1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
# this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server
define backupninja::sandbox (
$user = $name,
$host = $::fqdn,
$installuser = true,
$manage_ssh_dir = true,
$ssh_dir = "${dir}/.ssh",
$authorized_keys_file = 'authorized_keys',
$key = false,
$keytype = 'dss',
$backupkeys = "${fileserver}/keys/backupkeys",
$uid = false,
$gid = "backupninjas",
$backuptag = "backupninja-${::fqdn}",
$dir,
) {
if !defined(Backupninja::Storedconfigs::Realize["${::fqdn}@${host}"]) {
@@backupninja::storedconfigs::realize { "${::fqdn}@${host}":
host => $::fqdn,
tag => $host,
}
}
if !defined(File["$dir"]) {
@@file { "$dir":
ensure => directory,
mode => 0750,
owner => $user,
group => 0,
tag => "$backuptag",
}
}
if $installuser {
if $manage_ssh_dir {
if !defined(File["$ssh_dir"]) {
@@file { "${ssh_dir}":
ensure => directory,
mode => 0700,
owner => $user,
group => 0,
require => [User[$user], File["$dir"]],
tag => "$backuptag",
}
}
}
if $key {
# $key contais ssh public key
if !defined(Ssh_autorized_key["$user"]) {
@@ssh_authorized_key{ "$user":
type => $keytype,
key => $key,
user => $user,
target => "${ssh_dir}/${authorized_keys_file}",
tag => "$backuptag",
require => User[$user],
}
}
}
else {
# get ssh public key exists from server
if !defined(File["${ssh_dir}/${authorized_keys_file}"]) {
@@file { "${ssh_dir}/${authorized_keys_file}":
ensure => present,
mode => 0644,
owner => 0,
group => 0,
source => "${backupkeys}/${user}_id_${keytype}.pub",
require => File["${ssh_dir}"],
tag => "$backuptag",
}
}
}
if !defined(User["$user"]) {
@@user { "$user":
ensure => "present",
uid => $uid ? {
false => undef,
default => $uid
},
gid => "$gid",
comment => "$user backup sandbox",
home => "$dir",
managehome => true,
shell => "/bin/bash",
password => '*',
require => Group['backupninjas'],
tag => "$backuptag"
}
}
}
}
|