Muehlenhoff has submitted this change and it was merged.
Change subject: Add a new backup set to backup openldap databases and enable on
serpens
......................................................................
Add a new backup set to backup openldap databases and enable on serpens
Run slapcat on to create a snapshot of the LDAP data in the pre-run script
and a cleanup script after the backup run.
Bug: T120919
Change-Id: I2ba5436a356b729b22dd8d7dcb5c64f11cb36e1f
---
M manifests/site.pp
A modules/backup/files/openldap-post
A modules/backup/files/openldap-pre
A modules/backup/manifests/openldapset.pp
M modules/role/manifests/backup/director.pp
5 files changed, 42 insertions(+), 0 deletions(-)
Approvals:
Muehlenhoff: Verified; Looks good to me, approved
diff --git a/manifests/site.pp b/manifests/site.pp
index 04c2f55..f143a9e 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -2612,6 +2612,10 @@
role openldap::labs, backup::host
include standard
include base::firewall
+
+ if $::hostname == 'serpens' {
+ backup::openldapset {'openldap_labs':}
+ }
}
# Silver is the new home of the wikitech web server.
diff --git a/modules/backup/files/openldap-post
b/modules/backup/files/openldap-post
new file mode 100644
index 0000000..291acda
--- /dev/null
+++ b/modules/backup/files/openldap-post
@@ -0,0 +1,2 @@
+#!/bin/bash
+rm -rf /var/run/openldap-backup
diff --git a/modules/backup/files/openldap-pre
b/modules/backup/files/openldap-pre
new file mode 100644
index 0000000..5a04bc0
--- /dev/null
+++ b/modules/backup/files/openldap-pre
@@ -0,0 +1,5 @@
+#!/bin/bash
+mkdir -p /var/run/openldap-backup
+chmod 500 /var/run/openldap-backup
+umask 077
+/usr/sbin/slapcat > /var/run/openldap-backup/backup.ldif
diff --git a/modules/backup/manifests/openldapset.pp
b/modules/backup/manifests/openldapset.pp
new file mode 100644
index 0000000..6eca064
--- /dev/null
+++ b/modules/backup/manifests/openldapset.pp
@@ -0,0 +1,28 @@
+define backup::openldapset(){
+
+ file { '/etc/bacula/scripts/openldap-pre':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0500',
+ source => 'puppet:///modules/backup/openldap-pre',
+ }
+
+ file { '/etc/bacula/scripts/openldap-post':
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0500',
+ source => 'puppet:///modules/backup/openldap-post',
+ }
+
+ $run_scripts = {
+ 'ClientRunBeforeJob' => '/etc/bacula/scripts/openldap-pre',
+ 'ClientRunAfterJob' => '/etc/bacula/scripts/openldap-post',
+ }
+ bacula::client::job { 'openldap-backup':
+ fileset => 'openldap',
+ jobdefaults => $role::backup::host::jobdefaults,
+ extras => $run_scripts,
+ }
+}
diff --git a/modules/role/manifests/backup/director.pp
b/modules/role/manifests/backup/director.pp
index 8ac7521..574bfa3 100644
--- a/modules/role/manifests/backup/director.pp
+++ b/modules/role/manifests/backup/director.pp
@@ -203,6 +203,9 @@
bacula::director::fileset { 'yubiauth-aeads':
includes => [ '/var/cache/yubikey-ksm/aeads' ],
}
+ bacula::director::fileset { 'openldap':
+ includes => [ '/var/run/openldap-backup' ],
+ }
# The console should be on the director
class { 'bacula::console':
--
To view, visit https://gerrit.wikimedia.org/r/289824
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I2ba5436a356b729b22dd8d7dcb5c64f11cb36e1f
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Muehlenhoff <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Muehlenhoff <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
