Support for Rocky8 and Rocky9

.github/workflows/main.yml

@@ -19,3 +19,19 @@ jobs:
     #   uses: mxschmitt/action-tmate@v3.5
     - name: Test using Molecule
       run: molecule test
+  test-rocky8:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.10"
+    - name: Install Molecule
+      run: |
+        pip install -U pip setuptools wheel
+        pip install -r requirements-dev-rocky8.txt
+    # - name: Debugging with tmate
+    #   uses: mxschmitt/action-tmate@v3.5
+    - name: Test using Molecule
+      run: molecule test -s rocky8

EXAMPLES.md

@@ -55,9 +55,11 @@ remote backup server. (not tested)
       keep_daily: 7
       keep_weekly: 4
       keep_monthly: 6
-    borgmatic_hooks:
-      before_backup:
-      - echo "`date` - Starting backup."
+    borgmatic_commands:
+      - before: action
+        when: [create]
+        run:
+          - echo "`date` - Before backup"
   tasks:
     - name: Configure Borg Backup and Backupmatic
       tags:

README.md

@@ -19,6 +19,11 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
   Systemd timers, be sure to remove the Cron job in `/etc/cron.d/borgmatic` first.
   The role will also alert you when trying to use both timers.
 
+## TODO
+
+- [ ] Support database backup (https://torsion.org/borgmatic/docs/how-to/backup-your-databases/)
+- [ ] Support healthchecks (https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/)
+
 ## Example playbook with root as backup user, using the distro package and Cron timer
 
 ```
@@ -31,13 +36,16 @@ Works great with [BorgBase.com](https://www.borgbase.com) - Simple and Secure Ho
       - ssh://xxxxxx@xxxxxx.repo.borgbase.com/./repo
     borg_source_directories:
       - /var/www
-    borgmatic_hooks:
-      before_backup:
-      - echo "`date` - Starting backup."
-      postgresql_databases:
-      - name: users
-        hostname: database1.example.org
-        port: 5433
+    borgmatic_commands:
+      - before: action
+        when: [create]
+        run:
+          - echo "Before create!"
+    borgmatic_databases:
+      postgresql:
+        - name: users
+          hostname: database1.example.org
+          port: 5433
 ```
 
 ## Example playbook with service user and Systemd timer
@@ -111,7 +119,7 @@ $ git clone https://github.com/borgbase/ansible-role-borgbackup.git roles/ansibl
 - `borgmatic_timer_hour`: Hour when regular create and prune cron/systemd-timer job will run. Defaults to `{{ 6 | random }}`
 - `borgmatic_timer_minute`: Minute when regular create and prune cron/systemd-timer job will run. Defaults to  `{{ 59 | random }}`
 - `borgmatic_timer_flags`: Flags to pass to borgmatic cron/systemd-timer job, like "--log-file /path/to/file.log --log-file-verbosity 2"
-- `borgmatic_hooks`: Hooks to monitor your backups e.g. with [Healthchecks](https://healthchecks.io/). See [official documentation](https://torsion.org/borgmatic/docs/how-to/monitor-your-backups/) for more.
+- `borgmatic_commands`: Invoke script before/after actions. See [How to add preparation and cleanup steps to backups](https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/) for more.
 - `borgmatic_timer`: If the variable is set, a timer is installed. A choice must be made between `cron` and `systemd`.
 - `borgmatic_relocated_repo_access_is_ok`: Bypass Borg error about a repository that has been moved. Defaults to `false`
 - `borgmatic_unknown_unencrypted_repo_access_is_ok`: Bypass Borg error about a previously unknown unencrypted repository. Defaults to `false`

defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+borg_mount_support: false
 borg_encryption_passphrase: ''
 borg_exclude_patterns: []
 borg_one_file_system: true
@@ -27,13 +28,23 @@ borg_install_method: "pip"
 borg_require_epel: "{{ ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' }}"
 
 borgmatic_config_name: config.yaml
-borgmatic_hooks:
-  on_error:
-    - echo "`date` - Error while creating a backup."
-  before_backup:
-    - echo "`date` - Starting backup."
-  after_backup:
-    - echo "`date` - Finished backup."
+borgmatic_commands:
+  - before: action
+    when: [create]
+    run:
+      - echo "Before create!"
+  - after: action
+    when:
+      - create
+      - prune
+    run:
+      - echo "After create or prune!"
+  - after: error
+    run:
+      - echo "Something went wrong!"
+
+borgmatic_databases: {}
+
 borgmatic_checks:
   - name: repository
     frequency: "4 weeks"

