bundles/backup-{client,server}: use node names, only deploy users to correct backup server
kunsi/bundlewrap/pipeline/head There was a failure building this commit Details

This commit is contained in:
Franzi 2022-01-04 17:14:55 +01:00
parent 05aa78c254
commit 3e0269ba99
Signed by: kunsi
GPG Key ID: 12E3D2136B818350
5 changed files with 20 additions and 11 deletions

View File

@ -2,7 +2,9 @@
statusfile=/var/tmp/backup.monitoring statusfile=/var/tmp/backup.monitoring
ssh_login="${username}@${server}" ssh_login="${username}@${server}"
ssh_cmnd="ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}"
<%text>
NL=$'\n' NL=$'\n'
if ! [[ -f /etc/backup.priv ]] if ! [[ -f /etc/backup.priv ]]
@ -32,7 +34,7 @@ do_backup() {
# Compress level 1 is a good compromise between speed and cpu usage. # Compress level 1 is a good compromise between speed and cpu usage.
rsync --compress-level=1 -aAP --numeric-ids --delete --relative \ rsync --compress-level=1 -aAP --numeric-ids --delete --relative \
--rsync-path="/usr/bin/rsync --fake-super" \ --rsync-path="/usr/bin/rsync --fake-super" \
-e "ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new -p ${port}" \ -e "$ssh_cmnd" \
"$1" "$ssh_login":backups/ "$1" "$ssh_login":backups/
# Exit code 24 means some files have vanished during rsync. # Exit code 24 means some files have vanished during rsync.
@ -52,13 +54,13 @@ do_backup() {
if [[ "$backup_has_successfully_run" != "yes" ]] if [[ "$backup_has_successfully_run" != "yes" ]]
then then
echo "Backup for '$1' did not succeed!" | logger -t backup-client -p user.error echo "Backup for '$1' did not succeed!" | logger -t backup-client -p user.error
<%text>
rsync_errors+="${NL}${1}${rsync_errorcodes_for_this_path}" rsync_errors+="${NL}${1}${rsync_errorcodes_for_this_path}"
</%text>
fi fi
} }
rsync_errors="" rsync_errors=""
</%text>
% for path in sorted(paths): % for path in sorted(paths):
do_backup "${path}" do_backup "${path}"
% endfor % endfor

View File

@ -22,22 +22,19 @@ if node.metadata.get('backups/exclude_from_backups', False):
'delete': True, 'delete': True,
} }
else: else:
if ':' in node.metadata['backup-client']['server']: backup_target = repo.get_node(node.metadata.get('backup-client/target'))
server, port = node.metadata['backup-client']['server'].split(':')
else:
server = node.metadata['backup-client']['server']
port = 22
files['/usr/local/bin/generate-backup'] = { files['/usr/local/bin/generate-backup'] = {
'content_type': 'mako', 'content_type': 'mako',
'context': { 'context': {
'username': node.metadata['backup-client']['user-name'], 'username': node.metadata['backup-client']['user-name'],
'server': server, 'server': backup_target.metadata.get('backup-server/my_hostname'),
'port': port, 'port': backup_target.metadata.get('backup-server/my_ssh_port'),
'paths': backup_paths, 'paths': backup_paths,
}, },
'mode': '0700', 'mode': '0700',
} }
files['/etc/backup.priv'] = { files['/etc/backup.priv'] = {
'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')), 'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
'mode': '0400', 'mode': '0400',

View File

@ -1,4 +1,7 @@
defaults = { defaults = {
'backup-server': {
'my_ssh_port': 22,
},
'openssh': { 'openssh': {
'allowed_users': { 'allowed_users': {
# Usernames for backup clients always start with 'c-' # Usernames for backup clients always start with 'c-'
@ -9,6 +12,7 @@ defaults = {
@metadata_reactor.provides( @metadata_reactor.provides(
'backup-server/clients', 'backup-server/clients',
'backup-server/my_hostname',
) )
def get_my_clients(metadata): def get_my_clients(metadata):
my_clients = {} my_clients = {}
@ -17,6 +21,9 @@ def get_my_clients(metadata):
if not rnode.has_bundle('backup-client') or rnode.metadata.get('backups/exclude_from_backups', False): if not rnode.has_bundle('backup-client') or rnode.metadata.get('backups/exclude_from_backups', False):
continue continue
if node.name != rnode.metadata.get('backup-client/target'):
continue
my_clients[rnode.name] = { my_clients[rnode.name] = {
'user': rnode.metadata.get('backup-client/user-name'), 'user': rnode.metadata.get('backup-client/user-name'),
} }
@ -24,6 +31,7 @@ def get_my_clients(metadata):
return { return {
'backup-server': { 'backup-server': {
'clients': my_clients, 'clients': my_clients,
'my_hostname': metadata.get('hostname'),
}, },
} }

View File

@ -38,7 +38,7 @@ groups['linux'] = {
}, },
}, },
'backup-client': { 'backup-client': {
'server': 'backup-kunsi.htz-hel.kunbox.net', 'target': 'htz-hel.backup-kunsi',
}, },
'firewall': { 'firewall': {
'port_rules': { 'port_rules': {

View File

@ -55,6 +55,8 @@ nodes['home.nas'] = {
'user': 'kunsi-t470', 'user': 'kunsi-t470',
}, },
}, },
'my_hostname': 'franzi-home.kunbox.net',
'my_ssh_port': 2022,
'zfs-base': 'storage/backups', 'zfs-base': 'storage/backups',
}, },
'cron': { 'cron': {