1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
class tunnel {
User <<| tag == "autossh-$fqdn" |>>
File <<| tag == "autossh-$fqdn" |>>
define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
$dir = "/var/backups/remote/$user.$domain"
$tag = "autossh-$host"
$ssh_dir = "$dir/.ssh"
autossh::tunnel { $name:
ensure => $ensure,
user => 'root',
remote_user => $user,
port => $localport,
hostport => $hostport,
host => $host,
remote_host => $host,
sshport => $sshport,
}
if !defined(File["$dir"]) {
@@file { "$dir":
ensure => directory,
mode => 0750,
owner => $user,
group => 0,
tag => "$tag",
}
}
if !defined(File["$ssh_dir"]) {
@@file { "$ssh_dir":
ensure => directory,
mode => 0700,
owner => $user,
group => 0,
require => [User[$user], File["$dir"]],
tag => "$tag",
}
}
if !defined(File["${ssh_dir}/authorized_keys"]) {
@@file { "${ssh_dir}/authorized_keys":
ensure => present,
mode => 0644,
owner => 0,
group => 0,
source => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
require => File["${ssh_dir}"],
tag => "$tag",
}
}
if !defined(User["$user"]) {
@@user { "$user":
ensure => "present",
comment => "$name backup sandbox",
home => "$dir",
gid => "backupninjas",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$tag"
}
}
}
define mail ($sshport = '22') {
tunnel::setup { "smtp":
host => "$name.$domain",
sshport => "$sshport",
localport => '25',
hostport => '25',
}
}
}
|
