844e3..29a81b723 100644 --- a/roles/php-cli/defaults/main.yml +++ b/roles/php-cli/defaults/main.yml @@ -21,6 +21,7 @@ php: max_file_uploads: 20 date_timezone: "Europe/London" overrides: {} + gc_maxlifetime: 1440 opcache: enable: 1 enable_cli: 0 diff --git a/roles/php-cli/templates/php.cli.ini.j2 b/roles/php-cli/templates/php.cli.ini.j2 index 2bf91165c..abdcaba6c 100644 --- a/roles/php-cli/templates/php.cli.ini.j2 +++ b/roles/php-cli/templates/php.cli.ini.j2 @@ -1384,7 +1384,7 @@ session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. ; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 +session.gc_maxlifetime = {{ php.cli.gc_maxlifetime }} ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* diff --git a/roles/php-fpm/defaults/main.yml b/roles/php-fpm/defaults/main.yml index 3e6a4d7d0..079312f3c 100644 --- a/roles/php-fpm/defaults/main.yml +++ b/roles/php-fpm/defaults/main.yml @@ -29,6 +29,7 @@ php: max_spare_servers: 3 process_idle_timeout: 10s max_requests: 500 + gc_maxlifetime: 1440 opcache: enable: 1 enable_cli: 0 diff --git a/roles/php-fpm/templates/php.fpm.ini.j2 b/roles/php-fpm/templates/php.fpm.ini.j2 index ccfe65dcc..b4d1185d9 100644 --- a/roles/php-fpm/templates/php.fpm.ini.j2 +++ b/roles/php-fpm/templates/php.fpm.ini.j2 @@ -1384,7 +1384,7 @@ session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. ; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 +session.gc_maxlifetime = {{ php.fpm.gc_maxlifetime }} ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* From 520a6c86c86a3c6c2cf1cfaf3aaf294dc4be61d4 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Thu, 23 Nov 2023 15:23:43 +0100 Subject: [PATCH 02/16] Default packages pr 1.x (#1257) * Adding extra packages to common_base. * Fixing typo. --- roles/_meta/common_base/meta/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml index 938863506..119d34190 100644 --- a/roles/_meta/common_base/meta/main.yml +++ b/roles/_meta/common_base/meta/main.yml @@ -1,6 +1,6 @@ --- dependencies: - - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx"] } + - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "dnsutils", "telnet", "atop", "sysstat"] } - role: locales - role: user_root - role: apt_extra_packages From 044cb4ea5bb3b6ed0acc6816c655fde313a5fe3e Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Fri, 24 Nov 2023 19:11:11 +0100 Subject: [PATCH 03/16] Default packages pr 1.x (#1261) * Adding extra packages to common_base. * Fixing typo. * Removing diagnostic packages from containers. --- .gitignore | 1 + roles/_meta/common_base/meta/main.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 609ae422a..aac4f84cb 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /test.yml /ce-dev/ansible/plays/provision-target/indexer /roles/contrib +/docs/roles/contrib diff --git a/roles/_meta/common_base/meta/main.yml b/roles/_meta/common_base/meta/main.yml index 119d34190..ce0c462e7 100644 --- a/roles/_meta/common_base/meta/main.yml +++ b/roles/_meta/common_base/meta/main.yml @@ -1,6 +1,7 @@ --- dependencies: - - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx", "dnsutils", "telnet", "atop", "sysstat"] } + - { role: apt_extra_packages, apt_extra_packages: ["rsync", "python3-apt", "acl", "gnupg", "build-essential", "cron", "bsd-mailx"] } + - { role: apt_extra_packages, apt_extra_packages: ["dnsutils", "telnet", "atop", "sysstat"], when: ( is_local is not defined or not is_local ) } - role: locales - role: user_root - role: apt_extra_packages From bc3967d9e5a33ff57628c78ffc9356a851ab9185 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Tue, 28 Nov 2023 14:23:20 +0100 Subject: [PATCH 04/16] Providing Backblaze support in Duplicity role. --- docs/_Sidebar.md | 1 + docs/roles/duplicity.md | 38 ++++++++++ roles/duplicity/README.md | 38 ++++++++++ roles/duplicity/defaults/main.yml | 5 +- roles/duplicity/tasks/main.yml | 6 +- .../templates/duplicity_backup-b2.j2 | 70 +++++++++++++++++++ ...icity_backup.j2 => duplicity_backup-s3.j2} | 18 ++--- .../duplicity/templates/duplicity_clean-b2.j2 | 39 +++++++++++ ...plicity_clean.j2 => duplicity_clean-s3.j2} | 10 +-- .../templates/duplicity_restore-b2.j2 | 44 ++++++++++++ ...ity_restore.j2 => duplicity_restore-s3.j2} | 10 +-- 11 files changed, 258 insertions(+), 21 deletions(-) create mode 100644 docs/roles/duplicity.md create mode 100644 roles/duplicity/README.md create mode 100644 roles/duplicity/templates/duplicity_backup-b2.j2 rename roles/duplicity/templates/{duplicity_backup.j2 => duplicity_backup-s3.j2} (73%) create mode 100644 roles/duplicity/templates/duplicity_clean-b2.j2 rename roles/duplicity/templates/{duplicity_clean.j2 => duplicity_clean-s3.j2} (68%) create mode 100644 roles/duplicity/templates/duplicity_restore-b2.j2 rename roles/duplicity/templates/{duplicity_restore.j2 => duplicity_restore-s3.j2} (72%) diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 7164f84be..81b07e8c1 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -39,6 +39,7 @@ - [Automated patching](/roles/ce_patcher) - [ce-provision](/roles/ce_provision) - [ClamAV](/roles/clamav) + - [Duplicity](/roles/duplicity) - [Firewall Config](/roles/firewall_config) - [Frontail](/roles/frontail) - [Gitlab](/roles/gitlab) diff --git a/docs/roles/duplicity.md b/docs/roles/duplicity.md new file mode 100644 index 000000000..7349f2eae --- /dev/null +++ b/docs/roles/duplicity.md @@ -0,0 +1,38 @@ +# Duplicity +Role to install and configure [the Duplicity backup engine](https://duplicity.us/) for off site backups in Linux. + + + + + +## Default variables +```yaml +--- +duplicity: + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" + backend_url: "s3-eu-west-1.amazonaws.com" + bucketname: "somebucket" + dirs: + - name: "/boot" + rules: [] + - name: "/etc" + rules: [] + - name: "/opt" + rules: [] + - name: "/var" + rules: + - "+ /var/log/syslog*" + - "- /var" + exclude_other_filesystems: false + full_backup_frequency: "3M" + gpg_passphrase: "{{ lookup('password', _ce_provision_data_dir + '/' + inventory_hostname + '/duplicity-gpg-passphrase chars=ascii_letters,digits length=64') }}" + install_dir: "/opt/duplicity" + mail_recipient: "foo@bar.com" + retention_period: "12M" + schedule: "0 0 * * *" + +``` + + diff --git a/roles/duplicity/README.md b/roles/duplicity/README.md new file mode 100644 index 000000000..7349f2eae --- /dev/null +++ b/roles/duplicity/README.md @@ -0,0 +1,38 @@ +# Duplicity +Role to install and configure [the Duplicity backup engine](https://duplicity.us/) for off site backups in Linux. + + + + + +## Default variables +```yaml +--- +duplicity: + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" + backend_url: "s3-eu-west-1.amazonaws.com" + bucketname: "somebucket" + dirs: + - name: "/boot" + rules: [] + - name: "/etc" + rules: [] + - name: "/opt" + rules: [] + - name: "/var" + rules: + - "+ /var/log/syslog*" + - "- /var" + exclude_other_filesystems: false + full_backup_frequency: "3M" + gpg_passphrase: "{{ lookup('password', _ce_provision_data_dir + '/' + inventory_hostname + '/duplicity-gpg-passphrase chars=ascii_letters,digits length=64') }}" + install_dir: "/opt/duplicity" + mail_recipient: "foo@bar.com" + retention_period: "12M" + schedule: "0 0 * * *" + +``` + + diff --git a/roles/duplicity/defaults/main.yml b/roles/duplicity/defaults/main.yml index 98fc178cc..87cb46ee6 100644 --- a/roles/duplicity/defaults/main.yml +++ b/roles/duplicity/defaults/main.yml @@ -1,7 +1,8 @@ --- duplicity: - aws_access_key_id: "somekey" - aws_secret_access_key: "somesecret" + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" bucketname: "somebucket" dirs: diff --git a/roles/duplicity/tasks/main.yml b/roles/duplicity/tasks/main.yml index 2fa297dde..b1d095b18 100644 --- a/roles/duplicity/tasks/main.yml +++ b/roles/duplicity/tasks/main.yml @@ -28,7 +28,7 @@ - name: Copy backup script in place. ansible.builtin.template: - src: duplicity_backup.j2 + src: "duplicity_backup-{{ duplicity.backend }}.j2" dest: "{{ duplicity.install_dir }}/bin/duplicity_backup" owner: root group: root @@ -36,7 +36,7 @@ - name: Copy restore script in place. ansible.builtin.template: - src: duplicity_restore.j2 + src: duplicity_restore-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_restore" owner: root group: root @@ -44,7 +44,7 @@ - name: Copy clean-up script in place. ansible.builtin.template: - src: duplicity_clean.j2 + src: duplicity_clean-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_clean" owner: root group: root diff --git a/roles/duplicity/templates/duplicity_backup-b2.j2 b/roles/duplicity/templates/duplicity_backup-b2.j2 new file mode 100644 index 000000000..0d502c0a3 --- /dev/null +++ b/roles/duplicity/templates/duplicity_backup-b2.j2 @@ -0,0 +1,70 @@ +#!/bin/bash + +# Duplicity Backup script + +# Declare and export secrets +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# How often should we make a full backup? Recommended: 3 months +FULL_BACKUPS="{{ duplicity.full_backup_frequency }}" + +# Remove old backups? 0 for no, 1 for yes +REMOVE_OLD_BACKUPS=1 + +# How often should we purge old backups? Recommended: 12 months. +REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" + +# Args to pass to duplicity +{% if duplicity.exclude_other_filesystems %} +backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30" +{% else %} +backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30" +{% endif %} +maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force" + +# An array of directories to back up +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Backup code below. You should not need to edit anything here. + +# Loop over each dir and perform the backup. +for dir in ${DIRS[@]}; do + echo "Backing up $dir..." + + extra_options="" + if [ -f "{{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" ]; then + extra_options="--include-filelist {{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" + fi + + # A special clause for /root. We don't want the local duplicity cache data + if [ $dir = "/root" ]; then + extra_options="$extra_options --exclude /root/.cache" + fi + + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir + duplicity $backup_options $extra_options $dir $DEST || exit 1 + + if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then + # Do some maintenance on the remote end to clean up old backups + echo "Performing routine maintenance on $dir..." + duplicity $maintenance_options $DEST || exit 1 + fi +done + +unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_backup.j2 b/roles/duplicity/templates/duplicity_backup-s3.j2 similarity index 73% rename from roles/duplicity/templates/duplicity_backup.j2 rename to roles/duplicity/templates/duplicity_backup-s3.j2 index 642ea656d..b8a8d8938 100644 --- a/roles/duplicity/templates/duplicity_backup.j2 +++ b/roles/duplicity/templates/duplicity_backup-s3.j2 @@ -3,9 +3,9 @@ # Duplicity Backup script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -15,13 +15,13 @@ fi ## Configurable variables # How often should we make a full backup? Recommended: 3 months -FULL_BACKUPS="{{duplicity.full_backup_frequency}}" +FULL_BACKUPS="{{ duplicity.full_backup_frequency }}" # Remove old backups? 0 for no, 1 for yes REMOVE_OLD_BACKUPS=1 # How often should we purge old backups? Recommended: 12 months. -REMOVE_OLDER_THAN="{{duplicity.retention_period}}" +REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" # Args to pass to duplicity {% if duplicity.exclude_other_filesystems %} @@ -46,8 +46,8 @@ for dir in ${DIRS[@]}; do echo "Backing up $dir..." extra_options="" - if [ -f "{{duplicity.install_dir}}/etc/$dir-include-exclude-filelist" ]; then - extra_options="--include-filelist {{duplicity.install_dir}}/etc/$dir-include-exclude-filelist" + if [ -f "{{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" ]; then + extra_options="--include-filelist {{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" fi # A special clause for /root. We don't want the local duplicity cache data @@ -55,7 +55,7 @@ for dir in ${DIRS[@]}; do extra_options="$extra_options --exclude /root/.cache" fi - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then @@ -66,3 +66,5 @@ for dir in ${DIRS[@]}; do done unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID diff --git a/roles/duplicity/templates/duplicity_clean-b2.j2 b/roles/duplicity/templates/duplicity_clean-b2.j2 new file mode 100644 index 000000000..99f982745 --- /dev/null +++ b/roles/duplicity/templates/duplicity_clean-b2.j2 @@ -0,0 +1,39 @@ +#!