Configure borg via systemd timers.

apollo13 · Jun 13, 2019 · 0a9225b · 0a9225b
1 parent 5c76c83
commit 0a9225b
Show file tree

Hide file tree

Showing 7 changed files with 118 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -6,3 +6,10 @@ borgbackup_system_package_name: borgbackup
 
 borgbackup_upstream_version: 1.1.10
 borgbackup_upstream_checksum: sha256:6338d67aad4b5cd327b25ea363e30f0ed4abc425ce2d6a597c75a67a876ef9af
+
+borgbackup_user: backup
+borgbackup_home: "/home/{{ borgbackup_user }}"
+
+borgbackup_sshkeygen_package:
+  redhat: openssh
+  debian: openssh-client
diff --git a/handlers/main.yml b/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Reload systemd
+  systemd:
+    daemon_reload: yes
diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2
@@ -6,9 +6,26 @@ FROM {{ item.registry.url }}/{{ item.image }}
 FROM {{ item.image }}
 {% endif %}
 
+ENV container docker
+ENV LC_ALL C
+ENV DEBIAN_FRONTEND noninteractive
+
+# Install systemd for Ubuntu images
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y systemd; fi
+
 RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
     elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
     elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
     elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
     elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
     elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
+
+RUN (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \
+  rm -f /lib/systemd/system/multi-user.target.wants/*;\
+  rm -f /etc/systemd/system/*.wants/*; \
+  rm -f /lib/systemd/system/local-fs.target.wants/*; \
+  rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
+  rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
+  rm -f /lib/systemd/system/basic.target.wants/*; \
+  rm -f /lib/systemd/system/plymouth*; \
+  rm -f /lib/systemd/system/anaconda.target.wants/*;
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
@@ -1,4 +1,5 @@
 ---
+
 dependency:
   name: galaxy
 driver:
@@ -8,20 +9,28 @@ lint:
 platforms:
   - name: centos_borgbackup_system
     image: centos:7
+    command: /sbin/init
     groups:
       - system
+    privileged: True
   - name: centos_borgbackup_upstream
     image: centos:7
+    command: /sbin/init
     groups:
       - upstream
+    privileged: True
   - name: ubuntu_borgbackup_system
     image: ubuntu:18.04
+    command: /sbin/init
     groups:
       - system
+    privileged: True
   - name: ubuntu_borgbackup_upstream
     image: ubuntu:18.04
+    command: /sbin/init
     groups:
       - upstream
+    privileged: True
 provisioner:
   name: ansible
   lint:
@@ -30,6 +39,11 @@ provisioner:
     group_vars:
       upstream:
         borgbackup_install_method: upstream
+      all:
+        borgbackup_config:
+          calendar_spec: "*-*-* 2:00:00"
+          repository: file:///home/backup/test_repo
+          passphrase: test
 
 verifier:
   name: testinfra

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -1,3 +1,52 @@
 ---
 
 - include_tasks: install_{{ borgbackup_install_method }}.yml
+
+- name: Install ssh-keygen
+  package:
+    name: "{{ borgbackup_sshkeygen_package[ansible_os_family.lower()] }}"
+    state: present
+
+- name: Create borg user & home
+  user:
+    name: "{{ borgbackup_user }}"
+    home: "{{ borgbackup_home }}"
+    move_home: yes
+    generate_ssh_key: yes
+    password_lock: yes
+
+- name: Create borg config & temporary data directories
+  file:
+    path: "{{ borgbackup_home }}/{{ item }}"
+    state: directory
+    owner: "{{ borgbackup_user }}"
+    group: "{{ borgbackup_user }}"
+    mode: 0700
+  loop:
+    - config
+    - data
+
+- name: Upload initial backup patterns
+  blockinfile:
+    path: "{{ borgbackup_home }}/config/patterns"
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    create: yes
+    block: "R {{ borgbackup_home }}/data"
+    owner: "{{ borgbackup_user }}"
+    group: "{{ borgbackup_user }}"
+    mode: 0700
+
+- name: Install borg service files
+  template:
+    src: "{{ item }}.j2"
+    dest: /etc/systemd/system/{{ item }}
+  loop:
+    - borgbackup.service
+    - borgbackup.timer
+  notify: Reload systemd
+
+- name: Enable systemd timer service
+  systemd:
+    name: borgbackup.timer
+    enabled: yes
+    state: started
diff --git a/templates/borgbackup.service.j2 b/templates/borgbackup.service.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Backup using 'borgbackup'
+#ConditionFileNotEmpty={# restic_home #}/restic_env
+#ConditionPathExists={# restic_home #}/restic_files
+#OnFailure=status-email-user@%n.service
+
+[Service]
+User={{ borgbackup_user }}
+ExecStart=/usr/{% if borgbackup_install_method == "upstream" %}local/{% endif %}bin/borg create -v --stats --compression lz4 --patterns-from {{ borgbackup_home }}/config/patterns ::{now}
+Type=oneshot
+Environment=BORG_REPO={{ borgbackup_config.repository }}
+Environment=BORG_PASSPHRASE={{ borgbackup_config.passphrase }}
+AmbientCapabilities=CAP_DAC_READ_SEARCH
+ProtectSystem=full
+PrivateTmp=true
+PrivateDevices=true
diff --git a/templates/borgbackup.timer.j2 b/templates/borgbackup.timer.j2
@@ -0,0 +1,10 @@
+[Unit]
+Description=Borgbackup timer
+
+[Timer]
+OnCalendar={{ borgbackup_config.calendar_spec }}
+Persistent=true
+RandomizedDelaySec=300
+
+[Install]
+WantedBy=timers.target