Commit 343f27fa authored by Antoine Beaupre's avatar Antoine Beaupre

Merge commit 'micah/master'

Conflicts:

	manifests/mysql.pp
	manifests/rdiff.pp
	manifests/server.pp
parents de010623 70cae2f7
......@@ -20,6 +20,7 @@ backupninja::mysql { all_databases:
sqldump => true
}
include backupninja::client::rdiff_backup
backupninja::rdiff { backup_all:
directory => '/media/backupdisk',
include => ['/var/backups', '/home', '/var/lib/dpkg/status'],
......@@ -35,9 +36,33 @@ A remote rdiff backup handler:
user => "backup-$hostname",
}
If you configure a backupninja::server, it will collect those users and create
them. We have yet to create proper authorized_keys management to make that
process completely automatic.
To manage the installed backup software, using puppet package
management, you can include the backupninja::client::$backupprogram
class (where $backupprogram is one of: rdiff_backup, maildir,
duplicity). This will get the $backupprogram package installed
automatically, you do not need to include this class, if you wish to
manage the package version some other way, for example:
At the moment, not all the backupninja handlers are available, they are relatively
easy to add however.
\ No newline at end of file
include backupninja::client::rdiff_backup
include backupninja::client::maildir
include backupninja::client::duplicity
When this class is included, it will make sure that the correct
version that is associated with puppet's 'installed' (or 'present')
parameter is installed. If you need to specify a specific version of
the rdiff-backup, rsync or duplicity packages, you can do so by
specifying the variables:
$rdiff_backup_ensure_version = "1.2.5-1~bpo40+1"
$rsync_ensure_version = "3.0.6-1~bpo50+1"
$duplicity_ensure_version = "0.6.04-1~bpo50+1"
If you do not specify these variables the default 'installed/present'
version will be installed when you include this class.
If you configure a backupninja::server, it will collect those users
and create them. We have yet to create proper authorized_keys
management to make that process completely automatic.
At the moment, not all the backupninja handlers are available, they
are relatively easy to add however.
\ No newline at end of file
class backupninja::client {
class backupninja::client::defaults {
$configdir = $cfg_override ? {
'' => "/etc/backup.d",
default => $cfg_override,
......@@ -8,7 +8,8 @@ class backupninja::client {
default => $backupkeystore,
}
$real_keytype = $backupkeytype ? {
'' => 'rsa',
'' => 'rsa',
false => 'rsa',
default => $backupkeytype,
}
$real_keydestination = $keydestination ? {
......@@ -37,6 +38,9 @@ class backupninja::client {
file { $configdir:
ensure => directory
}
}
class backupninja::client inherits backupninja::client::defaults {
define key(
$user = false, $host = false, $installkey=false, $keyowner=false,
$keygroup=false, $keystore=false, $keytype=false)
......@@ -50,40 +54,77 @@ class backupninja::client {
default => $host
}
$install_key = $installkey ? {
false => "${backupninja::client::real_keymanage}",
false => "${backupninja::client::defaults::real_keymanage}",
default => $installkey,
}
$key_owner = $keyowner ? {
false => "${backupninja::client::real_keyowner}",
false => "${backupninja::client::defaults::real_keyowner}",
default => $keyowner,
}
$key_group = $keygroup ? {
false => "${backupninja::client::real_keygroup}",
false => "${backupninja::client::defaults::real_keygroup}",
default => $keygroup,
}
$key_store = $keystore ? {
false => "${backupninja::client::real_keystore}",
false => "${backupninja::client::defaults::real_keystore}",
default => $keystore,
}
$key_type = $keytype ? {
false => "${backupninja::client::real_keytype}",
'' => "${backupninja::client::defaults::real_keytype}",
false => "${backupninja::client::defaults::real_keytype}",
default => $keytype,
}
$key_dest = "${backupninja::client::defaults::real_keydestination}"
$key_dest_file = "$key_dest/id_$key_type"
case $install_key {
true: {
file { "${backupninja::client::real_keydestination}":
ensure => directory,
mode => 0700, owner => $key_owner, group => $key_group,
if !defined(File["$key_dest"]) {
file { "$key_dest":
ensure => directory,
mode => 0700, owner => $key_owner, group => $key_group,
}
}
file { "${backupninja::client::real_keydestination}/id_${key_type}":
source => "${key_store}/${real_user}_id_${key_type}",
mode => 0400, owner => $key_owner, group => $key_group,
require => File["${backupninja::client::real_keydestination}"],
if !defined(File["$key_dest_file"]) {
file { "$key_dest_file":
source => "${key_store}/${real_user}_id_${key_type}",
mode => 0400, owner => $key_owner, group => $key_group,
require => File["$key_dest"],
}
}
}
}
}
}
class backupninja::client::maildir inherits backupninja::client::defaults {
if !defined(Package["rsync"]) {
if $rsync_ensure_version == '' { $rsync_ensure_version = 'installed' }
package { 'rsync':
ensure => $rsync_ensure_version,
}
}
}
class backupninja::client::rdiff_backup inherits backupninja::client::defaults {
if !defined(Package["rdiff-backup"]) {
if $rdiff_backup_ensure_version == '' { $rdiff_backup_ensure_version = 'installed' }
package { 'rdiff-backup':
ensure => $rdiff_backup_ensure_version,
}
}
}
class backupninja::client::duplicity inherits backupninja::client::defaults {
if !defined(Package["duplicity"]) {
if $duplicity_ensure_version == '' { $duplicity_ensure_version = 'installed' }
package { 'duplicity':
