Making Duplicity use venvs.

docs/roles/debian/duplicity.md

@@ -9,11 +9,16 @@ Role to install and configure [the Duplicity backup engine](https://duplicity.us
 ```yaml
 ---
 duplicity:
+  # Location of Duplicity installation and components.
+  venv_path: "/home/{{ user_provision.username }}/duplicity"
+  venv_command: /usr/bin/python3 -m venv
+  install_username: "{{ user_provision.username }}"
+  # Duplicity configuration
   backend: s3 # currently also support b2 for Backblaze
   access_key_id: "somekey"
   secret_access_key: "somesecret"
   backend_url: "s3-eu-west-1.amazonaws.com"
-  s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
+  s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
   bucketname: "somebucket"
   dirs:
     - name: "/boot"

docs/roles/debian/mysql_server_oracle_ce.md

@@ -11,6 +11,7 @@ Installs MySQL Server 5.7.
 mysql_long_query_time: 4
 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html
 mysql_server_oracle_ce_key_server: keyserver.ubuntu.com
+
 ```
 
 <!--ENDROLEVARS-->

roles/debian/ansible/tasks/main.yml

@@ -40,13 +40,17 @@
     state: latest
     virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}"
     virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}"
+  become_user: "{{ ce_ansible.install_username | default(_install_username) }}"
+  become: true
 
 - name: Install Ansible.
   ansible.builtin.pip:
     name:
       - ansible
     virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}"
     virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}"
+  become_user: "{{ ce_ansible.install_username | default(_install_username) }}"
+  become: true
 
 - name: Install linters.
   ansible.builtin.pip:
@@ -55,6 +59,8 @@
       - yamllint
     virtualenv: "{{ ce_ansible.venv_path | default(_venv_path) }}"
     virtualenv_command: "{{ ce_ansible.venv_command | default(_venv_command) }}"
+  become_user: "{{ ce_ansible.install_username | default(_install_username) }}"
+  become: true
   when: ce_ansible.linters.enabled
 
 - name: Ensure Ansible venv permissions.

roles/debian/ce_provision/tasks/main.yml

@@ -159,6 +159,8 @@
       - pyopenssl
     virtualenv: "{{ _venv_path }}"
     virtualenv_command: "{{ _venv_command }}"
+  become_user: "{{ ce_provision.install_username | default(_install_username) }}"
+  become: true
 
 - name: Ensure Ansible venv permissions.
   ansible.builtin.file:

