diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/client.pp | 69 | ||||
| -rw-r--r-- | manifests/config.pp | 2 | ||||
| -rw-r--r-- | manifests/dup.pp | 132 | ||||
| -rw-r--r-- | manifests/init.pp | 13 | ||||
| -rw-r--r-- | manifests/labelmount.pp | 10 | ||||
| -rw-r--r-- | manifests/maildir.pp | 6 | ||||
| -rw-r--r-- | manifests/mysql.pp | 6 | ||||
| -rw-r--r-- | manifests/rdiff.pp | 22 | ||||
| -rw-r--r-- | manifests/server.pp | 86 | ||||
| -rw-r--r-- | manifests/sh.pp | 6 | ||||
| -rw-r--r-- | manifests/svn.pp | 6 | ||||
| -rw-r--r-- | manifests/sys.pp | 6 |
12 files changed, 283 insertions, 81 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index 66dbd1c..c21e669 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,4 +1,4 @@ -class backupninja::client { +class backupninja::client::defaults { $configdir = $cfg_override ? { '' => "/etc/backup.d", default => $cfg_override, @@ -8,7 +8,8 @@ class backupninja::client { default => $backupkeystore, } $real_keytype = $backupkeytype ? { - '' => 'rsa', + '' => 'rsa', + false => 'rsa', default => $backupkeytype, } $real_keydestination = $keydestination ? { @@ -37,6 +38,9 @@ class backupninja::client { file { $configdir: ensure => directory } +} + +class backupninja::client inherits backupninja::client::defaults { define key( $user = false, $host = false, $installkey=false, $keyowner=false, $keygroup=false, $keystore=false, $keytype=false) @@ -50,40 +54,77 @@ class backupninja::client { default => $host } $install_key = $installkey ? { - false => "${backupninja::client::real_keymanage}", + false => "${backupninja::client::defaults::real_keymanage}", default => $installkey, } $key_owner = $keyowner ? { - false => "${backupninja::client::real_keyowner}", + false => "${backupninja::client::defaults::real_keyowner}", default => $keyowner, } $key_group = $keygroup ? { - false => "${backupninja::client::real_keygroup}", + false => "${backupninja::client::defaults::real_keygroup}", default => $keygroup, } $key_store = $keystore ? { - false => "${backupninja::client::real_keystore}", + false => "${backupninja::client::defaults::real_keystore}", default => $keystore, } $key_type = $keytype ? { - false => "${backupninja::client::real_keytype}", + '' => "${backupninja::client::defaults::real_keytype}", + false => "${backupninja::client::defaults::real_keytype}", default => $keytype, } + $key_dest = "${backupninja::client::defaults::real_keydestination}" + $key_dest_file = "$key_dest/id_$key_type" + case $install_key { true: { - file { "${backupninja::client::real_keydestination}": - ensure => directory, - mode => 0700, owner => $key_owner, group => $key_group, + if !defined(File["$key_dest"]) { + file { "$key_dest": + ensure => directory, + mode => 0700, owner => $key_owner, group => $key_group, + } } - file { "${backupninja::client::real_keydestination}/id_${key_type}": - source => "${key_store}/${real_user}_id_${key_type}", - mode => 0400, owner => $key_owner, group => $key_group, - require => File["${backupninja::client::real_keydestination}"], + if !defined(File["$key_dest_file"]) { + file { "$key_dest_file": + source => "${key_store}/${real_user}_id_${key_type}", + mode => 0400, owner => $key_owner, group => $key_group, + require => File["$key_dest"], + } } } } } } +class backupninja::client::maildir inherits backupninja::client::defaults { + + if !defined(Package["rsync"]) { + if $rsync_ensure_version == '' { $rsync_ensure_version = 'installed' } + package { 'rsync': + ensure => $rsync_ensure_version, + } + } +} + +class backupninja::client::rdiff_backup inherits backupninja::client::defaults { + if !defined(Package["rdiff-backup"]) { + if $rdiff_backup_ensure_version == '' { $rdiff_backup_ensure_version = 'installed' } + package { 'rdiff-backup': + ensure => $rdiff_backup_ensure_version, + } + } +} + +class backupninja::client::duplicity inherits backupninja::client::defaults { + + if !defined(Package["duplicity"]) { + if $duplicity_ensure_version == '' { $duplicity_ensure_version = 'installed' } + package { 'duplicity': + ensure => $duplicity_ensure_version, + } + } +} + diff --git a/manifests/config.pp b/manifests/config.pp index 668904e..34e3a0e 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -3,7 +3,7 @@ # write them to the config file as-is. # define backupninja::config( - $configfile = '/etc/backupninja.conf', $loglvl = 4, $when = '01:00', + $configfile = '/etc/backupninja.conf', $loglvl = 4, $when = 'everyday at 01:00', $reportemail = 'root', $reportsuccess = false, $reportwarning = true, $reporthost = $reporthost, $reportuser = $reportuser, $reportdirectory = $reportdirectory, diff --git