salt master / minion backup

PROD-16375

Change-Id: I758d38701cdf0e1cc6fa99c38192de2f9052468c

salt/files/restore.sh → salt/files/restore_master.sh

 {%- from "salt/map.jinja" import master with context %}
 
 {%- if master.initial_data is defined %}
+mkdir -p /etc/salt/pki.bak
 mv /etc/salt/pki/* /etc/salt/pki.bak
 scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/etc/salt/pki/pki.0/* /etc/salt/pki
 {%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}

salt/files/restore_minion.sh

+#!/bin/sh
+{%- from "salt/map.jinja" import minion with context %}
+
+{%- if minion.ca is defined %}
+{%- if minion.initial_data is defined %}
+mkdir -p /etc/pki/pki_ca.bak
+mkdir -p /etc/pki/ca
+mv /etc/pki/ca/* /etc/pki/pki_ca.bak
+scp -r backupninja@{{ minion.initial_data.source }}:/srv/backupninja/{{ minion.initial_data.host }}/etc/pki/ca/ca.0/* /etc/pki/ca
+{%- endif %}
+{%- endif %}

salt/master/restore.sls

 
 {%- if master.initial_data is defined %}
 
-/srv/salt/restore.sh:
-  file:
-  - managed
-  - source: salt://salt/files/restore.sh
+/srv/salt/restore_master.sh:
+  file.managed:
+  - source: salt://salt/files/restore_master.sh
   - mode: 700
   - template: jinja
 
 salt_master_restore_state:
   cmd.run:
-  - name: /srv/salt/restore.sh
+  - name: /srv/salt/restore_master.sh
   - unless: "test -e /srv/salt/master-restored"
   - cwd: /root
   - require:
-    - file: /srv/salt/restore.sh
+    - file: /srv/salt/restore_master.sh
 
 salt_master_restore_completed:
   file.managed:

salt/meta/backupninja.yml

-{%- if pillar.salt.master is defined %}
-  {%- from "salt/map.jinja" import master with context %}
+{%- if pillar.salt is defined %}
+{%- if pillar.salt.get('master', {}).get('enabled', False) or (pillar.salt.get('minion', {}).get('enabled', False) and pillar.salt.get('minion', {}).ca is defined) %}
+  {%- from "salt/map.jinja" import master, minion with context %}
 backup:
   salt:
     {%- if master.get('backup', False) %}
     - /srv/salt/reclass/nodes/_generated
     {%- endif %}
     - /etc/salt/pki
+    {%- if minion.get('backup', False) %}
+    - /etc/pki/ca
+    {%- endif %}
+    {%- elif minion.get('backup', False) %}
+    fs_includes:
+    - /etc/pki/ca
     {%- else %}
     fs_includes: []
     {%- endif %}
     fs_excludes: []
 {%- endif %}
+{%- endif %}

salt/minion/restore.sls

+{%- from "salt/map.jinja" import minion with context %}
+{%- if minion.enabled %}
+
+{%- if minion.ca is defined %}
+
+{%- if minion.initial_data is defined %}
+
+/srv/salt/restore_minion.sh:
+  file.managed:
+  - source: salt://salt/files/restore_minion.sh
+  - mode: 700
+  - template: jinja
+
+salt_minion_restore_state:
+  cmd.run:
+  - name: /srv/salt/restore_minion.sh
+  - unless: "test -e /srv/salt/minion-restored"
+  - cwd: /root
+  - require:
+    - file: /srv/salt/restore_minion.sh
+
+salt_minion_restore_completed:
+  file.managed:
+  - name: /srv/salt/minion-restored
+  - source: {}
+  - require:
+    - cmd: salt_minion_restore_state
+
+{%- endif %}
+
+{%- endif %}
+
+{%- endif %}

tests/pillar/minion_backup.sls

+salt:
+  minion:
+    enabled: true
+    backup: true
+    initial_data:
+      engine: backupninja
+      source: backup-node-host
+      host: original-salt-master-id