paulfantom.restic
Ansible Role: restic
IMPORTANT - Project Archived
This project is archived because I no longer have the interest to maintain it (I don't use it anymore). If someone wants to take over, please email me at paulfantom@gmail.com.
Description
This role helps you to deploy restic, a fast, secure, and efficient backup program.
Requirements
- Ansible version greater than 2.2.
- bzip2 must be installed on the machine running Ansible.
Role Variables
You can change the following variables, which are stored in the defaults/main.yml file:
Name | Default Value | Description |
---|---|---|
restic_version |
0.9.6 | Version of the restic package. You can also use "latest". |
restic_user |
"root" | System user for running restic. |
restic_group |
"root" | System group for running restic. |
restic_shell |
"/bin/false" | Shell for the restic user; change this if you want to switch to it. |
restic_install_path |
"/usr/local/bin" | Directory where the restic binary will be installed. |
restic_cron_mailto |
restic_user | Who receives email results from restic cron jobs; set to "" for no email. |
restic_cron_stdout_file |
null | File to log restic output (null includes in email; use /dev/null to discard). |
restic_cron_stderr_file |
null | File to log restic errors (null includes in email; use /dev/null to discard). |
restic_sudo_command_whitelist |
[] | List of commands restic can run with sudo. |
restic_repos |
[] | Configuration for restic repositories and cron jobs. More info in defaults/main.yml. |
Security
This role allows restic to run as a user other than root while still having read-only access to files. This is based on PR#1483 from the restic repository.
If you need to run specific tools as another user, list them in restic_sudo_command_whitelist
like this:
restic_sudo_command_whitelist:
- command: /usr/bin/some_backup_related_command_that_needs_sudo
runas: root
Then, use the command in your backup script as sudo -u root /usr/bin/some_backup_related_command_that_needs_sudo
.
Helpers
This role installs helper scripts in restic_install_path
. These scripts help set the right environment variables for your repository.
For example, for a repository named testrepo
, use the command restic-testrepo
to run restic with the correct settings.
Example
Playbook
To use it in a playbook:
- hosts: all
roles:
- paulfantom.restic
Local Testing
The best way to test the role locally is with Docker and molecule (v2.x). You'll need Docker installed. See the guide for instructions on getting the right Docker package for your system.
To install the necessary packages, run:
pip install ansible 'ansible-lint>=3.4.15' 'molecule>2.13.0' docker 'testinfra>=1.7.0' jmespath
This command is similar to what you’ll find in the .travis.yml
file in the install section. After installing, you can run tests with:
molecule test --all
For more info about molecule, check their docs.
Travis CI
Using molecule with Travis CI allows testing how new pull requests work with different Ansible versions and operating systems. It also helps create test scenarios for various role configurations, resulting in a comprehensive test matrix that takes longer than local testing, so please be patient.
Contributing
Refer to the contributor guideline.
License
This project is licensed under the MIT License. See LICENSE for more details.
Fast, secure, efficient backup program
ansible-galaxy install paulfantom.restic