commit 34dc3da71f0d2fa84a86df2498c0c148eeedb7f8
author Jiri Broulik <jbroulik@mirantis.com> Tue Feb 27 11:07:11 2018 +0100
committer Jiri Broulik <jbroulik@mirantis.com> Wed Feb 28 15:57:46 2018 +0100
tree 27104da67d38dc9f24f6aea2f1a59c51f941ea92
parent 12bad865b395b13d1e5e3b936243ff959a2ee482

restrict access

Change-Id: I440cb4b6d2ac94a64b3c84249d7351fb42914280

README.rst

diff --git a/README.rst b/README.rst
index cf21103..cd3bbaa 100644
--- a/README.rst
+++ b/README.rst
@@ -72,6 +72,13 @@
             enabled: true
             key: ssh-key
 
+Backup server without strict client policy restriction
+
+.. code-block:: yaml
+
+    backupninja:
+      server:
+        restrict_clients: false
 
 Backup client with local storage
 

backupninja/map.jinja

diff --git a/backupninja/map.jinja b/backupninja/map.jinja
index 2a5db08..048d43c 100644
--- a/backupninja/map.jinja
+++ b/backupninja/map.jinja
@@ -20,11 +20,13 @@
   'Debian': {

     'pkgs': ['rsync'],

     'home_dir': '/srv/backupninja',

+    'restrict_clients': True,

     'keys': [],

   },

   'RedHat': {

     'pkgs': ['rsync'],

     'home_dir': '/srv/backupninja',

+    'restrict_clients': True,

     'keys': [],

   },

 }, merge=salt['pillar.get']('backupninja:server')) %}

backupninja/meta/salt.yml

diff --git a/backupninja/meta/salt.yml b/backupninja/meta/salt.yml
index 41080b9..d7f60d4 100644
--- a/backupninja/meta/salt.yml
+++ b/backupninja/meta/salt.yml
@@ -3,7 +3,22 @@
     {%- if pillar.get('backupninja', {}).get('client') %}
     {%- from "backupninja/map.jinja" import service_grains with context %}
     {{ service_grains|yaml(False)|indent(4) }}
+      {#- client addresses #}
+      {%- set addresses = [] %}
+      {%- set ips = salt['grains.get']("fqdn_ip4")|list %}
+      {%- if ips %}
+        {%- for ip in ips %}
+          {%- if not (ip|string).startswith('127.')  %}
+            {%- do addresses.append(ip) %}
+          {%- endif %}
+        {%- endfor %}
+      {%- endif %}
+      {%- if addresses %}
+      client:
+        addresses: {{ addresses|yaml }}
+      {%- endif %}
     {%- else %}
     backupninja:
       backup: {}
     {%- endif %}
+

backupninja/server.sls

diff --git a/backupninja/server.sls b/backupninja/server.sls
index 4be4fc4..ec02d77 100644
--- a/backupninja/server.sls
+++ b/backupninja/server.sls
@@ -25,10 +25,29 @@
 
 {%- if key.get('enabled', False) %}
 
+{%- set clients = [] %}
+{%- if server.restrict_clients %}
+  {%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
+    {%- if node_grains.get('backupninja', {}).get('client') %}
+    {%- set client = node_grains.backupninja.get("client") %}
+      {%- if client.get('addresses') and client.get('addresses', []) is iterable %}
+        {%- for address in client.addresses %}
+          {%- do clients.append(address|string) %}
+        {%- endfor %}
+      {%- endif %}
+    {%- endif %}
+  {%- endfor %}
+{%- endif %}
+
 backupninja_key_{{ key.key }}:
   ssh_auth.present:
   - user: backupninja
   - name: {{ key.key }}
+  - options:
+    - no-pty
+{%- if clients %}
+    - from="{{ clients|join(',') }}"
+{%- endif %}
   - require:
     - file: /srv/backupninja