aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/duplicity.pp48
-rw-r--r--manifests/init.pp133
-rw-r--r--manifests/params.pp17
-rw-r--r--manifests/rdiff.pp32
-rw-r--r--manifests/rsync.pp42
-rw-r--r--templates/dup.conf.erb4
-rw-r--r--templates/rdiff-check.sh.erb8
-rw-r--r--templates/rsync-check.sh.erb12
8 files changed, 152 insertions, 144 deletions
diff --git a/manifests/duplicity.pp b/manifests/duplicity.pp
new file mode 100644
index 0000000..115efb1
--- /dev/null
+++ b/manifests/duplicity.pp
@@ -0,0 +1,48 @@
+# local backups using duplicity
+define backup::duplicity(
+ $encryptkey = false,
+ $password = false,
+ $order = 50,
+ $ensure = present,
+ $full_if_older_than = "1M",
+ $remove_older_than = "45D",
+ $remove_all_but_n_full = "1",
+ $periodic_check = absent,
+ $directory = "${backup::params::backupdir}/duplicity"
+) {
+
+ case $encryptkey { false: { err("need to define a key!") } }
+ case $password { false: { err("need to define password!") } }
+
+ $exclude_unencrypted = $backup::params::backup_exclude_unencrypted
+ $include_unencrypted = $backup::params::backup_include_unencrypted
+
+ include backupninja::client
+
+ # backup dest folder
+ file { "${backup::params::backupdir}/duplicity":
+ ensure => directory,
+ owner => "root",
+ group => "root",
+ }
+
+ # the backupninja rule for this duplicity backup
+ file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh":
+ ensure => $ensure,
+ content => template('backup/dup.conf.erb'),
+ owner => root,
+ group => root,
+ mode => 0600,
+ require => File["${backupninja::client::defaults::configdir}"],
+ }
+
+ # check duplicity backups once a week
+ cron { "duplicity_check-$title.$domain":
+ command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check",
+ user => root,
+ hour => "0",
+ minute => "0",
+ weekday => "0",
+ ensure => $periodic_check,
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index a039ae4..4ae4971 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -20,22 +20,6 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-# backup folder
-$backupdir = "/var/backups"
-$backupdir_remote = "$backupdir/remote"
-$backupdir_ensure = hiera('backup::dir::ensure', 'directory')
-
-# for data that's going to be encrypted and signed
-$backup_include_unencrypted = [ "/etc", "/var", "/home", ]
-$backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ]
-
-# for data that were previously encrypted and signed
-$backup_include_encrypted = [ "$backupdir/duplicity", ]
-$backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ]
-
-# ensure the latest backup version
-$backupninja_ensure_version = 'latest'
-
class backup(
$when = hiera('backup::when', 'everyday at 01:00'),
$audit_rsync = hiera('backup::audit_rsync', True),
@@ -64,7 +48,7 @@ class backup(
reportwarning => $reportwarning,
}
- file { "$backupdir_remote":
+ file { "${backup::params::backupdir_remote}":
ensure => directory,
owner => root,
group => root,
@@ -191,119 +175,4 @@ class backup(
ensure => '/usr/local/sbin/mount-media',
require => File['/usr/local/sbin/mount-media'],
}
-
- # default backupninja::rdiff configuration
- define rdiff($port = '22', $ensure = present) {
- backupninja::rdiff { "rdiff-$title.$domain":
- ensure => $ensure,
- options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'",
- # [source]
- keep => "10",
- include => $backup_include_encrypted,
- exclude => $backup_exclude_encrypted,
- # [dest]
- type => "remote",
- host => "$title.$domain",
- home => "$backupdir/remote/$fqdn",
- subfolder => "rdiff",
- user => "$hostname",
- sshoptions => "-p $port",
- installkey => false,
- backupkeytype => "rsa",
- backupkeystore => "puppet:///pubkeys",
- }
-
- if !defined(Ssh_local_key["$hostname"]) {
- ssh_local_key { "$hostname":
- owner => root,
- group => root,
- home => '/root',
- }
- }
- }
-
- define rsync($port = '22',
- $ensure = present,
- $bandwidthlimit = false,
- $use_domain = $::domain,
- $use_fqdn = $::fqdn) {
- backupninja::rsync { "rsync-$title.$use_domain":
- # [general]
- ensure => $ensure,
- installkey => false,
- home => "$backupdir/remote/$use_fqdn",
- backupdir => "$backupdir/remote/$use_fqdn/rsync",
