2014-04-13 02:36:36 +00:00
|
|
|
module Propellor.Property.Obnam where
|
|
|
|
|
|
|
|
|
|
import Propellor
|
|
|
|
|
import qualified Propellor.Property.Apt as Apt
|
|
|
|
|
import qualified Propellor.Property.Cron as Cron
|
2014-11-15 17:42:04 +00:00
|
|
|
import qualified Propellor.Property.Gpg as Gpg
|
2014-04-13 02:36:36 +00:00
|
|
|
import Utility.SafeCommand
|
|
|
|
|
|
2014-04-13 06:28:40 +00:00
|
|
|
import Data.List
|
|
|
|
|
|
2014-04-13 02:36:36 +00:00
|
|
|
type ObnamParam = String
|
|
|
|
|
|
2014-04-13 06:28:40 +00:00
|
|
|
-- | An obnam repository can be used by multiple clients. Obnam uses
|
|
|
|
|
-- locking to allow only one client to write at a time. Since stale lock
|
|
|
|
|
-- files can prevent backups from happening, it's more robust, if you know
|
|
|
|
|
-- a repository has only one client, to force the lock before starting a
|
|
|
|
|
-- backup. Using OnlyClient allows propellor to do so when running obnam.
|
|
|
|
|
data NumClients = OnlyClient | MultipleClients
|
|
|
|
|
deriving (Eq)
|
|
|
|
|
|
2014-04-13 02:36:36 +00:00
|
|
|
-- | Installs a cron job that causes a given directory to be backed
|
|
|
|
|
-- up, by running obnam with some parameters.
|
|
|
|
|
--
|
|
|
|
|
-- If the directory does not exist, or exists but is completely empty,
|
|
|
|
|
-- this Property will immediately restore it from an existing backup.
|
|
|
|
|
--
|
|
|
|
|
-- So, this property can be used to deploy a directory of content
|
|
|
|
|
-- to a host, while also ensuring any changes made to it get backed up.
|
|
|
|
|
-- And since Obnam encrypts, just make this property depend on a gpg
|
|
|
|
|
-- key, and tell obnam to use the key, and your data will be backed
|
|
|
|
|
-- up securely. For example:
|
|
|
|
|
--
|
|
|
|
|
-- > & Obnam.backup "/srv/git" "33 3 * * *"
|
2014-04-13 06:28:40 +00:00
|
|
|
-- > [ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
|
|
|
|
|
-- > ] Obnam.OnlyClient
|
2014-07-17 19:06:24 +00:00
|
|
|
-- > `requires` Ssh.keyImported SshRsa "root" (Context hostname)
|
2014-04-13 02:36:36 +00:00
|
|
|
--
|
|
|
|
|
-- How awesome is that?
|
2015-02-01 21:34:04 +00:00
|
|
|
backup :: FilePath -> Cron.Times -> [ObnamParam] -> NumClients -> Property NoInfo
|
2014-11-15 17:42:04 +00:00
|
|
|
backup dir crontimes params numclients =
|
|
|
|
|
backup' dir crontimes params numclients
|
|
|
|
|
`requires` restored dir params
|
|
|
|
|
|
|
|
|
|
-- | Like backup, but the specified gpg key id is used to encrypt
|
|
|
|
|
-- the repository.
|
|
|
|
|
--
|
|
|
|
|
-- The gpg secret key will be automatically imported
|
|
|
|
|
-- into root's keyring using Propellor.Property.Gpg.keyImported
|
2015-02-01 21:34:04 +00:00
|
|
|
backupEncrypted :: FilePath -> Cron.Times -> [ObnamParam] -> NumClients -> Gpg.GpgKeyId -> Property HasInfo
|
2014-11-15 17:42:04 +00:00
|
|
|
backupEncrypted dir crontimes params numclients keyid =
|
2014-11-15 21:02:25 +00:00
|
|
|
backup dir crontimes params' numclients
|
2015-04-22 17:04:39 +00:00
|
|
|
`requires` Gpg.keyImported keyid (User "root")
|
2014-11-15 21:02:25 +00:00
|
|
|
where
|
|
|
|
|
params' = ("--encrypt-with=" ++ Gpg.getGpgKeyId keyid) : params
|
2014-06-01 18:37:44 +00:00
|
|
|
|
|
|
|
|
-- | Does a backup, but does not automatically restore.
|
2015-02-01 21:34:04 +00:00
|
|
|
backup' :: FilePath -> Cron.Times -> [ObnamParam] -> NumClients -> Property NoInfo
|
2014-06-01 18:37:44 +00:00
|
|
|
backup' dir crontimes params numclients = cronjob `describe` desc
|
2014-04-13 02:36:36 +00:00
|
|
|
where
|
|
|
|
|
desc = dir ++ " backed up by obnam"
|
2015-04-22 17:04:39 +00:00
|
|
|
cronjob = Cron.niceJob ("obnam_backup" ++ dir) crontimes (User "root") "/" $
|
2014-04-17 23:32:34 +00:00
|
|
|
intercalate ";" $ catMaybes
|
2014-04-13 06:28:40 +00:00
|
|
|
[ if numclients == OnlyClient
|
|
|
|
|
then Just $ unwords $
|
|
|
|
|
[ "obnam"
|
|
|
|
|
, "force-lock"
|
|
|
|
|
] ++ map shellEscape params
|
|
|
|
|
else Nothing
|
|
|
|
|
, Just $ unwords $
|
|
|
|
|
[ "obnam"
|
|
|
|
|
, "backup"
|
|
|
|
|
, shellEscape dir
|
|
|
|
|
] ++ map shellEscape params
|
|
|
|
|
]
|
2014-04-13 02:36:36 +00:00
|
|
|
|
|
|
|
|
-- | Restores a directory from an obnam backup.
|
|
|
|
|
--
|
|
|
|
|
-- Only does anything if the directory does not exist, or exists,
|
|
|
|
|
-- but is completely empty.
|
|
|
|
|
--
|
|
|
|
|
-- The restore is performed atomically; restoring to a temp directory
|
|
|
|
|
-- and then moving it to the directory.
|
2015-01-25 02:38:10 +00:00
|
|
|
restored :: FilePath -> [ObnamParam] -> Property NoInfo
|
2014-04-18 07:59:06 +00:00
|
|
|
restored dir params = property (dir ++ " restored by obnam") go
|
2014-04-13 02:36:36 +00:00
|
|
|
`requires` installed
|
|
|
|
|
where
|
|
|
|
|
go = ifM (liftIO needsRestore)
|
2014-04-13 15:14:43 +00:00
|
|
|
( do
|
|
|
|
|
warningMessage $ dir ++ " is empty/missing; restoring from backup ..."
|
|
|
|
|
liftIO restore
|
2014-04-13 02:36:36 +00:00
|
|
|
, noChange
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
needsRestore = null <$> catchDefaultIO [] (dirContents dir)
|
|
|
|
|
|
|
|
|
|
restore = withTmpDirIn (takeDirectory dir) "obnam-restore" $ \tmpdir -> do
|
|
|
|
|
ok <- boolSystem "obnam" $
|
|
|
|
|
[ Param "restore"
|
|
|
|
|
, Param "--to"
|
|
|
|
|
, Param tmpdir
|
|
|
|
|
] ++ map Param params
|
|
|
|
|
let restoreddir = tmpdir ++ "/" ++ dir
|
|
|
|
|
ifM (pure ok <&&> doesDirectoryExist restoreddir)
|
|
|
|
|
( do
|
|
|
|
|
void $ tryIO $ removeDirectory dir
|
|
|
|
|
renameDirectory restoreddir dir
|
|
|
|
|
return MadeChange
|
|
|
|
|
, return FailedChange
|
|
|
|
|
)
|
2014-04-18 02:09:29 +00:00
|
|
|
|
2015-01-25 02:38:10 +00:00
|
|
|
installed :: Property NoInfo
|
2014-04-18 02:25:09 +00:00
|
|
|
installed = Apt.installed ["obnam"]
|
