Skip to content

Instantly share code, notes, and snippets.

@mastergenius

mastergenius/dup2

Last active August 14, 2016 21:50
Show Gist options
  • Save mastergenius/1e42f964d360d9b32815b1601526bf50 to your computer and use it in GitHub Desktop.
Save mastergenius/1e42f964d360d9b32815b1601526bf50 to your computer and use it in GitHub Desktop.
Download ZIP
Backupninja dup with swift credentials support. Place under /usr/share/backupninja/dup2
Raw
dup2
# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
# vim: set filetype=sh sw=3 sts=3 expandtab autoindent:
#
# duplicity script for backupninja
# requires duplicity >= 0.4.4, and >= 0.4.9 when using a custom tmpdir.
#
getconf options
getconf testconnect yes
getconf nicelevel 0
getconf tmpdir
setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey
setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude
setsection dest
getconf incremental yes
getconf increments 30
getconf keep 60
getconf keepincroffulls all
getconf desturl
getconf awsaccesskeyid
getconf awssecretaccesskey
getconf cfusername
getconf cfapikey
getconf cfauthurl
getconf swiftusername
getconf swiftapikey
getconf swiftauthurl
getconf ftp_password
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}
### SANITY CHECKS ##############################################################
[ -n "$desturl" -o -n "$destdir" ] || fatal "The destination directory (destdir) must be set when desturl is not used."
[ -n "$include" -o -n "$vsinclude" ] || fatal "No source includes specified"
[ -n "$password" ] || fatal "The password option must be set."
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "s3+http" ]; then
[ -n "$awsaccesskeyid" -a -n "$awssecretaccesskey" ] || fatal "AWS access keys must be set for S3 backups."
fi
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "cf+http" ]; then
[ -n "$cfusername" -a -n "$cfapikey" ] || fatal "Cloudfiles access keys must be set for S3 backups."
fi
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "swift" ]; then
[ -n "$swiftusername" -a -n "$swiftapikey" ] || fatal "Swift access keys must be set for swift backups."
fi
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "ftp" ]; then
[ -n "$ftp_password" ] || fatal "ftp_password must be set for FTP backups."
fi
### VServers
# If vservers are configured, check that the ones listed in $vsnames do exist.
usevserver=no
if [ $vservers_are_available = yes ]; then
if [ "$vsnames" = all ]; then
vsnames="$found_vservers"
else
if ! vservers_exist "$vsnames" ; then
fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
fi
fi
if [ -n "$vsinclude" ]; then
info "Using vservers '$vsnames'"
usevserver=yes
fi
else
[ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
fi
### See if we can login on $desthost
if [ "$testconnect" == "yes" ]; then
if [ -n "$desturl" ]; then
warning 'testconnect can not be used when desturl is set'
else
debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
if [ ! $test ]; then
result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
if [ "$result" != "1" ]; then
fatal "Can't connect to $desthost as $destuser."
else
debug "Connected to $desthost as $destuser successfully"
fi
fi
fi
fi
### COMMAND-LINE MANGLING ######################################################
### initialize $execstr*
execstr_precmd=
execstr_command=
execstr_options="$options --no-print-statistics"
execstr_source=
if [ -n "$desturl" ]; then
[ -z "$destuser" ] || warning 'the configured destuser is ignored since desturl is set'
[ -z "$desthost" ] || warning 'the configured desthost is ignored since desturl is set'
[ -z "$destdir" ] || warning 'the configured destdir is ignored since desturl is set'
execstr_serverpart="$desturl"
else
execstr_serverpart="scp://$destuser@$desthost/$destdir"
