summaryrefslogtreecommitdiff
path: root/manifests/server.pp
blob: 60332490434a57787102edb922f80d78e6f7ae24 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
class backupninja::server {

  $real_backupdir = $backupdir ? {
    '' => "/backup",
    default => $backupdir,
  }
  $real_usermanage = $usermanage ? {
    '' => 'doit',
    default => $usermanage
  }
  $real_backupserver_tag = $backupserver_tag ? {
    '' => $fqdn,
    default => $backupserver_tag
  }

  group { "backupninjas":
    ensure => "present",
    gid => 700
  }
  
  file { "$real_backupdir":
    ensure => "directory",
    mode => 0710, owner => root, group => "backupninjas"
  }
  
  User <<| tag == "backupninja-$real_backupserver_tag" |>>
  File <<| tag == "backupninja-$real_backupserver_tag" |>>
  Ssh_authorized_key <<| tag == "backupninja-$real_backupserver_tag" |>>

  package { [ "rsync", "rdiff-backup" ]: ensure => installed }

  # this define allows nodes to declare a remote backup sandbox, that have to
  # get created on the server
  define sandbox(
    $user = false, $host = false, $installuser = true, $dir = false, $manage_ssh_dir = true,
    $ssh_dir = false, $authorized_keys_file = false, $key = false, $key_type = 'ssh-dss', $backupkeys = false, $uid = false,
    $gid = "backupninjas", $backuptag = false)
  {
    
    $real_user = $user ? {
      false => $name,
      default => $user,
      '' => $name,
    }
    $real_host = $host ? {
      false => $fqdn,
      default => $host,
    }
    $real_backupkeys = $backupkeys ? {
      false => "$fileserver/keys/backupkeys",
      default => $backupkeys,
    }
    $real_dir = $dir ? {
      false => "${backupninja::server::real_backupdir}/$fqdn",
      default => $dir,
    }
    $real_ssh_dir = $ssh_dir ? {
      false => "${real_dir}/.ssh",
      default => $ssh_dir,
    }
    $real_authorized_keys_file = $authorized_keys_file ? {
      false => "authorized_keys",
      default => $authorized_keys_file,
    }
    $real_backuptag = $backuptag ? {
      false => "backupninja-$real_host",
      default => $backuptag,
    }
      
    @@file { "$real_dir":
      ensure => directory,
      mode => 0750, owner => $real_user, group => 0,
      tag => "$real_backuptag",
    }
    case $installuser {
      true: {
        case $manage_ssh_dir {
          true: {
            @@file { "${real_ssh_dir}":
              ensure => directory,
              mode => 0700, owner => $real_user, group => 0,
              require => File["$real_dir"],
              tag => "$real_backuptag",
            }
          }
        } 
	case $key {
	  false: {
            @@file { "${real_ssh_dir}/${real_authorized_keys_file}":
              ensure => present,
              mode => 0644, owner => 0, group => 0,
              source => "$real_backupkeys/${real_user}_id_rsa.pub",
              require => File["${real_ssh_dir}"],
              tag => "$real_backuptag",
            }
	  }
	  default: {
	    @@ssh_authorized_key{ $real_user:
	      type => $key_type,
              key => $key,
	      user => $real_user,
	      target => "${real_ssh_dir}/${real_authorized_keys_file}",
       	      tag => "$real_backuptag",
            }
          }
	}
        case $uid {
          false: {
            @@user { "$real_user":
              ensure  => "present",
              gid     => "$gid",
              comment => "$name backup sandbox",
              home    => "$real_dir",
              managehome => true,
              shell   => "/bin/sh",
              password => '*',
	      require => [ Group['backupninjas'], File["$real_dir"] ],
              tag => "$real_backuptag"
            }
          }
          default: {
            @@user { "$real_user":
              ensure  => "present",
              uid     => "$uid",
              gid     => "$gid",
              comment => "$name backup sandbox",
              home    => "$real_dir",
              managehome => true,
              shell   => "/bin/sh",
              password => '*',
	      require => [ Group['backupninjas'], File["$real_dir"] ],
              tag => "$real_backuptag"
            }
          }
        }
      }
    }
  }
}