# This is a asyncronous replica of the Maria DB Cluster for SUNET Drive class sunetdrive::mariadb_backup($tag_mariadb=undef, $location=undef) { include sunet::packages::netcat_openbsd $dirs = [ 'datadir', 'init', 'conf', 'backups' ] $dirs.each | $dir | { ensure_resource('file',"/opt/mariadb_backup/${dir}", { ensure => directory, recurse => true } ) } # Config from group.yaml $environment = sunetdrive::get_environment() $config = hiera_hash($environment) $first_db = $config['first_db'] # Secrets from local.eyaml $mysql_root_password = safe_hiera('mysql_root_password') $backup_password = safe_hiera('backup_password') $mysql_user_password = safe_hiera('mysql_user_password') $statistics_secret = safe_hiera('statistics_secret') sunet::system_user {'mysql': username => 'mysql', group => 'mysql' } $sql_files = ['02-backup_user.sql'] $sql_files.each |$sql_file|{ file { "/opt/mariadb_backup/init/${sql_file}": ensure => present, content => template("sunetdrive/mariadb_backup/${sql_file}.erb"), mode => '0744', } } $conf_files = ['credentials.cnf', 'my.cnf'] $conf_files.each |$conf_file|{ file { "/opt/mariadb_backup/conf/${conf_file}": ensure => present, content => template("sunetdrive/mariadb_backup/${conf_file}.erb"), mode => '0744', } } file { '/opt/mariadb_backup/start_replica_from_init.sh': ensure => present, content => template('sunetdrive/mariadb_backup/start_replica_from_init.erb.sh'), mode => '0744', } file { '/opt/mariadb_backup/do_backup.sh': ensure => present, content => template('sunetdrive/mariadb_backup/do_backup.erb.sh'), mode => '0744', } file { '/opt/mariadb_backup/check_replication.sh': ensure => absent, } file { '/etc/sudoers.d/99-check_replication': ensure => absent, } file { '/usr/local/bin/check_replication': ensure => present, content => template('sunetdrive/mariadb_backup/check_replication.erb'), mode => '0744', } file { '/usr/local/bin/status-test': ensure => present, content => template('sunetdrive/mariadb_backup/status-test.erb'), mode => '0744', } file { '/etc/sudoers.d/99-status-test': ensure => file, content => "script ALL=(root) NOPASSWD: /usr/local/bin/status-test\n", mode => '0440', owner => 'root', group => 'root', } sunet::docker_compose { 'mariadb_backup': content => template('sunetdrive/mariadb_backup/docker-compose_mariadb_backup.yml.erb'), service_name => 'mariadb_backup', compose_dir => '/opt/', compose_filename => 'docker-compose.yml', description => 'Mariadb replica', } # Rclone stuff $rclone_url = 'https://downloads.rclone.org/rclone-current-linux-amd64.deb' $local_path = '/tmp/rclone-current-linux-amd64.deb' exec { 'rclone_deb': command => "/usr/bin/wget -q ${rclone_url} -O ${local_path}", creates => $local_path, } package { 'rclone': ensure => installed, provider => dpkg, source => $local_path, require => Exec['rclone_deb'], } file { '/root/.rclone.conf': ensure => file, content => template('sunetdrive/mariadb_backup/rclone.conf.erb'), owner => 'root', group => 'root', mode => '0600', } file { '/opt/mariadb_backup/listusers.sh': ensure => file, content => template('sunetdrive/mariadb_backup/listusers.erb.sh'), owner => 'root', group => 'root', mode => '0700', } file { '/opt/mariadb_backup/find_disabled_sharing.sh': ensure => file, content => template('sunetdrive/mariadb_backup/find_disabled_sharing.erb.sh'), owner => 'root', group => 'root', mode => '0700', } sunet::scriptherder::cronjob { 'listusers': cmd => '/opt/mariadb_backup/listusers.sh', minute => '*/5', ok_criteria => ['exit_status=0','max_age=30m'], warn_criteria => ['exit_status=1', 'max_age=60m'], } sunet::scriptherder::cronjob { 'disabledsharing': cmd => '/opt/mariadb_backup/find_disabled_sharing.sh', minute => '5', hour => '3', ok_criteria => ['exit_status=0','max_age=2d'], warn_criteria => ['exit_status=1','max_age=3d'], } }