a/manifests/dup.pp b/manifests/dup.pp new file mode 100644 index 0000000..dc597f7 --- /dev/null +++ b/manifests/dup.pp @@ -0,0 +1,132 @@ +# Run duplicity-backup as part of a backupninja run. +# +# Valid attributes for this type are: +# +# order: +# +# The prefix to give to the handler config filename, to set order in +# which the actions are executed during the backup run. +# +# ensure: +# +# Allows you to delete an entry if you don't want it any more (but be +# sure to keep the configdir, name, and order the same, so that we can +# find the correct file to remove). +# +# options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey, +# password, include, exclude, vsinclude, incremental, keep, bandwithlimit, +# sshoptions, destdir, desthost, desuser: +# +# As defined in the backupninja documentation. The options will be +# placed in the correct sections automatically. The include and +# exclude options should be given as arrays if you want to specify +# multiple directories. +# +# directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser, +# installkey, backuptag: +# +# Options for the bakupninja::server::sandbox define, check that +# definition for more info. +# +# Some notes about this handler: +# +# - When specifying a password, be sure to enclose it in single quotes, +# this is particularly important if you have any special characters, such +# as a $ which puppet will attempt to interpret resulting in a different +# password placed in the file than you expect! +# - There's no support for a 'local' type in backupninja's duplicity +# handler on version 0.9.6-4, which is the version available in stable and +# testing debian repositories by the time of this writing. +define backupninja::duplicity( $order = 90, + $ensure = present, + # options to the config file + $options = false, + $nicelevel = false, + $testconnect = false, + $tmpdir = false, + # [gpg] + $sign = false, + $encryptkey = false, + $signkey = false, + $password = false, + # [source] + $include = [ "/var/spool/cron/crontabs", + "/var/backups", + "/etc", + "/root", + "/home", + "/usr/local/*bin", + "/var/lib/dpkg/status*" ], + $exclude = [ "/home/*/.gnupg", + "/home/*/.local/share/Trash", + "/home/*/.Trash", + "/home/*/.thumbnails", + "/home/*/.beagle", + "/home/*/.aMule", + "/home/*/.gnupg", + "/home/*/.gpg", + "/home/*/.ssh", + "/home/*/gtk-gnutella-downloads", + "/etc/ssh/*" ], + $vsinclude = false, + # [dest] + $incremental = "yes", + $keep = false, + $bandwithlimit = false, + $sshoptions = false, + $destdir = false, + $desthost = false, + $destuser = false, + # configs to backupninja client + $backupkeystore = false, + $backupkeytype = "rsa", + # options to backupninja server sandbox + $ssh_dir_manage = true, + $ssh_dir = false, + $authorized_keys_file = false, + $installuser = true, + $backuptag = false, + # key options + $installkey = true ) { + + # the client with configs for this machine + include backupninja::client::defaults + + case $desthost { false: { err("need to define a destination host for remote backups!") } } + case $destdir { false: { err("need to define a destination directory for remote backups!") } } + case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } } + + # guarantees there's a configured backup space for this backup + backupninja::server::sandbox { "${user}-${name}": + user => $destuser, + host => $desthost, + dir => $destdir, + manage_ssh_dir => $ssh_dir_manage, + ssh_dir => $ssh_dir, + authorized_keys_file => $authorized_keys_file, + installuser => $installuser, + backuptag => $backuptag, + backupkeys => $backupkeystore, + keytype => $backupkeytype, + } + + # the client's ssh key + backupninja::client::key { "${destuser}-${name}": + user => $destuser, + host => $desthost, + installkey => $installkey, + keytype => $backupkeytype, + keystore => $backupkeystore, + } + + # the backupninja rule for this duplicity backup + file { "${backupninja::client::defaults::configdir}/${order}_${name}.dup": + ensure => $ensure, + content => template('backupninja/dup.conf.erb'), + owner => root, + group => root, + mode => 0600, + require => File["${backupninja::client::defaults::configdir}"] + } +} + diff --git a/manifests/init.pp b/manifests/init.pp index 8ed54e3..23b4268 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,16 @@ -import "*.pp" +import "client.pp" +import "config.pp" +import "dup.pp" +import "labelmount.pp" +import "maildir.pp" +import "mysql.pp" +import "rdiff.pp" +import "server.pp" +import "sh.pp" +import "svn.pp" +import "sys.pp" class backupninja { } + diff --git a/manifests/labelmount.pp b/manifests/labelmount.pp index d9158c4..6b1f772 100644 --- a/manifests/labelmount.pp +++ b/manifests/labelmount.pp @@ -23,23 +23,23 @@ define backupninja::labelmount($order = 10, $label, $dest ) { - include backupninja::client - file { "${backupninja::client::configdir}/${order}_${name}.labelmount": + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.labelmount": ensure => $ensure, content => template('backupninja/labelmount.