server.pp 4.19 KB
Newer Older
1
# this define realizes all needed resources for a hosted backup
2 3 4 5 6 7
define backupninja_server_realize($host) {
  User               <<| tag == "backupninja-$host" |>>
  File               <<| tag == "backupninja-$host" |>>
  Ssh_authorized_key <<| tag == "backupninja-$host" |>>
}

8 9 10
class backupninja::server (
  $backupdir = '/backup',
  $backupdir_ensure = 'directory',
11 12
  $manage_nagios = false,
  $nagios_server = undef
13
) {
14

15 16
  group { "backupninjas":
    ensure => "present",
Pietro's avatar
Pietro committed
17
    gid => 700
18
  }
19
  
20 21
  file { $backupdir:
    ensure => $backupdir_ensure,
22
    mode => 0710, owner => root, group => "backupninjas",
23
    require => $backupdir_ensure ? {
24
      'directory' => undef,
25
      default     => File["$backupdir_ensure"],
26
    }
27
  }
28

29
  if $manage_nagios {
30

31 32 33 34
    if $nagios_server == undef {
      fail('Cannot manage nagios with undefined nagios_server parameter!')
    }

35
    include nagios::nsca::client
36
    
37 38
    file { "/usr/local/bin/checkbackups":
      ensure => "present",
39
      source => "puppet:///modules/backupninja/checkbackups.pl",
40 41 42
      mode => 0755, owner => root, group => root,
    }

43
    cron { checkbackups:
44
      command => "/usr/local/bin/checkbackups -d $backupdir | /usr/sbin/send_nsca -H $nagios_server -c /etc/send_nsca.cfg | grep -v 'sent to host successfully'",
45 46 47 48 49
      user => "root",
      hour => "8-23",
      minute => 59,
      require => [ File["/usr/local/bin/checkbackups"], Package['nsca'] ]
    }
50 51
  }

52
  # collect all resources from hosted backups
53
  Backupninja_server_realize <<| tag == $::fqdn |>>
54

55 56
  # this define allows nodes to declare a remote backup sandbox, that have to
  # get created on the server
57
  define sandbox(
58
    $user = $name, $host = $::fqdn, $installuser = true, $dir, $manage_ssh_dir = true,
59
    $ssh_dir = "${dir}/.ssh", $authorized_keys_file = 'authorized_keys', $key = false, $keytype = 'dss', $backupkeys = "${fileserver}/keys/backupkeys", $uid = false,
60
    $gid = "backupninjas", $backuptag = "backupninja-${::fqdn}", $nagios_description = 'backups')
61
  {
62

63
    if $manage_nagios {
64
      # configure a passive service check for backups
65
      nagios::service::passive { $nagios_description: }
66 67
    }
    
68 69 70 71
    if !defined(Backupninja_server_realize["${::fqdn}@${host}"]) {
      @@backupninja_server_realize { "${::fqdn}@${host}":
        host => $::fqdn,
        tag  => $host,
72
      }
73 74
    }

75 76 77 78 79 80 81
    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode => 0750, owner => $user, group => 0,
        tag => "$backuptag",
      }
    }
82

83 84
    case $installuser {
      true: {
85 86 87 88 89 90 91
        if $manage_ssh_dir == true {
          if !defined(File["$ssh_dir"]) {
            @@file { "${ssh_dir}":
              ensure => directory,
              mode => 0700, owner => $user, group => 0,
              require => [User[$user], File["$dir"]],
              tag => "$backuptag",
92 93
            }
          }
Micah Anderson's avatar
Micah Anderson committed
94
        } 
95 96
	case $key {
	  false: {
97 98
            if !defined(File["${ssh_dir}/${authorized_keys_file}"]) {
              @@file { "${ssh_dir}/${authorized_keys_file}":
Antoine Beaupre's avatar
Antoine Beaupre committed
99 100
                ensure => present,
                mode => 0644, owner => 0, group => 0,
101 102 103
                source => "${backupkeys}/${user}_id_${keytype}.pub",
                require => File["${ssh_dir}"],
                tag => "$backuptag",
Antoine Beaupre's avatar
Antoine Beaupre committed
104
              }
105 106 107
            }
	  }
	  default: {
108
              if !defined(Ssh_autorized_key["$user"]) {
109
                @@ssh_authorized_key{ "$user":
110 111
                  type    => $keytype,
                  key     => $key,
112 113 114 115
                  user    => $user,
                  target  => "${ssh_dir}/${authorized_keys_file}",
                  tag     => "$backuptag",
                  require => User[$user],
116 117 118
                }
              }
     }
119
	}
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134
        if !defined(User["$user"]) {
          @@user { "$user":
            ensure  => "present",
            uid     => $uid ? {
                false => undef,
                default => $uid
            },
            gid     => "$gid",
            comment => "$user backup sandbox",
            home    => "$dir",
            managehome => true,
            shell   => "/bin/bash",
            password => '*',
            require => Group['backupninjas'],
            tag => "$backuptag"
135
          }
136
        }
137
      }
138
    }
139
  }
140
}
Micah Anderson's avatar
Micah Anderson committed
141