blob: edb43ac4b90ddcf8b732f92ae9e7811692e1f48d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
#
# duplicity script for backupninja
# requires duplicity
#
getconf options
getconf testconnect yes
getconf nicelevel 0
setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey
setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude
setsection dest
getconf incremental yes
getconf keep 60
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}
[ "$destdir" != "" ] || fatal "Destination directory not set"
[ "$include" != "" ] || fatal "No source includes specified"
### vservers stuff ###
# If vservers are configured, check that the ones listed in $vsnames do exist.
local usevserver=no
if [ $vservers_are_available = yes ]; then
if [ "$vsnames" = all ]; then
vsnames="$found_vservers"
else
if ! vservers_exist "$vsnames" ; then
fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
fi
fi
if [ -n "$vsinclude" ]; then
info "Using vservers '$vsnames'"
usevserver=yes
fi
else
[ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
fi
### see if we can login ###
if [ "$testconnect" == "yes" ]; then
debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
if [ ! $test ]; then
result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
if [ "$result" != "1" ]; then
fatal "Can't connect to $desthost as $destuser."
else
debug "Connected to $desthost as $destuser successfully"
fi
fi
fi
### COMMAND-LINE MANGLING ###
# duplicity >= 0.4.2 needs --sftp-command (NB: sftp does not support the -l option)
duplicity_version="`duplicity --version | @AWK@ '{print $2}'`"
duplicity_major="`echo $duplicity_version | @AWK@ -F '.' '{print $1}'`"
duplicity_minor="`echo $duplicity_version | @AWK@ -F '.' '{print $2}'`"
duplicity_sub="`echo $duplicity_version | @AWK@ -F '.' '{print $3}'`"
if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 4 -a "$duplicity_sub" -ge 2 ]; then
sftpoptions="$sshoptions"
fi
scpoptions="$sshoptions"
[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"
if [ -z "$sftpoptions" ]; then
execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
else
execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' --ssh-command 'ssh $sshoptions' "
fi
# deal with symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
execstr="${execstr}--encrypt-key $encryptkey "
debug "Data will be encrypted with the GnuPG key $encryptkey."
else
debug "Data will be encrypted using symmetric encryption."
fi
# deal with data signing
if [ "$sign" == yes ]; then
# duplicity is not able to sign data when using symmetric encryption
[ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
# if needed, initialize signkey to a value that is not empty (checked above)
[ -n "$signkey" ] || signkey="$encryptkey"
execstr="${execstr}--sign-key $signkey "
debug "Data will be signed will the GnuPG key $signkey."
else
debug "Data won't be signed."
fi
# deal with GnuPG passphrase
[ -n "$password" ] || fatal "The password option must be set."
if [ "$keep" != "yes" ]; then
if [ "`echo $keep | tr -d 0-9`" == "" ]; then
keep="${keep}D"
fi
execstr="${execstr}--remove-older-than $keep "
fi
if [ "$incremental" == "no" ]; then
execstr="${execstr}--full "
fi
execstr_serverpart="scp://$destuser@$desthost/$destdir"
execstr_clientpart="/"
### SOURCE ###
set -o noglob
# excludes
for i in $exclude; do
str="${i//__star__/*}"
execstr="${execstr}--exclude '$str' "
done
# includes
for i in $include; do
[ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
str="${i//__star__/*}"
execstr="${execstr}--include '$str' "
done
# vsincludes
if [ $usevserver = yes ]; then
for vserver in $vsnames; do
for vi in $vsinclude; do
str="${vi//__star__/*}"
str="$VROOTDIR/$vserver$str"
execstr="${execstr}--include '$str' "
done
done
fi
set +o noglob
### EXECUTE ###
execstr=${execstr//\\*/\\\\\\*}
debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
export PASSPHRASE=$password
output=`nice -n $nicelevel \
su -c \
"duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
code=$?
if [ $code -eq 0 ]; then
debug $output
info "Duplicity finished successfully."
else
debug $output
fatal "Duplicity failed."
fi
fi
return 0
|
