Initial commit

2020-09-16 19:02:13 +02:00 · 2020-09-16 19:02:13 +02:00 · 6733f1a951
parent f1582f8953
commit 6733f1a951
1 changed files with 233 additions and 0 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -0,0 +1,233 @@
 #wmdeit_backup
 class wmdeit_backup(
 	$backup_dir = "/srv/backup",
 	$backup_key_file = "/root/.ssh/backup_key",
 	$backup_key,
 	$mnt_server = undef
 ) {
 	file {$backup_dir:
 		ensure => directory
 	}  -> 
 	file {"$backup_dir/mnt":
 		ensure => directory
 	} ->
 	file {"$backup_dir/backup.sh":
 		ensure => absent,
 		content => "#!/bin/bash\n/usr/bin/rsnapshot -c $backup_dir/\$1 daily && we=\$(LC_TIME=C date +%A) && if [ \$we = \"Friday\" ]; then /usr/bin/rsnapshot -c $backup_dir/\$1 weekly; fi",
 		mode => '755',
 	}
 	if $mnt_server {
 		mount {"$backup_dir/mnt":
 			device => "sshfs#$mnt_server",
 			fstype => "fuse",
 			ensure => mounted,
 			require => File["$backup_dir/mnt"],
 			options => defaults,
 			remounts => false
 		} 
 	}
 	package { ["rsnapshot","sshfs"]:
 		ensure => installed,
 	}
 	file { "/root/.ssh":
 		ensure => directory,
 		mode => "600",
 	} ->
 	file {"$backup_key_file":
 		ensure => file,
 		content => $backup_key,
 		mode => "600",
 	}
 }
 define wmdeit_backup::scpbackup (
 	$weekday = 0
 ) {
 	$dir = $title
 	$bname = $title
 	$backup_key_file = $wmdeit_backup::backup_key_file
 	$backup_pub_key_file = "/tmp/backup_pub.pem" 
 	$privkey = "/root/${title}_privkey"
 	$backup_dir = $wmdeit_backup::backup_dir 
 	$shellscript = "$backup_dir/backup-scp-$title.sh"
 	$tdir = "$backup_dir/$dir/daily.0"
 	file {"$shellscript":
 		mode => "700",
 		ensure => file,
 		content => "#!/bin/sh
 #Get current week of year modulo 2, so we can name our backups alternating backup1 and backup02 
 G=\$((`/bin/date +%V` % 2))
 # create key
 /usr/bin/openssl rand -hex 64 -out $privkey
 # create encrypted backup
 /usr/bin/openssl rsautl -encrypt -inkey $backup_pub_key_file -pubin -in $privkey -out  $backup_dir/mnt/backup-$bname-0\$G-privkey.enc
 cd $tdir
 tar  c ./ | xz -3  |  openssl enc -aes-256-cbc -salt -pass file:$privkey > $backup_dir/mnt/backup-$bname-0\$G-tar.xz.enc
 # upload backup to server
 #scp $backup_dir/mnt/backup-$bname\$G-privkey.enc $server:backup-$bname\$G-privkey.enc
 #rsync $backup_dir/mnt/backup-$bname\$G-tar.xz.enc $server:backup-$bname\$G-tar.xz.enc 
 rm $privkey
 "
 	}
 #
 #
 #	exec {"/usr/bin/openssl rsa -in $backup_key_file -pubout -out $backup_pub_key_file":
 #		creates => $backup_pub_key_file
 #	}
 #
 	cron {"scpbackup-$title":
 		weekday => $weekday,
 		hour => 23,
 		minute => 0,
 		command => "$shellscript"
 	}
 }
 class wmdeit_backup::mysqldump_all (
 	$hour = 20,		# Start SQL-Dump by default after Tagesschau
 	$minute = 15
 	){
 	$mysql = '/usr/bin/mysql'
 	$mysqldump = '/usr/bin/mysqldump'
 	cron {'mysqldump':
 		ensure => present,
 		user => root,	
 		command => "$mysql -N -e 'show databases' | while read dbname; do $mysqldump --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M \"\$dbname\" > /var/backups/\"\$dbname\".sql; done",
 		hour => $hour,
 		minute => $minute,
 	}
 }
 define wmdeit_backup::backup(
 	$ssh_port = 22, 
 	$server=$title,
 	$dirs = ["/"],
 	$local_dir = "./",
 	$retain_daily = 30,
 	$retain_weekly = 24,
 	$retain_monthly = 0,
 	$daily_hour = 3,
 	$daily_minute = 0,
 ) {
 	$bname = $title
 	$backup_dir = $wmdeit_backup::backup_dir 
 	$backup_key_file = $wmdeit_backup::backup_key_file
 	if $daily_hour > 23 {
 		$idaily_hour = $daily_hour - 23
 	}
 	else {
 		$idaily_hour = $daily_hour 
 	}
 	if $idaily_hour-1 < 0 {
 		$weekly_hour = $idaily_hout+23
 	}
 	else {
 		$weekly_hour = $idaily_hour-1
 	}
 	$weekly_minute = $daily_minute
 	cron {"daily_backup$title":
 		ensure => present,
 		hour => $idaily_hour,
 		minute => $daily_minute,
 		command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf daily",
 		user => 'root'
 	}
 	if $retain_weekly != 0 {
 		$retain_weekly_string = "retain\tweekly\t$retain_weekly"
 		$weekly_cron = present
 	}
 	else {
 		$weekly_cron = absent
 	}	
 	cron {"weekly_backup$title":
 		ensure => present,
 		hour => $weekly_hour,
 		minute => $weekly_minute,
 		weekday => 0,
 		command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf weekly",
 		user => 'root'
 	}
 	if $retain_monthly != 0 {
 		$retain_monthly_string = "retain\tmonthly\t$retain_monthly"
 		$monthly_cron = present
 	}
 	else {
 		$monthly_cron = absent
 	}
 	cron {"monthly_backup$title":
 		ensure => $monthly_cron,
 		monthday => 1,
 		hour => 1,
 		minute => 0,
 		command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf monthly",
 		user => 'root'
 	}
 	$bdirs = join ($dirs.map | String $dir| {
 		"backup	root@$server:$dir\t$local_dir\n"
 	},"")
 	file {"$backup_dir/$bname.conf":
 		ensure => file,
 		content => "config_version	1.2
 snapshot_root	$backup_dir/$bname
 cmd_cp		/bin/cp
 cmd_rm		/bin/rm
 cmd_rsync	/usr/bin/rsync
 cmd_ssh		/usr/bin/ssh
 cmd_logger	/usr/bin/logger
 retain	daily	$retain_daily
 $retain_weekly_string
 $retain_monthly_string
 verbose		2
 loglevel	3
 lockfile	/var/run/rsnapshot-$bname.pid
 ssh_args	-p $ssh_port -i $backup_key_file
 rsync_long_args	--delete --numeric-ids --relative --delete-excluded 
 $bdirs
 "			
 	}
 }