aboutsummaryrefslogtreecommitdiff
path: root/manifests/sandbox.pp
blob: 4446b67911958d108f3b64c7cac6d5c7af656b9e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

# this define allows nodes to declare a remote backup sandbox, that have to
# get created on the server
define backupninja::sandbox (
  $user                 = $name,
  $host                 = $::fqdn,
  $installuser          = true,
  $manage_ssh_dir       = true,
  $ssh_dir              = "${dir}/.ssh",
  $authorized_keys_file = 'authorized_keys',
  $key                  = false,
  $keytype              = 'dss',
  $backupkeys           = "${fileserver}/keys/backupkeys",
  $uid                  = false,
  $gid                  = "backupninjas",
  $backuptag            = "backupninja-${::fqdn}",
  $dir,
) {

  if !defined(Backupninja::Storedconfigs::Realize["${::fqdn}@${host}"]) {
    @@backupninja::storedconfigs::realize { "${::fqdn}@${host}":
      host => $::fqdn,
      tag  => $host,
    }
  }

  if !defined(File["$dir"]) {
    @@file { "$dir":
      ensure => directory,
      mode   => 0750,
      owner  => $user,
      group  => 0,
      tag    => "$backuptag",
    }
  }

  if $installuser {

     if $manage_ssh_dir {
      if !defined(File["$ssh_dir"]) {
        @@file { "${ssh_dir}":
          ensure  => directory,
          mode    => 0700,
          owner   => $user,
          group   => 0,
          require => [User[$user], File["$dir"]],
          tag     => "$backuptag",
        }
       }
     } 

    if $key {
      # $key contais ssh public key
      if !defined(Ssh_autorized_key["$user"]) {
        @@ssh_authorized_key{ "$user":
          type    => $keytype,
          key     => $key,
          user    => $user,
          target  => "${ssh_dir}/${authorized_keys_file}",
          tag     => "$backuptag",
          require => User[$user],
        }
      }
    }
    else {
      # get ssh public key exists from server
      if !defined(File["${ssh_dir}/${authorized_keys_file}"]) {
        @@file { "${ssh_dir}/${authorized_keys_file}":
          ensure  => present,
          mode    => 0644,
          owner   => 0,
          group   => 0,
          source  => "${backupkeys}/${user}_id_${keytype}.pub",
          require => File["${ssh_dir}"],
          tag     => "$backuptag",
        }
      }
    }

    if !defined(User["$user"]) {
      @@user { "$user":
        ensure     => "present",
        uid        => $uid ? {
            false   => undef,
            default => $uid
        },
        gid        => "$gid",
        comment    => "$user backup sandbox",
        home       => "$dir",
        managehome => true,
        shell      => "/bin/bash",
        password   => '*',
        require    => Group['backupninjas'],
        tag        => "$backuptag"
      }
    }
  }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 02:31:19 +0000