paulfantom.restic

restic logo

Ansible Role: restic

Build Status License Ansible Role GitHub tag

IMPORTANT - Project Archived

This project is archived because I no longer have the interest to maintain it (I don't use it anymore). If someone wants to take over, please email me at paulfantom@gmail.com.

Description

This role helps you to deploy restic, a fast, secure, and efficient backup program.

Requirements

  • Ansible version greater than 2.2.
  • bzip2 must be installed on the machine running Ansible.

Role Variables

You can change the following variables, which are stored in the defaults/main.yml file:

Name Default Value Description
restic_version 0.9.6 Version of the restic package. You can also use "latest".
restic_user "root" System user for running restic.
restic_group "root" System group for running restic.
restic_shell "/bin/false" Shell for the restic user; change this if you want to switch to it.
restic_install_path "/usr/local/bin" Directory where the restic binary will be installed.
restic_cron_mailto restic_user Who receives email results from restic cron jobs; set to "" for no email.
restic_cron_stdout_file null File to log restic output (null includes in email; use /dev/null to discard).
restic_cron_stderr_file null File to log restic errors (null includes in email; use /dev/null to discard).
restic_sudo_command_whitelist [] List of commands restic can run with sudo.
restic_repos [] Configuration for restic repositories and cron jobs. More info in defaults/main.yml.

Security

This role allows restic to run as a user other than root while still having read-only access to files. This is based on PR#1483 from the restic repository.

If you need to run specific tools as another user, list them in restic_sudo_command_whitelist like this:

restic_sudo_command_whitelist:
   - command: /usr/bin/some_backup_related_command_that_needs_sudo
     runas: root

Then, use the command in your backup script as sudo -u root /usr/bin/some_backup_related_command_that_needs_sudo.

Helpers

This role installs helper scripts in restic_install_path. These scripts help set the right environment variables for your repository.

For example, for a repository named testrepo, use the command restic-testrepo to run restic with the correct settings.

Example

Playbook

To use it in a playbook:

- hosts: all
  roles:
    - paulfantom.restic

Local Testing

The best way to test the role locally is with Docker and molecule (v2.x). You'll need Docker installed. See the guide for instructions on getting the right Docker package for your system.

To install the necessary packages, run:

pip install ansible 'ansible-lint>=3.4.15' 'molecule>2.13.0' docker 'testinfra>=1.7.0' jmespath

This command is similar to what you’ll find in the .travis.yml file in the install section. After installing, you can run tests with:

molecule test --all

For more info about molecule, check their docs.

Travis CI

Using molecule with Travis CI allows testing how new pull requests work with different Ansible versions and operating systems. It also helps create test scenarios for various role configurations, resulting in a comprehensive test matrix that takes longer than local testing, so please be patient.

Contributing

Refer to the contributor guideline.

License

This project is licensed under the MIT License. See LICENSE for more details.

Informazioni sul progetto

Fast, secure, efficient backup program

Installa
ansible-galaxy install paulfantom.restic
Licenza
mit
Download
55.6k
Proprietario
SRE / SWE specializing in observability. tea addict :tea: