aboutsummaryrefslogtreecommitdiff
path: root/handlers/dup
blob: bbdb0aeff2dc4bddaa75f538e438603c7807dbc2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#
# duplicity script for backupninja
# requires duplicity
#

getconf options
getconf testconnect yes
getconf nicelevel 0

setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey

setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude

setsection dest
getconf incremental yes
getconf keep 60
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}

[ "$destdir" != "" ] || fatal "Destination directory not set"
[ "$include" != "" ] || fatal "No source includes specified"

### vservers stuff ###

# See if vservers are configured.
# If so, check that the ones listed in $vsnames do exist.
if [ "$vservers" == "yes" ]; then
    [ -d "$VROOTDIR" ] || fatal "vservers enabled, but $VROOTDIR does not exist!"
    if [ "$vsnames" == "all" ]; then
	vsnames=""
    	for vserver in `ls $VROOTDIR | grep -E -v "lost+found|ARCHIVES"`; do
	    vsnames="$vserver $vsnames"
	done
    else
	for vserver in "$vsnames"; do
	    [ -d "$VROOTDIR/$vserver" ] || fatal "vserver '$vserver' does not exist."
	done
    fi
    if [ -n "$vsnames" ]; then
	if [ -n "$vsinclude" ]; then
	    info "Using vservers '$vsnames'"
	    usevserver=1
	fi
    else
	[ -z "$vsinclude" ] || warning 'vsnames is empty, vsinclude configuration lines will be ignored'
    fi
fi

### see if we can login ###

if [ "$testconnect" == "yes" ]; then
    debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
    if [ ! $test ]; then
	result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
	if [ "$result" != "1" ]; then
	    fatal "Can't connect to $desthost as $destuser."
	else
	    debug "Connected to $desthost as $destuser successfully"
	fi
    fi
fi

### COMMAND-LINE MANGLING ###

scpoptions="$sshoptions"
[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"

execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "

# deal with symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
    execstr="${execstr}--encrypt-key $encryptkey "
    debug "Data will be encrypted with the GnuPG key $encryptkey."
else
    [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption."
    debug "Data will be encrypted using symmetric encryption."
fi

# deal with data signing
if [ "$sign" == yes ]; then
    # duplicity is not able to sign data when using symmetric encryption
    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
    # if needed, initialize signkey to a value that is not empty (checked above)
    [ -n "$signkey" ] || signkey="$encryptkey"
    # check password validity
    [ -n "$password" ] || fatal "The password option must be set when signing."
    execstr="${execstr}--sign-key $signkey "
    debug "Data will be signed will the GnuPG key $signkey."
else
    debug "Data won't be signed."
fi

if [ "$keep" != "yes" ]; then
    if [ "`echo $keep | tr -d 0-9`" == "" ]; then
	keep="${keep}D"
    fi
    execstr="${execstr}--remove-older-than $keep "
fi

if [ "$incremental" == "no" ]; then
    execstr="${execstr}--full "
fi

execstr_serverpart="scp://$destuser@$desthost/$destdir"
execstr_clientpart="/"

### SOURCE ###

# excludes
for i in $exclude; do
	str="${i//__star__/*}"
	execstr="${execstr}--exclude '$str' "
done
	
# includes 
for i in $include; do
	str="${i//__star__/*}"
	execstr="${execstr}--include '$str' "
done

# vsincludes
if [ $usevserver ]; then
    for vserver in $vsnames; do
	for vi in $vsinclude; do
	    str="${vi//__star__/*}"
	    execstr="${execstr}--include '$VROOTDIR/$vserver$str' "
	done
    done
fi

### EXECUTE ###

# exclude everything else, start with root
#execstr="${execstr}--exclude '**' / "
		
# include client-part and server-part
#execstr="$execstr $execstr_serverpart"

execstr=${execstr//\\*/\\\\\\*}

debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
        export PASSPHRASE=$password
	output=`nice -n $nicelevel \
                  su -c \
                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
	code=$?
	if [ $code -eq 0 ]; then
		debug $output
		info "Duplicity finished successfully."
	else
		debug $output
		fatal "Duplicity failed."
	fi
fi	

return 0