opendev/system-config
Code Issues Proposed changes
Files
e7a729dfb49c88fb52dde1d7d3e51b8859abf7a9
system-config/playbooks/roles/borg-backup-server/README.rst
Ian Wienand 8361ab701c backups: add retirement and purge lists 
This adds a retirement and purge list to the borg management role.

The idea here is that when a backed-up host is shut-down, we add its
backup user to the retired list.  On the next ansible run the user
will be disabled on the backup-server and the backup repo marked as
retired.  On the next prune, we will trim the backup to only the last
run to save space.  This gives us a grace period to restore if we
should need to.

When we are sure we don't want the data, we can put it in the purge
list, and the backup repo is removed on the next ansible run (hosts
can go straight into this if we want).  This allows us to have a
review process/history before we purge data.

To test, we create a fake "borg-retired" user on the backup-server,
and give it a simple backup.  This is marked as retired, which is
reflected in the testinfra run of the prune script.  Similarly a
"borg-purge" user is created, and we ensure it's backup dir is
removed.

Documentation is updated.

Change-Id: I5dff0a9d35b11a1f021048a12ecddce952c0c13c
2024-11-08 22:30:49 +11:00

31 lines
1.1 KiB
ReStructuredText
Raw Blame History

Setup backup server
This role configures backup server(s) in the ``borg-backup-server`` group
to accept backups from remote hosts.
Note that the ``borg-backup`` role must have run on each host in the
``borg-backup`` group before this role. That role will create a
``borg_user`` tuple in the hostvars for for each host consisting of
the required username and public key.
Each required user gets a separate home directory in ``/opt/backups``.
Their ``authorized_keys`` file is configured with the public key to
allow the remote host to log in and only run ``borg`` in server mode.
**Role Variables**
.. zuul:rolevar:: borg_retire_users
:default: []
A list of backup user names that are in a "retired" state. The
host should not be in the inventory or active. The backup user
will be diabled and when running a prune, we will only keep the
latest backup to save space.
.. zuul:rolevar:: borg_purge_users
default: []
A list of backup user names whose data should be purged. This list
represents backups for hosts that have been retired and we now
agree we do not want to retain any of their data.
View Git Blame Copy Permalink