added backup state and handled known_hosts

2017-08-21 20:31:12 +00:00 · 2017-08-21 20:31:12 +00:00 · 037fd19b0f
commit 037fd19b0f
parent aa106b5d52
18 changed files with 154 additions and 4 deletions
--- a/merge.sh
+++ b/merge.sh
--- a/pillars/roles/backup/init.sls
+++ b/pillars/roles/backup/init.sls
@ -3,7 +3,7 @@ include:
  - roles.backup.none
 {%- if grains['roles'] is defined -%}
  {%- if grains['roles'] is not none -%}
-    {%- if 'portal' in grains['roles'] -%}
+    {%- if 'backup' in grains['roles'] -%}
      {%- for state in states %}
        {%- if state.startswith("pillars.roles.backup.") -%}
          {%- set role = state.split('.')[3] %}
--- a/pillars/roles/backup/none.sls
+++ b/pillars/roles/backup/none.sls
--- a/pillars/roles/backup/radarr.sls
+++ b/pillars/roles/backup/radarr.sls
@ -1,6 +1,9 @@
 backup:
  radarr:
    location: /var/lib/radarr
+    rsync_user: backups
+    key: backups_key
+    host: host.actcur.com
    user: radarr
    group: radarr
    fmode: 644
--- a/pillars/servers/env/server/archhost1.sls
+++ b/pillars/servers/env/server/archhost1.sls
@ -0,0 +1 @@
+env: prod
--- a/pillars/servers/maintainer/server/archhost1.sls
+++ b/pillars/servers/maintainer/server/archhost1.sls
@ -0,0 +1,3 @@
+maintainer:
+  - masaufuku
+
--- a/pillars/servers/roles/server/archhost1.sls
+++ b/pillars/servers/roles/server/archhost1.sls
@ -0,0 +1,6 @@
+grains:
+  roles:
+    - server
+    - ssh
+    - saltminion
+    - backup
--- a/states/roles/maintain/backup/backup.service
+++ b/states/roles/maintain/backup/backup.service
@ -0,0 +1,10 @@
+[Unit]
+Description=Runs backup.sh
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/bin/bash /root/scripts/backup.sh
+
+[Install]
+WantedBy=multi-user.target
--- a/states/roles/maintain/backup/backup.sh
+++ b/states/roles/maintain/backup/backup.sh
@ -0,0 +1,8 @@
+{% for name in bnames %}
+echo "Running {{ name }} backup `date`" > /root/scripts/backup.log
+mkdir -p /mnt/butter/backups/configurations/{{ name }}/archive >> /root/scripts/backup.log;
+tar -cvzf "/mnt/butter/backups/configurations/{{ name }}/archive/`date +%F`.tar.gz" "/mnt/butter/backups/configurations/{{ name }}/latest/" >> /root/scripts/backup.log;
+echo "Removing {{ name }} backups older then 90 days" >> /root/scripts/backup.log
+find "/mnt/butter/backups/configurations/{{ name }}/archive" -mtime +90 -exec rm {} \; >> /root/scripts/backup.log
+echo "Finished {{ name }} backup" >> /root/scripts/backup.log
+{% endfor %}
--- a/states/roles/maintain/backup/backup.timer
+++ b/states/roles/maintain/backup/backup.timer
@ -0,0 +1,10 @@
+[Unit]
+Description=Daily Timer
+
+[Timer]
+OnCalendar=weekly
+AccuracySec=2h
+Unit=backup.service
+
+[Install]
+WantedBy=multi-user.target
--- a/states/roles/maintain/backup/init.sls
+++ b/states/roles/maintain/backup/init.sls
@ -0,0 +1,34 @@
+"/root/scripts/backup.sh":
+  file.managed:
+    - source: salt://roles/maintain/backup/backup.sh
+    - user: root
+    - group: root
+    - mode: 644
+    - makedirs: true
+    - template: jinja
+    - context:
+      bnames: {{ pillar['backup'] }}
+
+"/usr/lib/systemd/system/backup.service":
+  file.managed:
+    - source: salt://roles/maintain/backup/backup.service
+    - user: root
+    - group: root
+    - mode: 644
+
+"/usr/lib/systemd/system/backup.timer":
+  file.managed:
+    - source: salt://roles/maintain/backup/backup.timer
+    - user: root
+    - group: root
+    - mode: 644
+
+"backup.timer":
+  service.running:
+    - enable: true
+
+"backup-reload":
+  module.run:
+    - name: service.systemctl_reload
+    - onchanges:
+      - file: /usr/lib/systemd/system/*