fi
### duplicity version (ignore anything else than 0-9 and ".")
duplicity_version="`duplicity --version | /usr/bin/awk '{print $2}' | /bin/sed 's/[^.[:digit:]]//g'`"
duplicity_major="`echo $duplicity_version | /usr/bin/awk -F '.' '{print $1}'`"
duplicity_minor="`echo $duplicity_version | /usr/bin/awk -F '.' '{print $2}'`"
duplicity_sub="`echo $duplicity_version | /usr/bin/awk -F '.' '{print $3}'`"
### ssh/scp/sftp options (duplicity < 0.4.3 is unsupported)
## duplicity >= 0.6.17 : paramiko backend
if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 6 -a "$duplicity_sub" -ge 17 ]; then
if [ -n "$sshoptions" ]; then
echo "$sshoptions" | grep -Eqs '^-o[[:space:]]*IdentityFile=[^ ]+$' \
|| warning 'duplicity >= 0.6.17 only supports the IdentityFile SSH option'
fi
execstr_options="${execstr_options} --ssh-options '$sshoptions'"
if [ "$bandwidthlimit" != 0 ]; then
[ -z "$desturl" ] || warning 'The bandwidthlimit option is not used when desturl is set.'
execstr_precmd="trickle -s -d $bandwidthlimit -u $bandwidthlimit"
fi
## duplicity < 0.6.17 : scp/sftp backend
else
scpoptions="$sshoptions"
if [ "$bandwidthlimit" != 0 ]; then
[ -z "$desturl" ] || warning 'The bandwidthlimit option is not used when desturl is set.'
scpoptions="$scpoptions -l $bandwidthlimit"
fi
sftpoptions="$sshoptions"
execstr_options="${execstr_options} --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions'"
fi
### Symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
execstr_options="${execstr_options} --encrypt-key $encryptkey"
debug "Data will be encrypted with the GnuPG key $encryptkey."
else
debug "Data will be encrypted using symmetric encryption."
fi
### Data signing (or not)
if [ "$sign" == yes ]; then
# duplicity is not able to sign data when using symmetric encryption
[ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
# if needed, initialize signkey to a value that is not empty (checked above)
[ -n "$signkey" ] || signkey="$encryptkey"
execstr_options="${execstr_options} --sign-key $signkey"
debug "Data will be signed will the GnuPG key $signkey."
else
debug "Data won't be signed."
fi
### Incremental or full backup mode
# If incremental==yes, use the default duplicity behaviour: perform an
# incremental backup if old signatures can be found, else switch to
# full backup.
# If incremental==no, force a full backup anyway.
if [ "$incremental" == "no" ]; then
execstr_command="full"
else
# we're in incremental mode
if [ "$increments" != "keep" ]; then
# if we don't want to keep every increments
if [ "`echo $increments | tr -d 0-9`" == "" ]; then
increments="${increments}D"
fi
execstr_options="${execstr_options} --full-if-older-than $increments"
fi
fi
### Cleanup options
execstr_options="${execstr_options} --extra-clean"
### Temporary directory
if [ -n "$tmpdir" ]; then
if [ ! -d "$tmpdir" ]; then
info "Temporary directory ($tmpdir) does not exist, creating it."
mkdir -p "$tmpdir"
[ $? -eq 0 ] || fatal "Could not create temporary directory ($tmpdir)."
chmod 0700 "$tmpdir"
fi
info "Using $tmpdir as TMPDIR"
execstr_options="${execstr_options} --tempdir '$tmpdir'"
