From 9afb297ee9ea87061b83fa17d4195946443ed80e Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Wed, 20 Aug 2014 11:32:52 -0300 Subject: Changes for autoloading --- manifests/duplicity.pp | 48 ++++++++++++++++++ manifests/init.pp | 133 +------------------------------------------------ manifests/params.pp | 17 +++++++ manifests/rdiff.pp | 32 ++++++++++++ manifests/rsync.pp | 42 ++++++++++++++++ 5 files changed, 140 insertions(+), 132 deletions(-) create mode 100644 manifests/duplicity.pp create mode 100644 manifests/params.pp create mode 100644 manifests/rdiff.pp create mode 100644 manifests/rsync.pp (limited to 'manifests') diff --git a/manifests/duplicity.pp b/manifests/duplicity.pp new file mode 100644 index 0000000..115efb1 --- /dev/null +++ b/manifests/duplicity.pp @@ -0,0 +1,48 @@ +# local backups using duplicity +define backup::duplicity( + $encryptkey = false, + $password = false, + $order = 50, + $ensure = present, + $full_if_older_than = "1M", + $remove_older_than = "45D", + $remove_all_but_n_full = "1", + $periodic_check = absent, + $directory = "${backup::params::backupdir}/duplicity" +) { + + case $encryptkey { false: { err("need to define a key!") } } + case $password { false: { err("need to define password!") } } + + $exclude_unencrypted = $backup::params::backup_exclude_unencrypted + $include_unencrypted = $backup::params::backup_include_unencrypted + + include backupninja::client + + # backup dest folder + file { "${backup::params::backupdir}/duplicity": + ensure => directory, + owner => "root", + group => "root", + } + + # the backupninja rule for this duplicity backup + file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": + ensure => $ensure, + content => template('backup/dup.conf.erb'), + owner => root, + group => root, + mode => 0600, + require => File["${backupninja::client::defaults::configdir}"], + } + + # check duplicity backups once a week + cron { "duplicity_check-$title.$domain": + command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", + user => root, + hour => "0", + minute => "0", + weekday => "0", + ensure => $periodic_check, + } +} diff --git a/manifests/init.pp b/manifests/init.pp index a039ae4..4ae4971 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -20,22 +20,6 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -# backup folder -$backupdir = "/var/backups" -$backupdir_remote = "$backupdir/remote" -$backupdir_ensure = hiera('backup::dir::ensure', 'directory') - -# for data that's going to be encrypted and signed -$backup_include_unencrypted = [ "/etc", "/var", "/home", ] -$backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ] - -# for data that were previously encrypted and signed -$backup_include_encrypted = [ "$backupdir/duplicity", ] -$backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] - -# ensure the latest backup version -$backupninja_ensure_version = 'latest' - class backup( $when = hiera('backup::when', 'everyday at 01:00'), $audit_rsync = hiera('backup::audit_rsync', True), @@ -64,7 +48,7 @@ class backup( reportwarning => $reportwarning, } - file { "$backupdir_remote": + file { "${backup::params::backupdir_remote}": ensure => directory, owner => root, group => root, @@ -191,119 +175,4 @@ class backup( ensure => '/usr/local/sbin/mount-media', require => File['/usr/local/sbin/mount-media'], } - - # default backupninja::rdiff configuration - define rdiff($port = '22', $ensure = present) { - backupninja::rdiff { "rdiff-$title.$domain": - ensure => $ensure, - options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", - # [source] - keep => "10", - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - type => "remote", - host => "$title.$domain", - home => "$backupdir/remote/$fqdn", - subfolder => "rdiff", - user => "$hostname", - sshoptions => "-p $port", - installkey => false, - backupkeytype => "rsa", - backupkeystore => "puppet:///pubkeys", - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - define rsync($port = '22', - $ensure = present, - $bandwidthlimit = false, - $use_domain = $::domain, - $use_fqdn = $::fqdn) { - backupninja::rsync { "rsync-$title.$use_domain": - # [general] - ensure => $ensure, - installkey => false, - home => "$backupdir/remote/$use_fqdn", - backupdir => "$backupdir/remote/$use_fqdn/rsync", - backupkeytype => "rsa", - id_file => "/root/.ssh/id_rsa", - backupkeystore => "puppet:///pubkeys", - keepdaily => '4', - keepweekly => '2', - keepmonthly => '2', - format => 'long', - log => "/var/log/backup/rsync-$title.$use_domain.log", - lockfile => "/var/lock/rsync-$title.$use_domain.lock", - # [source] - include => $backup_include_encrypted, - exclude => $backup_exclude_encrypted, - # [dest] - user => "$hostname", - host => "$title.