[matthijs/upstream/backupninja.git] / handlers / dup

# -*- mode: sh; sh-basic-offset: 3; indent-tabs-mode: nil; -*-
#
# duplicity script for backupninja
# requires duplicity
#

getconf options
getconf testconnect yes
getconf nicelevel 0

setsection gpg
getconf password
getconf sign no
getconf encryptkey
getconf signkey

setsection source
getconf include
getconf vsnames all
getconf vsinclude
getconf exclude

setsection dest
getconf incremental yes
getconf keep 60
getconf sshoptions
getconf bandwidthlimit 0
getconf desthost
getconf destdir
getconf destuser
destdir=${destdir%/}

[ "$destdir" != "" ] || fatal "Destination directory not set"
[ "$include" != "" ] || fatal "No source includes specified"

### vservers stuff ###

# If vservers are configured, check that the ones listed in $vsnames do exist.
local usevserver=no
if [ $vservers_are_available = yes ]; then
   if [ "$vsnames" = all ]; then
      vsnames="$found_vservers"
   else
      if ! vservers_exist "$vsnames" ; then
            fatal "At least one of the vservers listed in vsnames ($vsnames) does not exist."
      fi
   fi
   if [ -n "$vsinclude" ]; then
      info "Using vservers '$vsnames'"
      usevserver=yes
   fi
else
   [ -z "$vsinclude" ] || warning 'vservers support disabled in backupninja.conf, vsincludes configuration lines will be ignored'
fi


### see if we can login ###

if [ "$testconnect" == "yes" ]; then
    debug "ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'"
    if [ ! $test ]; then
        result=`ssh $sshoptions -o PasswordAuthentication=no $desthost -l $destuser 'echo -n 1'`
        if [ "$result" != "1" ]; then
            fatal "Can't connect to $desthost as $destuser."
        else
            debug "Connected to $desthost as $destuser successfully"
        fi
    fi
fi

### COMMAND-LINE MANGLING ###

# duplicity >= 0.4.2 needs --sftp-command (NB: sftp does not support the -l option)
duplicity_version="`duplicity --version | awk '{print $2}'`"
duplicity_major="`echo $duplicity_version | awk -F '.' '{print $1}'`"
duplicity_minor="`echo $duplicity_version | awk -F '.' '{print $2}'`"
duplicity_sub="`echo $duplicity_version | awk -F '.' '{print $3}'`"
if [ "$duplicity_major" -ge 0 -a "$duplicity_minor" -ge 4 -a "$duplicity_sub" -ge 2 ]; then
   sftpoptions="$sshoptions"
fi

scpoptions="$sshoptions"
[ "$bandwidthlimit" == 0 ] || scpoptions="$scpoptions -l $bandwidthlimit"

if [ -z "$sftpoptions" ]; then
   execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --ssh-command 'ssh $sshoptions' "
else
   execstr="$options --no-print-statistics --scp-command 'scp $scpoptions' --sftp-command 'sftp $sftpoptions' --ssh-command 'ssh $sshoptions' "
fi

# deal with symmetric or asymmetric (public/private key pair) encryption
if [ -n "$encryptkey" ]; then
    execstr="${execstr}--encrypt-key $encryptkey "
    debug "Data will be encrypted with the GnuPG key $encryptkey."
else
    debug "Data will be encrypted using symmetric encryption."
fi

# deal with data signing
if [ "$sign" == yes ]; then
    # duplicity is not able to sign data when using symmetric encryption
    [ -n "$encryptkey" ] || fatal "The encryptkey option must be set when signing."
    # if needed, initialize signkey to a value that is not empty (checked above)
    [ -n "$signkey" ] || signkey="$encryptkey"
    execstr="${execstr}--sign-key $signkey "
    debug "Data will be signed will the GnuPG key $signkey."
else
    debug "Data won't be signed."
fi

# deal with GnuPG passphrase
[ -n "$password" ] || fatal "The password option must be set."

if [ "$keep" != "yes" ]; then
    if [ "`echo $keep | tr -d 0-9`" == "" ]; then
        keep="${keep}D"
    fi
    execstr="${execstr}--remove-older-than $keep "
fi

if [ "$incremental" == "no" ]; then
    execstr="${execstr}--full "
fi

execstr_serverpart="scp://$destuser@$desthost/$destdir"
execstr_clientpart="/"

### SOURCE ###

set -o noglob

symlinks_warning="Maybe you have mixed symlinks and '*' in this statement, which is not supported."

# excludes
for i in $exclude; do
   str="${i//__star__/*}"
   str=`readlink -f $str`
   if [ -n "$str" ]; then
      execstr="${execstr}--exclude '$str' "
   else
      warning "exclude statement '${i//__star__/*}' will be ignored. $symlinks_warning"
   fi
done
        
# includes 
for i in $include; do
   [ "$i" != "/" ] || fatal "Sorry, you cannot use 'include = /'"
   str="${i//__star__/*}"
   str=`readlink -f $str`
   if [ -n "$str" ]; then
      execstr="${execstr}--include '$str' "
   else
      warning "include statement '${i//__star__/*}' will be ignored. $symlinks_warning"
   fi
done

# vsincludes
if [ $usevserver = yes ]; then
   for vserver in $vsnames; do
      for vi in $vsinclude; do
         str="${vi//__star__/*}"
         str=`readlink -f $VROOTDIR/$vserver$str`
         if [ -n "$str" ]; then
            execstr="${execstr}--include '$str' "
         else
            warning "vsinclude statement '${vi//__star__/*}' will be ignored for VServer $vserver. $symlinks_warning"
         fi
      done
   done
fi

set +o noglob

### EXECUTE ###

execstr=${execstr//\\*/\\\\\\*}

debug "duplicity $execstr --exclude '**' / $execstr_serverpart"
if [ ! $test ]; then
        export PASSPHRASE=$password
        output=`nice -n $nicelevel \
                  su -c \
                    "duplicity $execstr --exclude '**' / $execstr_serverpart 2>&1"`
        code=$?
        if [ $code -eq 0 ]; then
                debug $output
                info "Duplicity finished successfully."
        else
                debug $output
                fatal "Duplicity failed."
        fi
fi      

return 0