Obnam: To cause old generations to be forgotten, keepParam can be passed to a backup property; this causes obnam forget to be run.

author: Joey Hess <joeyh@joeyh.name> 2016-02-06 20:04:00 -0400
committer: Joey Hess <joeyh@joeyh.name> 2016-02-06 20:04:00 -0400
commit: 74a02add291f13b27fb6a1813b870a0730e1142b (patch)
tree: 846cb9175b433b9e7dd1a717ecd336280e56c5ef
parent: b460eefde075e5f6734ccfb8810b4e07516bba12 (diff)
4 files changed, 48 insertions, 7 deletions
diff --git a/config-joey.hs b/config-joey.hs
index 5e263de6..75333d78 100644
--- a/config-joey.hs
+++ b/config-joey.hs
@@ -261,19 +261,20 @@ kite = standardSystemUnhardened "kite.kitenet.net" Testing "amd64"
 	-- Since ssh password authentication is allowed:
 	& Fail2Ban.installed
 	& Obnam.backupEncrypted "/" (Cron.Times "33 1 * * *")
-		[ "--repository=sftp://joey@eubackup.kitenet.net/~/lib/backup/kite.obnam"
+		[ "--repository=sftp://2318@usw-s002.rsync.net/~/kite.obnam"
 		, "--client-name=kitenet.net"
 		, "--exclude=/var/cache"
 		, "--exclude=/var/tmp"
 		, "--exclude=/home/joey/lib"
 		, "--exclude=.*/tmp/"
 		, "--one-file-system"
+		, Obnam.keepParam [Obnam.KeepDays 7, Obnam.KeepWeeks 4, Obnam.KeepMonths 6]
 		] Obnam.OnlyClient (Gpg.GpgKeyId "98147487")
 		`requires` Ssh.userKeys (User "root")
 			(Context "kite.kitenet.net")
 			[ (SshRsa, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5Gza2sNqSKfNtUN4dN/Z3rlqw18nijmXFx6df2GtBoZbkIak73uQfDuZLP+AXlyfHocwdkdHEf/zrxgXS4EokQMGLZhJ37Pr3edrEn/NEnqroiffw7kyd7EqaziA6UOezcLTjWGv+Zqg9JhitYs4WWTpNzrPH3yQf1V9FunZnkzb4gJGndts13wGmPEwSuf+QHbgQvjMOMCJwWSNcJGdhDR66hFlxfG26xx50uIczXYAbgLfHp5W6WuR/lcaS9J6i7HAPwcsPDA04XDinrcpl29QwsMW1HyGS/4FSCgrDqNZ2jzP49Bka78iCLRqfl1efyYas/Zo1jQ0x+pxq2RMr root@kite")
 			]
-		`requires` Ssh.knownHost hosts "eubackup.kitenet.net" (User "root")
+		`requires` Ssh.knownHost hosts "usw-s002.rsync.net" (User "root")
 	& Apt.serviceInstalledRunning "ntp"
 	& "/etc/timezone" `File.hasContent` ["US/Eastern"]
 
diff --git a/debian/changelog b/debian/changelog
index eadf65d2..2f2a74a8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ propellor (2.15.4) UNRELEASED; urgency=medium
   * Build /usr/src/propellor/propellor.git reproducibly,
     which makes the whole Debian package build reproducibly.
     Thanks, Sean Whitton.
+  * Obnam: To cause old generations to be forgotten, keepParam can be
+    passed to a backup property; this causes obnam forget to be run.
 
  -- Joey Hess <id@joeyh.name>  Mon, 18 Jan 2016 13:15:30 -0400
 
diff --git a/src/Propellor/Property/Obnam.hs b/src/Propellor/Property/Obnam.hs
index 091a6d90..684c424e 100644
--- a/src/Propellor/Property/Obnam.hs
+++ b/src/Propellor/Property/Obnam.hs
@@ -25,9 +25,7 @@ data NumClients = OnlyClient | MultipleClients
 --
 -- So, this property can be used to deploy a directory of content
 -- to a host, while also ensuring any changes made to it get backed up.
--- And since Obnam encrypts, just make this property depend on a gpg
--- key, and tell obnam to use the key, and your data will be backed
--- up securely. For example: 
+-- For example: 
 --
 -- >	& Obnam.backup "/srv/git" "33 3 * * *"
 -- >		[ "--repository=sftp://2318@usw-s002.rsync.net/~/mygitrepos.obnam"
@@ -35,13 +33,16 @@ data NumClients = OnlyClient | MultipleClients
 -- >		`requires` Ssh.keyImported SshRsa "root" (Context hostname)
 --
 -- How awesome is that?
+--
+-- Note that this property does not make obnam encrypt the backup
+-- repository.
 backup :: FilePath -> Cron.Times -> [ObnamParam] -> NumClients -> Property NoInfo
 backup dir crontimes params numclients =
 	backup' dir crontimes params numclients
 		`requires` restored dir params
 