- backupkeytype => "rsa",
- id_file => "/root/.ssh/id_rsa",
- backupkeystore => "puppet:///pubkeys",
- keepdaily => '4',
- keepweekly => '2',
- keepmonthly => '2',
- format => 'long',
- log => "/var/log/backup/rsync-$title.$use_domain.log",
- lockfile => "/var/lock/rsync-$title.$use_domain.lock",
- # [source]
- include => $backup_include_encrypted,
- exclude => $backup_exclude_encrypted,
- # [dest]
- user => "$hostname",
- host => "$title.$use_domain",
- port => $port,
- bandwidthlimit => $bandwidthlimit,
- compress => '1',
- testconnect => 'yes',
- }
-
- if !defined(Ssh_local_key["$hostname"]) {
- ssh_local_key { "$hostname":
- owner => root,
- group => root,
- home => '/root',
- }
- }
- }
-
- # local backups using duplicity
- define duplicity($encryptkey = false,
- $password = false,
- $order = 50,
- $ensure = present,
- $full_if_older_than = "1M",
- $remove_older_than = "45D",
- $remove_all_but_n_full = "1",
- $periodic_check = absent,
- $directory = "${backupdir}/duplicity") {
-
- case $encryptkey { false: { err("need to define a key!") } }
- case $password { false: { err("need to define password!") } }
-
- include backupninja::client
-
- # backup dest folder
- file { "$backupdir/duplicity":
- ensure => directory,
- owner => "root",
- group => "root",
- }
-
- # the backupninja rule for this duplicity backup
- file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh":
- ensure => $ensure,
- content => template('backup/dup.conf.erb'),
- owner => root,
- group => root,
- mode => 0600,
- require => File["${backupninja::client::defaults::configdir}"],
- }
-
- # check duplicity backups once a week
- cron { "duplicity_check-$title.$domain":
- command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check",
- user => root,
- hour => "0",
- minute => "0",
- weekday => "0",
- ensure => $periodic_check,
- }
- }
}
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..dedb033
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,17 @@
+class backup::params {
+ # backup folder
+ $backupdir = "/var/backups"
+ $backupdir_remote = "$backupdir/remote"
+ $backupdir_ensure = hiera('backup::dir::ensure', 'directory')
+
+ # for data that's going to be encrypted and signed
+ $backup_include_unencrypted = [ "/etc", "/var", "/home", ]
+ $backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ]
+
+ # for data that were previously encrypted and signed
+ $backup_include_encrypted = [ "$backupdir/duplicity", ]
+ $backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ]
+
+ # ensure the latest backup version
+ $backupninja_ensure_version = 'latest'
+}
diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp
new file mode 100644
index 0000000..1870cf8
--- /dev/null
+++ b/manifests/rdiff.pp
@@ -0,0 +1,32 @@
+# default backupninja::rdiff configuration
+define backup::rdiff(
+ $port = '22',
+ $ensure = present
+) {
+ backupninja::rdiff { "rdiff-$title.$domain":
+ ensure => $ensure,
+ options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'",
+ # [source]
+ keep => "10",
+ include => $backup::params::backup_include_encrypted,
+ exclude => $backup::params::backup_exclude_encrypted,
+ # [dest]
+ type => "remote",
+ host => "$title.$domain",
+ home => "${backup::params::backupdir}/remote/$fqdn",
+ subfolder => "rdiff",
+ user => "$hostname",
+ sshoptions => "-p $port",
+ installkey => false,
+ backupkeytype => "rsa",
+ backupkeystore => "puppet:///pubkeys",
+ }
+
+ if !defined(Ssh_local_key["$hostname"]) {
+ ssh_local_key { "$hostname":
+ owner => root,
+ group => root,
+ home => '/root',
+ }
+ }
+}
diff --git a/manifests/rsync.pp b/manifests/rsync.pp
new file mode 100644
index 0000000..1e9513e
--- /dev/null
+++ b/manifests/rsync.pp
@@ -0,0 +1,42 @@
+define backup::rsync(
+ $port = '22',
+ $ensure = present,
+ $bandwidthlimit = false,
+ $use_domain = $::domain,
+ $use_fqdn = $::fqdn
+) {
+ backupninja::rsync { "rsync-$title.$use_domain":
+ # [general]
+ ensure => $ensure,
+ installkey => false,
+ home => "${backup::params::backupdir}/remote/$use_fqdn",
+ backupdir => "${backup::params::backupdir}/remote/$use_fqdn/rsync",
+ backupkeytype => "rsa",
+ id_file => "/root/.ssh/id_rsa",