ensure => $duplicity_ensure_version,
}
}
}
......@@ -3,7 +3,7 @@
# write them to the config file as-is.
#
define backupninja::config(
$configfile = '/etc/backupninja.conf', $loglvl = 4, $when = '01:00',
$configfile = '/etc/backupninja.conf', $loglvl = 4, $when = 'everyday at 01:00',
$reportemail = 'root', $reportsuccess = false, $reportwarning = true,
$reporthost = $reporthost, $reportuser = $reportuser,
$reportdirectory = $reportdirectory,
......
# Run duplicity-backup as part of a backupninja run.
#
# Valid attributes for this type are:
#
# order:
#
# The prefix to give to the handler config filename, to set order in
# which the actions are executed during the backup run.
#
# ensure:
#
# Allows you to delete an entry if you don't want it any more (but be
# sure to keep the configdir, name, and order the same, so that we can
# find the correct file to remove).
#
# options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey,
# password, include, exclude, vsinclude, incremental, keep, bandwithlimit,
# sshoptions, destdir, desthost, desuser:
#
# As defined in the backupninja documentation. The options will be
# placed in the correct sections automatically. The include and
# exclude options should be given as arrays if you want to specify
# multiple directories.
#
# directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser,
# installkey, backuptag:
#
# Options for the bakupninja::server::sandbox define, check that
# definition for more info.
#
# Some notes about this handler:
#
# - When specifying a password, be sure to enclose it in single quotes,
# this is particularly important if you have any special characters, such
# as a $ which puppet will attempt to interpret resulting in a different
# password placed in the file than you expect!
# - There's no support for a 'local' type in backupninja's duplicity
# handler on version 0.9.6-4, which is the version available in stable and
# testing debian repositories by the time of this writing.
define backupninja::duplicity( $order = 90,
$ensure = present,
# options to the config file
$options = false,
$nicelevel = false,
$testconnect = false,
$tmpdir = false,
# [gpg]
$sign = false,
$encryptkey = false,
$signkey = false,
$password = false,
# [source]
$include = [ "/var/spool/cron/crontabs",
"/var/backups",
"/etc",
"/root",
"/home",
"/usr/local/*bin",
"/var/lib/dpkg/status*" ],
$exclude = [ "/home/*/.gnupg",
"/home/*/.local/share/Trash",
"/home/*/.Trash",
"/home/*/.thumbnails",
"/home/*/.beagle",
"/home/*/.aMule",
"/home/*/.gnupg",
"/home/*/.gpg",
"/home/*/.ssh",
"/home/*/gtk-gnutella-downloads",
"/etc/ssh/*" ],
$vsinclude = false,
# [dest]
$incremental = "yes",
$keep = false,
$bandwithlimit = false,
$sshoptions = false,
$destdir = false,
$desthost = false,
$destuser = false,
# configs to backupninja client
$backupkeystore = false,
$backupkeytype = "rsa",
# options to backupninja server sandbox
$ssh_dir_manage = true,
$ssh_dir = false,
$authorized_keys_file = false,
$installuser = true,
$backuptag = false,
# key options
$installkey = true ) {
# the client with configs for this machine
include backupninja::client::defaults
case $desthost { false: { err("need to define a destination host for remote backups!") } }
case $destdir { false: { err("need to define a destination directory for remote backups!") } }
case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } }
# guarantees there's a configured backup space for this backup
backupninja::server::sandbox { "${user}-${name}":
user => $destuser,
host => $desthost,
dir => $destdir,
manage_ssh_dir => $ssh_dir_manage,
ssh_dir => $ssh_dir,
authorized_keys_file => $authorized_keys_file,
installuser => $installuser,
backuptag => $backuptag,
backupkeys => $backupkeystore,
keytype => $backupkeytype,
}
# the client's ssh key
backupninja::client::key { "${destuser}-${name}":
user => $destuser,
host => $desthost,
installkey => $installkey,
keytype => $backupkeytype,
keystore => $backupkeystore,
}
# the backupninja rule for this duplicity backup
file { "${backupninja::client::defaults::configdir}/${order}_${name}.dup":
ensure => $ensure,
