From f0a54777904e0ee40241952ad989a539a4910d4b Mon Sep 17 00:00:00 2001 From: nd Date: Wed, 18 Aug 2021 12:49:15 +0100 Subject: [PATCH 1/4] disable cache for local repos --- tasks/main.yml | 1 + templates/backup-check.j2 | 3 ++- templates/backup-retention.j2 | 2 +- templates/backup-standalone.j2 | 1 + templates/backup-vm.j2 | 1 + 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 855e4ad..4feb18e 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,7 @@ set_fact: backup_backend: "{% if backups.mode in ['standalone-restic', 'hypervisor-restic'] %}restic{% else %}False{% endif %}" backup_executor: "{% if backups.mode in ['vm-via-hypervisor'] %}False{% else %}True{% endif %}" + backup_restic_cache: "{% if backups.backends.restic.repo_type == 'local' %}False{% else %}True{% endif %}" - name: create config folder file: diff --git a/templates/backup-check.j2 b/templates/backup-check.j2 index 7f4a0bf..67f73bb 100755 --- a/templates/backup-check.j2 +++ b/templates/backup-check.j2 @@ -5,7 +5,8 @@ set -euo pipefail # restic backend source /etc/backup-client/restic.env -restic check --read-data --cleanup-cache +restic check --read-data \ + --cleanup-cache{% if not backup_restic_cache %} --no-cache{% endif %} {% endif %} diff --git a/templates/backup-retention.j2 b/templates/backup-retention.j2 index 478631d..3778e51 100755 --- a/templates/backup-retention.j2 +++ b/templates/backup-retention.j2 @@ -7,7 +7,7 @@ source /etc/backup-client/retention.env # restic backend source /etc/backup-client/restic.env restic forget \ - --cleanup-cache \ + --cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \ --verbose \ --prune \ --group-by "host,paths,tags" \ diff --git a/templates/backup-standalone.j2 b/templates/backup-standalone.j2 index fd1360e..20d1f43 100755 --- a/templates/backup-standalone.j2 +++ b/templates/backup-standalone.j2 @@ -8,6 +8,7 @@ test -f "/etc/backup-client/enabled" || { echo "Standalone backup is disabled"; source /etc/backup-client/restic.env restic backup \ + --cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \ --verbose \ --exclude-caches \ --one-file-system \ diff --git a/templates/backup-vm.j2 b/templates/backup-vm.j2 index a4575b5..9c6ed30 100755 --- a/templates/backup-vm.j2 +++ b/templates/backup-vm.j2 @@ -122,6 +122,7 @@ set -euo pipefail # restic backend source /etc/backup-client/restic.env restic backup \ + --cleanup-cache {% if not backup_restic_cache %} --no-cache{% endif %} \ --verbose \ --host "$DOMAIN" \ --exclude-file "/etc/backup-client/vms/$DOMAIN/exclude_files" \ From 32f46bdac5a5b36fa93d0cf836461a884661e003 Mon Sep 17 00:00:00 2001 From: nd Date: Wed, 18 Aug 2021 13:03:09 +0100 Subject: [PATCH 2/4] add bandwidth limit by default --- README.md | 2 ++ defaults/main.yml | 1 + templates/backup-export.j2 | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c87d642..2f9e1b7 100644 --- a/README.md +++ b/README.md @@ -69,6 +69,8 @@ export: # type: rsync # port: 22 # key: "/etc/backup-client/id_ed25519" + # Bandwidth limit for upload, 20mbit/s by default + bwlimit: 2500 # Settings to create a remote sftp user. Use this for restic sftp repos remote_sftp_user: diff --git a/defaults/main.yml b/defaults/main.yml index 116687f..e54bd06 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -28,6 +28,7 @@ backups: years: 3 export: destinations: [] + bwlimit: 2500 remote_sftp_user: name: backup host: ~ diff --git a/templates/backup-export.j2 b/templates/backup-export.j2 index 3cffe8e..f8e40cf 100755 --- a/templates/backup-export.j2 +++ b/templates/backup-export.j2 @@ -10,7 +10,7 @@ echo "Starting to export backups..." {% if backups.backends.restic.repo_type == "local" %} {% for i in backups.export.destinations if i.type == "rsync" %} echo "exporting to {{ i.host }}" - rsync -h -r -a --append-verify --delete --stats -e "ssh -p {{ i.port|d(22) }} -i {{ i.key|d('/etc/backup-client/id_ed25519') }}" "${RESTIC_REPOSITORY}/" "{{ i.user }}@{{ i.host }}:{{ i.remotepath }}" + rsync -h -r -a --append-verify --delete --stats{%if backups.export.bwlimit %} --bwlimit={{ backups.export.bwlimit }}{% endif %} -e "ssh -p {{ i.port|d(22) }} -i {{ i.key|d('/etc/backup-client/id_ed25519') }}" "${RESTIC_REPOSITORY}/" "{{ i.user }}@{{ i.host }}:{{ i.remotepath }}" {% endfor %} {% else %} echo "Repo is not local. Skipped." From ddaf61926329bda82de7ae8936f924a0cdcb37a6 Mon Sep 17 00:00:00 2001 From: nd Date: Sun, 26 Sep 2021 02:05:48 +0200 Subject: [PATCH 3/4] do not backup php sessions by default --- defaults/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/defaults/main.yml b/defaults/main.yml index 116687f..f2c14b2 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -41,6 +41,7 @@ backups: '/tmp/*': true '/var/tmp/*': true '/var/cache/*': true + '/var/lib/php/sessions/*': true '/root/.ansible/*': true include_files: '/': true From 80f78a8b9f7e2eb4bdd29956f284bf7850446f40 Mon Sep 17 00:00:00 2001 From: nd Date: Thu, 7 Oct 2021 13:56:57 +0200 Subject: [PATCH 4/4] fix permissions so the node exporter can see disk space ussage in a mounted restic volume --- tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/main.yml b/tasks/main.yml index 4feb18e..5f9b56f 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -98,7 +98,7 @@ state: directory owner: root group: root - mode: 0700 + mode: 0711 - name: create a remote sftp user if enabled when: