dev: webdav support
diff --git a/README.rst b/README.rst
index fd38c2b..8811de8 100644
--- a/README.rst
+++ b/README.rst
@@ -30,6 +30,16 @@
host: s3.domain.com
bucket: bucketname
+Backup client with webdav target
+
+ backupninja:
+ client:
+ enabled: true
+ target:
+ engine: webdav
+ url: webdavs://none:e@backup.cloud/example.com/box.example.com/
+ auth: gss
+
Backup server rsync/rdiff
backupninja:
diff --git a/backupninja/client.sls b/backupninja/client.sls
index 7edf512..8abe0c4 100644
--- a/backupninja/client.sls
+++ b/backupninja/client.sls
@@ -19,7 +19,7 @@
backupninja_postgresql_handler:
file.managed:
- - name: /etc/backup.d/100.pgsql
+ - name: /etc/backup.d/102.pgsql
- source: salt://backupninja/files/handler/pgsql.conf
- template: jinja
- mode: 600
@@ -78,7 +78,7 @@
{%- if client.target is defined %}
-{%- if client.target.engine in ["s3",] %}
+{%- if client.target.engine in ["s3","webdav",] %}
backupninja_duplicity_packages:
pkg.installed:
- names:
@@ -113,6 +113,27 @@
{%- endif %}
{%- endfor %}
+{%- if client.target.auth is defined and client.target.auth == 'gss' %}
+backupninja_gss_helper_{{ backup_name }}_kinit:
+ file.managed:
+ - name: /etc/backup.d/100.{{ backup_name }}-kinit.sh
+ - source: salt://backupninja/files/gss_kinit
+ - template: jinja
+ - mode: 600
+ - require:
+ - pkg: backupninja_packages
+
+backupninja_gss_helper_{{ backup_name }}_kdestroy:
+ file.managed:
+ - name: /etc/backup.d/199.{{ backup_name }}-kdestroy.sh
+ - source: salt://backupninja/files/gss_kdestroy
+ - template: jinja
+ - mode: 600
+ - require:
+ - pkg: backupninja_packages
+
{%- endif %}
-{%- endif %}
\ No newline at end of file
+{%- endif %}
+
+{%- endif %}
diff --git a/backupninja/files/gss_kdestroy b/backupninja/files/gss_kdestroy
new file mode 100644
index 0000000..1733cf4
--- /dev/null
+++ b/backupninja/files/gss_kdestroy
@@ -0,0 +1,2 @@
+kdestroy
+
diff --git a/backupninja/files/gss_kinit b/backupninja/files/gss_kinit
new file mode 100644
index 0000000..3b6fe06
--- /dev/null
+++ b/backupninja/files/gss_kinit
@@ -0,0 +1,2 @@
+kinit -kt /etc/krb5.keytab host/`hostname -f`
+
diff --git a/backupninja/files/webdav.conf b/backupninja/files/webdav.conf
new file mode 100644
index 0000000..9bcee45
--- /dev/null
+++ b/backupninja/files/webdav.conf
@@ -0,0 +1,260 @@
+{%- from "backupninja/map.jinja" import client with context %}
+{%- from "linux/map.jinja" import system with context %}
+## This is an example duplicity configuration file.
+##
+## Here you can find all the possible duplicity options, details of
+## what the options provide and possible settings. The defaults are set
+## as the commented out option, uncomment and change when
+## necessary. Options which are uncommented in this example do not have
+## defaults, and the settings provided are recommended.
+
+## passed directly to duplicity, e.g. to increase verbosity set this to:
+## options = --verbosity 8
+## when using the Amazon S3 backend to create buckets in Europe:
+## options = --s3-european-buckets --s3-use-new-style
+##
+## Default:
+options = --no-encryption
+
+## default is 0, but set to something like 19 if you want to lower the priority.
+##
+## Default:
+# nicelevel = 0
+
+## test the connection? set to no to skip the test if the remote host is alive.