content => template('backupninja/dup.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::defaults::configdir}"]
}
}
import "*.pp"
import "client.pp"
import "config.pp"
import "dup.pp"
import "labelmount.pp"
import "maildir.pp"
import "mysql.pp"
import "rdiff.pp"
import "server.pp"
import "sh.pp"
import "svn.pp"
import "sys.pp"
class backupninja {
}
......@@ -23,23 +23,23 @@ define backupninja::labelmount($order = 10,
$label,
$dest
) {
include backupninja::client
file { "${backupninja::client::configdir}/${order}_${name}.labelmount":
include backupninja::client::defaults
file { "${backupninja::client::defaults::configdir}/${order}_${name}.labelmount":
ensure => $ensure,
content => template('backupninja/labelmount.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
file { "${backupninja::client::configdir}/99_${name}.umount":
file { "${backupninja::client::defaults::configdir}/99_${name}.umount":
ensure => $ensure,
content => template('backupninja/umount.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
# Copy over the handler scripts themselves, since they're not in the
......
......@@ -22,7 +22,7 @@ define backupninja::maildir(
$remove = false, $multiconnection = yes, $keepdaily='4', $keepweekly='2',
$keepmonthly='2')
{
include backupninja::client
include backupninja::client::defaults
case $srcdir { false: { err("need to define a source directory to backup!") } }
case $destdir { false: { err("need to define a destination directory to backup!") } }
......@@ -30,13 +30,13 @@ define backupninja::maildir(
case $destuser { false: { err("need to define a destination user for backups!") } }
case $destid_file { false: { err("need to define a ssh key id file to use!") } }
file { "${backupninja::client::configdir}/${order}_${name}.maildir":
file { "${backupninja::client::defaults::configdir}/${order}_${name}.maildir":
ensure => $ensure,
content => template('backupninja/maildir.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
package { rsync: ensure => installed }
}
......@@ -26,13 +26,13 @@ define backupninja::mysql(
default => $configfile,
}
include backupninja::client
file { "${backupninja::client::configdir}/${order}_${name}.mysql":
include backupninja::client::defaults
file { "${backupninja::client::defaults::configdir}/${order}_${name}.mysql":
ensure => $ensure,
content => template('backupninja/mysql.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
}
......@@ -25,7 +25,7 @@ define backupninja::rdiff(
"/home", "/usr/local/*bin", "/var/lib/dpkg/status*" ],
$vsinclude = false, $keep = 30, $sshoptions = false, $options = '--force', $ssh_dir_manage = true,
$ssh_dir = false, $authorized_keys_file = false, $installuser = true, $installkey = true, $key = false,
$backuptag = false, $extras = false)
$backuptag = false, $home = false, $backupkeytype = "rsa", $backupkeystore = false, $extras = false)
{
$real_backuptag = $backuptag ? {
false => "backupninja-$host",
......@@ -33,33 +33,41 @@ define backupninja::rdiff(
}
$directory = "$home/rdiff-backup/"
include backupninja::client
include backupninja::client::defaults
case $type {
'remote': {
case $host { false: { err("need to define a host for remote backups!") } }
$real_home = $home ? {
false => $directory,
default => $home,
}
backupninja::server::sandbox
{
"${user}-${name}": user => $user, host => $fqdn, dir => $home,
manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, key => $key,
authorized_keys_file => $authorized_keys_file, installuser => $installuser,
backuptag => $real_backuptag
backuptag => $real_backuptag, keytype => $backupkeytype, backupkeys => $backupkeystore,
}
backupninja::client::key
{
"${user}-${name}": user => $user, host => $host,
installkey => $installkey
installkey => $installkey,
keytype => $backupkeytype,
keystore => $backupkeystore,
}
}
}
file { "${backupninja::client::configdir}/${order}_${name}.rdiff":
file { "${backupninja::client::defaults::configdir}/${order}_${name}.rdiff":
ensure => $ensure,
content => template('backupninja/rdiff.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
include backupninja::rdiff-installed
}
......
