tag1consulting.borgbackup
Borg Backup Role
This is a modified version of Borg Backup created by Luc Stroobant and Dieter Verhelst. It is now maintained by Tag1 Consulting, Inc.
This role installs Borg backup on backup servers and clients. It includes a simple script called 'borg-backup' to make it easier for clients to use. The supported commands are: info, init, list, backup, and mount. If installed, Automysqlbackup will run before creating backups.
The role supports both self-hosted and remote backup storage options like rsync.net and Hetzner Storage Box as Borg servers.
You can also set up append-only repositories to prevent deletions from the client.
Make sure you are using Ansible version 2.4 or higher to use this role.
Ansible Galaxy
This role can be found as tag1consulting.borgbackup on Ansible Galaxy. To include it in your playbook, add this to your requirements.txt file:
# https://github.com/tag1consulting/ansible-role-borgbackup
- src: "tag1consulting.borgbackup"
Required Variables
Create a group called borgbackup_servers in your inventory file with one or more hosts. You only need the borgbackup_management group if you want to enable append-only mode and manage backups from a secure host.
[borgbackup_servers]
backup1.fiaas.co
[borgbackup_management]
supersecurehost
Define the backup endpoints and their retention settings:
borgbackup_servers:
- fqdn: backup1.fiaas.co
user: borgbackup
type: normal
home: /backup/
pool: repos
options: ""
- fqdn: yourhost.rsync.net
user: userid
type: rsync.net
home: ""
pool: repos
options: "--remote-path=borg1"
- fqdn: username.your-storagebox.de
user: username
type: hetzner
home: ""
pool: repos
options: ""
borgbackup_retention:
hourly: 12
daily: 7
weekly: 4
monthly: 6
yearly: 1
Note: The trailing / in item.home is required.
Set a borg_passphrase for each host.
For example, for client1 in host_vars:
borgbackup_passphrase: Ahl9EiNohr5koosh1Wohs3Shoo3ooZ6p
By default, the role creates a cron job in /etc/cron.d/borg-backup that runs as root every day at a random hour between 0 and 5 AM on a random minute. You can change these defaults if needed:
borgbackup_client_user: root
borgbackup_cron_day: "*"
borgbackup_cron_minute: "{{ 59|random }}"
borgbackup_cron_hour: "{{ 5|random }}"
Change borgbackup_client_user if needed, especially if you're using a laptop with an encrypted home directory.
Set borgbackup_appendonly: True in host or group variables to enable append-only repositories. You can define a host in borgbackup_management_station where a script will manage old backups. Only this management station can delete old backups for all clients, generating the appropriate SSH key options.
If you set borgbackup_appendonly_repoconfig to True, it will also prevent deletions from the management station until the repository is reconfigured, which is not supported in the prune script.
Be aware of the limitations of append-only mode: pruned backups appear removed, but are only deleted in the transaction log until something is written to the repository in normal mode.
Check the default settings for this role to see which locations are being backed up in backup_include. Override these in your inventory if necessary.
Installing Borg from EPEL Package
You can install Borg from an EPEL package by setting this variable:
borgbackup_install_from_pkg: true
Ensure the EPEL repository is available. To install it using the geerlingguy.repo-epel role, set:
borgbackup_install_epel: true
Usage
Set up Borg on the server and on a client:
ansible-playbook -i inventory/test backup.yml -l backup1.fiaas.co
ansible-playbook -i inventory/test backup.yml -l client1.fiaas.co
Further Reading
Install Borg backup server and client (with rsync.net server support)
ansible-galaxy install tag1consulting.borgbackup