diff options
-rw-r--r-- | manifests/duplicity.pp | 48 | ||||
-rw-r--r-- | manifests/init.pp | 133 | ||||
-rw-r--r-- | manifests/params.pp | 17 | ||||
-rw-r--r-- | manifests/rdiff.pp | 32 | ||||
-rw-r--r-- | manifests/rsync.pp | 42 | ||||
-rw-r--r-- | templates/dup.conf.erb | 4 | ||||
-rw-r--r-- | templates/rdiff-check.sh.erb | 8 | ||||
-rw-r--r-- | templates/rsync-check.sh.erb | 12 |
8 files changed, 152 insertions, 144 deletions
diff --git a/manifests/duplicity.pp b/manifests/duplicity.pp new file mode 100644 index 0000000..115efb1 --- /dev/null +++ b/manifests/duplicity.pp @@ -0,0 +1,48 @@ +# local backups using duplicity +define backup::duplicity( + $encryptkey = false, + $password = false, + $order = 50, + $ensure = present, + $full_if_older_than = "1M", + $remove_older_than = "45D", + $remove_all_but_n_full = "1", + $periodic_check = absent, + $directory = "${backup::params::backupdir}/duplicity" +) { + + case $encryptkey { false: { err("need to define a key!") } } + case $password { false: { err("need to define password!") } } + + $exclude_unencrypted = $backup::params::backup_exclude_unencrypted + $include_unencrypted = $backup::params::backup_include_unencrypted + + include backupninja::client + + # backup dest folder + file { "${backup::params::backupdir}/duplicity": + ensure => directory, + owner => "root", + group => "root", + } + + # the backupninja rule for this duplicity backup + file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": + ensure => $ensure, + content => template('backup/dup.conf.erb'), + owner => root, + group => root, + mode => 0600, + require => File["${backupninja::client::defaults::configdir}"], + } + + # check duplicity backups once a week + cron { "duplicity_check-$title.$domain": + command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", + user => root, + hour => "0", + minute => "0", + weekday => "0", + ensure => $periodic_check, + } +} diff --git a/manifests/init.pp b/manifests/init.pp index a039ae4..4ae4971 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,22 +20,6 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -# backup folder -$backupdir = "/var/backups" -$backupdir_remote = "$backupdir/remote" -$backupdir_ensure = hiera('backup::dir::ensure', 'directory') - -# for data that's going to be encrypted and signed -$backup_include_unencrypted = [ "/etc", "/var", "/home", ] -$backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ] - -# for data that were previously encrypted and signed -$backup_include_encrypted = [ "$backupdir/duplicity", ] -$backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] - -# ensure the latest backup version -$backupninja_ensure_version = 'latest' - class backup( $when = hiera('backup::when', 'everyday at 01:00'), $audit_rsync = hiera('backup::audit_rsync', True), @@ -64,7 +48,7 @@ class backup( reportwarning => $reportwarning, } - file { "$backupdir_remote": + file { "${backup::params::backupdir_remote}": ensure => directory, owner => root, group => root, @@ -191,119 +175,4 @@ class backup( ensure => '/usr/local/sbin/mount-media', require => File['/usr/local/sbin/mount-media'], } - - # default backupninja::rdiff configuration - define rdiff($port = '22', $ensure = present) { - backupninja::rdiff { "rdiff-$title.$domain": - ensure => $ensure, - options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", - # [source] - keep => "10", - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - type => "remote", - host => "$title.$domain", - home => "$backupdir/remote/$fqdn", - subfolder => "rdiff", - user => "$hostname", - sshoptions => "-p $port", - installkey => false, - backupkeytype => "rsa", - backupkeystore => "puppet:///pubkeys", - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - define rsync($port = '22', - $ensure = present, - $bandwidthlimit = false, - $use_domain = $::domain, - $use_fqdn = $::fqdn) { - backupninja::rsync { "rsync-$title.