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } - file { "${backupninja::client::configdir}/99_${name}.umount": + file { "${backupninja::client::defaults::configdir}/99_${name}.umount": ensure => $ensure, content => template('backupninja/umount.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } # Copy over the handler scripts themselves, since they're not in the diff --git a/manifests/maildir.pp b/manifests/maildir.pp index 624e5d1..1427af1 100644 --- a/manifests/maildir.pp +++ b/manifests/maildir.pp @@ -22,7 +22,7 @@ define backupninja::maildir( $remove = false, $multiconnection = yes, $keepdaily='4', $keepweekly='2', $keepmonthly='2') { - include backupninja::client + include backupninja::client::defaults case $srcdir { false: { err("need to define a source directory to backup!") } } case $destdir { false: { err("need to define a destination directory to backup!") } } @@ -30,13 +30,13 @@ define backupninja::maildir( case $destuser { false: { err("need to define a destination user for backups!") } } case $destid_file { false: { err("need to define a ssh key id file to use!") } } - file { "${backupninja::client::configdir}/${order}_${name}.maildir": + file { "${backupninja::client::defaults::configdir}/${order}_${name}.maildir": ensure => $ensure, content => template('backupninja/maildir.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } package { rsync: ensure => installed } } diff --git a/manifests/mysql.pp b/manifests/mysql.pp index 6241519..83d8f8f 100644 --- a/manifests/mysql.pp +++ b/manifests/mysql.pp @@ -26,13 +26,13 @@ define backupninja::mysql( default => $configfile, } - include backupninja::client - file { "${backupninja::client::configdir}/${order}_${name}.mysql": + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.mysql": ensure => $ensure, content => template('backupninja/mysql.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } } diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp index 8e0e769..1d171b2 100644 --- a/manifests/rdiff.pp +++ b/manifests/rdiff.pp @@ -25,7 +25,7 @@ define backupninja::rdiff( "/home", "/usr/local/*bin", "/var/lib/dpkg/status*" ], $vsinclude = false, $keep = 30, $sshoptions = false, $options = '--force', $ssh_dir_manage = true, $ssh_dir = false, $authorized_keys_file = false, $installuser = true, $installkey = true, $key = false, - $backuptag = false, $extras = false) + $backuptag = false, $home = false, $backupkeytype = "rsa", $backupkeystore = false, $extras = false) { $real_backuptag = $backuptag ? { false => "backupninja-$host", @@ -33,33 +33,41 @@ define backupninja::rdiff( } $directory = "$home/rdiff-backup/" - include backupninja::client + include backupninja::client::defaults + case $type { 'remote': { case $host { false: { err("need to define a host for remote backups!") } } + $real_home = $home ? { + false => $directory, + default => $home, + } + backupninja::server::sandbox { "${user}-${name}": user => $user, host => $fqdn, dir => $home, manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, key => $key, authorized_keys_file => $authorized_keys_file, installuser => $installuser, - backuptag => $real_backuptag + backuptag => $real_backuptag, keytype => $backupkeytype, backupkeys => $backupkeystore, } - + backupninja::client::key { "${user}-${name}": user => $user, host => $host, - installkey => $installkey + installkey => $installkey, + keytype => $backupkeytype, + keystore => $backupkeystore, } } } - file { "${backupninja::client::configdir}/${order}_${name}.rdiff": + file { "${backupninja::client::defaults::configdir}/${order}_${name}.rdiff": ensure => $ensure, content => template('backupninja/rdiff.