# # General backup conventions and definitions according to # http://padrao.sarava.org/trac/wiki/Backups/Convencoes # # This module is distributed under the GNU Affero General Public License: # # Backup module for puppet # Copyright (C) 2009 Sarava Group # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # backup folder $backupdir = "/var/backups" $backup_remote = "$backupdir/remote" # for data that's going to be encrypted and signed $backup_include_unencrypted = [ "/etc", "/var", "/home", ] $backup_exclude_unencrypted = [ "$backup_remote", "/var/vservers", "$backupdir/duplicity" ] # for data that were previously encrypted and signed $backup_include_encrypted = [ "$backupdir/duplicity", ] $backup_exclude_encrypted = [ "$backupdir/duplicity/.ssh", ] class backup { include backupninja::server include backupninja::client::duplicity include backupninja::client::rdiff_backup package { "debconf-utils": ensure => installed, } package { "hwinfo": ensure => installed, } backupninja::config { "conf": loglvl => 4, usecolors => false, } # TODO: temporary resource to be removed in the long run file { "/backup": ensure => absent, force => true, } file { "$backup_remote": ensure => directory, owner => root, group => root, mode => 0755, } # rdiff-check script file { "/usr/local/sbin/rdiff-check": content => template('backup/rdiff-check.sh.erb'), owner => root, group => root, mode => 0755, ensure => present, } # check rdiff-backups once a week cron { "rdiff_check": command => "/usr/local/sbin/rdiff-check", user => root, hour => "0", minute => "0", weekday => "0", ensure => present, require => File['/usr/local/sbin/rdiff-check'], } # default backupninja::rdiff configuration define rdiff($port = '22', $ensure = present, $installkey = true) { backupninja::rdiff { "rdiff-$title.$domain": ensure => $ensure, options => "--remote-schema 'ssh -p $port -C %s rdiff-backup --server'", # [source] keep => "10", include => $backup_include_encrypted, exclude => $backup_exclude_encrypted, # [dest] type => "remote", host => "$title.$domain", home => "$backupdir/remote/$fqdn", subfolder => "rdiff", user => "$hostname", sshoptions => "-p $port", installkey => $installkey, backupkeytype => "dsa", backupkeystore => "puppet://$server/files/keys", } } # local backups using duplicity define duplicity($encryptkey = false, $password = false, $order = 50, $ensure = present, $full_if_older_than = "1M", $remove_older_than = "45D", $periodic_check = present, $directory = "${backupdir}/duplicity") { case $encryptkey { false: { err("need to define a key!") } } case $password { false: { err("need to define password!") } } include backupninja::client # backup dest folder file { "$backupdir/duplicity": ensure => directory, owner => "root", group => "root", } # the backupninja rule for this duplicity backup file { "${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh": ensure => $ensure, content => template('backup/dup.conf.erb'), owner => root, group => root, mode => 0600, require => File["${backupninja::client::defaults::configdir}"], } # TODO: temporary resource to be removed in the long run cron { "duplicity_check--$title.$domain": ensure => absent, } # check duplicity backups once a week cron { "duplicity_check-$title.$domain": command => "/bin/bash ${backupninja::client::defaults::configdir}/${order}_duplicity-${title}.sh --check", user => root, hour => "0", minute => "0", weekday => "0", ensure => $periodic_check, } } }