 -- | Like backup, but the specified gpg key id is used to encrypt
--- the repository. 
+-- the repository.
 --
 -- The gpg secret key will be automatically imported
 -- into root's keyring using Propellor.Property.Gpg.keyImported
@@ -58,7 +59,7 @@ backup' dir crontimes params numclients = cronjob `describe` desc
   where
 	desc = dir ++ " backed up by obnam"
 	cronjob = Cron.niceJob ("obnam_backup" ++ dir) crontimes (User "root") "/" $
-		intercalate ";" $ catMaybes
+		intercalate "&&" $ catMaybes
 			[ if numclients == OnlyClient
 				then Just $ unwords $
 					[ "obnam"
@@ -70,6 +71,12 @@ backup' dir crontimes params numclients = cronjob `describe` desc
 				, "backup"
 				, shellEscape dir
 				] ++ map shellEscape params
+			, if any isKeepParam params
+				then Just $ unwords $
+					[ "obnam"
+					, "forget"
+					] ++ map shellEscape params
+				else Nothing
 			]
 
 -- | Restores a directory from an obnam backup.
@@ -107,5 +114,33 @@ restored dir params = property (dir ++ " restored by obnam") go
 			, return FailedChange
 			)
 
+-- | Policy for backup generations to keep. For example, KeepDays 30 will
+-- keep the latest backup for each day when a backup was made, and keep the
+-- last 30 such backups. When multiple KeepPolicies are combined together,
+-- backups meeting any policy are kept. See obnam's man page for details.
+data KeepPolicy 
+	= KeepHours Int
+	| KeepDays Int
+	| KeepWeeks Int
+	| KeepMonths Int
+	| KeepYears Int
+
+-- | Constructs an ObnamParam that specifies which old backup generations
+-- to keep. By default, all generations are kept. However, when this parameter
+-- is passed to the `backup` or `backupEncrypted` properties, they will run
+-- obnam forget to clean out generations not specified here.
+keepParam :: [KeepPolicy] -> ObnamParam
+keepParam ps = "--keep=" ++ intercalate "," (map go ps)
+  where
+	go (KeepHours n) = mk n 'h'
+	go (KeepDays n) = mk n 'd'
+	go (KeepWeeks n) = mk n 'w'
+	go (KeepMonths n) = mk n 'm'
+	go (KeepYears n) = mk n 'y'
+	mk n c = show n ++ [c]
+
+isKeepParam :: ObnamParam -> Bool
+isKeepParam p = "--keep=" `isPrefixOf` p
+
 installed :: Property NoInfo
 installed = Apt.installed ["obnam"]
diff --git a/src/Propellor/Property/SiteSpecific/JoeySites.hs b/src/Propellor/Property/SiteSpecific/JoeySites.hs
index 7e6d3f8c..03f2efcb 100644
--- a/src/Propellor/Property/SiteSpecific/JoeySites.hs
+++ b/src/Propellor/Property/SiteSpecific/JoeySites.hs
@@ -140,6 +140,7 @@ oldUseNetServer hosts = propertyList "olduse.net server" $ props
 		[ "--repository=sftp://2318@usw-s002.rsync.net/~/olduse.net"
 		, "--client-name=spool"
 		, "--ssh-key=" ++ keyfile
+		, Obnam.keepParam [Obnam.KeepDays 30]
 		] Obnam.OnlyClient
 		`requires` Ssh.userKeyAt (Just keyfile)
 			(User "root")
@@ -194,6 +195,7 @@ mumbleServer hosts = combineProperties hn $ props
 		[ "--repository=sftp://2318@usw-s002.rsync.net/~/" ++ hn ++ ".obnam"
 		, "--ssh-key=" ++ sshkey
 		, "--client-name=mumble"
+		, Obnam.keepParam [Obnam.KeepDays 30]
 		] Obnam.OnlyClient
 		`requires` Ssh.userKeyAt (Just sshkey)
 			(User "root")
@@ -213,6 +215,7 @@ gitServer hosts = propertyList "git.kitenet.net setup" $ props
 		[ "--repository=sftp://2318@usw-s002.rsync.net/~/git.kitenet.net"
 		, "--ssh-key=" ++ sshkey
 		, "--client-name=wren" -- historical
+		, Obnam.keepParam [Obnam.KeepDays 30]
 		] Obnam.OnlyClient (Gpg.GpgKeyId "1B169BE1")
 		`requires` Ssh.userKeyAt (Just sshkey)
 			(User "root")
author	Joey Hess <joeyh@joeyh.name>	2016-02-06 20:04:00 -0400
committer	Joey Hess <joeyh@joeyh.name>	2016-02-06 20:04:00 -0400
commit	74a02add291f13b27fb6a1813b870a0730e1142b (patch)
tree	846cb9175b433b9e7dd1a717ecd336280e56c5ef
parent	b460eefde075e5f6734ccfb8810b4e07516bba12 (diff)