Add dirvish module

Author: GregSutcliffe

.gitignore

@@ -0,0 +1 @@
+*.swp

modules/dirvish/Modulefile

@@ -0,0 +1,11 @@
+name    'gwmngilfen-dirvish'
+version '0.0.1'
+source 'UNKNOWN'
+author 'gwmngilfen'
+license 'Apache License, Version 2.0'
+summary 'UNKNOWN'
+description 'UNKNOWN'
+project_page 'UNKNOWN'
+
+## Add dependencies, if any:
+dependency 'puppetlasbs/stdlib'

modules/dirvish/README

@@ -0,0 +1,42 @@
+dirvish
+
+Module for creating and managing a backup solution using Dirvish
+
+Dependencies
+------------
+
+* puppetlabs-stdlib
+
+Parameters
+----------
+
+[*backup_location*]
+  The core path that the backups should live in. Defaults to "/srv/backups". The
+  parent of this path should exist, or Puppet will be unable to create the dir.
+
+Examples
+--------
+
+    class { dirvish:
+      backup_location => '/backups'
+    }
+
+Copyright
+---------
+
+Copyright 2013 Greg Sutcliffe
+
+License
+-------
+
+GPL3
+
+Contact
+-------
+
+Greg Sutcliffe <[email protected]>
+
+Support
+-------
+
+Please log tickets and issues at my [github page](https://github/GregSutcliffe/puppet-dirvish)

modules/dirvish/lib/puppet/parser/functions/ssh_keygen.rb

@@ -0,0 +1,60 @@
+# Forked from https://github.com/fup/puppet-ssh @ 59684a8ae174
+#
+# Arguments
+#   0: The keyname (e.g. id_rsa)
+#   1: (optional) the keytype to read (public or private)
+#
+module Puppet::Parser::Functions
+  newfunction(:ssh_keygen, :type => :rvalue) do |args|
+    args[1].nil? ? request = :public : request = args[1].to_sym
+
+    config = {
+      :ssh_dir      => 'ssh',
+      :ssh_comment  => args[0].chomp,
+      :ssh_key_type => 'rsa',
+
+    }
+
+    File.directory?('/etc/puppetlabs/puppet') ? config[:basedir] = '/etc/puppetlabs/puppet' : config[:basedir] = '/etc/puppet'
+
+    # Error Handling
+    unless args.length >= 1 then
+      raise Puppet::ParseError, "ssh_keygen(): wrong number of arguments (#{args.length}; must be > 1)"
+    end
+
+    unless (request == :public || request == :private) then
+      raise Puppet::ParseError, "ssh_keygen(): invalid key type (#{request}; must be 'public' or 'private')"
+    end
+
+    # Make sure to write out a directory to init if necessary
+    begin
+      if !File.directory?("#{config[:basedir]}/#{config[:ssh_dir]}")
+        Dir::mkdir("#{config[:basedir]}/#{config[:ssh_dir]}")
+      end
+    rescue => e
+      raise Puppet::ParseError, "ssh_keygen(): Unable to setup ssh keystore directory (#{e})"
+    end
+
+    # Do my keys exist? Well, keygen if they don't!
+    begin
+      unless File.exists?("#{config[:basedir]}/#{config[:ssh_dir]}/#{config[:ssh_comment]}") then
+        %x[/usr/bin/ssh-keygen -t #{config[:ssh_key_type]} -P '' -f #{config[:basedir]}/#{config[:ssh_dir]}/#{config[:ssh_comment]}]
+      end
+    rescue => e
+      raise Puppet::ParseError, "ssh_keygen(): Unable to generate ssh key (#{e})"
+    end
+
+    # Return ssh key content based on request
+    begin
+      case request
+      when :private
+        return File.open("#{config[:basedir]}/#{config[:ssh_dir]}/#{config[:ssh_comment]}").read
+      else
+        pub_key = File.open("#{config[:basedir]}/#{config[:ssh_dir]}/#{config[:ssh_comment]}.pub").read
+        return pub_key.scan(/^.* (.*) .*$/)[0][0]
+      end
+    rescue => e
+      raise Puppet::ParseError, "ssh_keygen(): Unable to read ssh #{request.to_s} key (#{e})"
+    end
+  end
+end

