x.y.z

-----

Dropped support for Debian 10 (Buster).

**Breaking changes:**

* All roles

  * Dropped support for Debian 10 (Buster).

* ``common`` role

  * Dropped support for Python 2.7 pip requirements upgrade

    checks. Only Python 3 is supported now.

    Requirements (input) files for Python 3 are now put under the

    ``/etc/pip_check_requirements_upgrades`` directory instead of

    ``/etc/pip_check_requirements_upgrades-py3``.

    The ``pip_check_requirements_py3`` /

    ``pip_check_requirements_py3_in`` role parameters have been

    renamed to ``pip_check_requirements`` /

  location ``/etc/duply/main/ssh/known_hosts``.

* Base directory for back-ups is root (``/``), but *all* files are excluded by

  default to prevent huge back-ups. Ansible roles that want to utilise the

  backup client role can specify which patterns should be included in the backup

  when including the ``backup`` role. Include pattern file is assembled and

  stored in location ``/etc/duply/main/include``.

* Backups are encrypted and signed with the specified encryption key.

* Maximum age for old backups is set to 6 months.

* Maximum age for full backups is set to 1 month.

* Volume size is set to 1GB.

* Pre-backup scripts are run via ``/etc/duply/main/pre`` handler that tries to

  execute scripts/binaries from directory ``/etc/duply/main/pre.d/``.

.. note::

   Since at time of this writing there are no lookup plugins for extracting key

   material/information from GnuPG keyring, you may want to resort to extraction

   of keys on the controller machine via lookups similar to::

     lookup('pipe', 'gpg2 --homedir /path/to/your/keyring --armor --export some_identifier')

     lookup('pipe', 'gpg2 --homedir /path/to/your/keyring --armor --export-secret-keys some_identifier')

   This may not be the most elegant solution, but for now it offers better

   flexibility (theoretically, you could store all those keys etc as plaintext

   files instead).

def test_cron_entry(host):

    """

    Tests if cron job has been correctly set-up for running backups.

    """

    cron = host.file('/etc/cron.d/backup')

    assert cron.is_file

    assert cron.user == 'root'

    assert cron.group == 'root'

    assert cron.mode == 0o644

def test_duply_include_file(host):

    """

    Tests include file existence and permissions.

    """

    with host.sudo():

        include = host.file('/etc/duply/main/include')

        assert include.is_file

def test_backup_and_restore(host):

    """

    Tests a simple backup and restore to a directory. Includes tests for

    checking if the pre-backup handles are run correctly.

    """

    with host.sudo():

        # Remove this file so we can be sure the pre-backup script has been run.

        host.ansible("file", "path=/var/lib/pre-backup-test state=absent")

        assert backup_run.rc == 0

        assert host.file('/var/lib/pre-backup-test').is_file

        # Remove restore directory in order to make sure restore has worked

        # correctly.

        host.ansible("file", "path=/root/restore state=absent")

        restore_run = host.run('duply main restore /root/restore')

        assert restore_run.rc == 0

        assert host.file('/root/restore').is_directory

    src: "duply_pre"

    dest: "/etc/duply/main/pre"

    owner: root

    group: root

    mode: 0700

- name: Deploy crontab entry for running backups

  cron:

    name: backup

    cron_file: backup

    hour: "2"

    minute: "0"

    state: present

    user: root

- name: Ensure the file with include patterns exists (but do not overwrite)

  copy:

    content: ""

    dest: /etc/duply/main/include

    force: false

    group: root

    owner: root

    mode: 0600