bundles/backup-{client,server}: introduce

2020-11-13 12:36:52 +01:00 · 2020-11-13 12:36:52 +01:00 · f71653e3ce
commit f71653e3ce
parent 59c1cb8551
23 changed files with 171 additions and 0 deletions
--- a/bundles/backup-client/files/generate-backup
+++ b/bundles/backup-client/files/generate-backup
@ -0,0 +1,31 @@
+#!/bin/bash
+
+statusfile=/var/tmp/backup.monitoring
+ssh_login="${username}@${server}"
+
+if ! [[ -f /etc/backup.priv ]]
+then
+    echo "abort_no_key" > "$statusfile"
+    exit 1
+fi
+
+rsync_errors=""
+% for path in sorted(paths):
+rsync -zaAP --numeric-ids --delete --relative \
+    --rsync-path="/usr/bin/rsync --fake-super" \
+    -e "ssh -o IdentityFile=/etc/backup.priv -o StrictHostKeyChecking=accept-new" \
+    "${path}" "$ssh_login":backups/
+
+exitcode=$?
+if (( exitcode != 0 )) && (( exitcode != 24 ))
+then
+    rsync_errors+=" $ret"
+fi
+% endfor
+
+if [[ -n "$rsync_errors" ]]
+then
+    echo "rsync_error$rsync_errors" > "$statusfile"
+fi
+
+echo "ok" > "$statusfile"
--- a/bundles/backup-client/items.py
+++ b/bundles/backup-client/items.py
@ -0,0 +1,25 @@
+from os.path import join
+
+if node.metadata['backups'].get('exclude_from_backups', False):
+    files = {
+        '/etc/backup.priv': {
+            'delete': True,
+        },
+    }
+else:
+    files = {
+        '/usr/local/bin/generate-backup': {
+            'content_type': 'mako',
+            'context': {
+                'username': node.metadata['backup-client']['user-name'],
+                'server': node.metadata['backup-client']['server'],
+                'paths': node.metadata.get('backups', {}).get('paths', {}),
+            },
+            'mode': '0700',
+        },
+        '/etc/backup.priv': {
+            'content': repo.vault.decrypt_file(join('backup', 'keys', f'{node.name}.key.vault')),
+            'mode': '0400',
+        },
+    }
+
--- a/bundles/backup-client/metadata.py
+++ b/bundles/backup-client/metadata.py
@ -0,0 +1,21 @@
+from hashlib import md5
+
+defaults = {
+    'backup-client': {
+        # unix user names cannot be longer than 32 characters.
+        # bundlewrap raises an error if the name is longer than 30 chars.
+        'user-name': 'c-' + md5(node.name.encode('UTF-8')).hexdigest()[:28],
+    },
+}
+
+
+@metadata_reactor
+def cron(metadata):
+    if metadata.get('backups/exclude_from_backups', False):
+        return {}
+
+    return {
+        'cron': {
+            'backup': '{} 1 * * *    root    /usr/local/bin/generate-backup',
+        },
+    }