modules/dirvish/manifests/client.pp

@@ -0,0 +1,34 @@
+# Trivial class to include the dirvish keys on the clients
+#
+# Requires that /root/.ssh/authorized_keys is present
+#
+class dirvish::client (
+  $pre_script = 'undef'
+) {
+
+  # Read the dirvish key from the puppetmaster
+  $pub_key  = ssh_keygen('dirvish_key','public')
+
+  file_line { 'dirvish_ssh_pubkey':
+    ensure => present,
+    path   => '/root/.ssh/authorized_keys',
+    line   => "ssh-rsa ${pub_key} dirvish_key\n",
+  }
+
+  $content = $pre_script ? {
+    'undef' => template('dirvish/pre_client.sh.erb'),
+    default => $pre_script,
+  }
+
+  # Basic pre-run script
+  file { '/etc/dirvish_pre_client':
+    owner   => 'root',
+    group   => 'root',
+    mode    => 0755,
+    content => $content,
+  }
+
+  # Dirvish depends on rsync
+  package { 'rsync': ensure => installed }
+
+}

modules/dirvish/manifests/config.pp

@@ -0,0 +1,13 @@
+class dirvish::config {
+
+  # The main config file
+  file { '/etc/dirvish/master.conf':
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    content => template('dirvish/master.conf.erb')
+  }
+
+  create_resources(dirvish::vault,$::dirvish::vaults)
+
+}

modules/dirvish/manifests/init.pp

@@ -0,0 +1,12 @@
+class dirvish(
+  $backup_location = $dirvish::params::backup_location,
+  $vaults          = $dirvish::params::vaults
+) inherits dirvish::params {
+
+  anchor { 'dirvish::start':   } ->
+  class  { 'dirvish::install': } ~>
+  class  { 'dirvish::config':  } ~>
+  class  { 'dirvish::service': } ~>
+  anchor { 'dirvish::end':     }
+
+}

modules/dirvish/manifests/install.pp

@@ -0,0 +1,41 @@
+class dirvish::install {
+
+  package { 'dirvish': ensure => installed }
+
+  file { $::dirvish::backup_location:
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => 0755,
+  }
+
+  file { "${::dirvish::backup_location}/ssh":
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => 0700,
+  }
+
+  # This clever function creates SSH keys on the puppetmaster and allows them to
+  # be read back and passed to the puppet clients
+
+  # Read the dirvish SSH key (and create it if necessary)
+
+  $pub_key  = ssh_keygen('dirvish_key','public')
+  $priv_key = ssh_keygen('dirvish_key','private')
+
+  file { "${::dirvish::backup_location}/ssh/dirvish_key":
+    owner   => 'root',
+    group   => 'root',
+    mode    => 0400,
+    content => "${priv_key}",
+  }
+
+  file { "${::dirvish::backup_location}/ssh/dirvish_key.pub":
+    owner   => 'root',
+    group   => 'root',
+    mode    => 0644,
+    content => "ssh-rsa ${pub_key} dirvish_key\n",
+  }
+
+}

modules/dirvish/manifests/params.pp

@@ -0,0 +1,18 @@
+class dirvish::params {
+
+  # The place to store the backups
+  $backup_location  = "/srv/backups"
+
+  # The backups to perform. This is an example.
+  $vaults = {
+    test       => {
+      client   => 'myclient',
+      tree     => '/etc',
+      excludes => [
+        '*hosts*',
+        '/etc/puppet'
+      ]
+    }
+  }
+
+}

modules/dirvish/manifests/service.pp

@@ -0,0 +1,11 @@
+class dirvish::service {
+
+  # Dirvish runs from a cronjob
+  cron { 'dirvish':
+    command => '/etc/dirvish/dirvish-cronjob',
+    user    => root,
+    hour    => '2',
+    minute  => '45'
+  }
+
+}

modules/dirvish/manifests/vault.pp

@@ -0,0 +1,41 @@
+define dirvish::vault(
+  $client,
+  $tree,
+  $excludes = [],
+) {
+
+  file { "${::dirvish::backup_location}/${name}":
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => 0644,
+  }
+  ->
+  file { "${::dirvish::backup_location}/${name}/dirvish":
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => 0644,
+  }
+  ->
+  file { "${::dirvish::backup_location}/${name}/dirvish/default.conf":
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => 0644,
+    content => template('dirvish/vault.erb')
+  }
+  ~>
+  # Initialize the vault. This could take a while, so we disable the timeout.
+  # By using both creates and refreshonly, we hopefully avoid re-running this
+  # when the 'initial' image rotates out
+  exec { "Initialize Dirvish Vault: ${name}":
+    timeout     => 0,
+    command     => "/usr/sbin/dirvish --init --vault ${name} --image initial",
+    refreshonly => true,
+    creates     => "${::dirvish::backup_location}/${name}/initial",
+    require     => File['/etc/dirvish/master.conf'],
+  }
+
+
+}

modules/dirvish/metadata.json

@@ -0,0 +1,27 @@
+{
+  "name": "gwmngilfen-dirvish",
+  "version": "0.0.1",
+  "source": "UNKNOWN",
+  "author": "gwmngilfen",
+  "license": "Apache License, Version 2.0",
+  "summary": "UNKNOWN",
+  "description": "UNKNOWN",
+  "project_page": "UNKNOWN",
+  "dependencies": [
+    {
+      "name": "puppetlasbs/stdlib"
+    }
+  ],
+  "types": [
+
+  ],
+  "checksums": {
+    "Modulefile": "493e513efdb8d9827c02f5a27c94d1dd",
+    "README": "3bddea73d6f0704ec1c8ee6c317852b2",
+    "manifests/config.pp": "0047069e8d2e37086a555504e68de200",
+    "manifests/init.pp": "f2db347eace25388dc0d9df8af4df4f0",
+    "manifests/install.pp": "ccd8f1ef90dcf2b58f6993588a7c3007",
+    "manifests/params.pp": "d4eafe0cb718c59a46e319bb927e1215",
+    "manifests/service.pp": "3f19c780022c16b7a0b6b1b0bf5087d3"
+  }
+}

modules/dirvish/templates/master.conf.erb

@@ -0,0 +1,14 @@
+bank:
+  <%= scope.lookupvar('::dirvish::backup_location') %>
+
+exclude:
+  lost+found/
+  *~
+  .nfs*
+
+expire-default: +15 days
+
+Runall:
+<% scope.lookupvar('::dirvish::vaults').keys.each do |vault| -%>
+  <%= vault %>
+<% end -%>

modules/dirvish/templates/pre_client.sh.erb

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Puppet-created script run by the dirvish server before the backup is run
+# This is the default script which does nothing
+
+true

modules/dirvish/templates/vault.erb

@@ -0,0 +1,21 @@
+client: <%= client %>
+tree: <%= tree %>
+
+xdev: true
+index: gzip
+image-default: %Y%m%d
+
+rsh: ssh -oStrictHostKeyChecking=no -i<%= scope.lookupvar('::dirvish::backup_location') %>/ssh/dirvish_key
+
+# This script is created on all dirvish::client machines
+pre-client: /etc/dirvish_pre_client
+
+expire-rule:
+  mday { 1 } +6 months
+
+expire-default: +30 days
+
+<% unless excludes.empty? -%>
+exclude:
+  <%= excludes.join("\n  ") %>
+<% end -%>