restic
Version information
This version is compatible with:
- Puppet Enterprise 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x
- Puppet >= 6.0.0 < 8.0.0
Start using this module
Add this module to your Puppetfile:
mod 'syseleven-restic', '2.6.1'Learn more about managing modules with a PuppetfileDocumentation
Overview
This module manages Restic repositories via Puppet with systemd service and timer units. See: https://restic.net/
!!! This module has only been tested on Ubuntu 20.04 !!!
Features
- Backup
- Forget
- Restore
Module Description
By default $enable_backup is true. By default $enable_forget and $enable_restore are false.
For each repository you enable a systemd service will be installed. To trigger the service automatically you have to set a systemd timer value ($backup_timer, $forget_timer, $restore_timer).
By default no timer is set.
If you don't enable any feature the Restic repository will only be initialized.
Usage
Initialize Restic repository only on an S3 Bucket
---
classes:
- restic
restic::repositories:
some_repo1:
enable_backup: false
id: a3f5173hdsks934
key: y7ahajhsd3uzasa
password: yxcvasdf1234
host: some.host.name
bucket: bucket_name/backup1
Add a simple backup
Configure a repository and backup 2 directories
---
classes:
- restic
restic::repositories:
some_repo2:
backup_path:
- /full/path/1
- /some/other/path
backup_timer: Mon..Sun 20:00:00
bucket: bucket_name/backup1
host: some.host.name
id: a3f5173hdsks934
key: y7ahajhsd3uzasa
password: yxcvasdf1234
Add cleanup via the forget service
restic::repositories:
some_repo2:
...
enable_forget: true
forget_timer: Mon..Sun 23:00:00
Add two backups on the same S3 Bucket
---
classes:
- restic
restic::id: a3f5173hdsks934
restic::key: y7ahajhsd3uzasa
restic::host: some.host.name
restic::repositories:
some_repo3:
backup_path:
- /full/path/1
- /some/other/path
bucket: bucket_name/backup1
password: yxcvasdf1234
some_repo4:
backup_path: /other/path
bucket: bucket_name/backup2
password: yxcvasd3456f1234
Add two backups on the different S3 Buckets with different access data on the same host
---
classes:
- restic
restic::host: some.host.name
restic::repositories:
some_repo1:
backup_path:
- /full/path/1
- /some/other/path
bucket: bucket_name1/backup1
id: a3f5173hdsks934
key: y7ahajhsd3uzasa
password: yxcvasdf1234
some_repo2:
backup_path: /other/path
bucket: bucket_name2/backup2
id: y7ahajhsd3uzasa
key: a3f5173hdsks934
password: yxcvasd3456f1234
Add two restore only job from the same S3 Repository
---
classes:
- restic
restic::enable_backup: false
restic::enable_restore: true
restic::id: a3f5173hdsks934
restic::key: y7ahajhsd3uzasa
restic::host: some.host.name
restic::repositories:
some_repo3:
restore_path: /full/path/restore
bucket: bucket_name/backup1
password: yxcvasdf1234
some_repo4:
backup_path: /other/path
bucket: bucket_name/backup2
password: yxcvasd3456f1234
Other exmaples
Can be found in EXAMPLES.
Development
If you'd like to contribute, please see CONTRIBUTING.
Reference
Table of Contents
Classes
Public Classes
restic: Module to manage restic repositories via systemd service/timer.
Private Classes
restic::package: Install restic packagesrestic::reload: Reload systemd viasystemctl daemon-reload
Defined types
Public Defined types
restic::repository: Configure a Restic service to backup/forget/restore data.restic::repository::post_command: Define command(s) to be run after a restic commandrestic::repository::pre_command: Define command(s) to be run before a restic command
Private Defined types
restic::service: Configure a restic service
Data types
Restic::Forget: All valid forget parameterRestic::Path: Valid path parameterRestic::Repositories: A data hash with restic backup configurationRestic::Repository::Type: All valid repository types
Classes
restic
Module to manage restic repositories via systemd service/timer.
Parameters
The following parameters are available in the restic class:
package_ensurepackage_managepackage_namepackage_versionchecksuminstall_methodrepositoriesbackup_flagsbackup_pathbackup_pre_cmdbackup_post_cmdbackup_timerbackup_exit3_successbinarybucketenable_backupenable_forgetenable_restoreforgetforget_flagsforget_pre_cmdforget_post_cmdforget_timerglobal_flagsgrouphostidinit_repokeypasswordprunerestore_flagsrestore_pathrestore_pre_cmdrestore_post_cmdrestore_snapshotrestore_timertypeuser
package_ensure
Data type: String
Version for Restic to be installed
Default value: 'present'
package_manage
Data type: Boolean
Enable Restic package management
Default value: true
package_name
Data type: String
Name for Restic package
Default value: 'restic'
package_version
Data type: Optional[String[1]]
Restic version when installing with the url method.
Default value: undef
checksum
Data type: Optional[String[1]]
Checksum of the Restic archive. Only applicable when using install_method = 'url'.
Default value: undef
install_method
Data type: Enum['package', 'url']
Install method to use.
Default value: 'package'
repositories
Data type: Restic::Repositories
Hash of repositoriries
Default value: {}
backup_flags
Data type: Variant[Array[String[1]],String[1]]
Default flags for restic backup <flags>. See restic backup --help
Default value: []
backup_path
Data type: Optional[Restic::Path]
Default directory to backed up
Default value: undef
backup_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run before restic backup
Default value: undef
backup_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run after restic backup
Default value: undef
backup_timer
Data type: Optional[String[1]]
Default systemd timer for backup see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
backup_exit3_success
Data type: Boolean
Consider restic's exit code 3 as success. https://restic.readthedocs.io/en/latest/040_backup.html#exit-status-codes
Default value: false
binary
Data type: Stdlib::Absolutepath
Default path to the Restic binary
Default value: '/usr/bin/restic'
bucket
Data type: Optional[String]
Default name for the Restic repository
Default value: undef
enable_backup
Data type: Boolean
Default enable the backup service
Default value: true
enable_forget
Data type: Boolean
Default enable the forget service
Default value: false
enable_restore
Data type: Boolean
Default enable the restore service
Default value: false
forget
Data type: Restic::Forget
Default hash with keep-* => value to configure forget flags
Default value: {}
forget_flags
Data type: Variant[Array[String[1]],String[1]]
Default flags for restic forget <flags>. See restic forget --help
Default value: []
forget_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run before restic forget
Default value: undef
forget_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run after restic forget
Default value: undef
forget_timer
Data type: Optional[String[1]]
Default systemd timer for forget see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
global_flags
Data type: Variant[Array[String[1]],String[1]]
Default global flags for restic <flags>. See restic --help
Default value: []
group
Data type: String
Default group for systemd services
Default value: 'root'
host
Data type: Optional[Variant[Sensitive[String],String]]
Default hostname for the Restic repository
Default value: undef
id
Data type: Optional[Variant[Sensitive[String],String]]
Default S3 storage id for an S3 bucket
Default value: undef
init_repo
Data type: Boolean
Default enable the initialization of the repository
Default value: true
key
Data type: Optional[Variant[Sensitive[String],String]]
Default S3 storage key for an S3 bucket
Default value: undef
password
Data type: Optional[Variant[Sensitive[String],String]]
Default encryption password for the Restic repository
Default value: undef
prune
Data type: Boolean
Default enable --prune flag for restic forget
Default value: false
restore_flags
Data type: Variant[Array[String[1]],String[1]]
Default flags for restic restore <flags>. See restic restore --help
Default value: []
restore_path
Data type: Optional[Stdlib::Absolutepath]
Default directory used to restore a backup
Default value: undef
restore_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
command to run before execute restore
Default command to run before restic restore
Default value: undef
restore_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
command to run after execute restore
Default command to run after restic restore
Default value: undef
restore_snapshot
Data type: String[1]
Default Restic snapshot id used by the restore
Default value: 'latest'
restore_timer
Data type: Optional[String[1]]
Default systemd timer for restore see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
type
Data type: Restic::Repository::Type
Default name for the Restic repository. Only S3 supported
Default value: 's3'
user
Data type: String[1]
Default user for systemd services
Default value: 'root'
Defined types
restic::repository
Configure a Restic service to backup/forget/restore data.
Parameters
The following parameters are available in the restic::repository defined type:
backup_flagsbackup_pathbackup_pre_cmdbackup_post_cmdbackup_timerbackup_exit3_successbinarybucketenable_backupenable_forgetenable_restoreforgetforget_flagsforget_pre_cmdforget_post_cmdforget_timerglobal_flagsgrouphostidinit_repokeypasswordprunerestore_flagsrestore_pathrestore_pre_cmdrestore_post_cmdrestore_snapshotrestore_timertypeuser
backup_flags
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default flags for restic backup <flags>. See restic backup --help
Default value: undef
backup_path
Data type: Optional[Restic::Path]
Default directory to backed up
Default value: undef
backup_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run before restic backup
Default value: undef
backup_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run after restic backup
Default value: undef
backup_timer
Data type: Optional[String[1]]
Default systemd timer for backup see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
backup_exit3_success
Data type: Optional[Boolean]
Consider restic's exit code 3 as success. https://restic.readthedocs.io/en/latest/040_backup.html#exit-status-codes
Default value: undef
binary
Data type: Optional[Stdlib::Absolutepath]
Default path to the Restic binary
Default value: undef
bucket
Data type: Optional[String]
Default name for the Restic repository
Default value: undef
enable_backup
Data type: Optional[Boolean]
Default enable the backup service
Default value: undef
enable_forget
Data type: Optional[Boolean]
Default enable the forget service
Default value: undef
enable_restore
Data type: Optional[Boolean]
Default enable the restore service
Default value: undef
forget
Data type: Optional[Restic::Forget]
Default hash with keep-* => value to configure forget flags
Default value: undef
forget_flags
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default flags for restic forget <flags>. See restic forget --help
Default value: undef
forget_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run before restic forget
Default value: undef
forget_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default command to run after restic forget
Default value: undef
forget_timer
Data type: Optional[String[1]]
Default systemd timer for forget see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
global_flags
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default global flags for restic <flags>. See restic --help
Default value: undef
group
Data type: Optional[String]
Default group for systemd services
Default value: undef
host
Data type: Optional[Variant[Sensitive[String],String]]
Default hostname for the Restic repository
Default value: undef
id
Data type: Optional[Variant[Sensitive[String],String]]
Default S3 storage id for an S3 bucket
Default value: undef
init_repo
Data type: Optional[Boolean]
Default enable the initialization of the repository
Default value: undef
key
Data type: Optional[Variant[Sensitive[String],String]]
Default S3 storage key for an S3 bucket
Default value: undef
password
Data type: Optional[Variant[Sensitive[String],String]]
Default encryption password for the Restic repository
Default value: undef
prune
Data type: Optional[Boolean]
Default enable --prune flag for restic forget
Default value: undef
restore_flags
Data type: Optional[Variant[Array[String[1]],String[1]]]
Default flags for restic restore <flags>. See restic restore --help
Default value: undef
restore_path
Data type: Optional[Stdlib::Absolutepath]
Default directory used to restore a backup
Default value: undef
restore_pre_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
command to run before execute restore
Default command to run before restic restore
Default value: undef
restore_post_cmd
Data type: Optional[Variant[Array[String[1]],String[1]]]
command to run after execute restore
Default command to run after restic restore
Default value: undef
restore_snapshot
Data type: Optional[String[1]]
Default Restic snapshot id used by the restore
Default value: undef
restore_timer
Data type: Optional[String[1]]
Default systemd timer for restore see: https://wiki.archlinux.de/title/Systemd/Timers
Default value: undef
type
Data type: Optional[Restic::Repository::Type]
Default name for the Restic repository. Only S3 supported
Default value: undef
user
Data type: Optional[String[1]]
Default user for systemd services
Default value: undef
restic::repository::post_command
Define command(s) to be run after a restic command
Examples
Define a command to be run after the backup
restic::repository::pre_command { 'mysql':
command => 'rm -rf /opt/xtrabackup',
}
Parameters
The following parameters are available in the restic::repository::post_command defined type:
command
Data type: Variant[Array[String[1]],String[1]]
Command to run.
repository_title
Data type: String[1]
restic::repository title where this command should be add to.
Default value: $title
restic_command
Data type: Enum['backup', 'forget', 'restore']
After which restic command this command should be run.
Default value: 'backup'
allow_fail
Data type: Boolean
If an error of this commands should be allowed.
Default value: false
order
Data type: Integer[26]
Order of Commands. Helpful if you have multiple.
Default value: 26
restic::repository::pre_command
Define command(s) to be run before a restic command
Examples
Define a command to be run before the backup
restic::repository::pre_command { 'mysql':
command => 'xtrabackup --backup --target-dir=/opt/xtrabackup',
}
Parameters
The following parameters are available in the restic::repository::pre_command defined type:
command
Data type: Variant[Array[String[1]],String[1]]
Command to run.
repository_title
Data type: String[1]
restic::repository title where this command should be add to.
Default value: $title
restic_command
Data type: Enum['backup', 'forget', 'restore']
Before which restic command this command should be run.
Default value: 'backup'
allow_fail
Data type: Boolean
If an error of this commands should be allowed.
Default value: false
order
Data type: Integer[11,24]
Order of Commands. Helpful if you have multiple.