/bin/bash + +# Duplicity Cleanup script + +# Declare and export secrets +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# Args to pass to duplicity +cleanup_options="clean --force" + +# An array of directories to clean +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Cleanup code below. You should not need to edit anything here. + +# Loop over each dir and perform the clean. +for dir in ${DIRS[@]}; do + echo "Cleaning up $dir..." + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir + duplicity $cleanup_options $DEST || exit 1 +done + +unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_clean.j2 b/roles/duplicity/templates/duplicity_clean-s3.j2 similarity index 68% rename from roles/duplicity/templates/duplicity_clean.j2 rename to roles/duplicity/templates/duplicity_clean-s3.j2 index f61a84d36..f6298871e 100644 --- a/roles/duplicity/templates/duplicity_clean.j2 +++ b/roles/duplicity/templates/duplicity_clean-s3.j2 @@ -3,9 +3,9 @@ # Duplicity Cleanup script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -30,8 +30,10 @@ DIRS=( # Loop over each dir and perform the clean. for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID diff --git a/roles/duplicity/templates/duplicity_restore-b2.j2 b/roles/duplicity/templates/duplicity_restore-b2.j2 new file mode 100644 index 000000000..74cf687f0 --- /dev/null +++ b/roles/duplicity/templates/duplicity_restore-b2.j2 @@ -0,0 +1,44 @@ +#!/bin/bash + +# Duplicity Restore script + +# Declare and export secrets +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# Directory to restore to +RESTORE_DIR=/tmp/restore-`date '+%F-%H%M'` + +# Restore to what point in time (ago) ? +#RESTORE_OPTIONS="-t 3D" + +# An array of directories to restore +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Restore code below. You should not need to edit anything here. + +mkdir -p $RESTORE_DIR + +# Loop over each dir and perform the restoration +for dir in ${DIRS[@]}; do + echo "Restoring $dir..." + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir + duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir +done + +unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_restore.j2 b/roles/duplicity/templates/duplicity_restore-s3.j2 similarity index 72% rename from roles/duplicity/templates/duplicity_restore.j2 rename to roles/duplicity/templates/duplicity_restore-s3.j2 index aadac33ad..b3e568029 100644 --- a/roles/duplicity/templates/duplicity_restore.j2 +++ b/roles/duplicity/templates/duplicity_restore-s3.j2 @@ -3,9 +3,9 @@ # Duplicity Restore script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -36,8 +36,10 @@ mkdir -p $RESTORE_DIR # Loop over each dir and perform the restoration for dir in ${DIRS[@]}; do echo "Restoring $dir..." - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID From d72c333fd936a63007e5fcd149e11371ad3852e1 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Tue, 28 Nov 2023 14:30:09 +0100 Subject: [PATCH 05/16] Moving Duplicity S3 options to an Ansible variable. --- docs/roles/duplicity.md | 1 + roles/duplicity/README.md | 1 + roles/duplicity/defaults/main.yml | 1 + roles/duplicity/templates/duplicity_backup-s3.j2 | 6 +++--- roles/duplicity/templates/duplicity_clean-s3.j2 | 2 +- roles/duplicity/templates/duplicity_restore-s3.j2 | 2 +- 6 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/roles/duplicity.md b/docs/roles/duplicity.md index 7349f2eae..43f4b6d7d 100644 --- a/docs/roles/duplicity.md +++ b/docs/roles/duplicity.md @@ -13,6 +13,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/duplicity/README.md b/roles/duplicity/README.md index 7349f2eae..43f4b6d7d 100644 --- a/roles/duplicity/README.md +++ b/roles/duplicity/README.md @@ -13,6 +13,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/duplicity/defaults/main.yml b/roles/duplicity/defaults/main.yml index 87cb46ee6..12cb44838 100644 --- a/roles/duplicity/defaults/main.yml +++ b/roles/duplicity/defaults/main.yml @@ -4,6 +4,7 @@ duplicity: access_key_id: "somekey" secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/duplicity/templates/duplicity_backup-s3.j2 b/roles/duplicity/templates/duplicity_backup-s3.j2 index b8a8d8938..8df13830b 100644 --- a/roles/duplicity/templates/duplicity_backup-s3.j2 +++ b/roles/duplicity/templates/duplicity_backup-s3.j2 @@ -25,11 +25,11 @@ REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" # Args to pass to duplicity {% if duplicity.exclude_other_filesystems %} -backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30 --s3-use-new-style --s3-european-buckets" +backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30 {{ duplicity.s3_options }}" {% else %} -backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30 --s3-use-new-style --s3-european-buckets" +backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30 {{ duplicity.s3_options }}" {% endif %} -maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force --s3-use-new-style --s3-european-buckets" +maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force {{ duplicity.s3_options }}" # An array of directories to back up DIRS=( diff --git a/roles/duplicity/templates/duplicity_clean-s3.j2 b/roles/duplicity/templates/duplicity_clean-s3.j2 index f6298871e..82c6afe53 100644 --- a/roles/duplicity/templates/duplicity_clean-s3.j2 +++ b/roles/duplicity/templates/duplicity_clean-s3.j2 @@ -15,7 +15,7 @@ fi ## Configurable variables # Args to pass to duplicity -cleanup_options="clean --force --s3-use-new-style --s3-european-buckets" +cleanup_options="clean --force {{ duplicity.s3_options }}" # An array of directories to clean DIRS=( diff --git a/roles/duplicity/templates/duplicity_restore-s3.j2 b/roles/duplicity/templates/duplicity_restore-s3.j2 index b3e568029..fc4d505e7 100644 --- a/roles/duplicity/templates/duplicity_restore-s3.j2 +++ b/roles/duplicity/templates/duplicity_restore-s3.j2 @@ -19,7 +19,7 @@ RESTORE_DIR=/tmp/restore-`date '+%F-%H%M'` # Restore to what point in time (ago) ? #RESTORE_OPTIONS="-t 3D" -RESTORE_OPTIONS="--s3-use-new-style --s3-european-buckets" +RESTORE_OPTIONS="{{ duplicity.s3_options }}" # An array of directories to restore DIRS=( From 35389c9750f2605a048cec93611ecb8532a31c92 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 28 Nov 2023 14:43:13 +0100 Subject: [PATCH 06/16] Duplicity updates pr 1.x (#1265) * Providing Backblaze support in Duplicity role. * Moving Duplicity S3 options to an Ansible variable. --- docs/_Sidebar.md | 1 + docs/roles/duplicity.md | 39 +++++++++++ roles/duplicity/README.md | 39 +++++++++++ roles/duplicity/defaults/main.yml | 6 +- roles/duplicity/tasks/main.yml | 6 +- ...icity_backup.j2 => duplicity_backup-b2.j2} | 24 ++++--- .../templates/duplicity_backup-s3.j2 | 70 +++++++++++++++++++ ...plicity_clean.j2 => duplicity_clean-b2.j2} | 12 ++-- .../duplicity/templates/duplicity_clean-s3.j2 | 39 +++++++++++ ...ity_restore.j2 => duplicity_restore-b2.j2} | 11 +-- .../templates/duplicity_restore-s3.j2 | 45 ++++++++++++ 11 files changed, 266 insertions(+), 26 deletions(-) create mode 100644 docs/roles/duplicity.md create mode 100644 roles/duplicity/README.md rename roles/duplicity/templates/{duplicity_backup.j2 => duplicity_backup-b2.j2} (68%) create mode 100644 roles/duplicity/templates/duplicity_backup-s3.j2 rename