Merge "Backup and restore of Salt master's state: pki and generated metadata"
diff --git a/README.rst b/README.rst
index d3a64b0..c4a41f8 100644
--- a/README.rst
+++ b/README.rst
@@ -186,6 +186,19 @@
".*":
- x509.sign_remote_certificate
+
+Salt master backup configuration
+
+.. code-block:: yaml
+
+ salt:
+ master:
+ backup: true
+ initial_data:
+ engine: backupninja
+ source: backup-node-host
+ host: original-salt-master-id
+
Configure verbosity of state output (used for `salt` command)
.. code-block:: yaml
diff --git a/salt/files/restore.sh b/salt/files/restore.sh
new file mode 100644
index 0000000..2374271
--- /dev/null
+++ b/salt/files/restore.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+{%- from "salt/map.jinja" import master with context %}
+
+{%- if master.initial_data is defined %}
+mv /etc/salt/pki/* /etc/salt/pki.bak
+scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/etc/salt/pki/pki.0/* /etc/salt/pki
+{%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}
+scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/srv/salt/reclass/nodes/_generated/_generated.0/* /srv/salt/reclass/nodes/_generated
+{%- endif %}
+{%- endif %}
diff --git a/salt/master/restore.sls b/salt/master/restore.sls
new file mode 100644
index 0000000..bb4a08c
--- /dev/null
+++ b/salt/master/restore.sls
@@ -0,0 +1,30 @@
+{%- from "salt/map.jinja" import master with context %}
+{%- if master.enabled %}
+
+{%- if master.initial_data is defined %}
+
+/srv/salt/restore.sh:
+ file:
+ - managed
+ - source: salt://salt/files/restore.sh
+ - mode: 700
+ - template: jinja
+
+salt_master_restore_state:
+ cmd.run:
+ - name: /srv/salt/restore.sh
+ - unless: "test -e /srv/salt/master-restored"
+ - cwd: /root
+ - require:
+ - file: /srv/salt/restore.sh
+
+salt_master_restore_completed:
+ file.managed:
+ - name: /srv/salt/master-restored
+ - source: {}
+ - require:
+ - cmd: salt_master_restore_state
+
+{%- endif %}
+
+{%- endif %}
diff --git a/salt/meta/backupninja.yml b/salt/meta/backupninja.yml
index ba2eea5..7b52084 100644
--- a/salt/meta/backupninja.yml
+++ b/salt/meta/backupninja.yml
@@ -2,8 +2,14 @@
{%- from "salt/map.jinja" import master with context %}
backup:
salt:
+ {%- if master.get('backup', False) %}
fs_includes:
- - /srv/salt
- - /etc/salt
+ {%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}
+ - /srv/salt/reclass/nodes/_generated
+ {%- endif %}
+ - /etc/salt/pki
+ {%- else %}
+ fs_includes: []
+ {%- endif %}
fs_excludes: []
{%- endif %}
diff --git a/tests/pillar/master_backup.sls b/tests/pillar/master_backup.sls
new file mode 100644
index 0000000..cee3d72
--- /dev/null
+++ b/tests/pillar/master_backup.sls
@@ -0,0 +1,22 @@
+git:
+ client:
+ enabled: true
+linux:
+ system:
+ enabled: true
+salt:
+ master:
+ enabled: true
+ source:
+ engine: pkg
+ pillar:
+ engine: salt
+ source:
+ engine: local
+ environment:
+ prd:
+ formula: {}
+ initial_data:
+ engine: backupninja
+ source: backup-node-host
+ host: original-salt-master-id
\ No newline at end of file