roles/debian/duplicity/README.md

@@ -9,11 +9,16 @@ Role to install and configure [the Duplicity backup engine](https://duplicity.us
 ```yaml
 ---
 duplicity:
+  # Location of Duplicity installation and components.
+  venv_path: "/home/{{ user_provision.username }}/duplicity"
+  venv_command: /usr/bin/python3 -m venv
+  install_username: "{{ user_provision.username }}"
+  # Duplicity configuration
   backend: s3 # currently also support b2 for Backblaze
   access_key_id: "somekey"
   secret_access_key: "somesecret"
   backend_url: "s3-eu-west-1.amazonaws.com"
-  s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
+  s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
   bucketname: "somebucket"
   dirs:
     - name: "/boot"

roles/debian/duplicity/defaults/main.yml

@@ -1,10 +1,15 @@
 ---
 duplicity:
+  # Location of Duplicity installation and components.
+  venv_path: "/home/{{ user_provision.username }}/duplicity"
+  venv_command: /usr/bin/python3 -m venv
+  install_username: "{{ user_provision.username }}"
+  # Duplicity configuration
   backend: s3 # currently also support b2 for Backblaze
   access_key_id: "somekey"
   secret_access_key: "somesecret"
   backend_url: "s3-eu-west-1.amazonaws.com"
-  s3_options: "--s3-european-buckets --s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
+  s3_options: "--s3-use-glacier-ir" # see the --s3 options in the documentation - https://duplicity.us/stable/duplicity.1.html#options
   bucketname: "somebucket"
   dirs:
     - name: "/boot"

roles/debian/duplicity/tasks/main.yml

@@ -1,15 +1,51 @@
-- name: Ensure duplicity is installed.
+---
+- name: Ensure system Duplicity is not installed.
   ansible.builtin.apt:
     pkg: duplicity
-    state: present
-  when: ansible_distribution_major_version | int >= 12
+    state: absent
 
-- name: Ensure duplicity is installed.
+- name: Ensure Duplicity is not installed globally with pip or pip3 on older versions of Debian.
   ansible.builtin.pip:
-    name: duplicity
-    executable: pip3
-    state: present
+    name:
+      - duplicity
+    state: absent
+    executable: "{{ item }}"
   when: ansible_distribution_major_version | int < 12
+  with_items:
+    - pip
+    - pip3
+  failed_when: false # don't stop the build if there's no system pip
+
+# Install Python applications.
+- name: Set up Python venv variables.
+  ansible.builtin.set_fact:
+    _venv_path: "{{ duplicity.venv_path }}"
+    _venv_command: "{{ duplicity.venv_command }}"
+    _install_username: "{{ duplicity.install_username }}"
+
+- name: Ensure pip is at latest version.
+  ansible.builtin.pip:
+    name:
+      - pip
+    state: latest
+    virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}"
+    virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}"
+  become_user: "{{ duplicity.install_username | default(_install_username) }}"
+  become: true
+
+- name: Install python_boto.
+  ansible.builtin.include_role:
+    name: debian/python_boto
+
+- name: Install Duplicity and dependencies.
+  ansible.builtin.pip:
+    name:
+      - fasteners
+      - duplicity
+    virtualenv: "{{ duplicity.venv_path | default(_venv_path) }}"
+    virtualenv_command: "{{ duplicity.venv_command | default(_venv_command) }}"
+  become_user: "{{ duplicity.install_username | default(_install_username) }}"
+  become: true
 
 - name: Create install dir.
   ansible.builtin.file:

roles/debian/duplicity/templates/duplicity_backup-b2.j2

@@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do
   fi
 
   DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir
-  /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1
+  {{ _venv_path }}/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1
 
   if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then
     # Do some maintenance on the remote end to clean up old backups
     echo "Performing routine maintenance on $dir..."
-    /usr/local/bin/duplicity $maintenance_options $DEST || exit 1
+    {{ _venv_path }}/bin/duplicity $maintenance_options $DEST || exit 1
   fi
 done
 

roles/debian/duplicity/templates/duplicity_backup-s3.j2

@@ -56,12 +56,12 @@ for dir in ${DIRS[@]}; do
   fi
 
   DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir
-  /usr/local/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1
+  {{ _venv_path }}/bin/duplicity $backup_options $extra_options $dir $DEST || exit 1
 
