Browse Source

burp: New state to set up server and client for burp backup.

Signed-off-by: Maximilian Wilhelm <max@rfc2324.org>
Maximilian Wilhelm 6 years ago
parent
commit
65c0ae2313
8 changed files with 247 additions and 0 deletions
  1. 106 0
      burp/burp-server.conf.tmpl
  2. 45 0
      burp/burp.conf.tmpl
  3. 21 0
      burp/client.sls
  4. 8 0
      burp/client.tmpl
  5. 11 0
      burp/default_burp
  6. 8 0
      burp/default_burp-client
  7. 14 0
      burp/init.sls
  8. 34 0
      burp/server.sls

+ 106 - 0
burp/burp-server.conf.tmpl

@@ -0,0 +1,106 @@
+#
+# Burp server configuration (Salt managed)
+#
+
+mode = server
+
+# The default addresses to listen on depend upon compile time options.
+# They may be overridden here.
+address = 10.132.251.71
+port = 4971
+
+# Think carefully before changing the status port address, as it can be used
+# to view the contents of backups.
+#status_address = 10.132.251.71
+# If you do not wish to run a status server at all, comment status_port out.
+status_port = 4972
+
+directory = /srv/burp/
+
+dedup_group = global
+clientconfdir = /etc/burp/clientconfdir
+
+# Automagically choose protocol
+protocol = 0
+
+pidfile = /var/run/burp.server.pid
+hardlinked_archive = 0
+working_dir_recovery_method = delete
+max_children = 5
+max_status_children = 5
+umask = 0022
+syslog = 1
+stdout = 0
+
+# The following options can restrict what the client can do.
+# Restore clients can override all of these expect for force_backup.
+client_can_delete = 0
+# Set client_can_force_backup to 0 to only allow timed backups.
+client_can_force_backup = 1
+client_can_list = 1
+# Set client_can_restore to 0 if you want restores to only be initialised by
+# the server.
+client_can_restore = 1
+client_can_verify = 1
+# Ratelimit throttles the send speed. Specified in Megabits per second (Mb/s).
+# ratelimit = 1.5
+# Network timeout defaults to 7200 seconds (2 hours).
+# network_timeout = 7200
+
+# Server storage compression. Default is zlib9. Set to zlib0 to turn it off.
+#compression = zlib9
+
+# When the client version does not match the server version, log a warning.
+# Set to 0 to turn it off.
+version_warn = 1
+
+# You can have as many 'keep' lines as you like.
+# For example, if running backups daily, setting 7, 4, 6 will keep
+# 7 daily backups, 4 weekly, and 6 four-weekly backups.
+keep = 7
+# keep = 4
+# keep = 6
+
+ca_crl_check = 0
+ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem
+ssl_cert = /etc/ssl/certs/hamster.in.ffho.net.cert.pem
+ssl_key = /etc/ssl/private/hamster.in.ffho.net.key.pem
+ssl_dhfile = /etc/ssl/dhfile.pem
+
+
+timer_script = /usr/share/burp/scripts/timer_script
+# Ensure that 20 hours elapse between backups
+# Available units:
+# s (seconds), m (minutes), h (hours), d (days), w (weeks), n (months)
+timer_arg = 20h
+# Allow backups to start in the evenings and nights during weekdays
+timer_arg = Mon,Tue,Wed,Thu,Fri,00,01,02,03,04,05,19,20,21,22,23
+# Allow more hours at the weekend.
+timer_arg = Sat,Sun,00,01,02,03,04,05,06,07,08,17,18,19,20,21,22,23
+# Note that, if you specify no timebands, the default timer script will never
+# allow backups.
+
+# Uncomment the notify_success_* lines for email notifications of backups that
+# succeeded.
+# In the subject line, the following are substituted:
+# %b - "backup"/"restore"/"verify"
+# %c - client name
+# %w - number of warnings, if any
+notify_success_script = /usr/share/burp/scripts/notify_script
+notify_success_arg = sendmail -t
+notify_success_arg = To: ops@ffho.net
+notify_success_arg = From: ops@ffho.net
+notify_success_arg = Subject: %b succeeded: %c %w
+# Uncomment the following to have success notifications only if there were
+# warnings.
+#notify_success_warnings_only = 1
+# Uncomment the following to have success notifications only if there were
+# new or changed files.
+#notify_success_changes_only = 1
+
+# Uncomment the following for email notifications of backups that failed.
+notify_failure_script = /usr/share/burp/scripts/notify_script
+notify_failure_arg = sendmail -t
+notify_failure_arg = To: ops@ffho.net
+notify_failure_arg = From: ops@ffho.net
+notify_failure_arg = Subject: %b failed: %c %w

+ 45 - 0
burp/burp.conf.tmpl

@@ -0,0 +1,45 @@
+#
+# Burp backup client configuration (Salt managed)
+#
+
+mode = client
+port = 4971
+status_port = 4972
+
+server = 10.132.251.71
+
+password = {{ burp_password }}
+cname = {{ grains.id }}
+
+# Where to find all the SSL stuff
+ssl_cert_ca = /etc/ssl/certs/ffho-cacert.pem
+ssl_cert = /etc/ssl/certs/{{ grains.id }}.cert.pem
+ssl_key = /etc/ssl/private/{{ grains.id }}.key.pem
+ssl_dhfile = /etc/ssl/dhfile.pem
+
+ssl_peer_cn = {{ burp_server_name }}
+
+# Choose the protocol automagically
+protocol = 0
+
+pidfile = /var/run/burp.client.pid
+syslog = 1
+stdout = 1
+progress_counter = 1
+
+# Wait a random number of seconds between 0 and the given number before
+# contacting the server on a timed backup.
+randomise = 1200
+
+# Set server_can_restore to 0 if you do not want the server to be able to
+# initiate a restore.
+server_can_restore = 0
+
+# The server should configure what we should back up
+server_can_override_includes = 1
+
+# Example syntax for pre/post scripts
+#backup_script_pre=/path/to/a/script
+#backup_script_post=/path/to/a/script
+#restore_script_pre=/path/to/a/script
+#restore_script_post=/path/to/a/script

+ 21 - 0
burp/client.sls

@@ -0,0 +1,21 @@
+#
+# Burp backup - Client
+#
+
+include:
+ - burp
+
+
+burp-client:
+  pkg.installed
+
+/etc/default/burp-client:
+  file.managed:
+    - source: salt://burp/default_burp-client
+
+/etc/burp/burp.conf:
+  file.managed:
+    - source: salt://burp/burp.conf.tmpl
+    - template: jinja
+      burp_server_name: "hamster.in.ffho.net"
+      burp_password: {{ salt['pillar.get']('nodes:' ~ grains.id ~ ':burp:password') }}

+ 8 - 0
burp/client.tmpl

@@ -0,0 +1,8 @@
+#
+# Client specific configuration for {{ node }}
+#
+password = {{ burp_config.get ('password') }}
+
+{%- for entry in burp_config.get ('include_fs') %}
+include = {{ entry }}
+{%- endfor %}

+ 11 - 0
burp/default_burp

@@ -0,0 +1,11 @@
+#
+# Burp backup defaults (Salt Managed)
+#
+# This is a POSIX shell fragment
+#
+
+# We want to run the bloody server
+RUN=yes
+
+# Additional options that are passed to the Daemon.
+DAEMON_ARGS="-c /etc/burp/burp-server.conf"

+ 8 - 0
burp/default_burp-client

@@ -0,0 +1,8 @@
+#
+# Burp backup defaults (Salt Managed)
+#
+# This is a POSIX shell fragment
+#
+
+# We want to run the bloody client
+RUN=yes

+ 14 - 0
burp/init.sls

@@ -0,0 +1,14 @@
+#
+# Burp backup
+#
+
+include:
+ - certs
+
+burp-repo:
+  pkgrepo.managed:
+    - name: deb http://ziirish.info/repos/debian/{{ grains.oscodename }}/ zi-latest main
+    - clean_file: True
+    - file: /etc/apt/sources.list.d/burp.list
+    - keyserver: keys.gnupg.net
+    - keyid: A1718780C58CD6E3

+ 34 - 0
burp/server.sls

@@ -0,0 +1,34 @@
+#
+# burp backup server
+#
+
+include:
+ - burp
+
+
+burp-server:
+  pkg.installed
+
+/etc/default/burp:
+  file.managed:
+    - source: salt://burp/default_burp
+
+/etc/burp/burp.conf:
+  file.managed:
+    - source: salt://burp/burp-server.conf.tmpl
+    - template: jinja
+
+/etc/burp/clientconfdir:
+  file.directory:
+    - mode: 700
+
+{% set nodes = salt['pillar.get']('nodes') %}
+{% for node, node_config in nodes.items()|sort if 'burp' in node_config %}
+/etc/burp/clientconfdir/{{ node }}:
+   file.managed:
+     - source: salt://burp/client.tmpl
+     - template: jinja
+     - context:
+       node: {{ node }}
+       burp_config: {{ node_config.get ('burp') }}
+{% endfor %}