From ddab7a22876a664c17a4a98ad536b97c36496bd6 Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Sat, 6 Dec 2008 19:43:19 -0500 Subject: make the user depend on its home so it gets created properly --- manifests/server.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index 162d889..e4298ef 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -98,7 +98,7 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => Group['backupninjas'], + require => [ Group['backupninjas'], File["$real_dir"] ], tag => "$real_backuptag" } } @@ -112,7 +112,7 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => Group['backupninjas'], + require => [ Group['backupninjas'], File["$real_dir"] ], tag => "$real_backuptag" } } -- cgit v1.2.3 From 1bf7ed061e334a6b622161d4827181e20c471f9b Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Thu, 11 Dec 2008 09:07:15 -0500 Subject: fix user initialisation. without this i was getting: Could not retrieve catalog: Puppet::Parser::AST::Resource failed with error ArgumentError: Duplicate definition: User[false] is already defined in file /etc/puppet/modules/backupninja/manifests/server.pp at line 103; cannot redefine at /etc/puppet/modules/backupninja/manifests/server.pp:103 on node alexandria.koumbit.net also add rsync and rdiff-backup on the backup server to make those methods work out of the box --- manifests/server.pp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index e4298ef..bf7e788 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -26,6 +26,8 @@ class backupninja::server { User <<| tag == "backupninja-$real_backupserver_tag" |>> File <<| tag == "backupninja-$real_backupserver_tag" |>> + package { [ "rsync", "rdiff-backup" ]: ensure => installed } + # this define allows nodes to declare a remote backup sandbox, that have to # get created on the server define sandbox( @@ -34,7 +36,7 @@ class backupninja::server { $gid = "backupninjas", $backuptag = false) { - $real_user = $name ? { + $real_user = $user ? { false => $name, default => $user, '' => $name, @@ -66,7 +68,7 @@ class backupninja::server { @@file { "$real_dir": ensure => directory, - mode => 0750, owner => $user, group => 0, + mode => 0750, owner => $real_user, group => 0, tag => "$real_backuptag", } case $installuser { @@ -75,7 +77,7 @@ class backupninja::server { true: { @@file { "${real_ssh_dir}": ensure => directory, - mode => 0700, owner => $user, group => 0, + mode => 0700, owner => $real_user, group => 0, require => File["$real_dir"], tag => "$real_backuptag", } @@ -84,13 +86,13 @@ class backupninja::server { @@file { "${real_ssh_dir}/${real_authorized_keys_file}": ensure => present, mode => 0644, owner => 0, group => 0, - source => "$real_backupkeys/${user}_id_rsa.pub", + source => "$real_backupkeys/${real_user}_id_rsa.pub", require => File["${real_ssh_dir}"], tag => "$real_backuptag", } case $uid { false: { - @@user { "$user": + @@user { "$real_user": ensure => "present", gid => "$gid", comment => "$name backup sandbox", @@ -103,7 +105,7 @@ class backupninja::server { } } default: { - @@user { "$user": + @@user { "$real_user": ensure => "present", uid => "$uid", gid => "$gid", -- cgit v1.2.3 From f55b76f4aafbea8e5a42ea7ff0dfe8ca9ff10bec Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Thu, 11 Dec 2008 10:12:24 -0500 Subject: allow arbitrary keyfiles to be distributed alongside the rdiff plugin --- manifests/rdiff.pp | 4 ++-- manifests/server.pp | 30 ++++++++++++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/rdiff.pp b/manifests/rdiff.pp index ed1ea55..4abc9b2 100644 --- a/manifests/rdiff.pp +++ b/manifests/rdiff.pp @@ -24,7 +24,7 @@ define backupninja::rdiff( $include = [ "/var/spool/cron/crontabs", "/var/backups", "/etc", "/root", "/home", "/usr/local/*bin", "/var/lib/dpkg/status*" ], $vsinclude = false, $keep = 30, $sshoptions = false, $options = false, $ssh_dir_manage = true, - $ssh_dir = false, $authorized_keys_file = false, $installuser = true, $installkey = true, + $ssh_dir = false, $authorized_keys_file = false, $installuser = true, $installkey = true, $key = false, $backuptag = false) { $directory = "$home/rdiff-backup/" @@ -36,7 +36,7 @@ define backupninja::rdiff( backupninja::server::sandbox { "${user}-${name}": user => $user, host => $host, dir => $home, - manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, + manage_ssh_dir => $ssh_dir_manage, ssh_dir => $ssh_dir, key => $key, authorized_keys_file => $authorized_keys_file, installuser => $installuser, backuptag => $backuptag } diff --git a/manifests/server.pp b/manifests/server.pp index bf7e788..6033249 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -25,6 +25,7 @@ class backupninja::server { User <<| tag == "backupninja-$real_backupserver_tag" |>> File <<| tag == "backupninja-$real_backupserver_tag" |>> + Ssh_authorized_key <<| tag == "backupninja-$real_backupserver_tag" |>> package { [ "rsync", "rdiff-backup" ]: ensure => installed } @@ -32,7 +33,7 @@ class backupninja::server { # get created on the server define sandbox( $user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true, - $ssh_dir = false, $authorized_keys_file = false, $backupkeys = false, $uid = false, + $ssh_dir = false, $authorized_keys_file = false, $key = false, $key_type = 'ssh-dss', $backupkeys = false, $uid = false, $gid = "backupninjas", $backuptag = false) { @@ -83,13 +84,26 @@ class backupninja::server { } } } - @@file { "${real_ssh_dir}/${real_authorized_keys_file}": - ensure => present, - mode => 0644, owner => 0, group => 0, - source => "$real_backupkeys/${real_user}_id_rsa.pub", - require => File["${real_ssh_dir}"], - tag => "$real_backuptag", - } + case $key { + false: { + @@file { "${real_ssh_dir}/${real_authorized_keys_file}": + ensure => present, + mode => 0644, owner => 0, group => 0, + source => "$real_backupkeys/${real_user}_id_rsa.pub", + require => File["${real_ssh_dir}"], + tag => "$real_backuptag", + } + } + default: { + @@ssh_authorized_key{ $real_user: + type => $key_type, + key => $key, + user => $real_user, + target => "${real_ssh_dir}/${real_authorized_keys_file}", + tag => "$real_backuptag", + } + } + } case $uid { false: { @@user { "$real_user": -- cgit v1.2.3 From 392438512bf1fa82cbac491596a7387b6cb43e86 Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Tue, 6 Jan 2009 16:49:37 -0500 Subject: add checkbackups cron job, fix multiple instances of passive service for manually specified sandboxes --- manifests/server.pp | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index 6033249..e4ed80a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -23,6 +23,20 @@ class backupninja::server { mode => 0710, owner => root, group => "backupninjas" } + file { "/usr/local/bin/checkbackups": + ensure => "present", + content => template("backupninja/checkbackups.sh"), + mode => 0755, owner => root, group => root, + } + + cron { checkbackups: + command => "/usr/local/bin/checkbackups.sh | /usr/sbin/send_nsca -H nagios.koumbit.net -c /etc/send_nsca.cfg", + user => "root", + hour => 8, + minute => 0, + require => [ File["/usr/local/bin/checkbackups"], Package['nsca'] ] + } + User <<| tag == "backupninja-$real_backupserver_tag" |>> File <<| tag == "backupninja-$real_backupserver_tag" |>> Ssh_authorized_key <<| tag == "backupninja-$real_backupserver_tag" |>> @@ -63,10 +77,13 @@ class backupninja::server { default => $authorized_keys_file, } $real_backuptag = $backuptag ? { - false => "backupninja-$real_host", + false => "backupninja-$fqdn", default => $backuptag, } + # configure a passive service check for backups + nagios2::passive_service { "backups-$real_host": nagios2_host_name => $real_host, nagios2_description => 'backups' } + @@file { "$real_dir": ensure => directory, mode => 0750, owner => $real_user, group => 0, -- cgit v1.2.3 From 7a2b7798c8680499ddcb7bd57433d2a3f981e924 Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Thu, 8 Jan 2009 17:57:33 -0500 Subject: run the nagios checks more regularly --- manifests/server.pp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index e4ed80a..4284ffa 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -32,8 +32,8 @@ class backupninja::server { cron { checkbackups: command => "/usr/local/bin/checkbackups.sh | /usr/sbin/send_nsca -H nagios.koumbit.net -c /etc/send_nsca.cfg", user => "root", - hour => 8, - minute => 0, + hour => "8-23", + minute => 59, require => [ File["/usr/local/bin/checkbackups"], Package['nsca'] ] } -- cgit v1.2.3 From 55c60873a76c0e95737785a5d78516f9beef7f33 Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Tue, 13 Jan 2009 16:08:28 -0500 Subject: rewrite nagios check scripts in perl --- files/checkbackups.pl | 101 ++++++++++++++++++++++++++++++++++++++++++++++ manifests/server.pp | 4 +- templates/checkbackups.sh | 73 --------------------------------- 3 files changed, 103 insertions(+), 75 deletions(-) create mode 100755 files/checkbackups.pl delete mode 100755 templates/checkbackups.sh (limited to 'manifests/server.pp') diff --git a/files/checkbackups.pl b/files/checkbackups.pl new file mode 100755 index 0000000..24632d1 --- /dev/null +++ b/files/checkbackups.pl @@ -0,0 +1,101 @@ +#!