+ backupkeystore => "puppet:///pubkeys",
+ keepdaily => '4',
+ keepweekly => '2',
+ keepmonthly => '2',
+ format => 'long',
+ log => "/var/log/backup/rsync-$title.$use_domain.log",
+ lockfile => "/var/lock/rsync-$title.$use_domain.lock",
+ # [source]
+ include => $backup::params::backup_include_encrypted,
+ exclude => $backup::params::backup_exclude_encrypted,
+ # [dest]
+ user => "$hostname",
+ host => "$title.$use_domain",
+ port => $port,
+ bandwidthlimit => $bandwidthlimit,
+ compress => '1',
+ testconnect => 'yes',
+ }
+
+ if !defined(Ssh_local_key["$hostname"]) {
+ ssh_local_key { "$hostname":
+ owner => root,
+ group => root,
+ home => '/root',
+ }
+ }
+}
diff --git a/templates/dup.conf.erb b/templates/dup.conf.erb
index ea5dccf..03c9342 100644
--- a/templates/dup.conf.erb
+++ b/templates/dup.conf.erb
@@ -13,10 +13,10 @@ REMOVE_OLDER_THAN="<%= remove_older_than %>"
REMOVE_ALL_BUT_N_FULL="<%= remove_all_but_n_full %>"
ENCRYPT_KEY="<%= encryptkey %>"
SIGN_KEY="<%= encryptkey %>"
-<% backup_exclude_unencrypted.each do |del| -%>
+<% exclude_unencrypted.each do |del| -%>
EXCLUDE="$EXCLUDE --exclude <%= del %>"
<% end -%>
-<% backup_include_unencrypted.each do |add| -%>
+<% include_unencrypted.each do |add| -%>
INCLUDE="$INCLUDE --include <%= add %>"
<% end -%>
diff --git a/templates/rdiff-check.sh.erb b/templates/rdiff-check.sh.erb
index 947370c..ebd77f7 100644
--- a/templates/rdiff-check.sh.erb
+++ b/templates/rdiff-check.sh.erb
@@ -3,7 +3,7 @@
# Check rdiff backup sets.
#
-BACKUP_FOLDER="<%= backupdir_remote %>"
+BACKUP_FOLDER="<%= scope.lookupvar('backup::params::backupdir_remote') %>"
if [ -e "$BACKUP_FOLDER" ]; then
cwd="`pwd`"
@@ -17,12 +17,12 @@ if [ -e "$BACKUP_FOLDER" ]; then
rdiff-backup --list-increment-sizes $set;
- if [ -d "$set/<%= backupdir %>/duplicity" ] && [ "$1" != "--short" ]; then
+ if [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ] && [ "$1" != "--short" ]; then
echo " "
- echo "Checking duplicity backup found at $set/<%= backupdir %>/duplicity..."
+ echo "Checking duplicity backup found at $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity..."
echo "======================================================"
echo " "
- duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= backupdir %>/duplicity
+ duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity
fi
done
diff --git a/templates/rsync-check.sh.erb b/templates/rsync-check.sh.erb
index a33606d..6274238 100644
--- a/templates/rsync-check.sh.erb
+++ b/templates/rsync-check.sh.erb
@@ -3,7 +3,7 @@
# Check rsync backup sets.
#
-BACKUP_FOLDER="<%= backupdir_remote %>"
+BACKUP_FOLDER="<%= scope.lookupvar('backup::params::backupdir_remote') %>"
if [ -e "$BACKUP_FOLDER" ]; then
cwd="`pwd`"
@@ -13,7 +13,7 @@ if [ -e "$BACKUP_FOLDER" ]; then
created="`find $set -name 'created' 2> /dev/null | sort`"
rotated="`find $set -name 'rotated' 2> /dev/null | sort`"
- if [ ! -z "$created" ] || [ -d "$set/<%= backupdir %>/duplicity" ]; then
+ if [ ! -z "$created" ] || [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ]; then
echo " "
echo "Checking backup set $set..."
echo "======================================================"
@@ -38,13 +38,13 @@ if [ -e "$BACKUP_FOLDER" ]; then
fi
# Check duplicity metadata
- if [ -d "$set/<%= backupdir %>/duplicity" ] && [ "$1" != "--short" ]; then
- for duplicity in `ls -1 $set/<%= backupdir %>/duplicity | grep -v metadata | xargs`; do
+ if [ -d "$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity" ] && [ "$1" != "--short" ]; then
+ for duplicity in `ls -1 $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity | grep -v metadata | xargs`; do
echo " "
- echo "Checking duplicity backup found at $set/<%= backupdir %>/duplicity/$duplicity..."
+ echo "Checking duplicity backup found at $set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity/$duplicity..."
echo "======================================================"
echo " "
- duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= backupdir %>/duplicity/$duplicity
+ duplicity collection-status file:///$BACKUP_FOLDER/$set/<%= scope.lookupvar('backup::params::backupdir') %>/duplicity/$duplicity
done
fi
done