238 lines
4.9 KiB
Puppet
238 lines
4.9 KiB
Puppet
#wmdeit_backup
|
|
|
|
|
|
|
|
class wmdeit_backup(
|
|
$backup_dir = "/srv/backup",
|
|
$backup_key_file = "/root/.ssh/backup_key",
|
|
$backup_key,
|
|
$mnt_server = undef
|
|
|
|
) {
|
|
|
|
|
|
|
|
|
|
file {$backup_dir:
|
|
ensure => directory
|
|
} ->
|
|
file {"$backup_dir/mnt":
|
|
ensure => directory
|
|
} ->
|
|
file {"$backup_dir/backup.sh":
|
|
ensure => absent,
|
|
content => "#!/bin/bash\n/usr/bin/rsnapshot -c $backup_dir/\$1 daily && we=\$(LC_TIME=C date +%A) && if [ \$we = \"Friday\" ]; then /usr/bin/rsnapshot -c $backup_dir/\$1 weekly; fi",
|
|
mode => '755',
|
|
}
|
|
|
|
if $mnt_server {
|
|
mount {"$backup_dir/mnt":
|
|
device => "sshfs#$mnt_server",
|
|
fstype => "fuse",
|
|
ensure => mounted,
|
|
require => File["$backup_dir/mnt"],
|
|
options => defaults,
|
|
remounts => false
|
|
}
|
|
}
|
|
|
|
|
|
|
|
package { ["rsnapshot","sshfs"]:
|
|
ensure => installed,
|
|
}
|
|
|
|
file { "/root/.ssh":
|
|
ensure => directory,
|
|
mode => "600",
|
|
} ->
|
|
file {"$backup_key_file":
|
|
ensure => file,
|
|
content => $backup_key,
|
|
mode => "600",
|
|
}
|
|
}
|
|
|
|
|
|
define wmdeit_backup::scpbackup (
|
|
$weekday = 0
|
|
|
|
) {
|
|
$dir = $title
|
|
|
|
$bname = $title
|
|
$backup_key_file = $wmdeit_backup::backup_key_file
|
|
$backup_pub_key_file = "/tmp/backup_pub.pem"
|
|
$privkey = "/root/${title}_privkey"
|
|
$backup_dir = $wmdeit_backup::backup_dir
|
|
$shellscript = "$backup_dir/backup-scp-$title.sh"
|
|
|
|
$tdir = "$backup_dir/$dir/daily.0"
|
|
|
|
exec {"pubkey":
|
|
command => "/usr/bin/openssl rsa -in $backup_key_file -pubout -out $backup_pub_key_file",
|
|
}
|
|
|
|
file {"$shellscript":
|
|
require => Exec["pubkey"],
|
|
mode => "700",
|
|
ensure => file,
|
|
content => "#!/bin/sh
|
|
#Get current week of year modulo 2, so we can name our backups alternating backup1 and backup02
|
|
G=\$((`/bin/date +%V` % 2))
|
|
# create key
|
|
/usr/bin/openssl rand -hex 64 -out $privkey
|
|
# create encrypted backup
|
|
/usr/bin/openssl rsautl -encrypt -inkey $backup_pub_key_file -pubin -in $privkey -out $backup_dir/mnt/backup-$bname-0\$G-privkey.enc
|
|
cd $tdir
|
|
tar c ./ | xz -3 | openssl enc -aes-256-cbc -salt -pass file:$privkey > $backup_dir/mnt/backup-$bname-0\$G-tar.xz.enc
|
|
# upload backup to server
|
|
#scp $backup_dir/mnt/backup-$bname\$G-privkey.enc $server:backup-$bname\$G-privkey.enc
|
|
#rsync $backup_dir/mnt/backup-$bname\$G-tar.xz.enc $server:backup-$bname\$G-tar.xz.enc
|
|
rm $privkey
|
|
"
|
|
}
|
|
#
|
|
#
|
|
# exec {"/usr/bin/openssl rsa -in $backup_key_file -pubout -out $backup_pub_key_file":
|
|
# creates => $backup_pub_key_file
|
|
# }
|
|
#
|
|
|
|
cron {"scpbackup-$title":
|
|
weekday => $weekday,
|
|
hour => 23,
|
|
minute => 0,
|
|
command => "$shellscript"
|
|
}
|
|
|
|
|
|
}
|
|
|
|
class wmdeit_backup::mysqldump_all (
