Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add puppetserver to backup #1907

Merged
merged 1 commit into from
Sep 12, 2023
Merged

add puppetserver to backup #1907

merged 1 commit into from
Sep 12, 2023

Conversation

evgeni
Copy link
Member

@evgeni evgeni commented Sep 12, 2023

No description provided.

ekohl
ekohl reviewed Sep 12, 2023
View reviewed changes
Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current backup host is the same machine.

puppet/modules/profiles/manifests/puppetserver.pp Outdated

restic::repository { 'puppetserver':
backup_cap_dac_read_search => true,
backup_path => '/etc/puppetlabs',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are we backing up here?

What are we missing:

  • /opt/puppetlabs/server/data/puppetserver/ssh SSH keys we generated. In theory they will be regenerated and kept in sync, but in Redmine we have imported some keys.
  • /opt/puppetlabs/server/data/puppetserver/foreman_cache_data these cached entries will also get regenerated

In short: I think /etc/puppetlabs/puppet/data is the most important part since it's not stored anywhere else. When I set it up that way I didn't want to bother with hiera-gpg, but that is perhaps a better way.What are we backing up here?

What are we missing:

  • /opt/puppetlabs/server/data/puppetserver/ssh SSH keys we generated. In theory they will be regenerated and kept in sync, but in Redmine we have imported some keys.
  • /opt/puppetlabs/server/data/puppetserver/foreman_cache_data these cached entries will also get regenerated

In short: I think /etc/puppetlabs/puppet/data is the most important part since it's not stored anywhere else. When I set it up that way I didn't want to bother with hiera-gpg, but that is perhaps a better way.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added the four paths that seem useful (doesn't seem to be excessive in size either way)

@evgeni
Copy link
Member Author

evgeni commented Sep 12, 2023

The current backup host is the same machine.

I intend to address that via replication of backups to other locations.

ekohl
ekohl reviewed Sep 12, 2023
View reviewed changes
puppet/data/common.yaml
@@ -20,6 +20,7 @@ profiles::backup::receiver::targets:
- redmine01
- master02
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Slightly related question: shouldn't this be controller01 now? I may have messed that up in the Jenkins migration.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Most probably it should

@evgeni evgeni merged commit dfa7255 into theforeman:master Sep 12, 2023
2 checks passed
@evgeni evgeni deleted the puppet-backup branch September 12, 2023 13:26
@evgeni evgeni added this to the centralized automatic backups milestone Sep 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ekohl ekohl ekohl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
centralized automatic backups
Development

Successfully merging this pull request may close these issues.
2 participants
@evgeni @ekohl