......@@ -48,7 +48,7 @@ class backupninja::server {
# get created on the server
define sandbox(
$user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true,
$ssh_dir = false, $authorized_keys_file = false, $key = false, $key_type = 'ssh-dss', $backupkeys = false, $uid = false,
$ssh_dir = false, $authorized_keys_file = false, $key = false, $keytype = 'dss', $backupkeys = false, $uid = false,
$gid = "backupninjas", $backuptag = false)
{
......@@ -78,38 +78,44 @@ class backupninja::server {
default => $authorized_keys_file,
}
$real_backuptag = $backuptag ? {
false => "backupninja-$fqdn",
false => "backupninja-$real_host",
default => $backuptag,
}
# configure a passive service check for backups
nagios2::passive_service { "backups-$real_host": nagios2_host_name => $real_host, nagios2_description => 'backups', servicegroups => "backups" }
@@file { "$real_dir":
ensure => directory,
mode => 0750, owner => $real_user, group => 0,
tag => "$real_backuptag",
if !defined(File["$real_dir"]) {
@@file { "$real_dir":
ensure => directory,
mode => 0750, owner => $real_user, group => 0,
tag => "$real_backuptag",
}
}
case $installuser {
true: {
case $manage_ssh_dir {
true: {
@@file { "${real_ssh_dir}":
ensure => directory,
mode => 0700, owner => $real_user, group => 0,
require => [User[$real_user], File["$real_dir"]],
tag => "$real_backuptag",
if !defined(File["$real_ssh_dir"]) {
@@file { "${real_ssh_dir}":
ensure => directory,
mode => 0700, owner => $real_user, group => 0,
require => [User[$real_user], File["$real_dir"]],
tag => "$real_backuptag",
}
}
}
}
case $key {
false: {
@@file { "${real_ssh_dir}/${real_authorized_keys_file}":
ensure => present,
mode => 0644, owner => 0, group => 0,
source => "$real_backupkeys/${real_user}_id_rsa.pub",
require => File["${real_ssh_dir}"],
tag => "$real_backuptag",
if !defined(File["${real_ssh_dir}/${real_authorized_keys_file}"]) {
@@file { "${real_ssh_dir}/${real_authorized_keys_file}":
ensure => present,
mode => 0644, owner => 0, group => 0,
source => "$real_backupkeys/${real_user}_id_${keytype}.pub",
require => File["${real_ssh_dir}"],
tag => "$real_backuptag",
}
}
}
default: {
......@@ -125,30 +131,34 @@ class backupninja::server {
}
case $uid {
false: {
@@user { "$real_user":
ensure => "present",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
if !defined(User["$real_user"]) {
@@user { "$real_user":
ensure => "present",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
}
}
}
default: {
@@user { "$real_user":
ensure => "present",
uid => "$uid",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
if !defined(User["$real_user"]) {
@@user { "$real_user":
ensure => "present",
uid => "$uid",
gid => "$gid",
comment => "$name backup sandbox",
home => "$real_dir",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$real_backuptag"
}
}
}
}
......
......@@ -14,13 +14,13 @@ define backupninja::sh($order = 50,
$ensure = present,
$command_string
) {
include backupninja::client
file { "${backupninja::client::configdir}/${order}_${name}.sh":
include backupninja::client::defaults
file { "${backupninja::client::defaults::configdir}/${order}_${name}.sh":
ensure => $ensure,
content => template('backupninja/sh.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
}
......@@ -17,13 +17,13 @@ define backupninja::svn($order = 20,
$tmp = '/var/backups/svn.tmp',
$vsname = false
) {
include backupninja::client
file { "${backupninja::client::configdir}/${order}_${name}.svn":
include backupninja::client::defaults
file { "${backupninja::client::defaults::configdir}/${order}_${name}.svn":
ensure => $ensure,
content => template('backupninja/svn.conf.erb'),
owner => root,
group => root,
mode => 0600,
require => File["${backupninja::client::configdir}"]
require => File["${backupninja::client::defaults::configdir}"]
}
}
......@@ -22,13 +22,13 @@ define backupninja::sys($order = 30,
$hardwarefile = '/var/backups/hardware.txt',
$dohwinfo = yes
) {
include backupninja::client
file { "${backupninja::client::configdir}/${order}_${name}.sys":
include backupninja::client::defaults
file { "${backupninja::client::defaults::configdir}/${order}_${name}.sys":
ensure => $ensure,
<