bundles/backup-client: add backup-pre-hooks (fixes #24)

2021-02-07 20:47:22 +01:00 · 2021-02-07 20:47:22 +01:00 · 0d1e987a6f
parent a8690b13b8
commit 0d1e987a6f
3 changed files with 41 additions and 21 deletions
--- a/bundles/backup-client/files/check_backup_last_run
+++ b/bundles/backup-client/files/check_backup_last_run
@ -27,6 +27,12 @@ elif status[0] == 'rsync_error':
        ', '.join(status[1:])
    ))
    exit(2)
+elif status[0] == 'hook':
+    print('run-parts /etc/backup-pre-hook.d failed with exit code {}'.format(status[1]))
+    exit(2)
+elif status[0] == 'abort_no_key':
+    print('no ssh key found in /etc/backup.priv!')
+    exit(1)
 else:
    # garbage in file
    print(' '.join(status))
--- a/bundles/backup-client/files/generate-backup
+++ b/bundles/backup-client/files/generate-backup
@ -9,6 +9,14 @@ then
    exit 1
 fi

+run-parts --exit-on-error -- /etc/backup-pre-hooks.d
+exitcode=$?
+if [[ $exitcode != 0]]
+then
+    echo "hook $exitcode" > "$statusfile"
+    exit 1
+fi
+
 rsync_errors=""
 % for path in sorted(paths):
 rsync -zaAP --numeric-ids --delete --relative \
--- a/bundles/backup-client/items.py
+++ b/bundles/backup-client/items.py
@ -1,10 +1,8 @@
 from os.path import join

 if node.metadata['backups'].get('exclude_from_backups', False):
-    files = {
-        '/etc/backup.priv': {
-            'delete': True,
-        },
+    files['/etc/backup.priv'] = {
+        'delete': True,
    }
 else:
    if ':' in node.metadata['backup-client']['server']:
@ -13,23 +11,31 @@ else:
        server = node.metadata['backup-client']['server']
        port = 22

-    files = {
-        '/usr/local/bin/generate-backup': {
-            'content_type': 'mako',
-            'context': {
-                'username': node.metadata['backup-client']['user-name'],
-                'server': server,
-                'port': port,
-                'paths': node.metadata.get('backups', {}).get('paths', {}),
-            },
-            'mode': '0700',
-        },
-        '/usr/local/share/icinga/plugins/check_backup_last_run': {
-            'mode': '0755',
-        },
-        '/etc/backup.priv': {
-            'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
-            'mode': '0400',
+    files['/usr/local/bin/generate-backup'] = {
+        'content_type': 'mako',
+        'context': {
+            'username': node.metadata['backup-client']['user-name'],
+            'server': server,
+            'port': port,
+            'paths': node.metadata.get('backups', {}).get('paths', {}),
        },
+        'mode': '0700',
+    }
+    files['/etc/backup.priv'] = {
+        'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
+        'mode': '0400',
    }

+files['/usr/local/share/icinga/plugins/check_backup_last_run'] = {
+    'mode': '0755',
+}
+
+directories['/etc/backup-pre-hooks.d'] = {
+    'purge': True,
+}
+
+for hname, hcontent in node.metadata['backup-client'].get('pre-hooks', {}).items():
+    files[f'/etc/backup-pre-hooks.d/{hname}'] = {
+        'content': hcontent,
+        'mode': '0700',
+    }