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } include backupninja::rdiff-installed } diff --git a/manifests/server.pp b/manifests/server.pp index 77fc33d..52cb11c 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -48,7 +48,7 @@ class backupninja::server { # get created on the server define sandbox( $user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true, - $ssh_dir = false, $authorized_keys_file = false, $key = false, $key_type = 'ssh-dss', $backupkeys = false, $uid = false, + $ssh_dir = false, $authorized_keys_file = false, $key = false, $keytype = 'dss', $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false) { @@ -78,38 +78,44 @@ class backupninja::server { default => $authorized_keys_file, } $real_backuptag = $backuptag ? { - false => "backupninja-$fqdn", + false => "backupninja-$real_host", default => $backuptag, } # configure a passive service check for backups nagios2::passive_service { "backups-$real_host": nagios2_host_name => $real_host, nagios2_description => 'backups', servicegroups => "backups" } - @@file { "$real_dir": - ensure => directory, - mode => 0750, owner => $real_user, group => 0, - tag => "$real_backuptag", + if !defined(File["$real_dir"]) { + @@file { "$real_dir": + ensure => directory, + mode => 0750, owner => $real_user, group => 0, + tag => "$real_backuptag", + } } case $installuser { true: { case $manage_ssh_dir { true: { - @@file { "${real_ssh_dir}": - ensure => directory, - mode => 0700, owner => $real_user, group => 0, - require => [User[$real_user], File["$real_dir"]], - tag => "$real_backuptag", + if !defined(File["$real_ssh_dir"]) { + @@file { "${real_ssh_dir}": + ensure => directory, + mode => 0700, owner => $real_user, group => 0, + require => [User[$real_user], File["$real_dir"]], + tag => "$real_backuptag", + } } } } case $key { false: { - @@file { "${real_ssh_dir}/${real_authorized_keys_file}": - ensure => present, - mode => 0644, owner => 0, group => 0, - source => "$real_backupkeys/${real_user}_id_rsa.pub", - require => File["${real_ssh_dir}"], - tag => "$real_backuptag", + if !defined(File["${real_ssh_dir}/${real_authorized_keys_file}"]) { + @@file { "${real_ssh_dir}/${real_authorized_keys_file}": + ensure => present, + mode => 0644, owner => 0, group => 0, + source => "$real_backupkeys/${real_user}_id_${keytype}.pub", + require => File["${real_ssh_dir}"], + tag => "$real_backuptag", + } } } default: { @@ -125,30 +131,34 @@ class backupninja::server { } case $uid { false: { - @@user { "$real_user": - ensure => "present", - gid => "$gid", - comment => "$name backup sandbox", - home => "$real_dir", - managehome => true, - shell => "/bin/sh", - password => '*', - require => Group['backupninjas'], - tag => "$real_backuptag" + if !defined(User["$real_user"]) { + @@user { "$real_user": + ensure => "present", + gid => "$gid", + comment => "$name backup sandbox", + home => "$real_dir", + managehome => true, + shell => "/bin/sh", + password => '*', + require => Group['backupninjas'], + tag => "$real_backuptag" + } } } default: { - @@user { "$real_user": - ensure => "present", - uid => "$uid", - gid => "$gid", - comment => "$name backup sandbox", - home => "$real_dir", - managehome => true, - shell => "/bin/sh", - password => '*', - require => Group['backupninjas'], - tag => "$real_backuptag" + if !defined(User["$real_user"]) { + @@user { "$real_user": + ensure => "present", + uid => "$uid", + gid => "$gid", + comment => "$name backup sandbox", + home => "$real_dir", + managehome => true, + shell => "/bin/sh", + password => '*', + require => Group['backupninjas'], + tag => "$real_backuptag" + } } } } diff --git a/manifests/sh.pp b/manifests/sh.pp index a49a3d1..fa6aca5 100644 --- a/manifests/sh.pp +++ b/manifests/sh.pp @@ -14,13 +14,13 @@ define backupninja::sh($order = 50, $ensure = present, $command_string ) { - include backupninja::client - file { "${backupninja::client::configdir}/${order}_${name}.sh": + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.sh": ensure => $ensure, content => template('backupninja/sh.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } } diff --git a/manifests/svn.pp b/manifests/svn.pp index 903be74..3ab59c9 100644 --- a/manifests/svn.pp +++ b/manifests/svn.pp @@ -17,13 +17,13 @@ define backupninja::svn($order = 20, $tmp = '/var/backups/svn.tmp', $vsname = false ) { - include backupninja::client - file { "${backupninja::client::configdir}/${order}_${name}.svn": + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.svn": ensure => $ensure, content => template('backupninja/svn.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } } diff --git a/manifests/sys.pp b/manifests/sys.pp index 106da9b..973f880 100644 --- a/manifests/sys.pp +++ b/manifests/sys.pp @@ -22,13 +22,13 @@ define backupninja::sys($order = 30, $hardwarefile = '/var/backups/hardware.txt', $dohwinfo = yes ) { - include backupninja::client - file { "${backupninja::client::configdir}/${order}_${name}.sys": + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.sys": ensure => $ensure, content => template('backupninja/sys.conf.erb'), owner => root, group => root, mode => 0600, - require => File["${backupninja::client::configdir}"] + require => File["${backupninja::client::defaults::configdir}"] } } |