Closed sfuerte closed 7 years ago
Yes, this sounds useful. I've had some private code that does this kind of dumping for each of the databases I care about, but a generalized approach for script execution seems useful. I'm not sure how to work out permissions for this kind of thing, since perhaps sudo would be required, and I doubt we can agree on a sudo module as a dependency.
How would you see this used in manifest?
Well, Puppet agent is already running with privileged permissions, one wouldn't need them to copy scripts. Here is our real usage scenario:
Our Bacula installation has been done before Puppet implementation. So, the whole Director's side has been kept as manual configuration;
only Bacula FD's (clients) have been populated through Puppet;
Clients that have DB's for backups have job definitions like:
Job {
Client = ...
Name = ...
JobDefs = ...
RunScript {
RunsWhen = Before
RunsOnClient = Yes
FailJobOnError = No
Command = "/etc/bacula/scripts/make_db_backup.py -t all"
}
make_db_backup.py
is copied across servers via Puppet by modified (as above) Bacula module.
The script itself is attached and supports dumps for Postgres and/or MySQL, I'd say two most common DBs. There are some limitations, i.e. not possible to exclude certain DB from the dump, but it can be fixed.
DB dumps go to /var/backups/bacula-sql/
folder. Permissions as follows:
drwx------ 2 bacula bacula 4096 Jan 3 23:25 bacula-sql
No need in elevated permissions.
--
classes:
- bacula::client
bacula::client::client: 'name' bacula::client::password: 'pass'
- had there be a way to add script/file option, similar to Zabbix's userparameter, it'd be great!
-- classes:
zabbix::agent::hostname: 'hostname' zabbix::userparameter::data:
apache: source: 'puppet:///my_mount_point/zabbix/zabbix_agentd.d/apache.conf' apache.py: script: 'puppet:///my_mount_point/zabbix/zabbix_agentd.scripts/apache.py' script_dir: '/etc/zabbix/zabbix_agentd.scripts'
(https://github.com/xaque208/puppet-bacula/files/856488/make_db_backup.py.txt)
Ah, I think this just might be a documentation issue. You should be able to get what you want using the bacula::job
resource.
https://github.com/xaque208/puppet-bacula/blob/master/manifests/job.pp#L58
It looks like runscript is just an array of hashes, which are then used in the job template.
https://github.com/xaque208/puppet-bacula/blob/master/templates/job.conf.erb#L39
That template fragment gets exported so it can be realized on the director, but since you are not using this module on the director, that's probably not going to help you much.
I will say, most of this module in particular assumes that you are using this module on most parts of your bacula installation. There is a heavy use of exported resources at work to allow clients to export bits of data to the director.
Is there something preventing you from using this module on your bacula director that can be addressed in the module?
hmm, believe bacula::job
will just create a record in Director's configuration. It won't copy any file/script itself.
For file creation/copy, a file
resource shall be present and defined in manifest, either in client.pp
directly or referenced from there; e.g. like in my original message here.
I think this should probably be something done outside the module. A site local wrapper define could probably accomplish this in a cleaner manner than implementing it in the module.
define mysite::backup_job (
) {
file { ... }
bacula::job { ... }
}
I'll close this out, as I think the workaround above should be sufficient, but if you feel differently about it, feel free to reopen or submit a PR to address this. Thanks for the report all the same.
Bacula supports scripts calls, e.g. DB backups, it would be nice to have an ability to populate such scripts via Puppet.
For example, currently we have to update
client.pp
to add the following:A note on the "source", if it can be configurable, it'll be great. If
puppet:///modules/bacula
is used, then files have to be stored under.../modules/bacula/files
folder. Which means that simple upgrade of the module will fail. In our environment we have a special folder mounted and accessed as, for example,puppet:///my_mnt_point/bacula
. In such waypuppet module upgrade ...
won't fail.