$use_domain": - # [general] - ensure => $ensure, - installkey => false, - home => "$backupdir/remote/$use_fqdn", - backupdir => "$backupdir/remote/$use_fqdn/rsync", - backupkeytype => "rsa", - id_file => "/root/.ssh/id_rsa", - backupkeystore => "puppet:///pubkeys", - keepdaily => '4', - keepweekly => '2', - keepmonthly => '2', - format => 'long', - log => "/var/log/backup/rsync-$title.$use_domain.log", - lockfile => "/var/lock/rsync-$title.$use_domain.lock", - # [source] - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - user => "$hostname", - host => "$title.$use_domain", - port => $port, - bandwidthlimit => $bandwidthlimit, - compress => '1', - testconnect => 'yes', - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - # local backups using duplicity - define duplicity($encryptkey = false, - $password = false, - $order = 50, - $ensure = present, - $full_if_older_than = "1M", - $remove_older_than = "45D", - $remove_all_but_n_full = "1", - $periodic_check = absent, - $directory = "${backupdir}/duplicity") { - - case $encryptkey { false: { err("need to define a key!") } } - case $password { false: { err("need to define password!") } } - - include backupninja::client - - # backup dest folder - file { "$backupdir/duplicity": - ensure => directory, - owner => "root", - group => "root", - } - - # the backupninja rule for this duplicity backup - file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": - ensure => $ensure, - content => template('backup/dup.conf.erb'), - owner => root, - group => root, - mode => 0600, - require => File["${backupninja::client::defaults::configdir}"], - } - - # check duplicity backups once a week - cron { "duplicity_check-$title.$domain": - command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", - user => root, - hour => "0", - minute => "0", - weekday => "0", - ensure => $periodic_check, - } - } } diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..dedb033 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,17 @@ +class backup::params { + # backup folder + $backupdir = "/var/backups" + $backupdir_remote = "$backupdir/remote" + $backupdir_ensure = hiera('backup::dir::ensure', 'directory') + + # for data that's going to be encrypted and signed + $backup_include_unencrypted = [ "/etc", "/var", "/home", ] + $backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ] + + # for data that were previously encrypted and signed + $backup_include_encrypted = [ "$backupdir/duplicity", ] + $backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] + + # ensure the latest backup version + $backupninja_ensure_version = 'latest' +} diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp new file mode 100644 index 0000000..1870cf8 --- /dev/null +++ b/manifests/rdiff.pp @@ -0,0 +1,32 @@ +# default backupninja::rdiff configuration +define backup::rdiff( + $port = '22', + $ensure = present +) { + backupninja::rdiff { "rdiff-$title.$domain": + ensure => $ensure, + options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", + # [source] + keep => "10", + include => $backup::params::backup_include_encrypted, + exclude => $backup::params::backup_exclude_encrypted, + # [dest] + type => "remote", + host => "$title.$domain", + home => "${backup::params::backupdir}/remote/$fqdn", + subfolder => "rdiff", + user => "$hostname", + sshoptions => "-p $port", + installkey => false, + backupkeytype => "rsa", + backupkeystore => "puppet:///pubkeys", + } + + if !defined(Ssh_local_key["$hostname"]) { + ssh_local_key { "$hostname": + owner => root, + group => root, + home => '/root', + } + } +} diff --git a/manifests/rsync.pp b/manifests/rsync.pp new file mode 100644 index 0000000..1e9513e --- /dev/null +++ b/manifests/rsync.pp @@ -0,0 +1,42 @@ +define backup::rsync( + $port = '22', + $ensure = present, + $bandwidthlimit = false, + $use_domain = $::domain, + $use_fqdn = $::fqdn +) { + backupninja::rsync { "rsync-$title.$use_domain": + # [general] + ensure => $ensure, + installkey => false, + home => "${backup::params::backupdir}/remote/$use_fqdn", + backupdir => "${backup::params::backupdir}/remote/$use_fqdn/rsync", + backupkeytype => "rsa", + id_file => "/root/.ssh/id_rsa", + backupkeystore => "puppet:///pubkeys", + keepdaily => '4', + keepweekly => '2', + keepmonthly => '2', + format => 'long', + log => "/var/log/backup/rsync-$title.