X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=handlers%2Fdup;h=bbdb0aeff2dc4bddaa75f538e438603c7807dbc2;hb=c6c3cc98b476fdd575ef52b9e1b63c380828e8f3;hp=955605d61ff7eff57238722e4940155d284d913c;hpb=19b4b83fbc2b4ba34a40b01321ed5c41672ad6ce;p=matthijs%2Fupstream%2Fbackupninja.git diff --git a/handlers/dup b/handlers/dup index 955605d..bbdb0ae 100644 --- a/handlers/dup +++ b/handlers/dup @@ -3,11 +3,27 @@ # requires duplicity # -getconf password getconf options -getconf keep 60 +getconf testconnect yes +getconf nicelevel 0 + +setsection gpg +getconf password +getconf sign no +getconf encryptkey +getconf signkey + +setsection source getconf include +getconf vsnames all +getconf vsinclude getconf exclude + +setsection dest +getconf incremental yes +getconf keep 60 +getconf sshoptions +getconf bandwidthlimit 0 getconf desthost getconf destdir getconf destuser @@ -15,37 +31,117 @@ destdir=${destdir%/} [ "$destdir" != "" ] || fatal "Destination directory not set" [ "$include" != "" ] || fatal "No source includes specified" -[ "$password" != "" ] || fatal "No password specified" -# see if we can login -debug "ssh -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'" -if [ ! $test ]; then - result=`ssh -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1' 2>&1` +### vservers stuff ### + +# See if vservers are configured. +# If so, check that the ones listed in $vsnames do exist. +if [ "$vservers" == "yes" ]; then + [ -d "$VROOTDIR" ] || fatal "vservers enabled, but $VROOTDIR does not exist!" + if [ "$vsnames" == "all" ]; then + vsnames="" + for vserver in `ls $VROOTDIR | grep -E -v "lost+found|ARCHIVES"`; do + vsnames="$vserver $vsnames" + done + else + for vserver in "$vsnames"; do + [ -d "$VROOTDIR/$vserver" ] || fatal "vserver '$vserver' does not exist." + done + fi + if [ -n "$vsnames" ]; then + if [ -n "$vsinclude" ]; then + info "Using vservers '$vsnames'" + usevserver=1 + fi + else + [ -z "$vsinclude" ] || warning 'vsnames is empty, vsinclude configuration lines will be ignored' + fi +fi + +### see if we can login ### + +if [ "$testconnect" == "yes" ]; then + debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'" + if [ ! $test ]; then + result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'` if [ "$result" != "1" ]; then - fatal "Can't connect to $desthost as $destuser." + fatal "Can't connect to $desthost as $destuser." + else + debug "Connected to $desthost as $destuser successfully" fi + fi fi -if [ "`echo $keep | tr -d 0-9`" == "" ]; then +### COMMAND-LINE MANGLING ### + +scpoptions="$sshoptions" +[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit" + +execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' " + +# deal with symmetric or asymmetric (public/private key pair) encryption +if [ -n "$encryptkey" ]; then + execstr="${execstr}--encrypt-key $encryptkey " + debug "Data will be encrypted with the GnuPG key $encryptkey." +else + [ -n "$password" ] || fatal "The password option must be set when using symmetric encryption." + debug "Data will be encrypted using symmetric encryption." +fi + +# deal with data signing +if [ "$sign" == yes ]; then + # duplicity is not able to sign data when using symmetric encryption + [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing." + # if needed, initialize signkey to a value that is not empty (checked above) + [ -n "$signkey" ] || signkey="$encryptkey" + # check password validity + [ -n "$password" ] || fatal "The password option must be set when signing." + execstr="${execstr}--sign-key $signkey " + debug "Data will be signed will the GnuPG key $signkey." +else + debug "Data won't be signed." +fi + +if [ "$keep" != "yes" ]; then + if [ "`echo $keep | tr -d 0-9`" == "" ]; then keep="${keep}D" + fi + execstr="${execstr}--remove-older-than $keep " +fi + +if [ "$incremental" == "no" ]; then + execstr="${execstr}--full " fi execstr_serverpart="scp://$destuser@$desthost/$destdir" execstr_clientpart="/" -execstr="$options --no-print-statistics --remove-older-than $keep " + +### SOURCE ### # excludes for i in $exclude; do str="${i//__star__/*}" - execstr="${execstr}--exclude $str " + execstr="${execstr}--exclude '$str' " done # includes for i in $include; do str="${i//__star__/*}" - execstr="${execstr}--include $str " + execstr="${execstr}--include '$str' " done +# vsincludes +if [ $usevserver ]; then + for vserver in $vsnames; do + for vi in $vsinclude; do + str="${vi//__star__/*}" + execstr="${execstr}--include '$VROOTDIR/$vserver$str' " + done + done +fi + +### EXECUTE ### + # exclude everything else, start with root #execstr="${execstr}--exclude '**' / " @@ -56,16 +152,17 @@ execstr=${execstr//\\*/\\\\\\*} debug "duplicity $execstr --exclude '**' / $execstr_serverpart" if [ ! $test ]; then - PASSPHRASE=$password - export PASSPHRASE - output=`duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1` + export PASSPHRASE=$password + output=`nice -n $nicelevel \ + su -c \ + "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"` code=$? - if [ "$code" == "0" ]; then + if [ $code -eq 0 ]; then debug $output info "Duplicity finished successfully." else - warning $output - warning "Duplicity failed." + debug $output + fatal "Duplicity failed." fi fi