diff options
| author | Micah Anderson <micah@riseup.net> | 2008-05-20 20:08:35 +0000 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2008-05-20 20:08:35 +0000 |
| commit | b355a81311102e829270e3e798d327c6e7cc9df7 (patch) | |
| tree | 41c4c87f71ac8092d4b86c4bfc8ee8e5f64a8c7d | |
| parent | a3d5b7aaffc0197869dbf86e5d6b1105981b283c (diff) | |
| download | puppet-backupninja-b355a81311102e829270e3e798d327c6e7cc9df7.tar.gz puppet-backupninja-b355a81311102e829270e3e798d327c6e7cc9df7.tar.bz2 | |
Some backupninja module updates from anarcat:
Wed Apr 30 16:22:48 EDT 2008 anarcat@koumbit.org
* remove read permissions on backup directory on group so that a sandbox user can't read other people's directories
Wed Apr 30 16:01:53 EDT 2008 anarcat@koumbit.org
* default the sandbox host to local ($fqdn) and depend on the sandbox directory properly
Thu Mar 13 18:49:38 EDT 2008 anarcat@koumbit.org
* create the backup directory along with the user
| -rw-r--r-- | manifests/server.pp | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/manifests/server.pp b/manifests/server.pp index 40b2dca..34091d1 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -9,17 +9,27 @@ class backupninja::server { } file { "$backupdir": ensure => "directory", - mode => 750, owner => root, group => "backupninjas" + mode => 710, owner => root, group => "backupninjas" } User <<| tag == "backupninja-$fqdn" |>> + File <<| tag == "backupninja-$fqdn" |>> # this define allows nodes to declare a remote backup sandbox, that have to # get created on the server - define sandbox($host, $dir = false, $uid = false, $gid = "backupninjas") { + define sandbox($host = false, $dir = false, $uid = false, $gid = "backupninjas") { + $real_host = $host ? { + false => $fqdn, + default => $host, + } $real_dir = $dir ? { false => "${backupninja::server::backupdir}/$fqdn", default => $dir, } + @@file { "$real_dir": + ensure => "directory", + mode => 750, owner => $name, group => 0, + tag => "backupninja-$real_host", + } case $uid { false: { @@user { "$name": @@ -30,8 +40,8 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => [ Group['backupninjas'], File["/backup"] ], - tag => "backupninja-$host" + require => Group['backupninjas'], + tag => "backupninja-$real_host" } } default: { @@ -44,8 +54,8 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => [ Group['backupninjas'], File["/backup"] ], - tag => "backupninja-$host" + require => Group['backupninjas'], + tag => "backupninja-$real_host" } } } |