bundles/backup-client: rework backup generation

2022-01-07 08:29:34 +01:00 · 2022-01-07 08:29:34 +01:00 · 14e4415e5f
commit 14e4415e5f
parent 4e5cb69d1c
6 changed files with 159 additions and 107 deletions
--- a/bundles/backup-client/items.py
+++ b/bundles/backup-client/items.py
@ -18,12 +18,25 @@ else:
    backup_paths = node.metadata.get('backups/paths', set())

 if node.metadata.get('backups/exclude_from_backups', False):
-    files['/etc/backup.priv'] = {
-        'delete': True,
-    }
+    # make sure nobody tries to do something funny
+    for file in [
+        '/etc/backup.priv',
+        '/usr/local/bin/generate-backup',
+        '/usr/local/bin/generate-backup-with-retries',
+        '/var/tmp/backup.monitoring', # status file
+    ]:
+        files[file] = {
+            'delete': True,
+        }
+
 else:
    backup_target = repo.get_node(node.metadata.get('backup-client/target'))

+    files['/etc/backup.priv'] = {
+        'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
+        'mode': '0400',
+    }
+
    files['/usr/local/bin/generate-backup'] = {
        'content_type': 'mako',
        'context': {
@ -35,9 +48,8 @@ else:
        'mode': '0700',
    }

-    files['/etc/backup.priv'] = {
-        'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
-        'mode': '0400',
+    files['/usr/local/bin/generate-backup-with-retries'] = {
+        'mode': '0700',
    }

 files['/usr/local/share/icinga/plugins/check_backup_last_run'] = {
@ -45,15 +57,13 @@ files['/usr/local/share/icinga/plugins/check_backup_last_run'] = {
 }

 files['/etc/logrotate.d/backup-client'] = {
-    'source': 'logrotate.conf',
+    'delete': True,
 }

 directories['/etc/backup-pre-hooks.d'] = {
    'purge': True,
 }

-directories['/var/log/backup-client'] = {}
-
 for hname, hcontent in node.metadata.get('backup-client/pre-hooks', {}).items():
    files[f'/etc/backup-pre-hooks.d/50-{hname}'] = {
        'content': '#!/bin/sh\n\n' + hcontent,