diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2014-08-20 11:32:52 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2014-08-20 11:32:52 -0300 |
| commit | 9afb297ee9ea87061b83fa17d4195946443ed80e (patch) | |
| tree | f3e928eb3bdc4ee272deb709a7f6c9d86c0f990a /manifests/init.pp | |
| parent | 3bc1d3326b743b11687d78555dca4c9cfa204f52 (diff) | |
| download | puppet-backup-9afb297ee9ea87061b83fa17d4195946443ed80e.tar.gz puppet-backup-9afb297ee9ea87061b83fa17d4195946443ed80e.tar.bz2 | |
Changes for autoloading
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 133 |
1 files changed, 1 insertions, 132 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index a039ae4..4ae4971 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,22 +20,6 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# backup folder -$backupdir = "/var/backups" -$backupdir_remote = "$backupdir/remote" -$backupdir_ensure = hiera('backup::dir::ensure', 'directory') - -# for data that's going to be encrypted and signed -$backup_include_unencrypted = [ "/etc", "/var", "/home", ] -$backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ] - -# for data that were previously encrypted and signed -$backup_include_encrypted = [ "$backupdir/duplicity", ] -$backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] - -# ensure the latest backup version -$backupninja_ensure_version = 'latest' - class backup( $when = hiera('backup::when', 'everyday at 01:00'), $audit_rsync = hiera('backup::audit_rsync', True), @@ -64,7 +48,7 @@ class backup( reportwarning => $reportwarning, } - file { "$backupdir_remote": + file { "${backup::params::backupdir_remote}": ensure => directory, owner => root, group => root, @@ -191,119 +175,4 @@ class backup( ensure => '/usr/local/sbin/mount-media', require => File['/usr/local/sbin/mount-media'], } - - # default backupninja::rdiff configuration - define rdiff($port = '22', $ensure = present) { - backupninja::rdiff { "rdiff-$title.$domain": - ensure => $ensure, - options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", - # [source] - keep => "10", - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - type => "remote", - host => "$title.$domain", - home => "$backupdir/remote/$fqdn", - subfolder => "rdiff", - user => "$hostname", - sshoptions => "-p $port", - installkey => false, - backupkeytype => "rsa", - backupkeystore => "puppet:///pubkeys", - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - define rsync($port = '22', - $ensure = present, - $bandwidthlimit = false, - $use_domain = $::domain, - $use_fqdn = $::fqdn) { - backupninja::rsync { "rsync-$title.$use_domain": - # [general] - ensure => $ensure, - installkey => false, - home => "$backupdir/remote/$use_fqdn", - backupdir => "$backupdir/remote/$use_fqdn/rsync", - backupkeytype => "rsa", - id_file => "/root/.ssh/id_rsa", - backupkeystore => "puppet:///pubkeys", - keepdaily => '4', - keepweekly => '2', - keepmonthly => '2', - format => 'long', - log => "/var/log/backup/rsync-$title.$use_domain.log", - lockfile => "/var/lock/rsync-$title.$use_domain.lock", - # [source] - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - user => "$hostname", - host => "$title.$use_domain", - port => $port, - bandwidthlimit => $bandwidthlimit, - compress => '1', - testconnect => 'yes', - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - # local backups using duplicity - define duplicity($encryptkey = false, - $password = false, - $order = 50, - $ensure = present, - $full_if_older_than = "1M", - $remove_older_than = "45D", - $remove_all_but_n_full = "1", - $periodic_check = absent, - $directory = "${backupdir}/duplicity") { - - case $encryptkey { false: { err("need to define a key!") } } - case $password { false: { err("need to define password!") } } - - include backupninja::client - - # backup dest folder - file { "$backupdir/duplicity": - ensure => directory, - owner => "root", - group => "root", - } - - # the backupninja rule for this duplicity backup - file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": - ensure => $ensure, - content => template('backup/dup.conf.erb'), - owner => root, - group => root, - mode => 0600, - require => File["${backupninja::client::defaults::configdir}"], - } - - # check duplicity backups once a week - cron { "duplicity_check-$title.$domain": - command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", - user => root, - hour => "0", - minute => "0", - weekday => "0", - ensure => $periodic_check, - } - } } |