roles/duplicity/templates/{duplicity_clean.j2 => duplicity_clean-b2.j2} (64%) create mode 100644 roles/duplicity/templates/duplicity_clean-s3.j2 rename roles/duplicity/templates/{duplicity_restore.j2 => duplicity_restore-b2.j2} (70%) create mode 100644 roles/duplicity/templates/duplicity_restore-s3.j2 diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 7164f84be..81b07e8c1 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -39,6 +39,7 @@ - [Automated patching](/roles/ce_patcher) - [ce-provision](/roles/ce_provision) - [ClamAV](/roles/clamav) + - [Duplicity](/roles/duplicity) - [Firewall Config](/roles/firewall_config) - [Frontail](/roles/frontail) - [Gitlab](/roles/gitlab) diff --git a/docs/roles/duplicity.md b/docs/roles/duplicity.md new file mode 100644 index 000000000..43f4b6d7d --- /dev/null +++ b/docs/roles/duplicity.md @@ -0,0 +1,39 @@ +# Duplicity +Role to install and configure [the Duplicity backup engine](https://duplicity.us/) for off site backups in Linux. + + + + + +## Default variables +```yaml +--- +duplicity: + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" + backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options + bucketname: "somebucket" + dirs: + - name: "/boot" + rules: [] + - name: "/etc" + rules: [] + - name: "/opt" + rules: [] + - name: "/var" + rules: + - "+ /var/log/syslog*" + - "- /var" + exclude_other_filesystems: false + full_backup_frequency: "3M" + gpg_passphrase: "{{ lookup('password', _ce_provision_data_dir + '/' + inventory_hostname + '/duplicity-gpg-passphrase chars=ascii_letters,digits length=64') }}" + install_dir: "/opt/duplicity" + mail_recipient: "foo@bar.com" + retention_period: "12M" + schedule: "0 0 * * *" + +``` + + diff --git a/roles/duplicity/README.md b/roles/duplicity/README.md new file mode 100644 index 000000000..43f4b6d7d --- /dev/null +++ b/roles/duplicity/README.md @@ -0,0 +1,39 @@ +# Duplicity +Role to install and configure [the Duplicity backup engine](https://duplicity.us/) for off site backups in Linux. + + + + + +## Default variables +```yaml +--- +duplicity: + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" + backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options + bucketname: "somebucket" + dirs: + - name: "/boot" + rules: [] + - name: "/etc" + rules: [] + - name: "/opt" + rules: [] + - name: "/var" + rules: + - "+ /var/log/syslog*" + - "- /var" + exclude_other_filesystems: false + full_backup_frequency: "3M" + gpg_passphrase: "{{ lookup('password', _ce_provision_data_dir + '/' + inventory_hostname + '/duplicity-gpg-passphrase chars=ascii_letters,digits length=64') }}" + install_dir: "/opt/duplicity" + mail_recipient: "foo@bar.com" + retention_period: "12M" + schedule: "0 0 * * *" + +``` + + diff --git a/roles/duplicity/defaults/main.yml b/roles/duplicity/defaults/main.yml index 98fc178cc..12cb44838 100644 --- a/roles/duplicity/defaults/main.yml +++ b/roles/duplicity/defaults/main.yml @@ -1,8 +1,10 @@ --- duplicity: - aws_access_key_id: "somekey" - aws_secret_access_key: "somesecret" + backend: s3 # currently also support b2 for Backblaze + access_key_id: "somekey" + secret_access_key: "somesecret" backend_url: "s3-eu-west-1.amazonaws.com" + s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options bucketname: "somebucket" dirs: - name: "/boot" diff --git a/roles/duplicity/tasks/main.yml b/roles/duplicity/tasks/main.yml index 2fa297dde..b1d095b18 100644 --- a/roles/duplicity/tasks/main.yml +++ b/roles/duplicity/tasks/main.yml @@ -28,7 +28,7 @@ - name: Copy backup script in place. ansible.builtin.template: - src: duplicity_backup.j2 + src: "duplicity_backup-{{ duplicity.backend }}.j2" dest: "{{ duplicity.install_dir }}/bin/duplicity_backup" owner: root group: root @@ -36,7 +36,7 @@ - name: Copy restore script in place. ansible.builtin.template: - src: duplicity_restore.j2 + src: duplicity_restore-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_restore" owner: root group: root @@ -44,7 +44,7 @@ - name: Copy clean-up script in place. ansible.builtin.template: - src: duplicity_clean.j2 + src: duplicity_clean-{{ duplicity.backend }}.j2 dest: "{{ duplicity.install_dir }}/bin/duplicity_clean" owner: root group: root diff --git a/roles/duplicity/templates/duplicity_backup.j2 b/roles/duplicity/templates/duplicity_backup-b2.j2 similarity index 68% rename from roles/duplicity/templates/duplicity_backup.j2 rename to roles/duplicity/templates/duplicity_backup-b2.j2 index 642ea656d..0d502c0a3 100644 --- a/roles/duplicity/templates/duplicity_backup.j2 +++ b/roles/duplicity/templates/duplicity_backup-b2.j2 @@ -3,9 +3,9 @@ # Duplicity Backup script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -15,21 +15,21 @@ fi ## Configurable variables # How often should we make a full backup? Recommended: 3 months -FULL_BACKUPS="{{duplicity.full_backup_frequency}}" +FULL_BACKUPS="{{ duplicity.full_backup_frequency }}" # Remove old backups? 0 for no, 1 for yes REMOVE_OLD_BACKUPS=1 # How often should we purge old backups? Recommended: 12 months. -REMOVE_OLDER_THAN="{{duplicity.retention_period}}" +REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" # Args to pass to duplicity {% if duplicity.exclude_other_filesystems %} -backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30 --s3-use-new-style --s3-european-buckets" +backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30" {% else %} -backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30 --s3-use-new-style --s3-european-buckets" +backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30" {% endif %} -maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force --s3-use-new-style --s3-european-buckets" +maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force" # An array of directories to back up DIRS=( @@ -46,8 +46,8 @@ for dir in ${DIRS[@]}; do echo "Backing up $dir..." extra_options="" - if [ -f "{{duplicity.install_dir}}/etc/$dir-include-exclude-filelist" ]; then - extra_options="--include-filelist {{duplicity.install_dir}}/etc/$dir-include-exclude-filelist" + if [ -f "{{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" ]; then + extra_options="--include-filelist {{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" fi # A special clause for /root. We don't want the local duplicity cache data @@ -55,7 +55,7 @@ for dir in ${DIRS[@]}; do extra_options="$extra_options --exclude /root/.cache" fi - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then @@ -66,3 +66,5 @@ for dir in ${DIRS[@]}; do done unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_backup-s3.j2 b/roles/duplicity/templates/duplicity_backup-s3.j2 new file mode 100644 index 000000000..8df13830b --- /dev/null +++ b/roles/duplicity/templates/duplicity_backup-s3.j2 @@ -0,0 +1,70 @@ +#!/bin/bash + +# Duplicity Backup script + +# Declare and export secrets +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# How often should we make a full backup? Recommended: 3 months +FULL_BACKUPS="{{ duplicity.full_backup_frequency }}" + +# Remove old backups? 0 for no, 1 for yes +REMOVE_OLD_BACKUPS=1 + +# How often should we purge old backups? Recommended: 12 months. +REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" + +# Args to pass to duplicity +{% if duplicity.exclude_other_filesystems %} +backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30 {{ duplicity.s3_options }}" +{% else %} +backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30 {{ duplicity.s3_options }}" +{% endif %} +maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force {{ duplicity.s3_options }}" + +# An array of directories to back up +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Backup code below. You should not need to edit anything here. + +# Loop over each dir and perform the backup. +for dir in ${DIRS[@]}; do + echo "Backing up $dir..." + + extra_options="" + if [ -f "{{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" ]; then + extra_options="--include-filelist {{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" + fi + + # A special clause for /root. We don't want the local duplicity cache data + if [ $dir = "/root" ]; then + extra_options="$extra_options --exclude /root/.cache" + fi + + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir + duplicity $backup_options $extra_options $dir $DEST || exit 1 + + if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then + # Do some maintenance on the remote end to clean up old backups + echo "Performing routine maintenance on $dir..." + duplicity $maintenance_options $DEST || exit 1 + fi +done + +unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID diff --git a/roles/duplicity/templates/duplicity_clean.j2 b/roles/duplicity/templates/duplicity_clean-b2.j2 similarity index 64% rename from roles/duplicity/templates/duplicity_clean.j2 rename to roles/duplicity/templates/duplicity_clean-b2.j2 index f61a84d36..99f982745 100644 --- a/roles/duplicity/templates/duplicity_clean.j2 +++ b/roles/duplicity/templates/duplicity_clean-b2.j2 @@ -3,9 +3,9 @@ # Duplicity Cleanup script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -15,7 +15,7 @@ fi ## Configurable variables # Args to pass to duplicity -cleanup_options="clean --force --s3-use-new-style --s3-european-buckets" +cleanup_options="clean --force" # An array of directories to clean DIRS=( @@ -30,8 +30,10 @@ DIRS=( # Loop over each dir and perform the clean. for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_clean-s3.j2 b/roles/duplicity/templates/duplicity_clean-s3.j2 new file mode 100644 index 000000000..82c6afe53 --- /dev/null +++ b/roles/duplicity/templates/duplicity_clean-s3.j2 @@ -0,0 +1,39 @@ +#!/bin/bash + +# Duplicity Cleanup script + +# Declare and export secrets +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# Args to pass to duplicity +cleanup_options="clean --force {{ duplicity.s3_options }}" + +# An array of directories to clean +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Cleanup code below. You should not need to edit anything here. + +# Loop over each dir and perform the clean. +for dir in ${DIRS[@]}; do + echo "Cleaning up $dir..." + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir + duplicity $cleanup_options $DEST || exit 1 +done + +unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID diff --git a/roles/duplicity/templates/duplicity_restore.j2 b/roles/duplicity/templates/duplicity_restore-b2.j2 similarity index 70% rename from roles/duplicity/templates/duplicity_restore.j2 rename to roles/duplicity/templates/duplicity_restore-b2.j2 index aadac33ad..74cf687f0 100644 --- a/roles/duplicity/templates/duplicity_restore.j2 +++ b/roles/duplicity/templates/duplicity_restore-b2.j2 @@ -3,9 +3,9 @@ # Duplicity Restore script # Declare and export secrets -export AWS_ACCESS_KEY_ID={{duplicity.aws_access_key_id}} -export AWS_SECRET_ACCESS_KEY={{duplicity.aws_secret_access_key}} -export PASSPHRASE={{duplicity.gpg_passphrase}} +export PASSPHRASE={{ duplicity.gpg_passphrase }} +export B2_KEY_ID={{ duplicity.access_key_id }} +export B2_SECRET_KEY={{ duplicity.secret_access_key }} if [ ! `whoami` = "root" ] ; then echo "You must run this script as root" @@ -19,7 +19,6 @@ RESTORE_DIR=/tmp/restore-`date '+%F-%H%M'` # Restore to what point in time (ago) ? #RESTORE_OPTIONS="-t 3D" -RESTORE_OPTIONS="--s3-use-new-style --s3-european-buckets" # An array of directories to restore DIRS=( @@ -36,8 +35,10 @@ mkdir -p $RESTORE_DIR # Loop over each dir and perform the restoration for dir in ${DIRS[@]}; do echo "Restoring $dir..." - DEST=s3://{{duplicity.backend_url}}/{{duplicity.bucketname}}$dir + DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE +unset B2_KEY_ID +unset B2_SECRET_KEY diff --git a/roles/duplicity/templates/duplicity_restore-s3.j2 b/roles/duplicity/templates/duplicity_restore-s3.j2 new file mode 100644 index 000000000..fc4d505e7 --- /dev/null +++ b/roles/duplicity/templates/duplicity_restore-s3.j2 @@ -0,0 +1,45 @@ +#!/bin/bash + +# Duplicity Restore script + +# Declare and export secrets +export AWS_ACCESS_KEY_ID={{ duplicity.access_key_id }} +export AWS_SECRET_ACCESS_KEY={{ duplicity.secret_access_key }} +export PASSPHRASE={{ duplicity.gpg_passphrase }} + +if [ ! `whoami` = "root" ] ; then + echo "You must run this script as root" + exit 1 +fi + +## Configurable variables + +# Directory to restore to +RESTORE_DIR=/tmp/restore-`date '+%F-%H%M'` + +# Restore to what point in time (ago) ? +#RESTORE_OPTIONS="-t 3D" +RESTORE_OPTIONS="{{ duplicity.s3_options }}" + +# An array of directories to restore +DIRS=( +{% for item in duplicity.dirs %} + {{ item.name }} +{% endfor %} +) + + +## Restore code below. You should not need to edit anything here. + +mkdir -p $RESTORE_DIR + +# Loop over each dir and perform the restoration +for dir in ${DIRS[@]}; do + echo "Restoring $dir..." + DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir + duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir +done + +unset PASSPHRASE +unset AWS_SECRET_ACCESS_KEY +unset AWS_ACCESS_KEY_ID From ccc2110f525fd976242df34fdd19e4998c873170 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Tue, 28 Nov 2023 18:24:56 +0100 Subject: [PATCH 07/16] Correcting path for cron. --- roles/duplicity/templates/duplicity-cron.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/duplicity/templates/duplicity-cron.j2 b/roles/duplicity/templates/duplicity-cron.j2 index 5d9982a60..9dbee16d5 100644 --- a/roles/duplicity/templates/duplicity-cron.j2 +++ b/roles/duplicity/templates/duplicity-cron.j2 @@ -1,2 +1,2 @@ MAILTO="{{ duplicity.mail_recipient }}" -{{ duplicity.schedule }} root /usr/local/bin/duplicity_backup > /dev/null +{{ duplicity.schedule }} root {{ duplicity.install_dir }}/bin/duplicity_backup > /dev/null From 50ad1411bbf68aba8c05f0b5c8cd8b7353d161c5 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 28 Nov 2023 18:31:27 +0100 Subject: [PATCH 08/16] Duplicity updates pr 1.x (#1267) * Providing Backblaze support in Duplicity role. * Moving Duplicity S3 options to an Ansible variable. * Correcting path for cron. --- roles/duplicity/templates/duplicity-cron.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/duplicity/templates/duplicity-cron.j2 b/roles/duplicity/templates/duplicity-cron.j2 index 5d9982a60..9dbee16d5 100644 --- a/roles/duplicity/templates/duplicity-cron.j2 +++ b/roles/duplicity/templates/duplicity-cron.j2 @@ -1,2 +1,2 @@ MAILTO="{{ duplicity.mail_recipient }}" -{{ duplicity.schedule }} root /usr/local/bin/duplicity_backup > /dev/null +{{ duplicity.schedule }} root {{ duplicity.install_dir }}/bin/duplicity_backup > /dev/null From ce940d8e9364af81e66cb1d2b1c615ba02d5e123 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Tue, 28 Nov 2023 18:33:31 +0100 Subject: [PATCH 09/16] Option to suppress making a cron script. --- roles/duplicity/defaults/main.yml | 2 +- roles/duplicity/tasks/main.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/duplicity/defaults/main.yml b/roles/duplicity/defaults/main.yml index 12cb44838..a274e97a3 100644 --- a/roles/duplicity/defaults/main.yml +++ b/roles/duplicity/defaults/main.yml @@ -23,4 +23,4 @@ duplicity: install_dir: "/opt/duplicity" mail_recipient: "foo@bar.com" retention_period: "12M" - schedule: "0 0 * * *" + schedule: "0 0 * * *" # make this an empty string to not provide a cron job at all diff --git a/roles/duplicity/tasks/main.yml b/roles/duplicity/tasks/main.yml index b1d095b18..db8f0c369 100644 --- a/roles/duplicity/tasks/main.yml +++ b/roles/duplicity/tasks/main.yml @@ -69,6 +69,8 @@ owner: root group: root mode: 0644 + when: + - duplicity.schedule | length > 0 - name: Trigger overrides ansible.builtin.include_role: From 9b3079b835a86b3d59ac5c06a5a3242456c2ecda Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Tue, 28 Nov 2023 18:36:04 +0100 Subject: [PATCH 10/16] Duplicity updates pr 1.x (#1268) * Providing Backblaze support in Duplicity role. * Moving Duplicity S3 options to an Ansible variable. * Correcting path for cron. * Option to suppress making a cron script. --- roles/duplicity/defaults/main.yml | 2 +- roles/duplicity/tasks/main.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/duplicity/defaults/main.yml b/roles/duplicity/defaults/main.yml index 12cb44838..a274e97a3 100644 --- a/roles/duplicity/defaults/main.yml +++ b/roles/duplicity/defaults/main.yml @@ -23,4 +23,4 @@ duplicity: install_dir: "/opt/duplicity" mail_recipient: "foo@bar.com" retention_period: "12M" - schedule: "0 0 * * *" + schedule: "0 0 * * *" # make this an empty string to not provide a cron job at all diff --git a/roles/duplicity/tasks/main.yml b/roles/duplicity/tasks/main.yml index b1d095b18..db8f0c369 100644 --- a/roles/duplicity/tasks/main.yml +++ b/roles/duplicity/tasks/main.yml @@ -69,6 +69,8 @@ owner: root group: root mode: 0644 + when: + - duplicity.schedule | length > 0 - name: Trigger overrides ansible.builtin.include_role: From 3efdb93f1c158c129cc473bcb3b73548e713daa7 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Wed, 29 Nov 2023 10:12:03 +0100 Subject: [PATCH 11/16] duplicity not in path for cron so needs full path in script. --- roles/duplicity/templates/duplicity_backup-b2.j2 | 4 ++-- roles/duplicity/templates/duplicity_backup-s3.j2 | 4 ++-- roles/duplicity/templates/duplicity_clean-b2.j2 | 2 +- roles/duplicity/templates/duplicity_clean-s3.j2 | 2 +- roles/duplicity/templates/duplicity_restore-b2.j2 | 2 +- roles/duplicity/templates/duplicity_restore-s3.j2 | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/duplicity/templates/duplicity_backup-b2.j2 b/roles/duplicity/templates/duplicity_backup-b2.j2 index 0d502c0a3..b41b992b8 100644 --- a/roles/duplicity/templates/duplicity_backup-b2.j2 +++ b/roles/duplicity/templates/duplicity_backup-b2.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity $backup_options $extra_options $dir $DEST || exit 1 + /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - duplicity $maintenance_options $DEST || exit 1 + /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/duplicity/templates/duplicity_backup-s3.j2 b/roles/duplicity/templates/duplicity_backup-s3.j2 index 8df13830b..993de8643 100644 --- a/roles/duplicity/templates/duplicity_backup-s3.j2 +++ b/roles/duplicity/templates/duplicity_backup-s3.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity $backup_options $extra_options $dir $DEST || exit 1 + /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - duplicity $maintenance_options $DEST || exit 1 + /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/duplicity/templates/duplicity_clean-b2.j2 b/roles/duplicity/templates/duplicity_clean-b2.j2 index 99f982745..d8c8bb4b4 100644 --- a/roles/duplicity/templates/duplicity_clean-b2.j2 +++ b/roles/duplicity/templates/duplicity_clean-b2.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity $cleanup_options $DEST || exit 1 + /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_clean-s3.j2 b/roles/duplicity/templates/duplicity_clean-s3.j2 index 82c6afe53..81b898fda 100644 --- a/roles/duplicity/templates/duplicity_clean-s3.j2 +++ b/roles/duplicity/templates/duplicity_clean-s3.