salt master / minion backup
PROD-16375
Change-Id: I758d38701cdf0e1cc6fa99c38192de2f9052468c
diff --git a/salt/files/restore.sh b/salt/files/restore_master.sh
similarity index 95%
rename from salt/files/restore.sh
rename to salt/files/restore_master.sh
index 2374271..ef77ec2 100644
--- a/salt/files/restore.sh
+++ b/salt/files/restore_master.sh
@@ -2,6 +2,7 @@
{%- from "salt/map.jinja" import master with context %}
{%- if master.initial_data is defined %}
+mkdir -p /etc/salt/pki.bak
mv /etc/salt/pki/* /etc/salt/pki.bak
scp -r backupninja@{{ master.initial_data.source }}:/srv/backupninja/{{ master.initial_data.host }}/etc/salt/pki/pki.0/* /etc/salt/pki
{%- if master.pillar.engine == 'reclass' or (master.pillar.engine == 'composite' and master.pillar.reclass is defined) %}
diff --git a/salt/files/restore_minion.sh b/salt/files/restore_minion.sh
new file mode 100644
index 0000000..f8dc36b
--- /dev/null
+++ b/salt/files/restore_minion.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+{%- from "salt/map.jinja" import minion with context %}
+
+{%- if minion.ca is defined %}
+{%- if minion.initial_data is defined %}
+mkdir -p /etc/pki/pki_ca.bak
+mkdir -p /etc/pki/ca
+mv /etc/pki/ca/* /etc/pki/pki_ca.bak
+scp -r backupninja@{{ minion.initial_data.source }}:/srv/backupninja/{{ minion.initial_data.host }}/etc/pki/ca/ca.0/* /etc/pki/ca
+{%- endif %}
+{%- endif %}
\ No newline at end of file
diff --git a/salt/master/restore.sls b/salt/master/restore.sls
index bb4a08c..fe0ff3f 100644
--- a/salt/master/restore.sls
+++ b/salt/master/restore.sls
@@ -3,20 +3,19 @@
{%- if master.initial_data is defined %}
-/srv/salt/restore.sh:
- file:
- - managed
- - source: salt://salt/files/restore.sh
+/srv/salt/restore_master.sh:
+ file.managed:
+ - source: salt://salt/files/restore_master.sh
- mode: 700
- template: jinja
salt_master_restore_state:
cmd.run:
- - name: /srv/salt/restore.sh
+ - name: /srv/salt/restore_master.sh
- unless: "test -e /srv/salt/master-restored"
- cwd: /root
- require:
- - file: /srv/salt/restore.sh
+ - file: /srv/salt/restore_master.sh
salt_master_restore_completed:
file.managed:
diff --git a/salt/meta/backupninja.yml b/salt/meta/backupninja.yml
index 7b52084..0a98f44 100644
--- a/salt/meta/backupninja.yml
+++ b/salt/meta/backupninja.yml
@@ -1,5 +1,6 @@
-{%- if pillar.salt.master is defined %}
- {%- from "salt/map.jinja" import master with context %}
+{%- if pillar.salt is defined %}
+{%- if pillar.salt.get('master', {}).get('enabled', False) or (pillar.salt.get('minion', {}).get('enabled', False) and pillar.salt.get('minion', {}).ca is defined) %}
+ {%- from "salt/map.jinja" import master, minion with context %}
backup:
salt:
{%- if master.get('backup', False) %}
@@ -8,8 +9,15 @@
- /srv/salt/reclass/nodes/_generated
{%- endif %}
- /etc/salt/pki
+ {%- if minion.get('backup', False) %}
+ - /etc/pki/ca
+ {%- endif %}
+ {%- elif minion.get('backup', False) %}
+ fs_includes:
+ - /etc/pki/ca
{%- else %}
fs_includes: []
{%- endif %}
fs_excludes: []
{%- endif %}
+{%- endif %}
diff --git a/salt/minion/restore.sls b/salt/minion/restore.sls
new file mode 100644
index 0000000..3c42852
--- /dev/null
+++ b/salt/minion/restore.sls
@@ -0,0 +1,33 @@
+{%- from "salt/map.jinja" import minion with context %}
+{%- if minion.enabled %}
+
+{%- if minion.ca is defined %}
+
+{%- if minion.initial_data is defined %}
+
+/srv/salt/restore_minion.sh:
+ file.managed:
+ - source: salt://salt/files/restore_minion.sh
+ - mode: 700
+ - template: jinja
+
+salt_minion_restore_state:
+ cmd.run:
+ - name: /srv/salt/restore_minion.sh
+ - unless: "test -e /srv/salt/minion-restored"
+ - cwd: /root
+ - require:
+ - file: /srv/salt/restore_minion.sh
+
+salt_minion_restore_completed:
+ file.managed:
+ - name: /srv/salt/minion-restored
+ - source: {}
+ - require:
+ - cmd: salt_minion_restore_state
+
+{%- endif %}
+
+{%- endif %}
+
+{%- endif %}
diff --git a/tests/pillar/minion_backup.sls b/tests/pillar/minion_backup.sls
new file mode 100644
index 0000000..419fd0f
--- /dev/null
+++ b/tests/pillar/minion_backup.sls
@@ -0,0 +1,8 @@
+salt:
+ minion:
+ enabled: true
+ backup: true
+ initial_data:
+ engine: backupninja
+ source: backup-node-host
+ host: original-salt-master-id