duplicity.pp 6.74 KB
Newer Older
drebs's avatar
drebs committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# Run duplicity-backup as part of a backupninja run.
#
# Valid attributes for this type are:
#
#   order:
#
#      The prefix to give to the handler config filename, to set order in
#      which the actions are executed during the backup run.
#
#   ensure:
#
#      Allows you to delete an entry if you don't want it any more (but be
#      sure to keep the configdir, name, and order the same, so that we can
#      find the correct file to remove).
#
#   options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey,
17
#   password, include, exclude, vsinclude, incremental, keep, bandwidthlimit,
drebs's avatar
drebs committed
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
#   sshoptions, destdir, desthost, desuser:
#
#      As defined in the backupninja documentation.  The options will be
#      placed in the correct sections automatically.  The include and
#      exclude options should be given as arrays if you want to specify
#      multiple directories.
#
#   directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser,
#   installkey, backuptag:
#
#      Options for the bakupninja::server::sandbox define, check that
#      definition for more info.
#
# Some notes about this handler:
#
33 34 35 36
#   - When specifying a password, be sure to enclose it in single quotes,
#     this is particularly important if you have any special characters, such
#     as a $ which puppet will attempt to interpret resulting in a different
#     password placed in the file than you expect!
drebs's avatar
drebs committed
37 38 39 40 41 42
#   - There's no support for a 'local' type in backupninja's duplicity
#     handler on version 0.9.6-4, which is the version available in stable and
#     testing debian repositories by the time of this writing.
define backupninja::duplicity( $order  = 90,
                               $ensure = present,
                               # options to the config file
43
                               $options     = false,
44 45 46
                               $nicelevel   = false,
                               $testconnect = false,
                               $tmpdir      = false,
drebs's avatar
drebs committed
47
                               # [gpg]
48
                               $sign       = false,
drebs's avatar
drebs committed
49 50
                               $encryptkey = false,
                               $signkey    = false,
51
                               $password   = false,
drebs's avatar
drebs committed
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
                               # [source]
                               $include = [ "/var/spool/cron/crontabs",
                                            "/var/backups",
                                            "/etc",
                                            "/root",
                                            "/home",
                                            "/usr/local/*bin",
                                            "/var/lib/dpkg/status*" ],
                               $exclude = [ "/home/*/.gnupg",
                                            "/home/*/.local/share/Trash",
                                            "/home/*/.Trash",
                                            "/home/*/.thumbnails",
                                            "/home/*/.beagle",
                                            "/home/*/.aMule",
                                            "/home/*/.gnupg",
                                            "/home/*/.gpg",
                                            "/home/*/.ssh",
69 70
                                            "/home/*/gtk-gnutella-downloads",
                                            "/etc/ssh/*" ],
drebs's avatar
drebs committed
71 72 73
                               $vsinclude = false,
                               # [dest]
                               $incremental   = "yes",
74
                               $increments   = false,
75
                               $keep          = false,
76
                               $keepincroffulls = false,
77
                               $bandwidthlimit = false,
drebs's avatar
drebs committed
78
                               $sshoptions    = false,
79
                               $destdir       = false,
drebs's avatar
drebs committed
80 81
                               $desthost      = false,
                               $destuser      = false,
82
                               $desturl       = false,
83
                               # configs to backupninja client
84 85 86 87 88
                               $backupkeystore       = $backupninja::keystore,
                               $backupkeystorefspath = $backupninja::keystorefspath,
                               $backupkeytype        = $backupninja::keytype,
                               $backupkeydest        = $backupninja::keydest,
                               $backupkeydestname    = $backupninja::keydestname,
89
                               # options to backupninja server sandbox
drebs's avatar
drebs committed
90
                               $ssh_dir_manage       = true,
91 92
                               $ssh_dir              = "${destdir}/.ssh",
                               $authorized_keys_file = 'authorized_keys',
drebs's avatar
drebs committed
93
                               $installuser          = true,
94
                               $backuptag            = "backupninja-${::fqdn}",
drebs's avatar
drebs committed
95
                               # key options
96
                               $createkey            = false,
97
                               $keymanage            = $backupninja::keymanage ) {
98

99
  # install client dependencies
100
  ensure_resource('package', 'duplicity', {'ensure' => $backupninja::ensure_duplicity_version})
101

102 103
  case $desthost { false: { err("need to define a destination host for remote backups!") } }
  case $destdir { false: { err("need to define a destination directory for remote backups!") } }
104
  case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } }
105

drebs's avatar
drebs committed
106 107 108 109 110 111 112 113 114 115
  # guarantees there's a configured backup space for this backup
  backupninja::server::sandbox { "${user}-${name}":
    user                 => $destuser,
    host                 => $desthost,
    dir                  => $destdir,
    manage_ssh_dir       => $ssh_dir_manage,
    ssh_dir              => $ssh_dir,
    authorized_keys_file => $authorized_keys_file,
    installuser          => $installuser,
    backuptag            => $backuptag,
116
    backupkeys           => $backupkeystore,
drebs's avatar
drebs committed
117
    keytype              => $backupkeytype,
drebs's avatar
drebs committed
118
  }
119

drebs's avatar
drebs committed
120
  # the client's ssh key
121
  backupninja::key { "${destuser}-${name}":
122 123
    user           => $destuser,
    createkey      => $createkey,
124
    keymanage      => $keymanage,
125 126 127 128 129
    keytype        => $backupkeytype,
    keystore       => $backupkeystore,
    keystorefspath => $backupkeystorefspath,
    keydest        => $backupkeydest,
    keydestname    => $backupkeydestname
drebs's avatar
drebs committed
130 131 132
  }

  # the backupninja rule for this duplicity backup
133
  file { "${backupninja::configdir}/${order}_${name}.dup":
drebs's avatar
drebs committed
134 135 136 137 138
    ensure  => $ensure,
    content => template('backupninja/dup.conf.erb'),
    owner   => root,
    group   => root,
    mode    => 0600,
139
    require => File["${backupninja::configdir}"]
drebs's avatar
drebs committed
140
  }
141 142 143 144 145

  if $backupninja::manage_nagios {
    nagios::service::passive { $nagios_description: }
  }

drebs's avatar
drebs committed
146
}
147