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity $cleanup_options $DEST || exit 1 + /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_restore-b2.j2 b/roles/duplicity/templates/duplicity_restore-b2.j2 index 74cf687f0..372431934 100644 --- a/roles/duplicity/templates/duplicity_restore-b2.j2 +++ b/roles/duplicity/templates/duplicity_restore-b2.j2 @@ -36,7 +36,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_restore-s3.j2 b/roles/duplicity/templates/duplicity_restore-s3.j2 index fc4d505e7..da038389f 100644 --- a/roles/duplicity/templates/duplicity_restore-s3.j2 +++ b/roles/duplicity/templates/duplicity_restore-s3.j2 @@ -37,7 +37,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE From c1498e521ec1ba47d96b729e8e1deee7425e4264 Mon Sep 17 00:00:00 2001 From: Greg Harvey Date: Wed, 29 Nov 2023 10:16:22 +0100 Subject: [PATCH 12/16] Duplicity updates pr 1.x (#1270) * Providing Backblaze support in Duplicity role. * Moving Duplicity S3 options to an Ansible variable. * Correcting path for cron. * Option to suppress making a cron script. * duplicity not in path for cron so needs full path in script. --- roles/duplicity/templates/duplicity_backup-b2.j2 | 4 ++-- roles/duplicity/templates/duplicity_backup-s3.j2 | 4 ++-- roles/duplicity/templates/duplicity_clean-b2.j2 | 2 +- roles/duplicity/templates/duplicity_clean-s3.j2 | 2 +- roles/duplicity/templates/duplicity_restore-b2.j2 | 2 +- roles/duplicity/templates/duplicity_restore-s3.j2 | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/duplicity/templates/duplicity_backup-b2.j2 b/roles/duplicity/templates/duplicity_backup-b2.j2 index 0d502c0a3..b41b992b8 100644 --- a/roles/duplicity/templates/duplicity_backup-b2.j2 +++ b/roles/duplicity/templates/duplicity_backup-b2.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity $backup_options $extra_options $dir $DEST || exit 1 + /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - duplicity $maintenance_options $DEST || exit 1 + /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/duplicity/templates/duplicity_backup-s3.j2 b/roles/duplicity/templates/duplicity_backup-s3.j2 index 8df13830b..993de8643 100644 --- a/roles/duplicity/templates/duplicity_backup-s3.j2 +++ b/roles/duplicity/templates/duplicity_backup-s3.j2 @@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do fi DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity $backup_options $extra_options $dir $DEST || exit 1 + /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then # Do some maintenance on the remote end to clean up old backups echo "Performing routine maintenance on $dir..." - duplicity $maintenance_options $DEST || exit 1 + /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 fi done diff --git a/roles/duplicity/templates/duplicity_clean-b2.j2 b/roles/duplicity/templates/duplicity_clean-b2.j2 index 99f982745..d8c8bb4b4 100644 --- a/roles/duplicity/templates/duplicity_clean-b2.j2 +++ b/roles/duplicity/templates/duplicity_clean-b2.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity $cleanup_options $DEST || exit 1 + /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_clean-s3.j2 b/roles/duplicity/templates/duplicity_clean-s3.j2 index 82c6afe53..81b898fda 100644 --- a/roles/duplicity/templates/duplicity_clean-s3.j2 +++ b/roles/duplicity/templates/duplicity_clean-s3.j2 @@ -31,7 +31,7 @@ DIRS=( for dir in ${DIRS[@]}; do echo "Cleaning up $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity $cleanup_options $DEST || exit 1 + /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_restore-b2.j2 b/roles/duplicity/templates/duplicity_restore-b2.j2 index 74cf687f0..372431934 100644 --- a/roles/duplicity/templates/duplicity_restore-b2.j2 +++ b/roles/duplicity/templates/duplicity_restore-b2.j2 @@ -36,7 +36,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE diff --git a/roles/duplicity/templates/duplicity_restore-s3.j2 b/roles/duplicity/templates/duplicity_restore-s3.j2 index fc4d505e7..da038389f 100644 --- a/roles/duplicity/templates/duplicity_restore-s3.j2 +++ b/roles/duplicity/templates/duplicity_restore-s3.j2 @@ -37,7 +37,7 @@ mkdir -p $RESTORE_DIR for dir in ${DIRS[@]}; do echo "Restoring $dir..." DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir - duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir + /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir done unset PASSPHRASE From fb76286f04b50ac29b6b025aa493664d7cfcb0f6 Mon Sep 17 00:00:00 2001 From: tymofiisobchenko <104431720+tymofiisobchenko@users.noreply.github.com> Date: Wed, 29 Nov 2023 20:55:15 +0200 Subject: [PATCH 13/16] R66963 separate lb fix pr 1.x (#1272) * r66963-separate-lb-fix * attempt to add TGW routes to list --- roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml | 1 - roles/aws/aws_vpc_route/tasks/route.yml | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml index 62ac05cc5..8d57cf4c1 100644 --- a/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml +++ b/roles/aws/aws_ec2_autoscale_cluster/tasks/main.yml @@ -321,7 +321,6 @@ register: _aws_ec2_target_group_created when: - aws_ec2_autoscale_cluster.asg_refresh - - aws_ec2_autoscale_cluster.create_elb - name: Define default ALB listeners. ansible.builtin.set_fact: diff --git a/roles/aws/aws_vpc_route/tasks/route.yml b/roles/aws/aws_vpc_route/tasks/route.yml index 57e23f601..e353623af 100644 --- a/roles/aws/aws_vpc_route/tasks/route.yml +++ b/roles/aws/aws_vpc_route/tasks/route.yml @@ -7,6 +7,7 @@ gateway_id: "{{ route.gateway_id | default(omit) }}" nat_gateway_id: "{{ route.nat_gateway_id | default(omit) }}" network_interface_id: "{{ route.network_interface_id | default(omit) }}" + transit_gateway_id: "{{ route.transit_gateway_id | default(omit) }}" vpc_peering_connection_id: "{{ route.vpc_peering_connection_id | default(omit) }}" instance_id: "{{ route.instance_id | default(omit) }}" From 29ea4430b82fc1553decb63f37ccc7ea25743df7 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 30 Nov 2023 14:16:05 +0100 Subject: [PATCH 14/16] Updating Duplicity docs. --- docs/_Sidebar.md | 1 + docs/roles/{ => debian}/duplicity.md | 4 +++- roles/debian/duplicity/README.md | 4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) rename docs/roles/{ => debian}/duplicity.md (79%) diff --git a/docs/_Sidebar.md b/docs/_Sidebar.md index 16c64086b..4a194080b 100644 --- a/docs/_Sidebar.md +++ b/docs/_Sidebar.md @@ -42,6 +42,7 @@ - [Automated patching](/roles/debian/ce_patcher) - [ce-provision](/roles/debian/ce_provision) - [ClamAV](/roles/debian/clamav) + - [Duplicity](/roles/debian/duplicity) - [Firewall Config](/roles/debian/firewall_config) - [Frontail](/roles/debian/frontail) - [Gitlab](/roles/debian/gitlab) diff --git a/docs/roles/duplicity.md b/docs/roles/debian/duplicity.md similarity index 79% rename from docs/roles/duplicity.md rename to docs/roles/debian/duplicity.md index 43f4b6d7d..9186201ed 100644 --- a/docs/roles/duplicity.md +++ b/docs/roles/debian/duplicity.md @@ -32,7 +32,9 @@ duplicity: install_dir: "/opt/duplicity" mail_recipient: "foo@bar.com" retention_period: "12M" - schedule: "0 0 * * *" + # systemd timer settings + create_timer: true # sometimes you might want to trigger duplicity some other way than a systemd timer + on_calendar: "*-*-* 03:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events ``` diff --git a/roles/debian/duplicity/README.md b/roles/debian/duplicity/README.md index 43f4b6d7d..9186201ed 100644 --- a/roles/debian/duplicity/README.md +++ b/roles/debian/duplicity/README.md @@ -32,7 +32,9 @@ duplicity: install_dir: "/opt/duplicity" mail_recipient: "foo@bar.com" retention_period: "12M" - schedule: "0 0 * * *" + # systemd timer settings + create_timer: true # sometimes you might want to trigger duplicity some other way than a systemd timer + on_calendar: "*-*-* 03:30:00" # see systemd.time documentation - https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events ``` From ab47b5145a4bc63ab287739b2c2fb37f1fa5cfce Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 30 Nov 2023 14:18:56 +0100 Subject: [PATCH 15/16] Removing obsolete templates. --- .../duplicity/templates/duplicity_backup.j2 | 70 ------------------- .../duplicity/templates/duplicity_clean.j2 | 39 ----------- .../duplicity/templates/duplicity_restore.j2 | 44 ------------ 3 files changed, 153 deletions(-) delete mode 100644 roles/debian/duplicity/templates/duplicity_backup.j2 delete mode 100644 roles/debian/duplicity/templates/duplicity_clean.j2 delete mode 100644 roles/debian/duplicity/templates/duplicity_restore.j2 diff --git a/roles/debian/duplicity/templates/duplicity_backup.j2 b/roles/debian/duplicity/templates/duplicity_backup.j2 deleted file mode 100644 index b41b992b8..000000000 --- a/roles/debian/duplicity/templates/duplicity_backup.j2 +++ /dev/null @@ -1,70 +0,0 @@ -#!/bin/bash - -# Duplicity Backup script - -# Declare and export secrets -export PASSPHRASE={{ duplicity.gpg_passphrase }} -export B2_KEY_ID={{ duplicity.access_key_id }} -export B2_SECRET_KEY={{ duplicity.secret_access_key }} - -if [ ! `whoami` = "root" ] ; then - echo "You must run this script as root" - exit 1 -fi - -## Configurable variables - -# How often should we make a full backup? Recommended: 3 months -FULL_BACKUPS="{{ duplicity.full_backup_frequency }}" - -# Remove old backups? 0 for no, 1 for yes -REMOVE_OLD_BACKUPS=1 - -# How often should we purge old backups? Recommended: 12 months. -REMOVE_OLDER_THAN="{{ duplicity.retention_period }}" - -# Args to pass to duplicity -{% if duplicity.exclude_other_filesystems %} -backup_options="--full-if-older-than $FULL_BACKUPS --exclude-other-filesystems --num-retries=30" -{% else %} -backup_options="--full-if-older-than $FULL_BACKUPS --num-retries=30" -{% endif %} -maintenance_options="remove-older-than $REMOVE_OLDER_THAN --force" - -# An array of directories to back up -DIRS=( -{% for item in duplicity.dirs %} - {{ item.name }} -{% endfor %} -) - - -## Backup code below. You should not need to edit anything here. - -# Loop over each dir and perform the backup. -for dir in ${DIRS[@]}; do - echo "Backing up $dir..." - - extra_options="" - if [ -f "{{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" ]; then - extra_options="--include-filelist {{ duplicity.install_dir }}/etc/$dir-include-exclude-filelist" - fi - - # A special clause for /root. We don't want the local duplicity cache data - if [ $dir = "/root" ]; then - extra_options="$extra_options --exclude /root/.cache" - fi - - DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1 - - if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then - # Do some maintenance on the remote end to clean up old backups - echo "Performing routine maintenance on $dir..." - /usr/local/bin/duplicity $maintenance_options $DEST || exit 1 - fi -done - -unset PASSPHRASE -unset B2_KEY_ID -unset B2_SECRET_KEY diff --git a/roles/debian/duplicity/templates/duplicity_clean.j2 b/roles/debian/duplicity/templates/duplicity_clean.j2 deleted file mode 100644 index d8c8bb4b4..000000000 --- a/roles/debian/duplicity/templates/duplicity_clean.j2 +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# Duplicity Cleanup script - -# Declare and export secrets -export PASSPHRASE={{ duplicity.gpg_passphrase }} -export B2_KEY_ID={{ duplicity.access_key_id }} -export B2_SECRET_KEY={{ duplicity.secret_access_key }} - -if [ ! `whoami` = "root" ] ; then - echo "You must run this script as root" - exit 1 -fi - -## Configurable variables - -# Args to pass to duplicity -cleanup_options="clean --force" - -# An array of directories to clean -DIRS=( -{% for item in duplicity.dirs %} - {{ item.name }} -{% endfor %} -) - - -## Cleanup code below. You should not need to edit anything here. - -# Loop over each dir and perform the clean. -for dir in ${DIRS[@]}; do - echo "Cleaning up $dir..." - DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity $cleanup_options $DEST || exit 1 -done - -unset PASSPHRASE -unset B2_KEY_ID -unset B2_SECRET_KEY diff --git a/roles/debian/duplicity/templates/duplicity_restore.j2 b/roles/debian/duplicity/templates/duplicity_restore.j2 deleted file mode 100644 index 372431934..000000000 --- a/roles/debian/duplicity/templates/duplicity_restore.j2 +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash - -# Duplicity Restore script - -# Declare and export secrets -export PASSPHRASE={{ duplicity.gpg_passphrase }} -export B2_KEY_ID={{ duplicity.access_key_id }} -export B2_SECRET_KEY={{ duplicity.secret_access_key }} - -if [ ! `whoami` = "root" ] ; then - echo "You must run this script as root" - exit 1 -fi - -## Configurable variables - -# Directory to restore to -RESTORE_DIR=/tmp/restore-`date '+%F-%H%M'` - -# Restore to what point in time (ago) ? -#RESTORE_OPTIONS="-t 3D" - -# An array of directories to restore -DIRS=( -{% for item in duplicity.dirs %} - {{ item.name }} -{% endfor %} -) - - -## Restore code below. You should not need to edit anything here. - -mkdir -p $RESTORE_DIR - -# Loop over each dir and perform the restoration -for dir in ${DIRS[@]}; do - echo "Restoring $dir..." - DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir - /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir -done - -unset PASSPHRASE -unset B2_KEY_ID -unset B2_SECRET_KEY From e8d9dac02f496d52cbdfe3c1a75c63ec09d74f11 Mon Sep 17 00:00:00 2001 From: gregharvey Date: Thu, 30 Nov 2023 14:21:08 +0100 Subject: [PATCH 16/16] Accidentally doubled a PHP var. --- roles/debian/php-cli/defaults/main.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/roles/debian/php-cli/defaults/main.yml b/roles/debian/php-cli/defaults/main.yml index 62674c935..2e7efbeaa 100644 --- a/roles/debian/php-cli/defaults/main.yml +++ b/roles/debian/php-cli/defaults/main.yml @@ -22,7 +22,6 @@ php: date_timezone: "Europe/London" gc_maxlifetime: 1440 overrides: {} - gc_maxlifetime: 1440 opcache: enable: 1 enable_cli: 0