commit 57b8fc6d580d175358da010715112d54b19ba2f2
author Jiri Broulik <jbroulik@mirantis.com> Tue Feb 27 11:03:57 2018 +0100
committer Jiri Broulik <jbroulik@mirantis.com> Tue Feb 27 17:08:33 2018 +0100
tree e25262ce72406223e108db35de3abff57fb65a64
parent b2e0cd25545c4abdfab4ae1a3e6f6b709bd90ff5

restrict access

Change-Id: I18a7cad8611ecfdc23362d214b7c29075c8f873a

xtrabackup/meta/salt.yml

diff --git a/xtrabackup/meta/salt.yml b/xtrabackup/meta/salt.yml
new file mode 100644
index 0000000..36c32d3
--- /dev/null
+++ b/xtrabackup/meta/salt.yml
@@ -0,0 +1,23 @@
+{%- if pillar.get('xtrabackup', {}).get('client') %}
+
+{%- set addresses = [] %}
+{%- set ips = salt['grains.get']("fqdn_ip4")|list %}
+{%- if ips %}
+  {%- for ip in ips %}
+    {%- if not (ip|string).startswith('127.')  %}
+    {%- do addresses.append('- ' + ip) %}
+    {%- endif %}
+  {%- endfor %}
+{%- endif %}
+{%- if addresses %}
+grain:
+  xtrabackup:
+    xtrabackup:
+      client:
+        addresses:
+        {%- for address in addresses %}
+          {{ address }}
+        {%- endfor %}
+{%- endif %}
+
+{%- endif %}

xtrabackup/server.sls

diff --git a/xtrabackup/server.sls b/xtrabackup/server.sls
index c910389..5ec95a9 100644
--- a/xtrabackup/server.sls
+++ b/xtrabackup/server.sls
@@ -46,10 +46,27 @@
 
 {%- if key.get('enabled', False) %}
 
+{%- set clients = [] %}
+{%- for node_name, node_grains in salt['mine.get']('*', 'grains.items').iteritems() %}
+{%- if node_grains.get('xtrabackup') and node_grains.xtrabackup.get('client') %}
+{%- set client = node_grains.xtrabackup.get("client") %}
+{%- if client.get('addresses') and client.get('addresses', []) is iterable %}
+{%- for address in client.addresses %}
+{%- do clients.append(address|string) %}
+{%- endfor %}
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+
 xtrabackup_key_{{ key.key }}:
   ssh_auth.present:
   - user: xtrabackup
   - name: {{ key.key }}
+  - options:
+    - no-pty
+{%- if clients %}
+    - from="{{ clients|join(',') }}"
+{%- endif %}
   - require:
     - file: {{ server.backup_dir }}/full
     - file: {{ server.backup_dir }}/incr