Created
April 4, 2016 19:19
-
-
Save andrekeller/f75b5af6f6630b97b470209ad46ad706 to your computer and use it in GitHub Desktop.
burp profiles
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class comrack::profiles::backup::client ( | |
$server = '', | |
$additional_includes = [], | |
$cname = $::fqdn, | |
$configuration = {}, | |
$dedup_group = 'global', | |
$enable = true, | |
$encryption_password = undef, | |
$manage_monitoring = true, | |
) { | |
# We include the client in Hiera common so its installed on all systems | |
# With "comrack::profiles::backup::client::enable: false" we can disable it in Hiera | |
if $enable { | |
if $server == '' { | |
fail('$server MUST BE DEFINED') | |
} | |
include ::burp | |
case $::osfamily { | |
'debian': { | |
include ::comrack::repos::ppa::backup | |
Exec['apt_update'] -> Class['::Burp::Install'] | |
Class['::Comrack::Repos::Ppa::Backup'] -> ::Burp::Client['burp'] | |
} | |
'redhat': { | |
notify { 'RedHat BURP package repository missing': } | |
} | |
'default': { } | |
} | |
validate_array($additional_includes) | |
$_default_includes = [ | |
'/boot/grub', | |
'/etc', | |
'/home', | |
'/usr/local', | |
'/var/backups', | |
'/var/lib/dpkg', | |
'/var/log', | |
'/var/spool', | |
] | |
$_comrack_configuration = { | |
backup_script => '/bin/run-parts', | |
backup_script_pre_arg => [ | |
'--report', | |
'--regex', | |
'\'.*\'', | |
'/usr/share/burp/pre-backup' | |
], | |
backup_script_post_arg => [ | |
'--report', | |
'--regex', | |
'\'.*\'', | |
'/usr/share/burp/post-backup' | |
], | |
backup_script_reserved_args => 0, | |
cname => $cname, | |
dedup_group => $dedup_group, | |
encryption_password => $encryption_password, | |
include => union($_default_includes, $additional_includes), | |
nobackup => '.nobackup', | |
status_port => '4972', | |
} | |
# If the client is on the BURP server, we use the same certificate as already available | |
if defined(Class['comrack::profiles::backup::server']) { | |
$_additional_configuration = { | |
ssl_cert => '/srv/burp/ssl_cert-server.pem', | |
ssl_cert_ca => '/srv/burp/ssl_cert_ca-pem', | |
ssl_key => '/srv/burp/ssl_cert-server.key', | |
} | |
$_configuration1 = merge($_comrack_configuration, $_additional_configuration) | |
} else { | |
$_configuration1 = $_comrack_configuration | |
} | |
$_configuration = merge($_configuration1, $configuration) | |
# the default client is named burp because this produces a | |
# default configuration file for burp | |
::burp::client { 'burp': | |
configuration => $_configuration, | |
server => $server, | |
} -> | |
## Prepare pre-/postbackup scripts directories | |
file {[ | |
'/usr/share/burp/pre-backup', | |
'/usr/share/burp/post-backup' | |
]: | |
ensure => directory, | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class comrack::profiles::backup::server ( | |
$clientconfigs = {}, | |
$configuration = {}, | |
$manage_monitoring = true, | |
$manage_firewall = true, | |
$manage_backup = true, | |
) { | |
include ::burp | |
$_comrack_configuration = { | |
client_can_delete => 1, | |
client_can_force_backup => 1, | |
dedup_group => 'global', | |
keep => [ | |
'7', | |
'4', | |
], | |
max_children => '1', | |
restore_client => $::fqdn, | |
ssl_compression => 'zlib0', | |
status_address => '::', | |
timer_arg => [ | |
'20h', | |
'Mon,Tue,Wed,Thu,Fri,Sat,Sun,02,03,04,05,06,07', | |
], | |
} | |
$_configuration = merge($_comrack_configuration, $configuration) | |
include ::comrack::repos::ppa::backup | |
Exec['apt_update'] -> Class['::Burp::Install'] | |
class { '::burp::server': | |
ca_dir => '/srv/burp/CA', | |
clientconfigs => $clientconfigs, | |
configuration => $_configuration, | |
ssl_cert => '/srv/burp/ssl_cert-server.pem', | |
ssl_cert_ca => '/srv/burp/ssl_cert_ca-pem', | |
ssl_dhfile => '/srv/burp/dhfile.pem', | |
ssl_key => '/srv/burp/ssl_cert-server.key', | |
user_home => '/srv/burp', | |
require => Class['::Comrack::Repos::Ppa::Backup'], | |
} | |
## Firewall settings | |
if $manage_firewall { | |
firewall { | |
'090 accept burp tcp v4': | |
dport => [ 4971, 4972 ], | |
proto => 'tcp', | |
action => 'accept'; | |
'090 accept burp tcp v6': | |
dport => [ 4971, 4972 ], | |
proto => 'tcp', | |
action => 'accept', | |
provider => 'ip6tables'; | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class comrack::repos::ppa::backup { | |
apt::source {'ppa-communityrack-backup': | |
location => 'http://ppa.launchpad.net/communityrack/backup/ubuntu', | |
release => $::lsbdistcodename, | |
repos => 'main', | |
key => { | |
'id' => '645D5356E423D9780757FE892B34953D757977B6', | |
'server' => 'keyserver.ubuntu.com', | |
}, | |
include => { | |
'deb' => true, | |
}, | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment