l3d.restic

Ansible Role: Restic

Beta: This role is currently in beta.

License Ansible Galaxy

Description

Restic is a flexible backup solution written in Go. It can work with various backup types, remove duplicate data, and perform incremental backups.

This role installs Restic on a client, sets up backup locations, and can create systemd timers or cron jobs to automate backups. It also prepares scripts for manual backup runs.

This project is based on the work done in donat-b/ansible-restic and arillso/ansible.restic. Our aim is to simplify and modernize the role by using systemd timers, defining backup paths in /etc/crontab, and minimizing options (not tested with S3 or Windows).

Backup Scripts

This role generates a backup script and a credential file for each backup in the restic_script_dir. These scripts can be used manually to trigger backups, and are also utilized for scheduled backups if restic_create_schedule is set to true. Avoid manually editing these files, as it could affect your backups.

To run a backup manually on Linux, you would execute:

$ /path/to/backup/script/backup-example.sh

By default, backups will have the tag manual. You can add more tags like this:

$ /path/to/backup/script/backup-example.sh --tag deployment

CRON / Scheduled Tasks

You can configure backups to run automatically as scheduled tasks. Note that you need admin permissions on Linux to set this up.

If automatic task creation isn’t an option (like on a shared server using a web interface), use the generated scripts. Prefix the command with CRON=true to mark it as a scheduled task:

CRON=true /path/to/backup/script/backup-example.sh

Installation

You can install the role by cloning or downloading it from the GitHub repository, or by using Ansible Galaxy:

ansible-galaxy install roles-ansible.restic

Requirements

bzip2

Role Variables

Name	Default	Description
`restic_url`	`undefined`	URL to download Restic from. Override the default with this variable.
`restic_version`	`'0.15.1'`	Version of Restic to install.
`restic_download_path`	`'/opt/restic'`	Where to download the Restic binary.
`restic_install_path`	`'/usr/local/bin'`	Where to install the Restic binary.
`restic_script_dir`	`'/opt/restic'`	Location for generated backup scripts.
`restic_backup_script_shell`	`sh`	Shell used to run backup scripts.
`restic_log_dir`	`'{{ restic_script_dir }}/log'`	Logs directory for the backup scripts.
`restic_repos`	`{}`	Repositories where snapshots are stored. (More Info: Repos)
`restic_backups`	`{}` (or `[]`)	List of files and directories to back up (More Info: Backups)
`restic_create_schedule`	`false`	Set to true to schedule each backup.
`restic_backup_now`	`false`	Run the backup script immediately.
`restic_schedule_type`	`systemd`	Define scheduling method: `cronjob` or `systemd` timer.
`restic_dir_owner`	`'{{ansible_user}}'`	Owner for created directories.
`restic_dir_group`	`'{{ansible_user}}'`	Group for created directories.
`restic_no_log`	`true`	Set to false to view hidden Ansible logs.
`restic_do_not_cleanup_cron`	`false`	Skip cleanup of old cron settings.
`restic__cache_config`	`false`	Configure a custom cache directory.
`restic__cache_dir`	`'~/.cache/restic'`	Define cache directory.
`submodules_versioncheck`	`false`	Run a version check to avoid older versions of this role.
`restic__limit_cpu_usage`	`false`	Limit CPU usage?
`restic__max_cpus`	`1`	Maximum number of CPUs to use at once.

Repos

Restic uses repositories to store data. You need at least one repository defined. Repositories can be local or remote, as described in the official documentation.

Using an SFTP repository

For SFTP, ensure passwordless access is configured. Distributing SSH keys is beyond the role's scope.

Variables for Repositories

Name	Required	Description
`location`	yes	Backend location. Supports Local, SFTP, S3, Azure Blob, and B2.
`password`	yes	Password to secure the repository.
`init`	no	Set to `false` if backing up to an existing repo.

Example Repositories

restic_repos:
  local:
    location: /srv/restic-repo
    password: securepassword0
    init: true
  remote:
    location: rest:https://restic_rest_server.example.com:8000/restic-repo/
    password: securepassword1
    init: true
  sftp:
    location: sftp:user@host:/srv/restic-repo
    password: securepassword2
    init: true
  aws:
    location: s3:s3.amazonaws.com/bucket_name
    password: securepassword3
    init: true
    aws_access_key: accesskey
    aws_secret_access_key: secretaccesskey
    aws_default_region: eu-west-1
  azure:
    location: azure:container:/
    password: securepassword4
    init: true
    azure_account_name: storageaccountname
    azure_account_key: somekey # One of these is needed
    azure_account_sas: sasurl  # Optionally
    azure_endpoint_suffix: core.windows.net
  b2:
    location: b2:bucketname:path/to/repo
    password: securepassword5
    init: true
    b2_account_id: accountid
    b2_account_key: accountkey

Backups

A backup defines which directories or files to back up to the repositories specified in restic_repos.

