Release notes

=============

x.y.z

-----

* ``common`` role

  * Fixed permission errors with Python cache directories in the pip

    requirements upgrade checks virtual environment that can happen if

    the initial virtual environment set-up fails.

8.0.0

-----

Dropped support for Python 2.7 and Debian 10 Buster. Added support for

Debian 12 Bookworm. Numerous minor improvements and fixes.

  - name: backup-server

    box: debian/bookworm64

    memory: 512

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.10

        network_name: private_network

        type: static

  - name: param-mandatory-bookworm

    groups:

      - parameters-mandatory

    box: debian/bookworm64

    memory: 256

    cpus: 1

    provider_raw_config_args:

      - "customize ['modifyvm', :id, '--paravirtprovider', 'minimal']"

    interfaces:

      - auto_config: true

        ip: 192.168.56.20

        network_name: private_network

        group: backup-users

        mode: 0770

      with_items: "{{ backup_users }}"

  handlers:

    - name: Restart ssh

      service:

        name: ssh

        state: restarted

  vars:

    backup_users:

      - name: bak-param-mandatory-bookworm

        key: "{{ lookup('file', 'tests/data/ssh/parameters-mandatory.pub') }}"

      - name: backupuser

        key: "{{ lookup('file', 'tests/data/ssh/parameters-optional.pub') }}"

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('parameters-*')

def test_installed_packages(host):

    """

    Tests if the necessary packages are installed.

    """

    assert host.package('duply').is_installed

    assert host.package('duplicity').is_installed

def test_duply_directories(host):

    """

    Tests if Duply directories have been set-up correctly.

    """

    with host.sudo():

        for directory_path in ["/etc/duply",

    """

    Tests if duply configuration has been set-up correctly.

    """

    hostname = host.run('hostname').stdout.strip()

    with host.sudo():

        duply_configuration = host.file('/etc/duply/main/conf')

        assert "GPG_KEYS_ENC='59C26F031A129C54'" in duply_configuration.content_string

        assert "GPG_KEY_SIGN='59C26F031A129C54'" in duply_configuration.content_string

            "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content_string

def test_duply_gnupg_keyring_private_keys(host):

    """

    Tests if private key used for encryption/signing has been correctly

    imporeted into Duply GnuPG keyring.

    """

    with host.sudo():

        private_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')

    """

    Tests if duply configuration has been set-up correctly.

    """

    hostname = host.run('hostname').stdout.strip()

    with host.sudo():

        duply_configuration = host.file('/etc/duply/main/conf')

        assert "GPG_KEYS_ENC='C4B2AE9F7A4F400A,3093C91BC3A9444B,86816FD928063B3F,8A14CD6C71223B72'" in duply_configuration.content_string

        assert "GPG_KEY_SIGN='C4B2AE9F7A4F400A'" in duply_configuration.content_string

            "-oGlobalKnownHostsFile=/etc/duply/main/ssh/known_hosts -oIdentityFile=/etc/duply/main/ssh/identity'\"" in duply_configuration.content_string

def test_duply_gnupg_keyring_private_keys(host):

    """

    Tests if private key used for encryption/signing has been correctly

    imporeted into Duply GnuPG keyring.

    """

    with host.sudo():

        private_key_listing = host.run('gpg --homedir /etc/duply/main/gnupg --list-public-keys')

---

- name: Install backup software

  apt:

    name:

      - duplicity

      - duply

    state: present

- name: Set-up Duply directories

  file:

    path: "{{ item }}"

    state: directory

    owner: root

# GnuPG keys that should be used for encryption. Normally the encryption key is

# not available locally.

GPG_KEYS_ENC='{{ backup_encryption_key_id.stdout }}{% if backup_additional_encryption_keys %},{{ backup_additional_encryption_keys_ids.stdout }}{% endif %}'

# GnuPG key used for signing.

GPG_KEY_SIGN='{{ backup_encryption_key_id.stdout }}'

# Trust all keys available in the GnuPG keyring.

GPG_OPTS="--homedir /etc/duply/main/gnupg/ --trust-model always"

# Destination where the backups are stored at.

# Base directory to backup (root). File selection is done via include/exclude

# patterns.

SOURCE='/'

# Maximum age for preserving old backups. Used when running the "purge"

# command.

MAX_AGE=6M

# Maximum age of the last full backup performed before a new full backup is

# taken.

MAX_FULLBKP_AGE=1M

DUPL_PARAMS="$DUPL_PARAMS --full-if-older-than $MAX_FULLBKP_AGE " 

# Duplicity volume size in megabytes.

VOLSIZE=1024

DUPL_PARAMS="$DUPL_PARAMS --volsize $VOLSIZE "

# Output verbosity (error 0, warning 1-2, notice 3-4, info 5-8, debug 9)

# Path to a directory used for restoring files from backups. The file is stored

# there temporarily.

TEMP_DIR="/tmp"

# Directory for storing (caching) unencrypted metadata. This metadata is used

# for producting incremental backups.

ARCH_DIR="/var/cache/duply/main/"

# Use the GnuPG agent for passwords prompts. Since we deploy the signing key

# without any encryption, this effectively means no prompts.

DUPL_PARAMS="$DUPL_PARAMS --use-agent"

# Rely only on global known_hosts file (which should only contain

# resolvable names), bypassing addition of IP addresses to root's

# known_hosts file. Log level is configured to reduce verbosity

# (mentions of IP address additions to user's known_hosts file). Use

# dedicated private key for performing logins towards the backup

# server.

# By default we exclude everything, and then include only specific patterns.

DUPL_PARAMS="$DUPL_PARAMS --include-filelist /etc/duply/main/include"