fi
### Archive directory
# duplicity now enables the archive_dir by default, let's put it into /var/cache/backupninja/duplicity
# unless the user has specified it.
if echo "${options}" | grep -qv -- "--archive-dir" ; then
execstr_options="${execstr_options} --archive-dir /var/cache/backupninja/duplicity"
fi
### Cleanup old backup sets (or not)
if [ "$keep" != "yes" ]; then
if [ "`echo $keep | tr -d 0-9`" == "" ]; then
keep="${keep}D"
fi
fi
### Source
set -o noglob
# excludes
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
for i in $exclude; do
str="${i//__star__/*}"
execstr_source="${execstr_source} --exclude '$str'"
done
IFS=$SAVEIFS
# includes
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
for i in $include; do
[ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
str="${i//__star__/*}"
execstr_source="${execstr_source} --include '$str'"
done
IFS=$SAVEIFS
# vsincludes
if [ $usevserver = yes ]; then
for vserver in $vsnames; do
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
for vi in $vsinclude; do
str="${vi//__star__/*}"
str="$VROOTDIR/$vserver$str"
execstr_source="${execstr_source} --include '$str'"
done
IFS=$SAVEIFS
done
fi
set +o noglob
### EXECUTE ####################################################################
execstr_source=${execstr_source//\\*/\\\\\\*}
### If desturl is an S3 URL export the AWS environment variables
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "s3+http" ]; then
export AWS_ACCESS_KEY_ID="$awsaccesskeyid"
export AWS_SECRET_ACCESS_KEY="$awssecretaccesskey"
fi
### If desturl is a RackSpace's CloudFiles URL export the relevant
### environment variables
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "cf+http" ]; then
export CLOUDFILES_USERNAME="$cfusername"
export CLOUDFILES_APIKEY="$cfapikey"
if [ -n "$cfauthurl" ]; then
export CLOUDFILES_AUTHURL="$cfauthurl"
fi
fi
### If desturl is a Swift URL export the relevant
### environment variables
if [ "`echo $desturl | /usr/bin/awk -F ':' '{print $1}'`" == "swift" ]; then
export SWIFT_USERNAME="$swiftusername"
export SWIFT_PASSWORD="$swiftapikey"
if [ -n "$swiftauthurl" ]; then
export SWIFT_AUTHURL="$swiftauthurl"
fi
fi
### Cleanup commands (duplicity >= 0.4.4)
# cleanup
debug "$execstr_precmd duplicity cleanup --force $execstr_options $execstr_serverpart"
if [ ! $test ]; then
export PASSPHRASE=$password
export FTP_PASSWORD=$ftp_password
output=`nice -n $nicelevel \
su -c \
"$execstr_precmd duplicity cleanup --force $execstr_options $execstr_serverpart 2>&1"`
exit_code=$?
if [ $exit_code -eq 0 ]; then
debug $output
info "Duplicity cleanup finished successfully."
else
debug $output
warning "Duplicity cleanup failed."
fi
fi
# remove-older-than
if [ "$keep" != "yes" ]; then
debug "$execstr_precmd duplicity remove-older-than $keep --force $execstr_options $execstr_serverpart"
if [ ! $test ]; then
export PASSPHRASE=$password
export FTP_PASSWORD=$ftp_password
output=`nice -n $nicelevel \
su -c \
"$execstr_precmd duplicity remove-older-than $keep --force $execstr_options $execstr_serverpart 2>&1"`
exit_code=$?
if [ $exit_code -eq 0 ]; then
debug $output
info "Duplicity remove-older-than finished successfully."
else
debug $output
warning "Duplicity remove-older-than failed."
fi
fi
fi
# remove-all-inc-of-but-n-full : remove increments of older full backups : only keep latest ones
if [ "$keep" != "yes" ]; then
if [ "$keepincroffulls" != "all" ]; then
if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 6 -a "$duplicity_sub" -ge 10 ]; then
debug "$execstr_precmd duplicity remove-all-inc-of-but-n-full $keepincroffulls --force $execstr_options $execstr_serverpart"
if [ ! $test ]; then
export PASSPHRASE=$password
export FTP_PASSWORD=$ftp_password
output=`nice -n $nicelevel \
su -c \
"$execstr_precmd duplicity remove-all-inc-of-but-n-full $keepincroffulls --force $execstr_options $execstr_serverpart 2>&1"`
exit_code=$?
if [ $exit_code -eq 0 ]; then
debug $output
info "Duplicity remove-all-inc-of-but-n-full finished successfully."
else
debug $output
warning "Duplicity remove-all-inc-of-but-n-full failed."
fi
fi
fi
fi
fi
### Backup command
debug "$execstr_precmd duplicity $execstr_command $execstr_options $execstr_source --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
outputfile=`maketemp backupout`
export PASSPHRASE=$password
export FTP_PASSWORD=$ftp_password
output=`nice -n $nicelevel \
su -c \
"$execstr_precmd duplicity $execstr_command $execstr_options $execstr_source --exclude '**' / $execstr_serverpart >$outputfile 2>&1"`
exit_code=$?
debug $output
cat $outputfile | (while read output ; do
if [ $exit_code -eq 0 ]; then
info $output
else
error $output
fi
done
)
if [ $exit_code -eq 0 ]; then
info "Duplicity finished successfully."
else
fatal "Duplicity failed."
fi
rm $outputfile
fi
return 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment