opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/borg-backup
History
Clark Boylan 962af3e24e Use newer borgbackup on Ubuntu Noble 
Python3.12 (which is the python version on Noble) is not compatible with
our pinned borgbackup version (1.1.18). We get his errors when building
borgbackup on python3.12:

  ‘PyLongObject’ {aka ‘struct _longobject’} has no member named ‘ob_digit’

We update to 1.2.8 on Noble which is one of the oldest versions claiming
python3.12 support. We try to use the oldest version to ensure maximum
compatiblity with 1.1.18 on the backup servers. Our CI job should give
us decent coverage and then the new paste02 will be the production
canary for whether or not these versions are compatible enough with each
other. No other servers should be effected in the initial pass.

Note there is an upgrade event horizon for using repos with borg<1.2.5
and borg >=1.2.5. It only affects repos that have archives that lack
TAMs. My read on it is that newer borg can treat those archives as
invalid and unceremoniously delete them. This is a problem if they are
valid archives and don't have a TAM. I suspect we will avoid this
problem because borg >= 1.0.9 creates TAMs with archives and we prune
our archives so older ones should be long gone. More info on this can be
found in these documents and reviewers are encouraged to read them:

  https://borgbackup.readthedocs.io/en/1.2-maint/changes.html#pre-1-2-5-archives-spoofing-vulnerability-cve-2023-36811
  https://borgbackup.readthedocs.io/en/1.2-maint/changes.html#borg-1-1-x-to-1-2-x
  https://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#borg-1-x-y-upgrades

I have left a todo for us to upgrade all of the services to 1.2.8 that
can run it (it requires python3.8 or newer so Focal or newer) but for
now we are taking baby steps.

Change-Id: I0c5ca758149b85aeec5321a704300489a57a3cc1
2025-01-17 07:54:54 -08:00
..
defaults
Borg ignore ansible tmp files
2022-05-05 08:36:20 -07:00
tasks
Force borg backups to run over ipv4
2023-12-11 08:32:14 -08:00
templates
Use newer borgbackup on Ubuntu Noble
2025-01-17 07:54:54 -08:00
README.rst
borg-backup: implement saving a stream, use for database backups
2021-02-03 11:43:12 +11:00

README.rst

Configure a host to be backed up

This role setups a host to use borgp for backup to any hosts in the borg-backup-server group.

A separate ssh key will be generated for root to connect to the backup server(s) and the host key for the backup servers will be accepted to the host.

The borg tool is installed and a cron job is setup to run the backup periodically.

Note the borg-backup-server role must run after this to create the user correctly on the backup server. This role sets a tuple borg_user with the username and public key; the borg-backup-server role uses this variable for each host in the borg-backup group to initalise users.

Hosts can place into /etc/borg-streams which should be a script that outputs to stdout data to be fed into a backup archive on each run. This will be saved to an archive with the name of the file. This is useful for raw database dumps which allow borg to deduplicate as much as possible.

Role Variables

The username to connect to the backup server. If this is left undefined, it will be automatically set to borg-$(hostname)