|
|
$hour = 20, # Start SQL-Dump by default after Tagesschau
|
|
$minute = 15
|
|
){
|
|
|
|
$mysql = '/usr/bin/mysql'
|
|
$mysqldump = '/usr/bin/mysqldump'
|
|
|
|
cron {'mysqldump':
|
|
ensure => present,
|
|
user => root,
|
|
command => "$mysql -N -e 'show databases' | while read dbname; do $mysqldump --complete-insert --routines --triggers --single-transaction --max_allowed_packet=512M \"\$dbname\" > /var/backups/\"\$dbname\".sql; done",
|
|
|
|
hour => $hour,
|
|
minute => $minute,
|
|
}
|
|
}
|
|
|
|
|
|
|
|
define wmdeit_backup::backup(
|
|
|
|
$ssh_port = 22,
|
|
$server=$title,
|
|
$dirs = ["/"],
|
|
$local_dir = "./",
|
|
$retain_daily = 30,
|
|
$retain_weekly = 24,
|
|
$retain_monthly = 0,
|
|
$daily_hour = 3,
|
|
$daily_minute = 0,
|
|
|
|
) {
|
|
$bname = $title
|
|
$backup_dir = $wmdeit_backup::backup_dir
|
|
$backup_key_file = $wmdeit_backup::backup_key_file
|
|
|
|
if $daily_hour > 23 {
|
|
$idaily_hour = $daily_hour - 23
|
|
}
|
|
else {
|
|
$idaily_hour = $daily_hour
|
|
}
|
|
|
|
|
|
if $idaily_hour-1 < 0 {
|
|
$weekly_hour = $idaily_hout+23
|
|
}
|
|
else {
|
|
$weekly_hour = $idaily_hour-1
|
|
}
|
|
$weekly_minute = $daily_minute
|
|
|
|
cron {"daily_backup$title":
|
|
ensure => present,
|
|
hour => $idaily_hour,
|
|
minute => $daily_minute,
|
|
command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf daily",
|
|
user => 'root'
|
|
}
|
|
|
|
if $retain_weekly != 0 {
|
|
$retain_weekly_string = "retain\tweekly\t$retain_weekly"
|
|
$weekly_cron = present
|
|
}
|
|
else {
|
|
$weekly_cron = absent
|
|
}
|
|
|
|
cron {"weekly_backup$title":
|
|
ensure => present,
|
|
hour => $weekly_hour,
|
|
minute => $weekly_minute,
|
|
weekday => 0,
|
|
command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf weekly",
|
|
user => 'root'
|
|
}
|
|
|
|
if $retain_monthly != 0 {
|
|
$retain_monthly_string = "retain\tmonthly\t$retain_monthly"
|
|
$monthly_cron = present
|
|
}
|
|
else {
|
|
$monthly_cron = absent
|
|
}
|
|
|
|
cron {"monthly_backup$title":
|
|
ensure => $monthly_cron,
|
|
monthday => 1,
|
|
hour => 1,
|
|
minute => 0,
|
|
command => "/usr/bin/rsnapshot -c $backup_dir/$bname.conf monthly",
|
|
user => 'root'
|
|
}
|
|
|
|
|
|
|
|
|
|
$bdirs = join ($dirs.map | String $dir| {
|
|
"backup root@$server:$dir\t$local_dir\n"
|
|
},"")
|
|
|
|
file {"$backup_dir/$bname.conf":
|
|
ensure => file,
|
|
content => "config_version 1.2
|
|
snapshot_root $backup_dir/$bname
|
|
cmd_cp /bin/cp
|
|
cmd_rm /bin/rm
|
|
cmd_rsync /usr/bin/rsync
|
|
cmd_ssh /usr/bin/ssh
|
|
cmd_logger /usr/bin/logger
|
|
retain daily $retain_daily
|
|
$retain_weekly_string
|
|
$retain_monthly_string
|
|
|
|
verbose 2
|
|
loglevel 3
|
|
lockfile /var/run/rsnapshot-$bname.pid
|
|
ssh_args -p $ssh_port -i $backup_key_file
|
|
rsync_long_args --delete --numeric-ids --relative --delete-excluded
|
|
|
|
$bdirs
|
|
|
|
"
|
|
}
|
|
}
|