/puppet-duplicity

Puppet module for configuring duplicity and automatically configuring systemwide s3 backup

Primary LanguageRubyApache License 2.0Apache-2.0

Puppet Duplicity

Build Status

Install duplicity and quickly setup backup to amazon s3, cloud files or local (file).

Basic Usage

node 'kellerautomat' {

  duplicity { 'a_backup':
    directory => '/home/soenke/',
    bucket => 'test-backup-soenke',
    dest_id => 'someid',
    dest_key => 'somekey'
  }
}

Preparing Backup

To prepare files for backup, you can use the pre_command parameter. For example: do a mysqldump before running duplicity.

duplicity { 'my_database':
  pre_command => 'mysqldump my_database > /my_backupdir/my_database.sql',
  directory => '/my_backupdir',
  bucket => 'test-backup',
  dest_id => 'someid',
  dest_key => 'somekey',
}

Removing Old Backups

To remove old backups after a successful backup, you can use the remove_older_than parameter. For example: Remove backups older than 6 months:

duplicity { 'my_backup':
  directory => '/root/db-backup',
  bucket => 'test-backup',
  dest_id => 'someid',
  dest_key => 'somekey',
  remove_older_than => '6M',
}

Global Parameters

Access ID and Key, Crypt-Pubkey and bucket name will be global in most cases. To avoid copy-and-paste you can pass the global defaults once to duplicity::params before you include the duplicity class somewhere.

Example:

class defaults {
  class { 'duplicity::params' :
    bucket => 'test-backup-soenke',
    dest_id => 'someid',
    dest_key => 'somekey',
    remove_older_than => '6M',
  }
}

node 'kellerautomat' {

  include defaults

  duplicity { 'blubbi' :
    directory => '/home/soenke/projects/test-puppet',
  }
}

Crypted Backups

In order to save crypted backups this module is able to make use of pubkey encryption. This means you specify a pubkey and restores are only possible with the correspondending private key. This ensures no secret credentials fly around on the machines. Incremental backups work as long as the metadata cache on the node is up to date. Duplicity will force a full backup otherwise because it cannot decrypt anything it downloads from the bucket.

It's possible to add multiple encryption keys with the pubkey_id parameter as an array. Despite the parameter name keys can be specified in all ways recognized by gpg, not only as keyids.

Check https://answers.launchpad.net/duplicity/+question/107216 for more information.

Backup over SSH

To backup to an SSH server, specify an SSH URL as the target and configure SSH public key authentication. The ssh_id parameter takes the path to the SSH private key. The key must be generated separately without a password and the public part has to be added to the authorized_keys file on the backup server.

Backup multiple directories

Multiple directories with otherwise the same settings can be backed up in a single job. Just give the "diretory" parameter an array of paths.

Install duplicity without a backup job

If you want to only install the packages, include duplicity:packages

Restore

Nobody wants backup, everybode wants restore.