Parcourir la source

Merge "Backup and restore of Salt master's state: pki and generated metadata"

pull/70/merge
mcp-jenkins il y a 7 ans
Parent
révision
46bc38de66
5 fichiers modifiés avec 83 ajouts et 2 suppressions
  1. +13
    -0
      README.rst
  2. +10
    -0
      salt/files/restore.sh
  3. +30
    -0
      salt/master/restore.sls
  4. +8
    -2
      salt/meta/backupninja.yml
  5. +22
    -0
      tests/pillar/master_backup.sls

+ 13
- 0
README.rst Voir le fichier

@@ -186,6 +186,19 @@ Salt master peer setup for remote certificate signing
".*":
- x509.sign_remote_certificate


Salt master backup configuration

.. code-block:: yaml

salt:
master:
backup: true
initial_data:
engine: backupninja
source: backup-node-host
host: original-salt-master-id

Configure verbosity of state output (used for `salt` command)

.. code-block:: yaml

+ 10
- 0
salt/files/restore.sh Voir le fichier

@@ -0,0 +1,10 @@
#!/bin/sh
{%- from "salt/map.jinja" import master with context %}

{%- if master.initial_data is defined %}
mv /etc/salt/pki/* /etc/salt/pki.bak
scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/etc/salt/pki/pki.0/* /etc/salt/pki
{%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}
scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/srv/salt/reclass/nodes/_generated/_generated.0/* /srv/salt/reclass/nodes/_generated
{%- endif %}
{%- endif %}

+ 30
- 0
salt/master/restore.sls Voir le fichier

@@ -0,0 +1,30 @@
{%- from "salt/map.jinja" import master with context %}
{%- if master.enabled %}

{%- if master.initial_data is defined %}

/srv/salt/restore.sh:
file:
- managed
- source: salt://salt/files/restore.sh
- mode: 700
- template: jinja

salt_master_restore_state:
cmd.run:
- name: /srv/salt/restore.sh
- unless: "test -e /srv/salt/master-restored"
- cwd: /root
- require:
- file: /srv/salt/restore.sh

salt_master_restore_completed:
file.managed:
- name: /srv/salt/master-restored
- source: {}
- require:
- cmd: salt_master_restore_state

{%- endif %}

{%- endif %}

+ 8
- 2
salt/meta/backupninja.yml Voir le fichier

@@ -2,8 +2,14 @@
{%- from "salt/map.jinja" import master with context %}
backup:
salt:
{%- if master.get('backup', False) %}
fs_includes:
- /srv/salt
- /etc/salt
{%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}
- /srv/salt/reclass/nodes/_generated
{%- endif %}
- /etc/salt/pki
{%- else %}
fs_includes: []
{%- endif %}
fs_excludes: []
{%- endif %}

+ 22
- 0
tests/pillar/master_backup.sls Voir le fichier

@@ -0,0 +1,22 @@
git:
client:
enabled: true
linux:
system:
enabled: true
salt:
master:
enabled: true
source:
engine: pkg
pillar:
engine: salt
source:
engine: local
environment:
prd:
formula: {}
initial_data:
engine: backupninja
source: backup-node-host
host: original-salt-master-id

Chargement…
Annuler
Enregistrer