server.pp 4.22 KB
Newer Older
1
# this define realizes all needed resources for a hosted backup
2 3 4 5 6 7
define backupninja_server_realize($host) {
  User               <<| tag == "backupninja-$host" |>>
  File               <<| tag == "backupninja-$host" |>>
  Ssh_authorized_key <<| tag == "backupninja-$host" |>>
}

8 9 10
class backupninja::server (
  $backupdir = '/backup',
  $backupdir_ensure = 'directory',
11
  $manage_nagios = false,
12 13 14
  $nagios_server = undef,
  $nagios_warn_level = 129600,
  $nagios_crit_level = 216000,
15
) {
16

17 18
  group { "backupninjas":
    ensure => "present",
Pietro's avatar
Pietro committed
19
    gid => 700
20
  }
21
  
22 23
  file { $backupdir:
    ensure => $backupdir_ensure,
24
    mode => 0710, owner => root, group => "backupninjas",
25
    require => $backupdir_ensure ? {
26
      'directory' => undef,
27
      default     => File["$backupdir_ensure"],
28
    }
29
  }
30

31
  if $manage_nagios {
32

33
    case $nagios_server { undef: { err('Cannot manage nagios without nagios_server parameter!') } }
34

35
    include nagios::nsca::client
36
    
37 38
    file { "/usr/local/bin/checkbackups":
      ensure => "present",
39
      source => "puppet:///modules/backupninja/checkbackups.pl",
40 41 42
      mode => 0755, owner => root, group => root,
    }

43
    cron { checkbackups:
44
      command => "/usr/local/bin/checkbackups -d ${backupdir} -s ${nagios_server} -w ${nagios_warn_level} -c ${nagios_crit_level} | grep -v 'sent to host successfully'",
45 46 47 48 49
      user => "root",
      hour => "8-23",
      minute => 59,
      require => [ File["/usr/local/bin/checkbackups"], Package['nsca'] ]
    }
50 51
  }

52
  # collect all resources from hosted backups
53
  Backupninja_server_realize <<| tag == $::fqdn |>>
54

55 56
  # this define allows nodes to declare a remote backup sandbox, that have to
  # get created on the server
Jerome Charaoui's avatar
Jerome Charaoui committed
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
  define sandbox (
    $user = $name,
    $host = $::fqdn,
    $installuser = true,
    $dir,
    $manage_ssh_dir = true,
    $ssh_dir = "${dir}/.ssh",
    $authorized_keys_file = 'authorized_keys',
    $key = false,
    $keytype = 'dss',
    $backupkeys = "${fileserver}/keys/backupkeys",
    $uid = false,
    $gid = "backupninjas",
    $backuptag = "backupninja-${::fqdn}",
    $nagios_description = 'backups'
  ) {
73

74
    if $backupninja::manage_nagios {
75
      # configure a passive service check for backups
76
      nagios::service::passive { $nagios_description: }
77 78
    }
    
79 80 81 82
    if !defined(Backupninja_server_realize["${::fqdn}@${host}"]) {
      @@backupninja_server_realize { "${::fqdn}@${host}":
        host => $::fqdn,
        tag  => $host,
83
      }
84 85
    }

86 87 88 89 90 91 92
    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode => 0750, owner => $user, group => 0,
        tag => "$backuptag",
      }
    }
93

Jerome Charaoui's avatar
Jerome Charaoui committed
94 95 96 97 98 99 100 101 102
    if $installuser {

       if $manage_ssh_dir {
        if !defined(File["$ssh_dir"]) {
          @@file { "${ssh_dir}":
            ensure => directory,
            mode => 0700, owner => $user, group => 0,
            require => [User[$user], File["$dir"]],
            tag => "$backuptag",
103
          }
Jerome Charaoui's avatar
Jerome Charaoui committed
104 105 106 107 108 109 110 111 112 113 114 115 116
         }
       } 

      if $key {
        # $key contais ssh public key
        if !defined(Ssh_autorized_key["$user"]) {
          @@ssh_authorized_key{ "$user":
            type    => $keytype,
            key     => $key,
            user    => $user,
            target  => "${ssh_dir}/${authorized_keys_file}",
            tag     => "$backuptag",
            require => User[$user],
117
          }
118
        }
119
      }
Jerome Charaoui's avatar
Jerome Charaoui committed
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149
      else {
        # get ssh public key exists from server
        if !defined(File["${ssh_dir}/${authorized_keys_file}"]) {
          @@file { "${ssh_dir}/${authorized_keys_file}":
            ensure => present,
            mode => 0644, owner => 0, group => 0,
            source => "${backupkeys}/${user}_id_${keytype}.pub",
            require => File["${ssh_dir}"],
            tag => "$backuptag",
          }
        }
      }
      
      if !defined(User["$user"]) {
        @@user { "$user":
          ensure   => "present",
          uid      => $uid ? {
              false   => undef,
              default => $uid
          },
          gid      => "$gid",
          comment  => "$user backup sandbox",
          home     => "$dir",
          managehome => true,
          shell    => "/bin/bash",
          password => '*',
          require  => Group['backupninjas'],
          tag      => "$backuptag"
        }
      }
150
    }
151
  }
152
}
Micah Anderson's avatar
Micah Anderson committed
153