Project is archived due to my lack of interest in maintaining it (I am not using it anymore). I will happily unarchive it if anyone is interested in maintaining it. If you are such person, write me an email at paulfantom@gmail.com.
Deploy restic - fast, secure, efficient backup program.
- Ansible > 2.2
- bzip2 installed on deployer machine (same one where ansible is installed)
All variables which can be overridden are stored in defaults/main.yml file as well as in table below.
| Name | Default Value | Description |
|---|---|---|
restic_version |
0.9.6 | restic package version. Also accepts latest as parameter. |
restic_user |
"root" | system user to run restic |
restic_group |
"root" | system group to run restic |
restic_shell |
"/bin/false" | the shell for the restic user, change this if you want to be able to su to it |
restic_install_path |
"/usr/local/bin" | directory where restic binary will be installed |
restic_cron_mailto |
restic_user | who to mail results of the restic crons to, set to "" to not mail |
restic_cron_stdout_file |
null | what file to log restic output to, null means include in mailto, use /dev/null to discard |
restic_cron_stderr_file |
null | what file to log restic errors to, null means include in mailto, use /dev/null to discard |
restic_sudo_command_whitelist |
[] | whitelist of commands restic is allowed to run with sudo |
restic_repos |
[] | restic repositories and cron jobs configuration. More in defaults/main.yml |
To ensure high security this role can allow restic to be run as different user than root and still allowing read-only access to files. This is implemented by following PR#1483 from restic repository.
If you need to run certain tools as another user, make sure to list those in restic_sudo_command_whitelist as follows:
restic_sudo_command_whitelist:
- command: /usr/bin/some_backup_related_command_that_needs_sudo
runas: rootThen, in your actual backup command, add the command as sudo -u root /usr/bin/some_backup_related_command_that_needs_sudo.
This role also installs helper scripts to restic_install_path. These scripts are named after your repository and will ensure environment variables are correct for that repository.
For example, if you have a restic repository named testrepo, you could use the restic-testrepo command, which will execute restic with the correct environment variables to manipulate that repository.
Use it in a playbook as follows:
- hosts: all
roles:
- paulfantom.resticThe preferred way of locally testing the role is to use Docker and molecule (v2.x). You will have to install Docker on your system. See Get started for a Docker package suitable to for your system. All packages you need to can be specified in one line:
pip install ansible 'ansible-lint>=3.4.15' 'molecule>2.13.0' docker 'testinfra>=1.7.0' jmespathThis should be similar to one listed in .travis.yml file in install section.
After installing test suit you can run test by running
molecule test --allFor more information about molecule go to their docs.
Combining molecule and travis CI allows to test how new PRs will behave when used with multiple ansible versions and multiple operating systems. This also allows to create test scenarios for different role configurations. As a result test matrix is quite large and takes more time than local testing, so please be patient.
This project is licensed under MIT License. See LICENSE for more details.