ansible/roles/backup/templates/s3backup.sh

58 lines
1.8 KiB
Bash
Raw Normal View History

#! /bin/bash
#
# s3backup.sh
# General-purpose, Ansible-managed backup script to push directories to
# an S3 bucket
#
# NOTICE: THIS FILE CONTAINS SECRETS
# This file may contain the following secrets depending on configuration:
# * An AWS access key
# * An AWS session token
# These are NOT things you want arbitrary readers to access! Ansible will
# attempt to ensure this file has 0700 permissions, but that won't stop you
# from changing that yourself
# DO NOT ALLOW THIS FILE TO BE READ BY NON-ROOT USERS
# NOTICE: DO NOT MODIFY THIS FILE
# Any changes made will be clobbered by Ansible
# Please make any configuration changes in the main repo
set -e
# Directories to backup
# Ansible will determine the entries here
# We use a bash array because it affords us some level of sanitization, enough
# to let us back up items whose paths contain spaces
declare -a DIRS
{% for item in backup_s3backup_list %}
DIRS+=("{{ item }}")
{% endfor %}
# Extra, probably host-specific directories
{% for item in backup_s3backup_list_extra %}
DIRS+=("{{ item }}")
{% endfor %}
# End directories
# AWS S3 configuration
# NOTE: THIS IS SECRET INFORMATION
2020-12-24 09:32:08 -06:00
export AWS_ACCESS_KEY_ID="{{ backup_s3_aws_access_key_id }}"
export AWS_SECRET_ACCESS_KEY="{{ backup_s3_aws_access_key_id }}"
# Tar up all items in the backup list, recursively, and pipe them straight
# up to S3
if [ -z "${DIRS[@]}" ]; then
echo "No directories configured to back up!"
exit 0
fi
echo "Commencing backup on the following items:"
for dir in "${DIRS[@]}"; do
echo "- $dir"
done
2020-12-24 09:32:08 -06:00
echo "Will upload resultant backup to {{ backup_s3_bucket }}"
nice -n 10 tar {{ backup_s3backup_tar_args }}{{ backup_s3backup_tar_args_extra }} "${DIRS[@]}" \
| aws s3 cp - \
2020-12-24 09:32:08 -06:00
"s3://{{ backup_s3_bucket }}/{{ inventory_hostname_short }}/$(date "+{{ backup_dateformat }}").tar.gz"