Created
August 5, 2020 19:22
-
-
Save viq/68a407d49483a4b670bdfbb1555f5402 to your computer and use it in GitHub Desktop.
Some examples of using salt mine and publish.publish
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mine_functions: | |
| external_ip: | |
| - mine_function: grains.get | |
| - key: external_ip | |
| ssh.host_keys: | |
| - keydir: /etc/ssh | |
| - private: False | |
| ssh_backup_key: | |
| - mine_function: ssh.user_keys | |
| - user: root | |
| - pubfile: '/root/.ssh/backup_key.pub' | |
| - prvfile: False | |
| mine_interval: 5 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% from "borg/map.jinja" import borg with context %} | |
| backup ssh key: | |
| cmd.run: | |
| - name: 'ssh-keygen -q -t ed25519 -C "{{ salt.grains.get('id') }} backup key" -f {{ borg.backup_key}} -N ""' | |
| - creates: {{ borg.backup_key }} | |
| module.wait: | |
| - mine.send: | |
| - ssh_backup_key | |
| - mine_function: ssh.user.keys | |
| - user: root | |
| - pubfile: '{{borg.backup_key}}.pub' | |
| - prvfile: False | |
| - watch: | |
| - cmd: backup ssh key | |
| borg backup programs: | |
| pkg.installed: | |
| - pkgs: | |
| - {{borg.borg_package}} | |
| - {{borg.borgmatic_package}} | |
| borgmatic configuration: | |
| file.serialize: | |
| - name: /etc/borgmatic/config.yaml | |
| - mode: 0600 | |
| - formatter: yaml | |
| - dataset: {{borg.borgmatic}} | |
| - require: | |
| - pkg: borg backup programs | |
| cmd.run: | |
| - name: validate-borgmatic-config | |
| - onchanges: | |
| - file: borgmatic configuration | |
| - pkg: borg backup programs | |
| cron.present: | |
| - name: {{ salt['cmd.which']('borgmatic') }} | |
| - identifier: "BORGMATIC_BACKUP" | |
| - comment: "Borg backup" | |
| - hour: '*/{{borg.every_hours}}' | |
| - minute: random | |
| - require: | |
| - cmd: borgmatic configuration | |
| - cron: borg cron paths | |
| borg cron paths: | |
| cron.env_present: | |
| - user: root | |
| - name: PATH | |
| - value: '/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin' | |
| borg repo initialization: | |
| cmd.run: | |
| - name: borgmatic init -e {{borg.encryption}} | |
| - onchanges: | |
| - file: borgmatic configuration | |
| {% for algo, ssh_key in borg.borgbase.ssh_key.items() %} | |
| borgbase public {{algo}} key: | |
| ssh_known_hosts.present: | |
| - name: '*.repo.borgbase.com' | |
| - key: {{ssh_key}} | |
| - enc: {{algo}} | |
| - hash_known_hosts: False | |
| - require_in: | |
| - cmd: borg repo initialization | |
| - cron: borgmatic configuration | |
| {% endfor %} | |
| {% for host in ['repo_host_1', 'repo_host_2'] %} | |
| {% for source, ssh_key_string in salt['mine.get'](host, 'ssh.host_keys')[host].items() %} | |
| {% set ssh_key = ssh_key_string.split(' ') %} | |
| {{host}} host ssh {{ssh_key[0]}} key: | |
| ssh_known_hosts.present: | |
| - name: {{host}} | |
| - enc: {{ssh_key[0]}} | |
| - key: {{ssh_key[1]}} | |
| - hash_known_hosts: False | |
| - require_in: | |
| - cmd: borg repo initialization | |
| - cron: borgmatic configuration | |
| {% endfor %} | |
| {% endfor %} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {% from "borg/map.jinja" import borg with context %} | |
| borg backup user: | |
| user.present: | |
| - name: borg | |
| - fullname: Borg Backup User | |
| - shell: {{borg.user_shell}} | |
| borg backup support: | |
| pkg.installed: | |
| - name: {{borg.borg_package}} | |
| {% for host, key in salt['mine.get']('*', 'ssh_backup_key') | dictsort() %} | |
| backup repo for {{host}}: | |
| {% if salt['grains.get']('zfs_support', False) %} | |
| zfs.filesystem_present: | |
| - name: "{{borg.zfs_base}}/{{host}}" | |
| - properties: | |
| mountpoint: {{borg.repo_base}}/{{host}} | |
| - require_in: | |
| - file: backup repo for {{host}} | |
| {% endif %} | |
| file.directory: | |
| - name: {{borg.repo_base}}/{{host}} | |
| - user: borg | |
| - dir_mode: 0750 | |
| - makedirs: True | |
| - require: | |
| - user: borg backup user | |
| {% endfor %} | |
| access to backup repos: | |
| ssh_auth.manage: | |
| - user: borg | |
| - ssh_keys: | |
| {% for host, key in salt['mine.get']('*', 'ssh_backup_key') | dictsort() %} | |
| - 'command="cd {{borg.repo_base}}/{{host}} && borg serve --restrict-to-path {{borg.repo_base}}/{{host}}",restrict {{key['root']['backup_key.pub']}}' | |
| {% endfor %} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ssh hosts ipset: | |
| ipset.set_present: | |
| - name: ssh_in | |
| - set_type: hash:ip | |
| - timeout: 300 | |
| add hosts to ssh ipset: | |
| ipset.present: | |
| - set_name: ssh_in | |
| - entry: | |
| {%- for host, ip in salt['publish.publish']('*', 'grains.get', 'external_ip').items()|sort -%} | |
| {%- if ip %} | |
| - {{ ip }} | |
| {%- endif %} | |
| {%- endfor %} | |
| - require: | |
| - ipset: ssh hosts ipset |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment