Puppet Class: backuppc::client
- Defined in:
- manifests/client.pp
Overview
Class: backuppc::client
Configures a host for backup with the backuppc server. Uses storedconfigs to provide the backuppc server with required information.
Parameters
For parameters that are not documented here see the server manifest.
- ensure
-
Present or absent.
- client_name_alias
-
Override the client’s host name. This allows multiple clients to all refer to the same physical host. This should only be set in the per-PC config file and is only used by BackupPC at the last moment prior to generating the command used to backup that machine (ie: the value of $ConfClientNameAlias is invisible everywhere else in BackupPC). The setting can be a host name or IP address, eg:
$Conf{ClientNameAlias} = 'realHostName'; $Conf{ClientNameAlias} = '192.1.1.15';will cause the relevant smb/tar/rsync backup/restore commands to be directed to realHostName, not the client name. Note: this setting doesn’t work for hosts with DHCP set to 1.
- system_account
-
Name of the user that will be created to allow backuppc access to the system via ssh. This only applies to xfer methods that require it. To override this set the system_account to an empty string and configure access to the client yourself as the default in the global config file (root) or change the rsync_client_cmd or tar_client_cmd to suit your setup.
- system_home_directory
-
Absolute path to the home directory of the system account.
- system_additional_commands
-
Additional sudo commands to whitelist for the system_account. This is useful if you need to execute any pre dump scripts on client before backup. Please prefer system_additional_commands_noexec if you want to whitelist a single command/binary since commands specified here are going to be allowed without the NOEXEC options. See man sudoers for details.
- system_additional_commands_noexec
-
Additional sudo commands to whitelist for the system_account. This is useful if you need to execute any pre dump commands on client before backup.
- manage_sudo
-
Boolean. Set to true to configure and install sudo and the sudoers.d directory. Defaults to false and is only applied if 1) xfer_method requires ssh access and 2) you’re using the system_account parameter.
- manage_rsync
-
Boolean. By default will install the rsync package. If you manage this elsewhere set it to false. Defaults to true and is only applied if 1) the xfer_method is rsync and 2) you’re using the system_account parameter.
- blackout_bad_ping_limit
-
To allow for periodic rebooting of a PC or other brief periods when a PC is not on the network, a number of consecutive bad pings is allowed before the good ping count is reset.
- blackout_periods
-
One or more blackout periods can be specified. If a client is subject to blackout then no regular (non-manual) backups will be started during any of these periods. hourBegin and hourEnd specify hours fro midnight and weekDays is a list of days of the week where 0 is Sunday, 1 is Monday etc. For example:
$Conf{BlackoutPeriods} = [ { hourBegin => 7.0, hourEnd => 19.5, weekDays => [1, 2, 3, 4, 5], }, ];specifies one blackout period from 7:00am to 7:30pm local time on Mon-Fri.
- ping_max_msec
-
Maximum latency between backuppc server and client to schedule a backup. Default to 20ms.
- ping_cmd
-
Ping command. The following variables are substituted at run-time:
$pingPath path to ping ($Conf{PingPath}) $host host name Wade Brown reports that on solaris 2.6 and 2.7 ping -s returns the wrong exit status (0 even on failure). Replace with "ping $host 1", which gets the correct exit status but we don't get the round-trip time. Note: all Cmds are executed directly without a shell, so the prog name needs to be a full path and you can't include shell syntax like redirection and pipes; put that in a script if you need it.- backups_disable
-
Disable all full and incremental backups. These settings are useful for a client that is no longer being backed up (eg: a retired machine), but you wish to keep the last backups available for browsing or restoring to other machines.
- xfer_method
-
What transport method to use to backup each host. Valid values are rsync, rsyncd, tar and smb.
- xfer_loglevel
-
Level of verbosity in Xfer log files. 0 means be quiet, 1 will give will give one line per file, 2 will also show skipped files on incrementals, higher values give more output.
- smb_share_name
-
Name of the host share that is backed up when using SMB. This can be a string or an array of strings if there are multiple shares per host.
- smb_share_username
-
Smbclient share user name. This is passed to smbclient’s -U argument.
- smb_share_passwd
-
Smbclient share password. This is passed to smbclient via its PASSWD environment variable.
- smb_client_full_cmd
-
Command to run smbclient for a full dump.
- smb_client_incr_cmd
-
Command to run smbclient for an incremental dump.
- smb_client_restore_cmd
-
Command to run smbclient for a restore.
- tar_share_name
-
Which host directories to backup when using tar transport. This can be a string or an array of strings if there are multiple directories to backup per host.
- tar_client_cmd
-
Command to run tar on the client. GNU tar is required. The default will run the tar command as the user you specify in system_account.
- tar_full_args
-
Extra tar arguments for full backups.
- tar_incr_args
-
Extra tar arguments for incr backups.
- tar_client_restore_cmd
-
Full command to run tar for restore on the client. GNU tar is required.
- rsync_client_cmd
-
Full command to run rsync on the client machine. The default will run the rsync command as the user you specify in system_account.
- rsync_client_restore_cmd
-
Full command to run rsync for restore on the client.
- rsync_share_name
-
Share name to backup. For $ConfXferMethod = “rsync” this should be a file system path, eg ‘/’ or ‘/home’.
- rsyncd_client_port
-
Rsync daemon port on host.
- rsyncd_user_name
-
Rsync daemon user name on host.
- rsyncd_passwd
-
Rsync daemon password on host.
- rsyncd_auth_required
-
Whether authentication is mandatory when connecting to the client’s rsyncd. By default this is on, ensuring that BackupPC will refuse to connect to an rsyncd on the client that is not password protected.
- rsync_csum_cache_verify_prob
-
When rsync checksum caching is enabled (by adding the –checksum-seed=32761 option to rsync_args), the cached checksums can be occasionally verified to make sure the file contents matches the cached checksums.
- rsync_args
-
Arguments to rsync for backup.
- rsync_restore_args
-
Arguments to rsync for restore.
- backup_files_only
-
List of directories or files to backup. If this is defined, only these directories or files will be backed up.
- backup_files_exclude
-
List of directories or files to exclude from the backup. For xfer_method smb, only one of backup_files_exclude and backup_files_only can be specified per share. If both are set for a particular share, then backup_files_only takes precedence and backup_files_exclude is ignored.
- dump_pre_user_cmd
-
Optional command to run before a dump.
- dump_post_user_cmd
-
Optional command to run after a dump.
- dump_pre_share_cmd
-
Optional command to run before a dump of a share.
- dump_post_share_cmd
-
Optional command to run after a dump of a share.
- restore_pre_user_cmd
-
Optional command to run before a restore.
- restore_post_user_cmd
-
Optional command to run after a restore.
- user_cmd_check_status
-
Whether the exit status of each PreUserCmd and PostUserCmd is checked.
- hosts_file_dhcp
-
The way hosts are discovered has changed and now in most cases you should use the default of 0 for the DHCP flag, even if the host has a dynamically assigned IP address.
- hosts_file_most_users
-
Additional user names, separate by commas and with no white space, can be specified. These users will also have full permission in the CGI interface to stop/start/browse/restore backups for this host. These users will not be sent email about this host.
Examples
See tests folder.Authors
Scott Barr <gsbarr@gmail.com>
222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 |
# File 'manifests/client.pp', line 222
class backuppc::client (
$ensure = 'present',
$backuppc_hostname = '',
$client_name_alias = false,
$system_account = 'backup',
$system_home_directory = '/var/backups',
$system_additional_commands = [],
$system_additional_commands_noexec = [],
$manage_sudo = false,
$manage_rsync = true,
$full_period = false,
$full_keep_cnt = false,
$full_age_max = false,
$incr_period = false,
$incr_keep_cnt = false,
$incr_age_max = false,
$incr_levels = [],
$incr_fill = false,
$partial_age_max = false,
$blackout_bad_ping_limit = false,
$ping_max_msec = false,
$ping_cmd = false,
$blackout_good_cnt = false,
$blackout_periods = false,
$backups_disable = false,
$xfer_method = 'rsync',
$xfer_loglevel = '1',
$smb_share_name = '',
$smb_share_username = '',
$smb_share_passwd = '',
$smb_client_full_cmd = '',
$smb_client_incr_cmd = '',
$smb_client_restore_cmd = '',
$tar_share_name = '',
$tar_client_cmd = '',
$tar_full_args = '',
$tar_incr_args = '',
$tar_client_restore_cmd = '',
$rsync_client_cmd = '',
$rsync_client_restore_cmd = '',
$rsync_share_name = '',
$rsyncd_client_port = false,
$rsyncd_user_name = '',
$rsyncd_passwd = '',
$rsyncd_auth_required = false,
$rsync_csum_cache_verify_prob = false,
$rsync_args = [],
$rsync_restore_args = [],
$backup_files_only = [],
$backup_files_exclude = [],
$dump_pre_user_cmd = '',
$dump_post_user_cmd = '',
$dump_pre_share_cmd = '',
$dump_post_share_cmd = '',
$restore_pre_user_cmd = '',
$restore_post_user_cmd = '',
$user_cmd_check_status = true,
$email_notify_min_days = false,
$email_from_user_name = '',
$email_admin_user_name = '',
$email_notify_old_backup_days = false,
$hosts_file_dhcp = 0,
$hosts_file_more_users = '',
) {
include backuppc::params
validate_re($ensure, '^(present|absent)$',
'ensure parameter must have a value of: present or absent')
$directory_ensure = $ensure ? {
'present' => 'directory',
default => absent,
}
if empty($backuppc_hostname) {
fail('Please provide the hostname of the node that hosts backuppc.')
