diff options
Diffstat (limited to 'puppet/modules/backupninja/manifests/duplicity.pp')
m--------- | puppet/modules/backupninja | 0 | ||||
-rw-r--r-- | puppet/modules/backupninja/manifests/duplicity.pp | 147 |
2 files changed, 147 insertions, 0 deletions
diff --git a/puppet/modules/backupninja b/puppet/modules/backupninja deleted file mode 160000 -Subproject 497513547be79f9d3c8e96f1650ec43ee634b27 diff --git a/puppet/modules/backupninja/manifests/duplicity.pp b/puppet/modules/backupninja/manifests/duplicity.pp new file mode 100644 index 00000000..a05da876 --- /dev/null +++ b/puppet/modules/backupninja/manifests/duplicity.pp @@ -0,0 +1,147 @@ +# Run duplicity-backup as part of a backupninja run. +# +# Valid attributes for this type are: +# +# order: +# +# The prefix to give to the handler config filename, to set order in +# which the actions are executed during the backup run. +# +# ensure: +# +# Allows you to delete an entry if you don't want it any more (but be +# sure to keep the configdir, name, and order the same, so that we can +# find the correct file to remove). +# +# options, nicelevel, testconnect, tmpdir, sign, encryptkey, signkey, +# password, include, exclude, vsinclude, incremental, keep, bandwidthlimit, +# sshoptions, destdir, desthost, desuser: +# +# As defined in the backupninja documentation. The options will be +# placed in the correct sections automatically. The include and +# exclude options should be given as arrays if you want to specify +# multiple directories. +# +# directory, ssh_dir_manage, ssh_dir, authorized_keys_file, installuser, +# installkey, backuptag: +# +# Options for the bakupninja::server::sandbox define, check that +# definition for more info. +# +# Some notes about this handler: +# +# - When specifying a password, be sure to enclose it in single quotes, +# this is particularly important if you have any special characters, such +# as a $ which puppet will attempt to interpret resulting in a different +# password placed in the file than you expect! +# - There's no support for a 'local' type in backupninja's duplicity +# handler on version 0.9.6-4, which is the version available in stable and +# testing debian repositories by the time of this writing. +define backupninja::duplicity( $order = 90, + $ensure = present, + # options to the config file + $options = false, + $nicelevel = false, + $testconnect = false, + $tmpdir = false, + # [gpg] + $sign = false, + $encryptkey = false, + $signkey = false, + $password = false, + # [source] + $include = [ "/var/spool/cron/crontabs", + "/var/backups", + "/etc", + "/root", + "/home", + "/usr/local/*bin", + "/var/lib/dpkg/status*" ], + $exclude = [ "/home/*/.gnupg", + "/home/*/.local/share/Trash", + "/home/*/.Trash", + "/home/*/.thumbnails", + "/home/*/.beagle", + "/home/*/.aMule", + "/home/*/.gnupg", + "/home/*/.gpg", + "/home/*/.ssh", + "/home/*/gtk-gnutella-downloads", + "/etc/ssh/*" ], + $vsinclude = false, + # [dest] + $incremental = "yes", + $increments = false, + $keep = false, + $keepincroffulls = false, + $bandwidthlimit = false, + $sshoptions = false, + $destdir = false, + $desthost = false, + $destuser = false, + $desturl = false, + # configs to backupninja client + $backupkeystore = $backupninja::keystore, + $backupkeystorefspath = $backupninja::keystorefspath, + $backupkeytype = $backupninja::keytype, + $backupkeydest = $backupninja::keydest, + $backupkeydestname = $backupninja::keydestname, + # options to backupninja server sandbox + $ssh_dir_manage = true, + $ssh_dir = "${destdir}/.ssh", + $authorized_keys_file = 'authorized_keys', + $installuser = true, + $backuptag = "backupninja-${::fqdn}", + # key options + $createkey = false, + $keymanage = $backupninja::keymanage ) { + + # install client dependencies + ensure_resource('package', 'duplicity', {'ensure' => $backupninja::ensure_duplicity_version}) + + case $desthost { false: { err("need to define a destination host for remote backups!") } } + case $destdir { false: { err("need to define a destination directory for remote backups!") } } + case $password { false: { err("a password is necessary either to unlock the GPG key, or for symmetric encryption!") } } + + # guarantees there's a configured backup space for this backup + backupninja::server::sandbox { "${user}-${name}": + user => $destuser, + host => $desthost, + dir => $destdir, + manage_ssh_dir => $ssh_dir_manage, + ssh_dir => $ssh_dir, + authorized_keys_file => $authorized_keys_file, + installuser => $installuser, + backuptag => $backuptag, + backupkeys => $backupkeystore, + keytype => $backupkeytype, + } + + # the client's ssh key + backupninja::key { "${destuser}-${name}": + user => $destuser, + createkey => $createkey, + keymanage => $keymanage, + keytype => $backupkeytype, + keystore => $backupkeystore, + keystorefspath => $backupkeystorefspath, + keydest => $backupkeydest, + keydestname => $backupkeydestname + } + + # the backupninja rule for this duplicity backup + file { "${backupninja::configdir}/${order}_${name}.dup": + ensure => $ensure, + content => template('backupninja/dup.conf.erb'), + owner => root, + group => root, + mode => 0600, + require => File["${backupninja::configdir}"] + } + + if $backupninja::manage_nagios { + nagios::service::passive { $nagios_description: } + } + +} + |