diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/client.pp | 28 | ||||
-rw-r--r-- | manifests/dup.pp | 24 | ||||
-rw-r--r-- | manifests/generate_sshkey.pp | 33 | ||||
-rw-r--r-- | manifests/init.pp | 1 | ||||
-rw-r--r-- | manifests/nagios_plugin/duplicity.pp | 45 | ||||
-rw-r--r-- | manifests/pgsql.pp | 29 | ||||
-rw-r--r-- | manifests/rdiff.pp | 18 | ||||
-rw-r--r-- | manifests/server.pp | 14 |
8 files changed, 159 insertions, 33 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index 3dbd711..c41f6e7 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -46,8 +46,10 @@ class backupninja::client::defaults { class backupninja::client inherits backupninja::client::defaults { define key( - $user = false, $host = false, $installkey=false, $keyowner=false, - $keygroup=false, $keystore=false, $keytype=false) + $user = false, $host = false, $createkey=false, $installkey=false, + $keyowner=false, $keygroup=false, $keystore=false, $keystorefspath='', + $keytype=false, + $keydest=false, $keydestname=false ) { $real_user = $user ? { false => $name, @@ -78,9 +80,23 @@ class backupninja::client inherits backupninja::client::defaults { false => "${backupninja::client::defaults::real_keytype}", default => $keytype, } + $key_dest = $keydest ? { + false => "${backupninja::client::defaults::real_keydestination}", + default => $keydest, + } + $key_dest_name = $keydestname ? { + false => "id_$key_type", + default => $keydestname, + } + $key_dest_file = "${key_dest}/${key_dest_name}" - $key_dest = "${backupninja::client::defaults::real_keydestination}" - $key_dest_file = "$key_dest/id_$key_type" + if $createkey == true { + if $keystorefspath == false { + err("need to define a destination directory for sshkey creation!") + } + $ssh_keys = ssh_keygen("${keystorefspath}/${key_dest_name}") + } + case $install_key { true: { @@ -92,7 +108,7 @@ class backupninja::client inherits backupninja::client::defaults { } if !defined(File["$key_dest_file"]) { file { "$key_dest_file": - source => "${key_store}/${real_user}_id_${key_type}", + source => "${key_store}/${key_dest_name}", mode => 0400, owner => $key_owner, group => $key_group, require => File["$key_dest"], } @@ -109,7 +125,7 @@ class backupninja::client::maildir inherits backupninja::client::defaults { package { 'rsync': ensure => $rsync_ensure_version, } - } + } } class backupninja::client::rdiff_backup inherits backupninja::client::defaults { diff --git a/manifests/dup.pp b/manifests/dup.pp index 23da8cd..5ffce29 100644 --- a/manifests/dup.pp +++ b/manifests/dup.pp @@ -79,7 +79,10 @@ define backupninja::duplicity( $order = 90, $destuser = false, # configs to backupninja client $backupkeystore = false, + $backupkeystorefspath = '', $backupkeytype = "rsa", + $backupkeydest = false, + $backupkeydestname = false, # options to backupninja server sandbox $ssh_dir_manage = true, $ssh_dir = false, @@ -87,6 +90,7 @@ define backupninja::duplicity( $order = 90, $installuser = true, $backuptag = false, # key options + $createkey = false, $installkey = true ) { # the client with configs for this machine @@ -95,7 +99,7 @@ define backupninja::duplicity( $order = 90, case $desthost { false: { err("need to define a destination host for remote backups!") } } case $destdir { false: { err("need to define a destination directory for remote backups!") } } case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } } - + # guarantees there's a configured backup space for this backup backupninja::server::sandbox { "${user}-${name}": user => $destuser, @@ -109,14 +113,18 @@ define backupninja::duplicity( $order = 90, backupkeys => $backupkeystore, keytype => $backupkeytype, } - + # the client's ssh key backupninja::client::key { "${destuser}-${name}": - user => $destuser, - host => $desthost, - installkey => $installkey, - keytype => $backupkeytype, - keystore => $backupkeystore, + user => $destuser, + host => $desthost, + createkey => $createkey, + installkey => $installkey, + keytype => $backupkeytype, + keystore => $backupkeystore, + keystorefspath => $backupkeystorefspath, + keydest => $backupkeydest, + keydestname => $backupkeydestname } # the backupninja rule for this duplicity backup @@ -129,4 +137,4 @@ define backupninja::duplicity( $order = 90, require => File["${backupninja::client::defaults::configdir}"] } } - + diff --git a/manifests/generate_sshkey.pp b/manifests/generate_sshkey.pp new file mode 100644 index 0000000..a3008e5 --- /dev/null +++ b/manifests/generate_sshkey.pp @@ -0,0 +1,33 @@ +define backupninja::generate_sshkey( + $ssh_key_basepath = '/etc/puppet/modules/keys/files/backupkeys', +){ + + # generate backupninja ssh keypair + $ssh_key_name = "backup_${::hostname}_id_rsa" + $ssh_keys = ssh_keygen("${ssh_key_basepath}/${ssh_key_name}") + $public = split($ssh_keys[1],' ') + $public_type = $public[0] + $public_key = $public[1] + + file { '/root/.ssh': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0600'; + } + + # install ssh keypair on client + file { "/root/.ssh/$ssh_key_name": + content => $ssh_keys[0], + owner => root, + group => 0, + mode => '0600'; + } + + file { "/root/.ssh/$ssh_key_name.pub": + content => $public_key, + owner => root, + group => 0, + mode => '0666'; + } +} diff --git a/manifests/init.pp b/manifests/init.pp index 23b4268..fba8cc4 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -4,6 +4,7 @@ import "dup.pp" import "labelmount.pp" import "maildir.pp" import "mysql.pp" +import "pgsql.pp" import "rdiff.pp" import "server.pp" import "sh.pp" diff --git a/manifests/nagios_plugin/duplicity.pp b/manifests/nagios_plugin/duplicity.pp new file mode 100644 index 0000000..7dbd263 --- /dev/null +++ b/manifests/nagios_plugin/duplicity.pp @@ -0,0 +1,45 @@ +class backupninja::nagios_plugin::duplicity { + case $::operatingsystem { + 'Debian': { package { 'python-argparse': ensure => installed, } } + 'Ubuntu': { package { 'python-argh': ensure => installed, } } + default: { + notify {'Backupninja-Duplicity Nagios check needs python-argparse to be installed !':} } + } + + file { '/usr/lib/nagios/plugins/check_backupninja_duplicity.py': + source => 'puppet:///modules/backupninja/nagios_plugins/duplicity/check_backupninja_duplicity.py', + mode => '0755', + owner => 'nagios', + group => 'nagios', + } + + # deploy helper script + file { '/usr/lib/nagios/plugins/backupninja_duplicity_freshness.sh': + source => 'puppet:///modules/backupninja/nagios_plugins/duplicity/backupninja_duplicity_freshness.sh', + mode => '0755', + owner => 'nagios', + group => 'nagios', + } + + nagios::nrpe::command { 'check_backupninja_duplicity': + command_line => "sudo ${::nagios::nrpe::nagios_plugin_dir}/check_backupninja_duplicity.py" + } + sudo::spec {'nrpe_check_backupninja_duplicity': + ensure => present, + users => 'nagios', + hosts => 'ALL', + commands => "NOPASSWD: ${::nagios::nrpe::nagios_plugin_dir}/check_backupninja_duplicity.py"; + } + + nagios::service { "Backupninja Duplicity $::fqdn": + use_nrpe => true, + check_command => 'check_backupninja_duplicity', + nrpe_timeout => '60', + # check only twice a day + normal_check_interval => '720', + # recheck every hour + retry_check_interval => '60', + } + + +} diff --git a/manifests/pgsql.pp b/manifests/pgsql.pp new file mode 100644 index 0000000..07fab32 --- /dev/null +++ b/manifests/pgsql.pp @@ -0,0 +1,29 @@ +# Safe PGSQL dumps, as part of a backupninja run. +# +# Valid attributes for this type are: +# +# order: The prefix to give to the handler config filename, to set +# order in which the actions are executed during the backup run. +# +# ensure: Allows you to delete an entry if you don't want it any more +# (but be sure to keep the configdir, name, and order the same, so +# that we can find the correct file to remove). +# +# backupdir, compress, configfile: As defined in the +# backupninja documentation, with the caveat that hotcopy, sqldump, +# and compress take true/false rather than yes/no. +# +define backupninja::pgsql( + $order = 10, $ensure = present, $databases = 'all', $backupdir = "/var/backups/postgres", $compress = true, $vsname = false) +{ + + include backupninja::client::defaults + file { "${backupninja::client::defaults::configdir}/${order}_${name}.pgsql": + ensure => $ensure, + content => template('backupninja/pgsql.conf.erb'), + owner => root, + group => root, + mode => 0600, + require => File["${backupninja::client::defaults::configdir}"] + } +} diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp index 847c319..6c692c7 100644 --- a/manifests/rdiff.pp +++ b/manifests/rdiff.pp @@ -16,7 +16,8 @@ # directories. # define backupninja::rdiff( - $order = 90, $ensure = present, $user = false, $home = false, $host = false, + $order = 90, $ensure = present, $user = false, + $home = "/home/${user}-${name}", $host = false, $type = 'local', $exclude = [ "/home/*/.gnupg", "/home/*/.local/share/Trash", "/home/*/.Trash", "/home/*/.thumbnails", "/home/*/.beagle", "/home/*/.aMule", @@ -25,11 +26,12 @@ define backupninja::rdiff( "/home", "/usr/local/*bin", "/var/lib/dpkg/status*" ], $vsinclude = false, $keep = 30, $sshoptions = false, $options = '--force', $ssh_dir_manage = true, $ssh_dir = false, $authorized_keys_file = false, $installuser = true, $installkey = true, $key = false, - $backuptag = false, $home = false, $backupkeytype = "rsa", $backupkeystore = false, $extras = false, - $nagios2_description = 'backups', $subfolder = 'rdiff-backup') + $backuptag = false, $backupkeytype = "rsa", $backupkeystore = false, $extras = false, $nagios2_description = 'backups') { include backupninja::client::rdiff_backup + $directory = "$home/rdiff-backup/" + case $type { 'remote': { case $host { false: { err("need to define a host for remote backups!") } } @@ -38,15 +40,9 @@ define backupninja::rdiff( default => $backuptag } - $real_home = $home ? { - false => "/home/${user}-${name}", - default => $home, - } - $directory = "${real_home}/${subfolder}/" - backupninja::server::sandbox { - "${user}-${name}": user => $user, host => $host, dir => $real_home, + "${user}-${name}": user => $user, host => $fqdn, dir => $home, manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, key => $key, authorized_keys_file => $authorized_keys_file, installuser => $installuser, backuptag => $real_backuptag, keytype => $backupkeytype, backupkeys => $backupkeystore, @@ -62,6 +58,8 @@ define backupninja::rdiff( } } } + + file { "${backupninja::client::defaults::configdir}/${order}_${name}.rdiff": ensure => $ensure, content => template('backupninja/rdiff.conf.erb'), diff --git a/manifests/server.pp b/manifests/server.pp index 6ed87c8..f702056 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -38,17 +38,13 @@ class backupninja::server { } } - if $nagios_server { + if $use_nagios { - if !defined(Package["nsca"]) { - package { "nsca": - ensure => installed; - } - } + include nagios::nsca::client file { "/usr/local/bin/checkbackups": ensure => "present", - source => "puppet://$servername/backupninja/checkbackups.pl", + source => "puppet:///modules/backupninja/checkbackups.pl", mode => 0755, owner => root, group => root, } @@ -114,9 +110,9 @@ class backupninja::server { default => $nagios2_description, } - if $nagios_server { + if $use_nagios { # configure a passive service check for backups - nagios2::passive_service { "backups-${name}": nagios2_host_name => $real_host, nagios2_description => $real_nagios2_description, servicegroups => "backups" } + nagios::service::passive { $nagios2_description: } } if !defined(Backupninja_server_realize["${fqdn}@${real_host}"]) { |