}
validate_re($xfer_method, '^(smb|rsync|rsyncd|tar)$',
'Xfer_method parameter must have value of: smb, rsync, rsyncd or tar')
if $blackout_periods != false {
validate_array($blackout_periods)
}
validate_re($xfer_loglevel, '^[0-2]$',
'Xfer_loglevel parameter must be a 0, 1 or 2')
$real_incr_fill = bool2num($incr_fill)
$real_backups_disable = bool2num($backups_disable)
$real_rsyncd_auth_required = bool2num($rsyncd_auth_required)
$real_user_cmd_check_status = bool2num($user_cmd_check_status)
# With these xfer_methods we require sudo to grant access
# from the backuppc server to this client. It may be managed
# elsewhere so we allow it to be overridden with the manage_sudo
# parameter.
if $xfer_method in ['rsync', 'tar'] and ! empty($system_account)
{
validate_absolute_path($system_home_directory)
if $xfer_method == 'rsync' {
if $manage_rsync {
package { 'rsync':
ensure => installed,
}
}
$sudo_command_noexec = '/usr/bin/rsync'
}
else {
$sudo_command_noexec = $backuppc::params::tar_path
}
if $manage_sudo {
package { 'sudo':
ensure => installed,
before => File['/etc/sudoers.d/backuppc'],
}
file { '/etc/sudoers.d/':
ensure => directory,
purge => false,
require => Package['sudo'],
}
file_line { 'sudo_includedir':
ensure => present,
path => '/etc/sudoers',
line => '#includedir /etc/sudoers.d',
require => Package['sudo'],
}
}
if ! empty($system_additional_commands) {
$additional_sudo_commands = join($system_additional_commands, ', ')
$sudo_commands = $additional_sudo_commands
}
if ! empty($system_additional_commands_noexec) {
$additional_sudo_commands_noexec = join($system_additional_commands_noexec, ', ')
$sudo_commands_noexec = "${sudo_command_noexec}, ${additional_sudo_commands_noexec}"
} else {
$sudo_commands_noexec = $sudo_command_noexec
}
if ! empty($sudo_commands) {
file { '/etc/sudoers.d/backuppc':
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0440',
content => "${system_account} ALL=(ALL:ALL) NOPASSWD: ${sudo_commands}\n",
}
} else {
file { '/etc/sudoers.d/backuppc':
ensure => 'absent',
}
}
file { '/etc/sudoers.d/backuppc_noexec':
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0440',
content => "${system_account} ALL=(ALL:ALL) NOEXEC:NOPASSWD: ${sudo_commands_noexec}\n",
}
user { $system_account:
ensure => $ensure,
home => $system_home_directory,
managehome => true,
shell => '/bin/bash',
comment => 'BackupPC',
system => true,
password => sha1("tyF761_${::fqdn}${::uniqueid}"),
}
file { "${system_home_directory}/.ssh":
ensure => $directory_ensure,
mode => '0700',
owner => $system_account,
group => $system_account,
}
file { "${system_home_directory}/backuppc.sh":
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0755',
content => template('backuppc/client/backuppc.sh.erb'),
require => User[$system_account],
}
Ssh_authorized_key <<| tag == "backuppc_${backuppc_hostname}" |>> {
user => $system_account,
require => File["${system_home_directory}/.ssh"]
}
}
if $::fqdn != $backuppc_hostname {
@@sshkey { $::fqdn:
ensure => $ensure,
type => 'ssh-rsa',
key => $::sshrsakey,
tag => "backuppc_sshkeys_${backuppc_hostname}",
}
}
@@file_line { "backuppc_host_${::fqdn}":
ensure => $ensure,
path => $backuppc::params::hosts,
match => "^${::fqdn}.*$",
line => "${::fqdn} ${hosts_file_dhcp} backuppc ${hosts_file_more_users}\t#puppetmanaged\n",
tag => "backuppc_hosts_${backuppc_hostname}",
}
@@file { "${backuppc::params::config_directory}/pc/${::fqdn}.pl":
ensure => $ensure,
content => template("${module_name}/host.pl.erb"),
owner => 'backuppc',
group => $backuppc::params::group_apache,
mode => '0640',
tag => "backuppc_config_${backuppc_hostname}"
}
}
|