   if [ $REMOVE_OLD_BACKUPS -eq 1 ]; then
     # Do some maintenance on the remote end to clean up old backups
     echo "Performing routine maintenance on $dir..."
-    /usr/local/bin/duplicity $maintenance_options $DEST || exit 1
+    {{ _venv_path }}/bin/duplicity $maintenance_options $DEST || exit 1
   fi
 done
 

roles/debian/duplicity/templates/duplicity_clean-b2.j2

@@ -31,7 +31,7 @@ DIRS=(
 for dir in ${DIRS[@]}; do
   echo "Cleaning up $dir..."
   DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir
-  /usr/local/bin/duplicity $cleanup_options $DEST || exit 1
+  {{ _venv_path }}/bin/duplicity $cleanup_options $DEST || exit 1
 done
 
 unset PASSPHRASE

roles/debian/duplicity/templates/duplicity_clean-s3.j2

@@ -31,7 +31,7 @@ DIRS=(
 for dir in ${DIRS[@]}; do
   echo "Cleaning up $dir..."
   DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir
-   /usr/local/bin/duplicity $cleanup_options $DEST || exit 1
+   {{ _venv_path }}/bin/duplicity $cleanup_options $DEST || exit 1
 done
 
 unset PASSPHRASE

roles/debian/duplicity/templates/duplicity_restore-b2.j2

@@ -36,7 +36,7 @@ mkdir -p $RESTORE_DIR
 for dir in ${DIRS[@]}; do
   echo "Restoring $dir..."
   DEST=b2://$B2_KEY_ID:$B2_SECRET_KEY@{{ duplicity.bucketname }}$dir
-  /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir
+  {{ _venv_path }}/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir
 done
 
 unset PASSPHRASE

roles/debian/duplicity/templates/duplicity_restore-s3.j2

@@ -37,7 +37,7 @@ mkdir -p $RESTORE_DIR
 for dir in ${DIRS[@]}; do
   echo "Restoring $dir..."
   DEST=s3://{{ duplicity.backend_url }}/{{ duplicity.bucketname }}$dir
-   /usr/local/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir
+   {{ _venv_path }}/bin/duplicity restore $RESTORE_OPTIONS $DEST $RESTORE_DIR$dir
 done
 
 unset PASSPHRASE

roles/debian/ldap_server/tasks/main.yml

@@ -34,17 +34,10 @@
     pkg: ["libsasl2-dev", "libssl-dev", "python3-dev"] # python-ldap needs some dev packages
     state: present
 
-- name: Install python-ldap with pip3.
-  ansible.builtin.pip:
-    name: python-ldap
-    executable: pip3
-  when: ansible_distribution_major_version | int < 12
-
-- name: Ensure python3-ldap is installed with apt.
+- name: Ensure python3-ldap is installed.
   ansible.builtin.apt:
     pkg: python3-ldap
     state: present
-  when: ansible_distribution_major_version | int >= 12
 
 - name: Create the slapd config file.
   ansible.builtin.template:

roles/debian/mysql_client/tasks/main.yml

@@ -16,17 +16,10 @@
       install_packages:
         - python3-pip
 
-- name: Ensure PyMySQL is installed with pip3.
-  ansible.builtin.pip:
-    name: pymysql
-    executable: pip3
-  when: ansible_distribution_major_version | int < 12
-
-- name: Ensure PyMySQL is installed with apt.
+- name: Ensure PyMySQL is installed.
   ansible.builtin.apt:
     pkg: python3-pymysql
     state: present
-  when: ansible_distribution_major_version | int >= 12
 
 - name: Copy debian.cnf credentials file.
   ansible.builtin.template:

roles/debian/mysql_server_oracle_ce/README.md

@@ -11,6 +11,7 @@ Installs MySQL Server 5.7.
 mysql_long_query_time: 4
 mysql_server_oracle_ce_key: "8C718D3B5072E1F5" # archive key - see https://dev.mysql.com/doc/refman/8.0/en/gpg-key-archived-packages.html
 mysql_server_oracle_ce_key_server: keyserver.ubuntu.com
+
 ```
 
 <!--ENDROLEVARS-->

roles/debian/nginx/tasks/main.yml

@@ -16,17 +16,10 @@
       install_packages:
         - python3-pip
 
-- name: Ensure passlib is installed with pip3.
-  ansible.builtin.pip:
-    name: passlib
-    executable: pip3
-  when: ansible_distribution_major_version | int < 12
-
-- name: Ensure python3-passlib is installed with apt.
+- name: Ensure python3-passlib is installed.
   ansible.builtin.apt:
     pkg: python3-passlib
     state: present
-  when: ansible_distribution_major_version | int >= 12
 
 - name: Copy main nginx config.
   ansible.builtin.template:

roles/debian/python_boto/tasks/main.yml

@@ -30,6 +30,8 @@
     name: "{{ _boto3_install_package }}"
     virtualenv: "{{ python_boto.venv_path | default(_venv_path) }}"
     virtualenv_command: "{{ python_boto.venv_command | default(_venv_command) }}"
+  become_user: "{{ python_boto.install_username | default(_install_username) }}"
+  become: true
 
 - name: Ensure Ansible venv permissions.
   ansible.builtin.file: