summaryrefslogtreecommitdiff
path: root/manifests/server.pp
blob: 790c93134bafe261c3da038e16ed5d8706973cac (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
class backupninja::server {

  $real_backupdir = $backupdir ? {
    '' => "/backup",
    default => $backupdir,
  }
  $real_usermanage = $usermanage ? {
    '' => 'doit',
    default => $usermanage
  }
  $real_backupserver_tag = $backupserver_tag ? {
    '' => $fqdn,
    default => $backupserver_tag
  }

  group { "backupninjas":
    ensure => "present",
    gid => 700
  }
  
  file { "$real_backupdir":
    ensure => "directory",
    mode => 0710, owner => root, group => "backupninjas"
  }
  
  User <<| tag == "backupninja-$real_backupserver_tag" |>>
  File <<| tag == "backupninja-$real_backupserver_tag" |>>

  # this define allows nodes to declare a remote backup sandbox, that have to
  # get created on the server
  define sandbox(
    $user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true,
    $ssh_dir = false, $authorized_keys_file = false, $backupkeys = false, $keytype = "rsa",
    $uid = false, $gid = "backupninjas", $backuptag = false)
  {
    
    $real_user = $name ? {
      false => $name,
      default => $user,
      '' => $name,
    }
    $real_host = $host ? {
      false => $fqdn,
      default => $host,
    }
    $real_backupkeys = $backupkeys ? {
      false => "$fileserver/keys/backupkeys",
      default => $backupkeys,
    }
    $real_dir = $dir ? {
      false => "${backupninja::server::real_backupdir}/$fqdn",
      default => $dir,
    }
    $real_ssh_dir = $ssh_dir ? {
      false => "${real_dir}/.ssh",
      default => $ssh_dir,
    }
    $real_authorized_keys_file = $authorized_keys_file ? {
      false => "authorized_keys",
      default => $authorized_keys_file,
    }
    $real_backuptag = $backuptag ? {
      false => "backupninja-$real_host",
      default => $backuptag,
    }
     
    if !defined(File["$real_dir"]) {
      @@file { "$real_dir":
        ensure => directory,
        mode => 0750, owner => $user, group => 0,
        tag => "$real_backuptag",
      }
    }
    case $installuser {
      true: {
        case $manage_ssh_dir {
          true: {
            if !defined(File["$real_ssh_dir"]) {
              @@file { "${real_ssh_dir}":
                ensure => directory,
                mode => 0700, owner => $user, group => 0,
                require => File["$real_dir"],
                tag => "$real_backuptag",
              }
            }
          }
        } 
        if !defined(File["${real_ssh_dir}/${real_authorized_keys_file}"]) {
          @@file { "${real_ssh_dir}/${real_authorized_keys_file}":
            ensure => present,
            mode => 0644, owner => 0, group => 0,
            source => "$real_backupkeys/${user}_id_${keytype}.pub",
            require => File["${real_ssh_dir}"],
            tag => "$real_backuptag",
          }
        }
        case $uid {
          false: {
            if !defined(User["$real_user"]) {
              @@user { "$real_user":
                ensure  => "present",
                gid     => "$gid",
                comment => "$name backup sandbox",
                home    => "$real_dir",
                managehome => true,
                shell   => "/bin/sh",
                password => '*',
                require => Group['backupninjas'],
                tag => "$real_backuptag"
              }
            }
          }
          default: {
              if !defined(User["$real_user"]) {
              @@user { "$real_user":
                ensure  => "present",
                uid     => "$uid",
                gid     => "$gid",
                comment => "$name backup sandbox",
                home    => "$real_dir",
                managehome => true,
                shell   => "/bin/sh",
                password => '*',
                require => Group['backupninjas'],
                tag => "$real_backuptag"
              }
            }
          }
        }
      }
    }
  }
}