Encrypted Backup
Table of Contents
- Description
- Setup
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
Description
The encrypted_backup
module provides a simple way to securely back up Linux machines and ship backups elswhere. It encrypts data using GPG and transfers data via SFTP, making the backups jobs secure end-to-end.
This module relies on many fundamental *nix tools, such as cron, tar, and SSH, eliminating complexity and making this module lightweight and portable.
Setup
Prior to using this module, you will need to set up a GPG keychain on the backup server to properly encrypt data.
Note: encrypted_backup
manages backup jobs with cron. As a result, we strongly recommend that you purge unmanaged cron jobs with Puppet. If you don't purge unmanaged cron jobs, older backup jobs will persist even after removing Puppet code.
You can purge unmanaged cron jobs by including something like the following in your Puppet code:
resources { 'cron':
purge => true,
}
Usage
You can back up a given directory with the backup_profile
defined type:
encrypted_backup::backup_profile { 'nginx':
backup_dir => '/etc/nginx',
gpg_recipient => '[email protected]',
key_auth => '/var/lib/backup/.ssh/id_rsa',
server_url => '[email protected]:nginx/',
}
The backup_profile_libvirt
defined type allows you to take full-disk backups of a virtual machine from a hypervisor.
encrypted_backup::backup_profile_libvirt { 'hypervisor':
gpg_recipient => '[email protected]',
key_auth => '/var/lib/backup/.ssh/id_rsa',
server_url => '[email protected]:hypervisor/',
vm_list => [ 'web.example.com', 'db.example.com' ],
}
Limitations
This module has only been tested on Ubuntu 16.04 machines.