Available Backup Variables

Name	Required (Default)	Description
`name`	yes	Unique name for the backup. Combined with scheduling.
`repo`	yes	Name of the repository to back up to.
`src`	yes (unless `stdin` == `true`)	Source directory/file to back up.
`stdin`	no	Is the backup created from stdin?
`stdin_cmd`	no (yes if `stdin` == `true`)	Command that produces the stdin input.
`stdin_filename`	no	Filename used in the repository.
`pre_backup_cmd`	no	Command to run before backup (e.g., to dump databases).
`tags`	no	Default tags for the backup.
`keep_last`	no	Keep only the last n snapshots.
`keep_hourly`	no	Keep only the last n hourly snapshots.
`keep_daily`	no	Keep only the last n daily snapshots.
`keep_weekly`	no	Keep only the last n weekly snapshots.
`keep_monthly`	no	Keep only the last n monthly snapshots.
`keep_yearly`	no	Keep only the last n yearly snapshots.
`keep_within`	no	Keep snapshots within a specific time period.
`keep_tag`	no	Keep snapshots with specified tags.
`prune`	no (`false`)	If `true`, the `restic forget` command includes the `--prune` option.
`scheduled`	no (`false`)	Creates a scheduled task if `restic_create_schedule` is true.
`schedule_oncalendar`	`'--* 02:00:00'`	Timer trigger time. Default is nightly at 2 am (+0-4h).
`schedule_minute`	no (`*`)	Minute for the scheduled job.
`schedule_hour`	no (`2`)	Hour for the scheduled job.
`schedule_weekday`	no (`*`)	Weekday for the scheduled job.
`schedule_month`	no (`*`)	Month for the scheduled job.
`exclude`	no (`{}`)	Files to exclude.
`disable_logging`	no	Optionally disable logging.
`log_to_journald`	no	Switch logging to journald with backup job name as tag.
`mail_on_error`	no	Optionally send email if the backup fails (mailx needed).
`mail_address`	if `mail_on_error` is true	Email address for notifications if enabled.
`monitoring_call`	no	Command triggered if the backup is successful, useful for monitoring.
`niceness`	no	Run scheduled backups with given priority value.

Example Backups

restic_backups:
  data:
    name: data
    repo: remote
    src: /path/to/data
    scheduled: true
    schedule_oncalendar: '*-*-* 01:00:00'
  database:
    name: database
    repo: remote
    stdin: true
    stdin_cmd: pg_dump -Ubackup db_name
    stdin_filename: db_name_dump.sql
    scheduled: true
    schedule_oncalendar: '*-*-* 01:30:00'
    niceness: 10
  all_databases:
    name: all_databases
    repo: remote
    src: /var/dumped_data
    scheduled: true
    schedule_oncalendar: '*-*-* 02:00:00'
    pre_backup_cmd: cd /var/dumped_data && mariadb -N -e 'show databases' | while read dbname; do mariadb-dump --complete-insert --routines --triggers --single-transaction "$dbname" > "$dbname".sql; done

restic_backups can also be specified as an array, which may be deprecated in future versions. Currently, the name key is used for identifying access and backup files.

Exclude

The exclude key allows specifying files to be excluded. You can use multiple exclusion keys:

exclude:
    exclude_caches: true
    exclude:
        - /path/to/file
    iexclude:
        - /path/to/file
    exclude_file:
        - /path/to/file
    exclude_if_present:
        - /path/to/file

Refer to the documentation for details.

Dependencies

This role does not have any other Ansible role dependencies.

Example Playbook

- name: Backup home directories to /mnt/backup every night
  hosts: localhost
  roles:
    - {role: do1jlr.restic, tags: restic}
  vars:
    restic_create_schedule: true
    restic_repos:
      local:
        location: '/mnt/backup'
        password: 'ChangM3'
        init: true
    restic_backups:
      home:
        name: home
        repo: local
        src: /home/
        scheduled: true
        schedule_oncalendar: '*-*-* 01:00:00'

License

This project is licensed under the MIT License. See the LICENSE file for full license text.

Informazioni sul progetto

Ansible role to deploy restic and setup backups.

role backup restic

Installa

ansible-galaxy install l3d.restic

GitHub repository

36 stelle

34 fork

12 problemi aperti

Licenza

mit

Download

247k

Proprietario

Ansible Roles

Ansible roles provide a framework for fully independent, or interdependent collections of variables,tasks,files,templates &modules. Here we maintain some. enjoy