Browse Source

bundles/backup-{client,server}: use node names, only deploy users to correct backup server

main
Franzi 2 weeks ago
parent
commit
3e0269ba99
Signed by: kunsi GPG Key ID: 12E3D2136B818350
  1. 8
      bundles/backup-client/files/generate-backup
  2. 11
      bundles/backup-client/items.py
  3. 8
      bundles/backup-server/metadata.py
  4. 2
      groups/os.py
  5. 2
      nodes/home/nas.py

8
bundles/backup-client/files/generate-backup

@ -2,7 +2,9 @@
statusfile=/var/tmp/backup.monitoring
ssh_login="${username}@${server}"
ssh_cmnd="ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}"
<%text>
NL=$'\n'
if ! [[ -f /etc/backup.priv ]]
@ -32,7 +34,7 @@ do_backup() {
# Compress level 1 is a good compromise between speed and cpu usage.
rsync --compress-level=1 -aAP --numeric-ids --delete --relative \
--rsync-path="/usr/bin/rsync --fake-super" \
-e "ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}" \
-e "$ssh_cmnd" \
"$1" "$ssh_login":backups/
# Exit code 24 means some files have vanished during rsync.
@ -52,13 +54,13 @@ do_backup() {
if [[ "$backup_has_successfully_run" != "yes" ]]
then
echo "Backup for '$1' did not succeed!" | logger -t backup-client -p user.error
<%text>
rsync_errors+="${NL}${1}${rsync_errorcodes_for_this_path}"
</%text>
fi
}
rsync_errors=""
</%text>
% for path in sorted(paths):
do_backup "${path}"
% endfor

11
bundles/backup-client/items.py

@ -22,22 +22,19 @@ if node.metadata.get('backups/exclude_from_backups', False):
'delete': True,
}
else:
if ':' in node.metadata['backup-client']['server']:
server, port = node.metadata['backup-client']['server'].split(':')
else:
server = node.metadata['backup-client']['server']
port = 22
backup_target = repo.get_node(node.metadata.get('backup-client/target'))
files['/usr/local/bin/generate-backup'] = {
'content_type': 'mako',
'context': {
'username': node.metadata['backup-client']['user-name'],
'server': server,
'port': port,
'server': backup_target.metadata.get('backup-server/my_hostname'),
'port': backup_target.metadata.get('backup-server/my_ssh_port'),
'paths': backup_paths,
},
'mode': '0700',
}
files['/etc/backup.priv'] = {
'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
'mode': '0400',

8
bundles/backup-server/metadata.py

@ -1,4 +1,7 @@
defaults = {
'backup-server': {
'my_ssh_port': 22,
},
'openssh': {
'allowed_users': {
# Usernames for backup clients always start with 'c-'
@ -9,6 +12,7 @@ defaults = {
@metadata_reactor.provides(
'backup-server/clients',
'backup-server/my_hostname',
)
def get_my_clients(metadata):
my_clients = {}
@ -17,6 +21,9 @@ def get_my_clients(metadata):
if not rnode.has_bundle('backup-client') or rnode.metadata.get('backups/exclude_from_backups', False):
continue
if node.name != rnode.metadata.get('backup-client/target'):
continue
my_clients[rnode.name] = {
'user': rnode.metadata.get('backup-client/user-name'),
}
@ -24,6 +31,7 @@ def get_my_clients(metadata):
return {
'backup-server': {
'clients': my_clients,
'my_hostname': metadata.get('hostname'),
},
}

2
groups/os.py

@ -38,7 +38,7 @@ groups['linux'] = {
},
},
'backup-client': {
'server': 'backup-kunsi.htz-hel.kunbox.net',
'target': 'htz-hel.backup-kunsi',
},
'firewall': {
'port_rules': {

2
nodes/home/nas.py

@ -55,6 +55,8 @@ nodes['home.nas'] = {
'user': 'kunsi-t470',
},
},
'my_hostname': 'franzi-home.kunbox.net',
'my_ssh_port': 2022,
'zfs-base': 'storage/backups',
},
'cron': {

Loading…
Cancel
Save