opendev/system-config
Code Issues Proposed changes
system-config/playbooks/roles/borg-backup-server/files/prune-borg-backups.sh
Ian Wienand 8361ab701c
backups: add retirement and purge lists 
This adds a retirement and purge list to the borg management role.

The idea here is that when a backed-up host is shut-down, we add its
backup user to the retired list.  On the next ansible run the user
will be disabled on the backup-server and the backup repo marked as
retired.  On the next prune, we will trim the backup to only the last
run to save space.  This gives us a grace period to restore if we
should need to.

When we are sure we don't want the data, we can put it in the purge
list, and the backup repo is removed on the next ansible run (hosts
can go straight into this if we want).  This allows us to have a
review process/history before we purge data.

To test, we create a fake "borg-retired" user on the backup-server,
and give it a simple backup.  This is marked as retired, which is
reflected in the testinfra run of the prune script.  Similarly a
"borg-purge" user is created, and we ensure it's backup dir is
removed.

Documentation is updated.

Change-Id: I5dff0a9d35b11a1f021048a12ecddce952c0c13c
2024-11-08 22:30:49 +11:00

63 lines
1.9 KiB
Bash
Raw Blame History

#!/bin/bash
set -e
echo "This script will prune each archive in the backups of all backed up hosts"
echo "Enter 'noop' to test, or 'prune' to actually prune"
read -p "Operation: " borg_op
if [[ ${borg_op} == 'noop' ]]; then
BORG_OP='--dry-run'
elif [[ ${borg_op} == 'prune' ]]; then
BORG_OP=''
if [ -z ${NO_LOG_FILE+x} ]; then
LOG_FILE="/opt/backups/prune-$(date '+%Y-%m-%d-%H-%M-%S').log"
echo "*** Logging output to ${LOG_FILE}"
exec 1>${LOG_FILE}
exec 2>&1
fi
else
echo "*** Invalid input"
exit 1
fi
pushd /opt/backups
for u in borg-*; do
BORG_BASE=/opt/backups/$u
BORG_REPO=${BORG_BASE}/backup
_prune_flags='--keep-daily 7 --keep-weekly 4 --keep-monthly 12'
_retired=''
if [[ -f ${BORG_BASE}/.retired ]]; then
_prune_flags='--keep-daily 1'
_retired=' (retired)'
fi
sudo BORG_OP=${BORG_OP} BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes BORG_REPO=${BORG_REPO} _retired="${_retired}" _prune_flags="${_prune_flags}" -u ${u} -s <<'EOF'
# Look at all archives and strip the timestamp, leaving just the archive names
# We limit the prune by --prefix so each archive is considered separately
# Long-running aborted backups might leave a ".checkpoint" archive around; ignore
# these as prune will remove them automatically
#
# Note we are assuming the archives are in the format made by our backup scripts,
# which include -YYYY-MM-DDTHH:MM:SS on the end.
archives=$(/opt/borg/bin/borg list ${BORG_REPO} | awk '$1 !~ /\.checkpoint$/ { print substr($1, 0, length($1)-20) }' | sort | uniq)
echo "+------"
echo "| $(date) Pruning ${BORG_REPO}${_retired}"
for prefix in ${archives};
do
echo "| $(date) - archive ${prefix}"
/opt/borg/bin/borg prune --prefix ${prefix} ${BORG_OP} --verbose --list --show-rc ${_prune_flags}
done
echo "| $(date) done!"
echo "+------"
echo
EOF
done
View Git Blame Copy Permalink