$use_domain.log", + lockfile => "/var/lock/rsync-$title.$use_domain.lock", + # [source] + include => $backup::params::backup_include_encrypted, + exclude => $backup::params::backup_exclude_encrypted, + # [dest] + user => "$hostname", + host => "$title.$use_domain", + port => $port, + bandwidthlimit => $bandwidthlimit, + compress => '1', + testconnect => 'yes', + } + + if !defined(Ssh_local_key["$hostname"]) { + ssh_local_key { "$hostname": + owner => root, + group => root, + home => '/root', + } + } +} diff --git a/templates/dup.conf.erb b/templates/dup.conf.erb index ea5dccf..03c9342 100644 --- a/templates/dup.conf.erb +++ b/templates/dup.conf.erb @@ -13,10 +13,10 @@ REMOVE_OLDER_THAN="<%= remove_older_than %>" REMOVE_ALL_BUT_N_FULL="<%= remove_all_but_n_full %>" ENCRYPT_KEY="<%= encryptkey %>" SIGN_KEY="<%= encryptkey %>" -<% backup_exclude_unencrypted.each do |del| -%> +<% exclude_unencrypted.each do |del| -%> EXCLUDE="$EXCLUDE --exclude <%= del %>" <% end -%> -<% backup_include_unencrypted.each do |add| -%> +<% include_unencrypted.each do |add| -%> INCLUDE="$INCLUDE --include <%= add %>" <% end -%> diff --git a/templates/rdiff-check.sh.erb b/templates/rdiff-check.sh.erb index 947370c..ebd77f7 100644 --- a/templates/rdiff-check.sh.erb +++ b/templates/rdiff-check.sh.erb @@ -3,7 +3,7 @@ # Check rdiff backup sets. # -BACKUP_FOLDER="<%= backupdir_remote %>" +BACKUP_FOLDER="<%= scope.lookupvar('backup::params::backupdir_remote') %>" if [ -e "$BACKUP_FOLDER" ]; then cwd="`pwd`" @@ -17,12 +17,12 @@ if [ -e "$BACKUP_FOLDER" ]; then rdiff-backup --list-increment-sizes $set; - if [ -d "$set/<%= backupdir %>/duplicity" ] && [ "$1" != "--short" ]; then + if [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ] && [ "$1" != "--short" ]; then echo " " - echo "Checking duplicity backup found at $set/<%= backupdir %>/duplicity..." + echo "Checking duplicity backup found at $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity..." echo "======================================================" echo " " - duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= backupdir %>/duplicity + duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity fi done diff --git a/templates/rsync-check.sh.erb b/templates/rsync-check.sh.erb index a33606d..6274238 100644 --- a/templates/rsync-check.sh.erb +++ b/templates/rsync-check.sh.erb @@ -3,7 +3,7 @@ # Check rsync backup sets. # -BACKUP_FOLDER="<%= backupdir_remote %>" +BACKUP_FOLDER="<%= scope.lookupvar('backup::params::backupdir_remote') %>" if [ -e "$BACKUP_FOLDER" ]; then cwd="`pwd`" @@ -13,7 +13,7 @@ if [ -e "$BACKUP_FOLDER" ]; then created="`find $set -name 'created' 2> /dev/null | sort`" rotated="`find $set -name 'rotated' 2> /dev/null | sort`" - if [ ! -z "$created" ] || [ -d "$set/<%= backupdir %>/duplicity" ]; then + if [ ! -z "$created" ] || [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ]; then echo " " echo "Checking backup set $set..." echo "======================================================" @@ -38,13 +38,13 @@ if [ -e "$BACKUP_FOLDER" ]; then fi # Check duplicity metadata - if [ -d "$set/<%= backupdir %>/duplicity" ] && [ "$1" != "--short" ]; then - for duplicity in `ls -1 $set/<%= backupdir %>/duplicity | grep -v metadata | xargs`; do + if [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ] && [ "$1" != "--short" ]; then + for duplicity in `ls -1 $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity | grep -v metadata | xargs`; do echo " " - echo "Checking duplicity backup found at $set/<%= backupdir %>/duplicity/$duplicity..." + echo "Checking duplicity backup found at $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity/$duplicity..." echo "======================================================" echo " " - duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= backupdir %>/duplicity/$duplicity + duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity/$duplicity done fi done |