--- a/states/roles/maintain/gitlab/conf_files/production.rb
+++ b/states/roles/maintain/gitlab/conf_files/production.rb
--- a/states/roles/maintain/radarr/init.sls
+++ b/states/roles/maintain/radarr/init.sls
--- a/states/systems/core/backup/init.sls
+++ b/states/systems/core/backup/init.sls
@ -0,0 +1,68 @@
+
+{%- if 'backup' in pillar['grains']['roles'] -%}
+{%- else -%}
+  {##ensure that backup pillar exists##}
+  {%- if pillar['backup'] is defined -%}
+    {##restore directories from backup##}
+    {%- for name in pillar['backup'] %}
+      {%- if pillar['backup'][name]['location'] is defined %}
+
+        {%- if pillar['backup'][name]['key'] is defined %}
+{{ name }}_key:
+  file.managed:
+    - name: /root/.ssh/{{ pillar['backup'][name]['key'] }}
+    - source: salt://systems/core/backup/keys/{{ pillar['backup'][name]['key'] }}
+    - user: root
+    - group: root
+    - mode: 600
+    - makedirs: true
+#this should be made generic and/or added to all machines
+backup_host.actcur.com:
+  ssh_known_hosts.present:
+    - name: host.actcur.com
+    - hash_known_hosts: False
+    - user: root
+    - enc: ecdsa-sha2-nistp256
+    - key: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCnvAIi9HiYDsQCHPWPQrgdLTANveZ3K9v1+0iJDA2yEo67EfkFl7O9Go/pVkOoSjV+eWKQ9A7Az7aMY1tc9ur0="
+#need to add host entry in .ssh/config.d
+{{ name }}_config:
+  file.managed:
+    - name: /root/.ssh/config
+    - source: salt://systems/core/backup/ssh_config
+    - user: root
+    - group: root
+    - mode: 600
+    - makedirs: true
+{{ name }}_configd:
+  file.managed:
+    - name: /root/.ssh/config.d/{{ name }}
+    - source: salt://systems/core/backup/ssh_configd
+    - user: root
+    - group: root
+    - mode: 600
+    - makedirs: true
+    - template: jinja
+    - context:
+      cname: {{ name }}
+      chost: {{ pillar['backup'][name]['host'] }}
+      ckey: /root/.ssh/{{ pillar['backup'][name]['key'] }}
+      cuser: {{ pillar['backup'][name]['rsync_user'] }}
+        {% endif %}
+  #handle backing up w/ rsync
+rsync_{{ name }}:
+  pkg.installed:
+    - name: rsync
+backup_dir_{{ name }}:
+  cmd.run:
+    - name: "ssh {{ name }} 'mkdir -p /mnt/butter/backups/configurations/{{ name }}/latest'"
+backup_{{ name }}:
+  rsync.synchronized:
+    - name: {{ name }}:/mnt/butter/backups/configurations/{{ name }}/latest
+    - source: {{ pillar['backup'][name]['location'] }}/
+    - prepare: true
+    - delete: true
+    - force: true
+      {%- endif -%}
+    {%- endfor %}
+  {%- endif %}
+{%- endif %}
--- a/states/systems/core/backup/ssh_config
+++ b/states/systems/core/backup/ssh_config
@ -0,0 +1 @@
+Include config.d/*
--- a/states/systems/core/backup/ssh_configd
+++ b/states/systems/core/backup/ssh_configd
@ -0,0 +1,4 @@
+Host {{ cname }}
+  Hostname {{ chost }}
+  IdentityFile {{ ckey }}
+  User {{ cuser }}
--- a/states/systems/core/mount/init.sls
+++ b/states/systems/core/mount/init.sls
@ -26,9 +26,10 @@ fuse-module:
  kmod.present:
    - name: fuse
    - persist: true
-host.actcur.com:
-  ssh_known_hosts:
-    - present
+mount_host.actcur.com:
+  ssh_known_hosts.present:
+    - name: host.actcur.com
+    - hash_known_hosts: False
    - user: root
    - enc: ecdsa-sha2-nistp256
    - key: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCnvAIi9HiYDsQCHPWPQrgdLTANveZ3K9v1+0iJDA2yEo67EfkFl7O9Go/pVkOoSjV+eWKQ9A7Az7aMY1tc9ur0="
--- a/states/top.sls
+++ b/states/top.sls
@ -17,6 +17,7 @@
    - systems.core.firewalld
    - systems.core.mount
    - systems.core.git
+    - systems.core.backup
 {%- if grains['roles'] is defined -%}
  {%- if grains['roles'] is not none -%}
    {%- for role in grains['roles'] %}