init

Signed-off-by: Colin Wilk <colin.wilk@tum.de>

5 files changed, 156 insertions, 0 deletions

diff --git a/molecule/.gitignore b/molecule/.gitignore
new file mode 100644
index 0000000..dd2354f
--- /dev/null
+++ b/molecule/.gitignore
@@ -0,0 +1,2 @@
+__pycache__
+decryption_keys.yml
diff --git a/molecule/default/Dockerfile.j2 b/molecule/default/Dockerfile.j2
new file mode 100644
index 0000000..091ef00
--- /dev/null
+++ b/molecule/default/Dockerfile.j2
@@ -0,0 +1,15 @@
+FROM {{ item.image }}
+
+# Install dependencies.
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends \
+       sudo wget \
+       python3-pip python3-dev python3-setuptools python3-wheel python3-apt \
+       sed ssh openssh-server \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -Rf /usr/share/doc && rm -Rf /usr/share/man \
+    && apt-get clean
+
+RUN mkdir /run/sshd
+
+ENTRYPOINT ["bash", "-c", "/usr/sbin/sshd && sleep infinity"]
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
new file mode 100644
index 0000000..9c23b5f
--- /dev/null
+++ b/molecule/default/converge.yml
@@ -0,0 +1,43 @@
+---
+- name: Converge
+  hosts: borg-client
+
+  pre_tasks:
+      # This would usually be set by the user globally on their ansible
+      # repository and can be a security risk to do automatically. We will
+      # however set the variable here in the pre_tasks since it is for testing.
+    - name: Set borg server openssh key variable
+      become: true
+      block:
+        - name: Fetch ssh_key
+          ansible.builtin.command: >
+            ssh-keyscan -t rsa
+            {{ borg_server_host }}
+            | sed "s/^[^ ]* //"
+          register: borg_server_ssh_keyscan
+          changed_when: false
+
+        - name: Set ssh_key
+          ansible.builtin.set_fact:
+            borg_server_host_ssh_key: "{{ borg_server_ssh_keyscan.stdout
+              | split(' ')
+              | reject('search', borg_server_host)
+              | join(' ') }}"
+
+  vars:
+    borg_server_host: borg-server
+    borg_server_user_home: /opt/borg
+    borg_decryption_keys_yaml_path: "{{ playbook_dir }}/decryption_keys.yml"
+    borg_included_dirs:
+      - /etc
+      - /home
+    borg_excluded_dirs:
+      - /opt
+      - /var
+      - /reee reeee
+    borg_cron_time:
+      minute: "*"
+      hour: "*"
+
+  roles:
+    - role: kliwniloc.borgbackup
diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
new file mode 100644
index 0000000..f37c640
--- /dev/null
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,39 @@
+---
+dependency:
+  name: galaxy
+
+
+driver:
+  name: docker
+
+
+platforms:
+
+  - name: borg-client
+    image: ${MOLECULE_DISTRO_CLIENT:-debian:10}
+    dockerfile: Dockerfile.j2
+    pre_build_image: false
+    docker_networks:
+      - name: 'molecule-container-net'
+        driver_options:
+          # Setting the mtu size due to issues with docker and VPN
+          com.docker.network.driver.mtu: 1420
+    networks:
+      - name: 'molecule-container-net'
+
+  - name: borg-server
+    image: ${MOLECULE_DISTRO_SERVER:-debian:10}
+    dockerfile: Dockerfile.j2
+    pre_build_image: false
+    networks:
+      - name: 'molecule-container-net'
+
+
+provisioner:
+  name: ansible
+  playbooks:
+    converge: ${MOLECULE_PLAYBOOK:-converge.yml}
+    side_effect: ${MOLECULE_PLAYBOOK:-side_effect.yml}
+
+verifier:
+  name: testinfra
diff --git a/molecule/default/tests/test_manual_backup.py b/molecule/default/tests/test_manual_backup.py
new file mode 100644
index 0000000..4aa9f27
--- /dev/null
+++ b/molecule/default/tests/test_manual_backup.py
@@ -0,0 +1,57 @@
+import pytest
+
+testinfra_hosts = ['borg-client']
+
+
+compression_types = [
+    'none',
+    'lz4',
+    'zstd',
+    'zstd,10',
+    'zlib',
+    'zlib,6',
+]
+
+
+"""Creates backups with all possible combinations of compression to the backup
+host"""
+@pytest.mark.parametrize('compression', compression_types)
+def test_backup_push(host, compression):
+    c = host.run(f'borg create -C "{compression}" borg@borg-server:/opt/borg/borg-client::testinfra-{{now:%S.%f}} /etc')
+    assert c.rc == 0
+    assert c.stdout == ''
+    assert c.stderr == ''
+
+
+@pytest.mark.parametrize('compression', compression_types)
+def test_backup_restore(host, compression):
+    # Create backup
+    c = host.run(f'borg create -C "{compression}" borg@borg-server:/opt/borg/borg-client::testinfra-backup-restore-{compression} /var')
+    assert c.rc == 0
+    assert c.stdout == ''
+    assert c.stderr == ''
+
+    # Restore Backup
+    c = host.run(f'cd /mnt && borg extract borg@borg-server:/opt/borg/borg-client::testinfra-backup-restore-{compression}')
+    assert c.rc == 0
+    assert c.stdout == ''
+    assert c.stderr == ''
+
+    # Check if every file exists, content has, and permissions / metadata
+    c1 = host.run('cd /var && find /var -type f -printf "%P\n" | sort | xargs -i sh -c "echo {}; sha512sum {} | cut -d \' \' -f 1; ls -l {}; echo"')
+    c2 = host.run('cd /mnt/var && find /var -type f -printf "%P\n" | sort | xargs -i sh -c "echo {}; sha512sum {} | cut -d \' \' -f 1; ls -l {}; echo"')
+    assert c1.rc == 0 and c2.rc == 0
+    assert c1.stderr == '' and c2.stderr == ''
+    assert c1.stdout == c2.stdout
+
+    # Delete directory extract directory again for future tests
+    c = host.run('rm -rf /mnt/var')
+    assert c.rc == 0
+    assert c.stdout == ''
+    assert c.stderr == ''
+
+    # Delete backup
+    c = host.run(f'borg delete borg@borg-server:/opt/borg/borg-client::testinfra-backup-restore-{compression}')
+    assert c.rc == 0
+    assert c.stdout == ''
+    assert c.stderr == ''