meta/argument_specs.yml

@@ -8,10 +8,18 @@ argument_specs:
       - 2018-2020 Manuel Riel and contributors.
       - Frank Dornheim
     options:
+      borg_app_name:
+        type: str
+        required: false
+        description: Name of the application (borgbackup or borgmatic).
       borg_dep_packages:
         type: str
         required: false
         description: Dependancy Packages to install borg(backup) and borgmatic.
+      borg_mount_support:
+        type: bool
+        required: false
+        description: Enable support for mounting Borg repositories.
       borg_distro_packages:
         type: str
         required: false
@@ -67,6 +75,10 @@ argument_specs:
           Your own server or [BorgBase.com](https://www.borgbase.com) repo.
           Not required when using auto creation of repositories.
           Can be a list if you want to backup to multiple repositories.
+      borg_repository_label:
+        type: str
+        required: false
+        description: Label for the repository.
       borgmatic_store_atime:
         type: bool
         required: false
@@ -167,10 +179,11 @@ argument_specs:
         type: int
         required: false
         description: Restrict the number of checked archives to the last n. Applies only to the "archives" check.
-      borgmatic_hooks:
-        type: dict
+      borgmatic_commands:
+        type: list
+        elements: dict
         required: false
-        description: Shell commands or scripts to execute before and after a backup or if an error has occurred.
+        description: Shell commands or scripts to execute before and after a backup or if an error has occurred. See https://torsion.org/borgmatic/docs/how-to/add-preparation-and-cleanup-steps-to-backups/
       borgmatic_timer_cron_name:
         type: str
         required: false
@@ -207,3 +220,8 @@ argument_specs:
         type: str
         required: false
         description: Comment added to the SSH public key.
+      borgmatic_databases:
+        type: dict
+        required: false
+        description: Database server name to list of databases to backup, see EXAMPLES.md
+

molecule/default/converge.yml

@@ -46,10 +46,13 @@
         keep_daily: 7
         keep_weekly: 4
         keep_monthly: 6
-      borgmatic_hooks:
-        before_backup:
-        - echo "`date` - Starting backup."
-        postgresql_databases:
-        - name: users
-          hostname: database1.example.org
-          port: 5433
+      borgmatic_commands:
+        - before: action
+          when: [create]
+          run:
+            - echo "Before create!"
+      borgmatic_databases:
+        postgresql:
+          - name: users
+            hostname: database1.example.org
+            port: 5433

molecule/default/molecule.yml

@@ -14,6 +14,11 @@ platforms:
     image: debian:bookworm
   - name: ubuntu-latest
     image: ubuntu:latest
+  # TODO: setup ansible<10 for this
+  # - name: rockylinux-8
+  #   image: rockylinux/rockylinux:8
+  - name: rockylinux-9
+    image: rockylinux/rockylinux:9
 provisioner:
   name: ansible
 verifier:

molecule/rocky8/Dockerfile.j2

@@ -0,0 +1,23 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+{% if item.env is defined %}
+{% for var, value in item.env.items() %}
+{% if value %}
+ENV {{ var }} {{ value }}
+{% endif %}
+{% endfor %}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python3 python3-pip sudo bash ca-certificates iproute2 python3-apt aptitude && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install /usr/bin/python3 /usr/bin/python3-config /usr/bin/dnf-3 sudo bash iproute && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y /usr/bin/python /usr/bin/python2-config sudo yum-plugin-ovl bash iproute && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml iproute2 && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v pacman) ]; then pacman --noconfirm -Suy python python-pip sudo openssh; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates iproute2 && xbps-remove -O; fi

molecule/rocky8/INSTALL.rst

@@ -0,0 +1,22 @@
+*******
+Docker driver installation guide
+*******
+
+Requirements
+============
+
+* Docker Engine
+
+Install
+=======
+
+Please refer to the `Virtual environment`_ documentation for installation best
+practices. If not using a virtual environment, please consider passing the
+widely recommended `'--user' flag`_ when invoking ``pip``.
+
+.. _Virtual environment: https://virtualenv.pypa.io/en/latest/
+.. _'--user' flag: https://packaging.python.org/tutorials/installing-packages/#installing-to-the-user-site
+
+.. code-block:: bash
+
+    $ pip install 'molecule[docker]'