+## if 'desturl' is set below, 'testconnect' must be set to 'no' for now.
+##
+## Default:
+# testconnect = yes
+
+## temporary directory used by duplicity, set to some other location if your /tmp is small
+## default is either /tmp or /usr/tmp, depending on the system
+##
+## Default:
+# tmpdir = /tmp
+
+######################################################
+## gpg section
+## (how to encrypt and optionally sign the backups)
+##
+## WARNING: old (pre-0.9.4) example.dup used to give wrong information about
+## the way the following options are used. Please read the following
+## carefully.
+##
+## If the encryptkey variable is set:
+## - data is encrypted with the GnuPG public key specified by the encryptkey
+## variable
+## - if signing is enabled, data is signed with the GnuPG private
+## key specified by the signkey variable
+## - the password variable is used to unlock the GnuPG key(s) used
+## for encryption and (optionnal) signing
+##
+## If the encryptkey option is not set:
+## - data signing is not possible
+## - the password variable is used to encrypt the data with symmetric
+## encryption: no GnuPG key pair is needed
+
+[gpg]
+
+## when set to yes, encryptkey variable must be set below; if you want to use
+## two different keys for encryption and signing, you must also set the signkey
+## variable below.
+## default is set to no, for backwards compatibility with backupninja <= 0.5.
+##
+## Default:
+sign = no
+
+## ID of the GnuPG public key used for data encryption.
+## if not set, symmetric encryption is used, and data signing is not possible.
+## an example setting would be:
+## encryptkey = 04D9EA79
+##
+## Default:
+# encryptkey =
+
+## ID of the GnuPG private key used for data signing.
+## if not set, encryptkey will be used, an example setting would be:
+## signkey = 04D9EA79
+##
+## Default:
+# signkey =
+
+## password
+## NB: neither quote this, nor should it contain any quotes,
+## an example setting would be:
+## password = a_very_complicated_passphrase
+##
+## Default:
+password = iamuseless
+
+######################################################
+## source section
+## (where the files to be backed up are coming from)
+
+[source]
+
+## A few notes about includes and excludes:
+## 1. include, exclude and vsinclude statements support globbing with '*'
+## 2. Symlinks are not dereferenced. Moreover, an include line whose path
+## contains, at any level, a symlink to a directory, will only have the
+## symlink backed-up, not the target directory's content. Yes, you have to
+## dereference yourself the symlinks, or to use 'mount --bind' instead.
+## Example: let's say /home is a symlink to /mnt/crypt/home ; the following
+## line will only backup a "/home" symlink ; neither /home/user nor
+## /home/user/Mail will be backed-up :
+## include = /home/user/Mail
+## A workaround is to 'mount --bind /mnt/crypt/home /home' ; another one is to
+## write :
+## include = /mnt/crypt/home/user/Mail
+## 3. All the excludes come after all the includes. The order is not otherwise
+## taken into account.
+
+## files to include in the backup
+
+{%- for fs_include in backup.fs_includes %}
+include = {{ fs_include }}
+{%- endfor %}
+
+## If vservers = yes in /etc/backupninja.conf then the following variables can
+## be used:
+## vsnames = all | <vserver1> <vserver2> ... (default = all)
+## vsinclude = <path>
+## vsinclude = <path>
+## ...
+## Any path specified in vsinclude is added to the include list for each vserver
+## listed in vsnames (or all if vsnames = all, which is the default).
+##
+## For example, vsinclude = /home will backup the /home directory in every
+## vserver listed in vsnames. If you have 'vsnames = foo bar baz', this
+## vsinclude will add to the include list /vservers/foo/home, /vservers/bar/home
+## and /vservers/baz/home.
+## Vservers paths are derived from $VROOTDIR.