Default value: 11
Data types
Restic::Forget
All valid forget parameter
Alias of Hash[Enum['keep-last','keep-hourly','keep-daily','keep-weekly','keep-monthly','keep-yearly','keep-within','keep-tag'], Integer[1]]
Restic::Path
Valid path parameter
Alias of Variant[Stdlib::Absolutepath, Array[Stdlib::Absolutepath]]
Restic::Repositories
A data hash with restic backup configuration
Alias of
Hash[String[1], Struct[
{
backup_flags => Optional[Variant[Array[String[1]],String[1]]],
backup_path => Optional[Restic::Path],
backup_post_cmd => Optional[String[1]],
backup_pre_cmd => Optional[String[1]],
backup_timer => Optional[String[1]],
backup_exit3_success => Optional[Boolean],
binary => Optional[Stdlib::Absolutepath],
bucket => Optional[String[1]],
check => Optional[Boolean],
enable_backup => Optional[Boolean],
enable_forget => Optional[Boolean],
enable_restore => Optional[Boolean],
forget => Optional[Restic::Forget],
forget_flags => Optional[Variant[Array[String[1]],String[1]]],
forget_post_cmd => Optional[String[1]],
forget_pre_cmd => Optional[String[1]],
forget_timer => Optional[String[1]],
global_flags => Optional[Variant[Array[String[1]],String[1]]],
group => Optional[String[1]],
host => Optional[String[1]],
id => Optional[String[1]],
init_repo => Optional[Boolean],
key => Optional[String[1]],
password => Optional[String[1]],
prune => Optional[Boolean],
restore_flags => Optional[Variant[Array[String[1]],String[1]]],
restore_path => Optional[Stdlib::Absolutepath],
restore_post_cmd => Optional[String[1]],
restore_pre_cmd => Optional[String[1]],
restore_snapshot => Optional[String[1]],
restore_timer => Optional[String[1]],
type => Optional[Restic::Repository::Type],
user => Optional[String[1]],
}
]]
Restic::Repository::Type
All valid repository types
Alias of Enum['rest', 's3']
Changelog
All notable changes to this project will be documented in this file.
Release 2.6.1
Bugfix
- Unwrap sensitive environment variables from Matthias Baur m.baur@syseleven.de
Release 2.6.0
Features
- Support Sensitive data type for host, id, key and password from Matthias Baur m.baur@syseleven.de
Release 2.5.2
-
Make systemd SuccessExitStatus configruable from Matthias Baur m.baur@syseleven.de
This makes it possible to accept Restic exit code 3 to be accepted as a success by systemd.
See https://restic.readthedocs.io/en/latest/040_backup.html#exit-status-codes
Bugfixes
- Ensure bunzip is installed from Matthias Baur m.baur@syseleven.de
Release 2.5.1
Bugfixes
- Ensure bunzip is installed from Matthias Baur m.baur@syseleven.de
Release 2.5.0
Features
- Add pre/post command defined for service from Matthias Baur m.baur@syseleven.de
Release 2.4.0
Features
- Allow the installation of restic through url download from Matthias Baur m.baur@syseleven.de
Release 2.3.0
Features
- Bucket can be empty for non s3 repositories from Matthias Baur m.baur@syseleven.de
- Allow *_cmd parameters to be an Array from Matthias Baur m.baur@syseleven.de
Release 2.2.4
Features
- Allow inclusion of restic::repository from Matthias Baur m.baur@syseleven.de
- Support 'rest' repository type from Matthias Baur m.baur@syseleven.de
Release 2.2.3
Features
- revert Sensitive id, key, and password
Release 2.2.2
Features
- make id, key, and password Sensitive
Release 2.2.1
- broken release
Release 2.2.0
Features
- add 22.04 support
Release 2.1.0
Bugfixes
- default for enable_backup set to true to reflect docs (Issue #9)
Release 2.0.3
Bugfixes
- fix file unsecure file permissions (Issue #6)
Release 2.0.2
Bugfixes
- user and group assignment for the backup service resource (Issue #3)
- deduplicate resource for initialize restic repository (Issue #4)
- user and group assignment for the restore/forget service resource (no issue)
Release 2.0.1
Bugfixes
- run failed if backup, restore and forget have been disabled (Issue #1)
Release 2.0.0
Features
Renamed paramter
- $repository_type >> $type
- $repository_name >> $bucket
- $repository_host >> $host
- $timer >> $backup_timer
Added parameter
- $restore_timer
Changed default values
- $enable_backup is now false
- restore_path is now undef
- type is now s3
Added more complex rspec tests
Bugfixes
- fixed timer rollout
Known Issues
- none
Release 1.0.0
Features
- initialize a Restic repository at S3
- backup/restore/forget data at an S3 Restic repository
Bugfixes
- none
Known Issues
- none
Dependencies
- puppet/systemd (>= 3.10.0)
- puppetlabs/concat (>= 7.4.0)
- puppetlabs/stdlib (>= 8.2.0)