molecule/rocky8/converge.yml

@@ -0,0 +1,58 @@
+---
+- name: Converge
+  hosts: all
+  pre_tasks:
+    - name: Set ssh server package name for non-Archlinux ansible_os_family
+      set_fact:
+        openssh_package: "openssh-server"
+        pip3_extra_args: ""
+      when: ansible_os_family != "Archlinux"
+
+    - name: Set ssh server package name and pip3 argument for Archlinux ansible_os_family
+      set_fact:
+        openssh_package: "openssh"
+        pip3_extra_args: "--break-system-packages"
+      when: ansible_os_family == "Archlinux"
+
+    - name: Install openssh
+      package:
+        name: "{{ openssh_package }}"
+        state: present
+
+    - name: Enable EPEL for yamllint
+      package:
+        name: epel-release
+        state: present
+      when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora'
+
+    - name: Install yamllint
+      package:
+        name: yamllint
+        state: present
+
+  roles:
+    - role: borgbase.ansible_role_borgbackup
+      borg_install_method: pip
+      borgmatic_timer: cron
+      borg_repository: m5vz9gp4@m5vz9gp4.repo.borgbase.com:repo
+      borg_encryption_passphrase: CHANGEME
+      borg_source_directories:
+        - /srv/www
+        - /var/lib/automysqlbackup
+      borg_exclude_patterns:
+        - /srv/www/old-sites
+      borg_retention_policy:
+        keep_hourly: 3
+        keep_daily: 7
+        keep_weekly: 4
+        keep_monthly: 6
+      borgmatic_commands:
+        - before: action
+          when: [create]
+          run:
+            - echo "Before create!"
+      borgmatic_databases:
+        postgresql:
+          - name: users
+            hostname: database1.example.org
+            port: 5433

molecule/rocky8/molecule.yml

@@ -0,0 +1,16 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: rockylinux-8
+    image: rockylinux/rockylinux:8
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
+lint: |
+  set -e
+  yamllint .
+  ansible-lint .

molecule/rocky8/verify.yml

@@ -0,0 +1,13 @@
+---
+- name: Verify
+  hosts: all
+  tasks:
+  - name: Ensure Borgmatic is installed correctly
+    command: borgmatic --version
+
+  - name: Ensure Borg is installed correctly
+    command: borgmatic borg --version
+
+  - name: Ensure produced YAML is valid
+    command: |
+      yamllint -d "{extends: relaxed, rules: {line-length: {max: 120}}}" /etc/borgmatic/config.yaml

requirements-dev-rocky8.txt

@@ -0,0 +1,4 @@
+ansible<10
+ansible-lint
+molecule
+molecule-plugins[docker]

tasks/00_assert.yml

@@ -5,5 +5,5 @@
       - borgmatic_failure_command is undefined
       - borgmatic_before_backup_command is undefined
       - borgmatic_after_backup_command is undefined
-    msg: Please use the new borgmatic_hooks variable instead of individual before/after/failure hooks.
+    msg: Please use the new borgmatic_commands variable instead of individual before/after/failure hooks.
 ...

tasks/05_configure.yml

@@ -8,6 +8,15 @@
         mode: "0700"
         owner: "{{ borg_user }}"
         group: "{{ borg_group }}"
+
+    - name: Ensure /etc/borgmatic.d exists
+      ansible.builtin.file:
+        path: /etc/borgmatic.d
+        state: directory
+        mode: "0700"
+        owner: "{{ borg_user }}"
+        group: "{{ borg_group }}"
+      when: borg_app_name is defined and borg_app_name | length > 0
 
     - name: Add Borgmatic configuration
       ansible.builtin.template:
@@ -16,4 +25,15 @@
         mode: "0600"
         owner: "{{ borg_user }}"
         group: "{{ borg_group }}"
+      when: borg_app_name is not defined or borg_app_name | length == 0
+
+    - name: Add Borgmatic app configuration
+      ansible.builtin.template:
+        src: config.yaml.j2
+        dest: "/etc/borgmatic.d/{{ borg_app_name }}-{{ borgmatic_config_name }}"
+        mode: "0600"
+        owner: "{{ borg_user }}"
+        group: "{{ borg_group }}"
+      when: borg_app_name is defined and borg_app_name | length > 0
+
 ...

tasks/noauto_create_backup_user_and_group.yml

@@ -31,4 +31,5 @@
         commands:
           - "/opt/borgmatic/bin/borg"
           - "/usr/local/bin/borgmatic -c /etc/borgmatic/{{ borgmatic_config_name }}"
+          - "/usr/local/bin/borgmatic -c /etc/borgmatic.d/{{ borg_app_name }}-{{ borgmatic_config_name }}"
 ...