+
+# files to exclude from the backup
+{%- for fs_exclude in backup.fs_excludes %}
+exclude = {{ fs_exclude }}
+{%- endfor %}
+
+
+######################################################
+## destination section
+## (where the files are copied to)
+
+[dest]
+
+## perform an incremental backup? (default = yes)
+## if incremental = no, perform a full backup in order to start a new backup set
+##
+## Default:
+# incremental = yes
+
+## how many days of incremental backups before doing a full backup again ;
+## default is 30 days (one can also use the time format of duplicity).
+## if increments = keep, never automatically perform a new full backup ;
+## only perform incremental backups.
+##
+## Default:
+# increments = 30
+
+## how many days of data to keep ; default is 60 days.
+## (you can also use the time format of duplicity)
+## 'keep = yes' means : do not delete old data, the remote host will take care of this
+##
+## Default:
+# keep = 60
+
+# for how many full backups do we keep their later increments ;
+# default is all (keep all increments).
+# increments for older full backups will be deleted : only the more
+# recent ones (count provided) will be kept
+#
+## Default:
+# keepincroffulls = all
+
+## full destination URL, in duplicity format; if set, desturl overrides
+## sshoptions, destdir, desthost and destuser; it also disables testconnect and
+## bandwithlimit. For details, see duplicity manpage, section "URL FORMAT", some
+## examples include:
+## desturl = file:///usr/local/backup
+## desturl = rsync://user@other.host//var/backup/bla
+## desturl = s3+http://
+## desturl = ftp://myftpuser@ftp.example.org/remote/ftp/path
+## the default value of this configuration option is not set:
+##
+## Default:
+desturl = {{ target.url }}
+
+## Amazon Web Services Access Key ID and Secret Access Key, needed for backups
+## to S3 buckets.
+## awsaccesskeyid = YOUR_AWS_ACCESS_KEY_ID
+## awssecretaccesskey = YOUR_AWS_SECRET_KEY
+##
+## Default:
+# awsaccesskeyid =
+# awssecretaccesskey =
+
+## RackSpace's CloudFiles username, API key, and authentication URL.
+## cfusername = YOUR_CF_USERNAME
+## cfapikey = YOUR_CF_API_KEY
+## cfauthurl = YOUR_CF_AUTH_URL
+##
+## Default:
+# cfusername =
+# cfapikey =
+# cfauthurl =
+
+## FTP password, needed for backups using desturl = ftp://...
+##
+## Default:
+# ftp_password =
+
+## bandwith limit, in Kbit/s ; default is 0, i.e. no limit
+## if using 'desturl' above, 'bandwidthlimit' must not be set
+## an example setting of 128 Kbit/s would be:
+## bandwidthlimit = 128
+##
+## Default:
+# bandwidthlimit = 0
+
+## duplicity < 0.6.17
+## ------------------
+## passed directly to ssh, scp (and sftp in duplicity >=0.4.2)
+## warning: sftp does not support all scp options, especially -i; as
+## a workaround, you can use "-o <SSHOPTION>"
+## an example setting would be:
+## sshoptions = -o IdentityFile=/root/.ssh/id_rsa_duplicity
+##
+## duplicity >= 0.6.17
+## ------------------
+## supports only "-o IdentityFile=..."
+##
+## Default:
+# sshoptions =
+
+## put the backups under this destination directory
+## if using 'desturl' above, this must not be set
+## in all other cases, this must be set!
+## an example setting would be:
+## destdir = /backups
+##
+## Default:
+# destdir =
+
+## the machine which will receive the backups
+## if using 'desturl' above, this must not be set
+## in all other cases, this must be set!
+## an example setting would be:
+## desthost = backuphost
+##
+## Default:
+# desthost =
+
+## make the files owned by this user
+## if using 'desturl' above, this must not be set
+## note: if using an SSH based transport and 'type' is set to 'remote', you must
+## be able to 'ssh backupuser@backuphost' without specifying a password.
+## an example setting would be:
+## destuser = backupuser
+##
+## Default:
+# destuser =