/usr/bin/perl -w + +# This script is designed to check a backup directory populated with +# subdirectories named after hosts, within which there are backups of various +# types. +# +# Example: +# /home/backup: +# foo.example.com +# +# foo.example.com: +# rdiff-backup .ssh +# +# rdiff-backup: +# root home rdiff-backup-data usr var +# +# There are heuristics to determine the backup type. Currently, the following +# types are supported: +# +# rdiff-backup: assumes there is a rdiff-backup/rdiff-backup-data/backup.log file +# duplicity: assumes there is a dup subdirectory, checks the latest file +# dump files: assumes there is a dump subdirectory, checks the latest file +# +# This script returns output suitable for send_nsca to send the results to +# nagios and should therefore be used like this: +# +# checkbackups.sh | send_nsca -H nagios.example.com + +use Getopt::Std; + +# XXX: taken from utils.sh from nagios-plugins-basic +my $STATE_OK=0; +my $STATE_WARNING=1; +my $STATE_CRITICAL=2; +my $STATE_UNKNOWN=3; +my $STATE_DEPENDENT=4; + +our $opt_d = "/backup"; +our $opt_c = 48 * 60 * 60; +our $opt_w = 24 * 60 * 60; + +if (!getopts('d:c:w:')) { + print < ] [ -c ] [ -w ] +EOF + ; + exit(); +} + +my $backupdir= $opt_d; +my $crit = $opt_c; +my $warn = $opt_w; + +# XXX: this should be a complete backup registry instead +my @hosts=qx{ls $backupdir}; + +chdir($backupdir); +foreach my $host (@hosts) { + chomp($host); + my $flag=""; + my $type="unknown"; + if (-d $host) { + # guess the backup type and find a proper stamp file to compare + # XXX: this doesn't check if the backup was actually successful + # XXX: the backup type should be part of the machine registry + if (-d "$host/rdiff-backup") { + $flag="$host/rdiff-backup/rdiff-backup-data/backup.log"; + $type="rdiff"; + } elsif (-d "$host/dump") { + $flag="$host/dump/" . `ls -tr $host/dump | tail -1`; + chomp($flag); + $type="dump"; + } elsif (-d "$host/dup") { + $flag="$host/dup"; + $type="duplicity"; + } else { + printf "$host\tbackups\t$STATE_UNKNOWN\tunknown system\n"; + next; + } + my @stats = stat($flag); + if (not @stats) { + printf "$host\tbackups\t$STATE_UNKNOWN\tcannot stat flag $flag\n"; + next; + } + my $t = time(); + my $delta = $t - $stats[9]; + my $state = $STATE_UNKNOWN; + if ($delta > $crit) { + $state = $STATE_CRITICAL; + } elsif ($delta > $warn) { + $state = $STATE_WARNING; + } elsif ($delta >= 0) { + $state = $STATE_OK; + } + print "$host\t"; + print "backups\t$state"; + print "\t$delta seconds old\n"; + } else { + printf "$host\tbackups\t$STATE_UNKNOWN\tno directory\n"; + } +} diff --git a/manifests/server.pp b/manifests/server.pp index 4284ffa..9b08b22 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -25,12 +25,12 @@ class backupninja::server { file { "/usr/local/bin/checkbackups": ensure => "present", - content => template("backupninja/checkbackups.sh"), + source => "puppet://$servername/backupninja/checkbackups.pl", mode => 0755, owner => root, group => root, } cron { checkbackups: - command => "/usr/local/bin/checkbackups.sh | /usr/sbin/send_nsca -H nagios.koumbit.net -c /etc/send_nsca.cfg", + command => "/usr/local/bin/checkbackups -d $real_backupdir | /usr/sbin/send_nsca -H nagios.koumbit.net -c /etc/send_nsca.cfg | grep -v 'sent to host successfully'", user => "root", hour => "8-23", minute => 59, diff --git a/templates/checkbackups.sh b/templates/checkbackups.sh deleted file mode 100755 index 8d143a3..0000000 --- a/templates/checkbackups.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/sh - -# This script is designed to check a backup directory populated with -# subdirectories named after hosts, within which there are backups of various -# types. -# -# Example: -# /home/backup: -# foo.example.com -# -# foo.example.com: -# rdiff-backup .ssh -# -# rdiff-backup: -# root home rdiff-backup-data usr var -# -# There are heuristics to determine the backup type. Currently, the following -# types are supported: -# -# rdiff-backup: assumes there is a rdiff-backup/rdiff-backup-data/backup.log file -# duplicity: assumes there is a dup subdirectory, checks the latest file -# dump files: assumes there is a dump subdirectory, checks the latest file -# -# This script returns output suitable for send_nsca to send the results to -# nagios and should therefore be used like this: -# -# checkbackups.sh | send_nsca -H nagios.example.com - -# XXX: taken from utils.sh from nagios-plugins-basic -STATE_OK=0 -STATE_WARNING=1 -STATE_CRITICAL=2 -STATE_UNKNOWN=3 -STATE_DEPENDENT=4 - -backupdir="<%= real_backupdir -%>" - -# XXX: this should be a complete backup registry instead -hosts=`ls $backupdir` -stampfile=$backupdir/.stamp - -cd $backupdir -for host in $hosts; do - flag="" - type="unknown" - if [ -d $host ]; then - # guess the backup type and find a proper stamp file to compare - # XXX: this doesn't check if the backup was actually successful - # XXX: the backup type should be part of the machine registry - if [ -d $host/rdiff-backup ]; then - flag=$host/rdiff-backup/rdiff-backup-data/backup.log - type="rdiff" - elif [ -d $host/dump ]; then - flag="$host/dump/`ls -tr $host/dump | tail -1`" - type="dump" - elif [ -d $host/dup ]; then - flag="$host/dup/`ls -tr $host/dup | tail -1`" - type="duplicity" - else - printf "$host\tbackups\t$STATE_UNKNOWN\tUNKNOWN unknown system\n" - continue - fi - touch -t `date +%Y%m%d0000.00` $stampfile - date=`ls -l $flag | awk '{print $6 " " $7}'` - if [ $flag -nt $stampfile ]; then - printf "$host\tbackups\t$STATE_OK\tOK timestamp $date\n" - else - printf "$host\tbackups\t$STATE_CRITICAL\tCRITICAL timestamp $date\n" - fi - else - printf "$host\tbackups\t$STATE_UNKNOWN\tUNKNOWN timestamp no directory\n" - fi -done -- cgit v1.2.3 From b6bf47ef89024ae39f9fe25370554c4ea46914bb Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Wed, 14 Jan 2009 19:03:06 -0500 Subject: fix sandbox dependencies --- manifests/server.pp | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index 9b08b22..3978f3a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -96,7 +96,7 @@ class backupninja::server { @@file { "${real_ssh_dir}": ensure => directory, mode => 0700, owner => $real_user, group => 0, - require => File["$real_dir"], + require => [User[$real_user], File["$real_dir"]], tag => "$real_backuptag", } } @@ -118,6 +118,7 @@ class backupninja::server { user => $real_user, target => "${real_ssh_dir}/${real_authorized_keys_file}", tag => "$real_backuptag", + require => User[$real_user], } } } @@ -131,7 +132,7 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => [ Group['backupninjas'], File["$real_dir"] ], + require => Group['backupninjas'], tag => "$real_backuptag" } } @@ -145,7 +146,7 @@ class backupninja::server { managehome => true, shell => "/bin/sh", password => '*', - require => [ Group['backupninjas'], File["$real_dir"] ], + require => Group['backupninjas'], tag => "$real_backuptag" } } -- cgit v1.2.3 From bc2b6bd0e4222a6477ae806a5329480a3ecf873b Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Mon, 27 Apr 2009 15:21:21 -0400 Subject: add backups servicegroup, put rdiff in a seperate class so we can override --- manifests/server.pp | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index 3978f3a..77fc33d 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -41,7 +41,8 @@ class backupninja::server { File <<| tag == "backupninja-$real_backupserver_tag" |>> Ssh_authorized_key <<| tag == "backupninja-$real_backupserver_tag" |>> - package { [ "rsync", "rdiff-backup" ]: ensure => installed } + package { "rsync": ensure => installed } + include backupninja::rdiff-installed # this define allows nodes to declare a remote backup sandbox, that have to # get created on the server @@ -82,7 +83,7 @@ class backupninja::server { } # configure a passive service check for backups - nagios2::passive_service { "backups-$real_host": nagios2_host_name => $real_host, nagios2_description => 'backups' } + nagios2::passive_service { "backups-$real_host": nagios2_host_name => $real_host, nagios2_description => 'backups', servicegroups => "backups" } @@file { "$real_dir": ensure => directory, -- cgit v1.2.3 From aeae9f516faae6c1f0b68ce849eb6036716bcb01 Mon Sep 17 00:00:00 2001 From: Antoine Beaupre Date: Tue, 20 Oct 2009 20:00:46 -0400 Subject: fix typo that yields to a weird error Could not create backup-nagios: Parameter type failed: interning empty string --- manifests/server.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'manifests/server.pp') diff --git a/manifests/server.pp b/manifests/server.pp index 52cb11c..9db950a 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -120,7 +120,7 @@ class backupninja::server { } default: { @@ssh_authorized_key{ $real_user: - type => $key_type, + type => $keytype, key => $key, user => $real_user, target => "${real_ssh_dir}/${real_authorized_keys_file}", -- cgit v1.2.3