duply

Overview

This module installs duply and allows the creation of multiple duply profiles.

Care has been made to support all possible configurations of duply profiles, including unencrypted backups, encrypted backups with just a password and gpg-key encrypted and signed backups. The latter may require some additional configuration of the gpg-agent tool as per the duply man page and is beyond the scop of this module.

Setup

What duply affects

duply package.
duply profile configuration files.
cron jobs for running duply profiles.

Usage

Include the duply class:

class { '::duply': }

Create a profile that backs up / to Amazon S3, keeping the backups for a max of one month and encrypts the backups with the password "correct battery horse staple":

duply::profile { 'system_backup':
    ensure => 'present',
    gpg_enc_pass => 'correct battery horse staple',
    source => '/',
    target => 's3://s3-ap-southeast-2.amazonaws.com/icanhasbucket',
    target_user => 'foobarbaz',
    target_pass => 'borkborkbork',
    max_age => '1M',
  }

You can also include an array of files/directories to include/exclude using the somewhat misnamed source_excludes parameter. Using this parameter, each element of the array becomes a line in the /etc/duply/someprofile/exclude file. See the man pages for duply and the underlying workhorse duplicity for details on the format.

Reference

Classes

duply: main class, simply installs duply package.

Defined Types

duply::profile: creates and configures a duply profile and sets up a cron job to schedule the profile to be run by duply.
duply::command: creates a cron job to run a specific duply command against a profile.

duply::profile Parameters

name: name of the profile. Will create /etc/duply/${name} *and configuration files under this directory.
ensure: whether to install or remove this profile.
source: source to be backed up.
target: where to backup to. Specified in usual duplicity scheme format. See the duplicity documentation for details.
target_user and target_pass: credentials required for target (where needed).
gpg_sign_key: gpg key for signing backups.
gpg_sign_pass: password (if required) for gpg signing key.
gpg_enc_key: gpg key for encrypting backups.
gpg_enc_pass: either the password for the gpg encryption key or a password to use to encrypt the backups (without using gpg keys).
gpg_opts: extra gpg command-line options (use with care).
max_age: time frame for old backups to keep, Used for the "purge" duply command. Format is per duplicity time formats, see duplicity documenation.
max_full_backups: number of full backups to keep. Used for the "purge-full" duply command.
max_full_with_incrs: number of full backups for which incrementals will be kept for. Used for the "purge-incr" duply command.
max_full_age: activates duplicity --full-if-older-than option. See duplicity documentation.
volsize: changes duplicity --volsize option, specified in megabytes. Defaults to 25 (i.e., 25 MB).
verbosity: verbosity of output of duply commands. Really only useful if you have configured your cron output to go somewhere useful. Defaults to 1.
temp_dir: temporary file space. Should be at least the size of the biggest file in backup for a successful restoration process. Defaults to /tmp.
arch_dir: defines a folder that holds unencrypted meta data of the backup, enabling new incrementals without the need to decrypt backend metadata first. Default is ~/.cache/duplicity/duply_<profile>/.
dupl_params: extra duplicity options. Use with care.
source_excludes: array of source includes/excludes in duplicity format. See duplicity documentation for details.
cron_weekday: weekday for main duply profile backup cron job. Defaults to '*'.
cron_hour: hour for main duply profile backup. Defaults to 1.
cron_minute: minute for main duply profile backup. Defaults to 10.

duply::command Parameters

name: name of the command. This should be a valid command (TODO: validate the command name).
ensure: whether to install or remove this command.
profile: the profile to which this command will apply.
extra_options: any extra options to pass to the command (e.g., --force).
cron_weekday: weekday for cron job.
cron_hour: hour for main duply profile backup.
cron_minute: minute for main duply profile backup.

Compatibility

Tested on Puppet 3.7.
Tested on Fedora, but should work on all Red Hat and Debian derivatives.

Limitations

Only basic encrypted backups of Local->Amazon S3 have been tested. Testing of gpg-key encrypted and/or signed backups as well as other targets welcome.

joshuar / puppet-duply