$use_domain", - port => $port, - bandwidthlimit => $bandwidthlimit, - compress => '1', - testconnect => 'yes', - } - - if !defined(Ssh_local_key["$hostname"]) { - ssh_local_key { "$hostname": - owner => root, - group => root, - home => '/root', - } - } - } - - # local backups using duplicity - define duplicity($encryptkey = false, - $password = false, - $order = 50, - $ensure = present, - $full_if_older_than = "1M", - $remove_older_than = "45D", - $remove_all_but_n_full = "1", - $periodic_check = absent, - $directory = "${backupdir}/duplicity") { - - case $encryptkey { false: { err("need to define a key!") } } - case $password { false: { err("need to define password!") } } - - include backupninja::client - - # backup dest folder - file { "$backupdir/duplicity": - ensure => directory, - owner => "root", - group => "root", - } - - # the backupninja rule for this duplicity backup - file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": - ensure => $ensure, - content => template('backup/dup.conf.erb'), - owner => root, - group => root, - mode => 0600, - require => File["${backupninja::client::defaults::configdir}"], - } - - # check duplicity backups once a week - cron { "duplicity_check-$title.$domain": - command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", - user => root, - hour => "0", - minute => "0", - weekday => "0", - ensure => $periodic_check, - } - } } diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..dedb033 --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,17 @@ +class backup::params { + # backup folder + $backupdir = "/var/backups" + $backupdir_remote = "$backupdir/remote" + $backupdir_ensure = hiera('backup::dir::ensure', 'directory') + + # for data that's going to be encrypted and signed + $backup_include_unencrypted = [ "/etc", "/var", "/home", ] + $backup_exclude_unencrypted = [ "$backupdir_remote", "$backupdir/duplicity", "$backupdir/restore", "/var/cache", "/var/log", "/var/vservers", "/var/chroot", "/root/.cache", "/var/lib/dpkg", "/var/lib/apt", "/var/lib/aptitude/", "/var/sites/backups", "/var/data/crypt", "/data/backups", "/data/cache" ] + + # for data that were previously encrypted and signed + $backup_include_encrypted = [ "$backupdir/duplicity", ] + $backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] + + # ensure the latest backup version + $backupninja_ensure_version = 'latest' +} diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp new file mode 100644 index 0000000..1870cf8 --- /dev/null +++ b/manifests/rdiff.pp @@ -0,0 +1,32 @@ +# default backupninja::rdiff configuration +define backup::rdiff( + $port = '22', + $ensure = present +) { + backupninja::rdiff { "rdiff-$title.$domain": + ensure => $ensure, + options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", + # [source] + keep => "10", + include => $backup::params::backup_include_encrypted, + exclude => $backup::params::backup_exclude_encrypted, + # [dest] + type => "remote", + host => "$title.$domain", + home => "${backup::params::backupdir}/remote/$fqdn", + subfolder => "rdiff", + user => "$hostname", + sshoptions => "-p $port", + installkey => false, + backupkeytype => "rsa", + backupkeystore => "puppet:///pubkeys", + } + + if !defined(Ssh_local_key["$hostname"]) { + ssh_local_key { "$hostname": + owner => root, + group => root, + home => '/root', + } + } +} diff --git a/manifests/rsync.pp b/manifests/rsync.pp new file mode 100644 index 0000000..1e9513e --- /dev/null +++ b/manifests/rsync.pp @@ -0,0 +1,42 @@ +define backup::rsync( + $port = '22', + $ensure = present, + $bandwidthlimit = false, + $use_domain = $::domain, + $use_fqdn = $::fqdn +) { + backupninja::rsync { "rsync-$title.$use_domain": + # [general] + ensure => $ensure, + installkey => false, + home => "${backup::params::backupdir}/remote/$use_fqdn", + backupdir => "${backup::params::backupdir}/remote/$use_fqdn/rsync", + backupkeytype => "rsa", + id_file => "/root/.ssh/id_rsa", + backupkeystore => "puppet:///pubkeys", + keepdaily => '4', + keepweekly => '2', + keepmonthly => '2', + format => 'long', + log => "/var/log/backup/rsync-$title.$use_domain.log", + lockfile => "/var/lock/rsync-$title.$use_domain.lock", + # [source] + include => $backup::params::backup_include_encrypted, + exclude => $backup::params::backup_exclude_encrypted, + # [dest] + user => "$hostname", + host => "$title.$use_domain", + port => $port, + bandwidthlimit => $bandwidthlimit, + compress => '1', + testconnect => 'yes', + } + + if !defined(Ssh_local_key["$hostname"]) { + ssh_local_key { "$hostname": + owner => root, + group => root, + home => '/root', + } + } +} -- cgit v1.2.3