aboutsummaryrefslogtreecommitdiff
path: root/handlers/dup.in
diff options
context:
space:
mode:
Diffstat (limited to 'handlers/dup.in')
-rw-r--r--handlers/dup.in178
1 files changed, 178 insertions, 0 deletions
diff --git a/handlers/dup.in b/handlers/dup.in
new file mode 100644
index 0000000..edb43ac
--- /dev/null
+++ b/handlers/dup.in
@@ -0,0 +1,178 @@
+# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
+#
+# duplicity script for backupninja
+# requires duplicity
+#
+
+getconf options
+getconf testconnect yes
+getconf nicelevel 0
+
+setsection gpg
+getconf password
+getconf sign no
+getconf encryptkey
+getconf signkey
+
+setsection source
+getconf include
+getconf vsnames all
+getconf vsinclude
+getconf exclude
+
+setsection dest
+getconf incremental yes
+getconf keep 60
+getconf sshoptions
+getconf bandwidthlimit 0
+getconf desthost
+getconf destdir
+getconf destuser
+destdir=${destdir%/}
+
+[ "$destdir" != "" ] || fatal "Destination directory not set"
+[ "$include" != "" ] || fatal "No source includes specified"
+
+### vservers stuff ###
+
+# If vservers are configured, check that the ones listed in $vsnames do exist.
+local usevserver=no
+if [ $vservers_are_available = yes ]; then
+ if [ "$vsnames" = all ]; then
+ vsnames="$found_vservers"
+ else
+ if ! vservers_exist "$vsnames" ; then
+ fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
+ fi
+ fi
+ if [ -n "$vsinclude" ]; then
+ info "Using vservers '$vsnames'"
+ usevserver=yes
+ fi
+else
+ [ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
+fi
+
+
+### see if we can login ###
+
+if [ "$testconnect" == "yes" ]; then
+ debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
+ if [ ! $test ]; then
+ result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
+ if [ "$result" != "1" ]; then
+ fatal "Can't connect to $desthost as $destuser."
+ else
+ debug "Connected to $desthost as $destuser successfully"
+ fi
+ fi
+fi
+
+### COMMAND-LINE MANGLING ###
+
+# duplicity >= 0.4.2 needs --sftp-command (NB: sftp does not support the -l option)
+duplicity_version="`duplicity --version | @AWK@ '{print $2}'`"
+duplicity_major="`echo $duplicity_version | @AWK@ -F '.' '{print $1}'`"
+duplicity_minor="`echo $duplicity_version | @AWK@ -F '.' '{print $2}'`"
+duplicity_sub="`echo $duplicity_version | @AWK@ -F '.' '{print $3}'`"
+if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 4 -a "$duplicity_sub" -ge 2 ]; then
+ sftpoptions="$sshoptions"
+fi
+
+scpoptions="$sshoptions"
+[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"
+
+if [ -z "$sftpoptions" ]; then
+ execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
+else
+ execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' --ssh-command 'ssh $sshoptions' "
+fi
+
+# deal with symmetric or asymmetric (public/private key pair) encryption
+if [ -n "$encryptkey" ]; then
+ execstr="${execstr}--encrypt-key $encryptkey "
+ debug "Data will be encrypted with the GnuPG key $encryptkey."
+else
+ debug "Data will be encrypted using symmetric encryption."
+fi
+
+# deal with data signing
+if [ "$sign" == yes ]; then
+ # duplicity is not able to sign data when using symmetric encryption
+ [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
+ # if needed, initialize signkey to a value that is not empty (checked above)
+ [ -n "$signkey" ] || signkey="$encryptkey"
+ execstr="${execstr}--sign-key $signkey "
+ debug "Data will be signed will the GnuPG key $signkey."
+else
+ debug "Data won't be signed."
+fi
+
+# deal with GnuPG passphrase
+[ -n "$password" ] || fatal "The password option must be set."
+
+if [ "$keep" != "yes" ]; then
+ if [ "`echo $keep | tr -d 0-9`" == "" ]; then
+ keep="${keep}D"
+ fi
+ execstr="${execstr}--remove-older-than $keep "
+fi
+
+if [ "$incremental" == "no" ]; then
+ execstr="${execstr}--full "
+fi
+
+execstr_serverpart="scp://$destuser@$desthost/$destdir"
+execstr_clientpart="/"
+
+### SOURCE ###
+
+set -o noglob
+
+# excludes
+for i in $exclude; do
+ str="${i//__star__/*}"
+ execstr="${execstr}--exclude '$str' "
+done
+
+# includes
+for i in $include; do
+ [ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
+ str="${i//__star__/*}"
+ execstr="${execstr}--include '$str' "
+done
+
+# vsincludes
+if [ $usevserver = yes ]; then
+ for vserver in $vsnames; do
+ for vi in $vsinclude; do
+ str="${vi//__star__/*}"
+ str="$VROOTDIR/$vserver$str"
+ execstr="${execstr}--include '$str' "
+ done
+ done
+fi
+
+set +o noglob
+
+### EXECUTE ###
+
+execstr=${execstr//\\*/\\\\\\*}
+
+debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
+if [ ! $test ]; then
+ export PASSPHRASE=$password
+ output=`nice -n $nicelevel \
+ su -c \
+ "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
+ code=$?
+ if [ $code -eq 0 ]; then
+ debug $output
+ info "Duplicity finished successfully."
+ else
+ debug $output
+ fatal "Duplicity failed."
+ fi
+fi
+
+return 0