Puppet Plan: peadm::backup

Defined in:
plans/backup.pp

Summary

Backup the core user settings for puppet infrastructure

Overview

This plan can backup data as outlined at insert doc

Parameters:

  • targets (Peadm::SingleTargetSpec)
  • backup (Peadm::Recovery_opts) (defaults to: {})
  • output_directory (String) (defaults to: '/tmp') 


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
 
# File 'plans/backup.pp', line 6

plan peadm::backup (
  # This plan should be run on the primary server
  Peadm::SingleTargetSpec $targets,

  # Which data to backup
  Peadm::Recovery_opts    $backup = {},

  # Where to put the backup folder
  String                  $output_directory = '/tmp',
) {
  peadm::assert_supported_bolt_version()

  $recovery_opts = (peadm::recovery_opts_default() + $backup)
  $cluster = run_task('peadm::get_peadm_config', $targets).first.value
  $arch = peadm::assert_supported_architecture(
    getvar('cluster.params.primary_host'),
    getvar('cluster.params.replica_host'),
    getvar('cluster.params.primary_postgresql_host'),
    getvar('cluster.params.replica_postgresql_host'),
    getvar('cluster.params.compiler_hosts'),
  )

  $timestamp = Timestamp.new().strftime('%Y-%m-%dT%H%M%SZ')
  $backup_directory = "${output_directory}/pe-backup-${timestamp}"

  $primary_target = getvar('cluster.params.primary_host')
  $puppetdb_postgresql_target = getvar('cluster.params.primary_postgresql_host') ? {
    undef   => getvar('cluster.params.primary_host'),
    default => getvar('cluster.params.primary_postgresql_host'),
  }

  $backup_databases = {
    'orchestrator' => $primary_target,
    'activity'     => $primary_target,
    'rbac'         => $primary_target,
    'puppetdb'     => $puppetdb_postgresql_target,
  }.filter |$key,$_| {
    $recovery_opts[$key] == true
  }

  # Create backup folders
  apply($primary_target) {
    file { $backup_directory :
      ensure => 'directory',
      owner  => 'root',
      group  => 'root',
      mode   => '0700'
    }

    # Create a subdir for each backup type selected
    $recovery_opts.filter |$_,$val| { $val == true }.each |$dir,$_| {
      file { "${backup_directory}/${dir}":
        ensure => 'directory',
        owner  => 'root',
        group  => 'root',
        mode   => '0700'
      }
    }
  }

  if getvar('recovery_opts.classifier') {
    out::message('# Backing up classification')
    run_task('peadm::backup_classification', $primary_target,
      directory => "${backup_directory}/classifier",
    )
  }

  if getvar('recovery_opts.ca') {
    out::message('# Backing up ca and ssl certificates')
    run_command(@("CMD"), $primary_target)
      /opt/puppetlabs/bin/puppet-backup create --dir=${shellquote($backup_directory)}/ca --scope=certs
      | CMD
  }

  # Check if /etc/puppetlabs/console-services/conf.d/secrets/keys.json exists and if so back it up
  if getvar('recovery_opts.rbac') {
    out::message('# Backing up ldap secret key if it exists')
    run_command(@("CMD"/L), $primary_target)
      test -f /etc/puppetlabs/console-services/conf.d/secrets/keys.json \
        && cp -rp /etc/puppetlabs/console-services/conf.d/secrets ${shellquote($backup_directory)}/rbac/ \
        || echo secret ldap key doesnt exist
      | CMD
  }

  # IF backing up orchestrator back up the secrets too /etc/puppetlabs/orchestration-services/conf.d/secrets/
  if getvar('recovery_opts.orchestrator') {
    out::message('# Backing up orchestrator secret keys')
    run_command(@("CMD"), $primary_target)
      cp -rp /etc/puppetlabs/orchestration-services/conf.d/secrets ${shellquote($backup_directory)}/orchestrator/
      | CMD
  }

  $backup_databases.each |$name,$database_target| {
    run_command(@("CMD"/L), $primary_target)
      /opt/puppetlabs/server/bin/pg_dump -Fd -Z3 -j4 \
        -f ${shellquote($backup_directory)}/${shellquote($name)}/pe-${shellquote($name)}.dump.d \
        "sslmode=verify-ca \
         host=${shellquote($database_target.peadm::certname())} \
         user=pe-${shellquote($name)} \
         sslcert=/etc/puppetlabs/puppetdb/ssl/${shellquote($primary_target.peadm::certname())}.cert.pem \
         sslkey=/etc/puppetlabs/puppetdb/ssl/${shellquote($primary_target.peadm::certname())}.private_key.pem \
         sslrootcert=/etc/puppetlabs/puppet/ssl/certs/ca.pem \
         dbname=pe-${shellquote($name)}"
      | CMD
  }

  run_command(@("CMD"/L), $primary_target)
    umask 0077 \
      && cd ${shellquote(dirname($backup_directory))} \
      && tar -czf ${shellquote($backup_directory)}.tar.gz ${shellquote(basename($backup_directory))} \
      && rm -rf ${shellquote($backup_directory)}
    | CMD

  return({'path' => "${backup_directory}.tar.gz"})
}