-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add puppetserver to backup #1907
Conversation
d77d3ba
to
7525a4b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current backup host is the same machine.
|
||
restic::repository { 'puppetserver': | ||
backup_cap_dac_read_search => true, | ||
backup_path => '/etc/puppetlabs', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What are we backing up here?
/etc/puppetlabs/code
is deployed from https://github.com/theforeman/foreman-infra/etc/puppetlabs/puppet/data
is indeed important local data/etc/puppetlabs/puppet/ssl
can also be useful/etc/puppetlabs/puppetserver
is managed by Puppet and can be easily bootstrapped (https://theforeman.github.io/foreman-infra/bootstrap/)
What are we missing:
/opt/puppetlabs/server/data/puppetserver/ssh
SSH keys we generated. In theory they will be regenerated and kept in sync, but in Redmine we have imported some keys./opt/puppetlabs/server/data/puppetserver/foreman_cache_data
these cached entries will also get regenerated
In short: I think /etc/puppetlabs/puppet/data
is the most important part since it's not stored anywhere else. When I set it up that way I didn't want to bother with hiera-gpg, but that is perhaps a better way.What are we backing up here?
/etc/puppetlabs/code
is deployed from https://github.com/theforeman/foreman-infra/etc/puppetlabs/puppet/data
is indeed important local data/etc/puppetlabs/puppet/ssl
can also be useful/etc/puppetlabs/puppetserver
is managed by Puppet and can be easily bootstrapped (https://theforeman.github.io/foreman-infra/bootstrap/)
What are we missing:
/opt/puppetlabs/server/data/puppetserver/ssh
SSH keys we generated. In theory they will be regenerated and kept in sync, but in Redmine we have imported some keys./opt/puppetlabs/server/data/puppetserver/foreman_cache_data
these cached entries will also get regenerated
In short: I think /etc/puppetlabs/puppet/data
is the most important part since it's not stored anywhere else. When I set it up that way I didn't want to bother with hiera-gpg, but that is perhaps a better way.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added the four paths that seem useful (doesn't seem to be excessive in size either way)
7525a4b
to
ca827bd
Compare
I intend to address that via replication of backups to other locations. |
ca827bd
to
c57b62f
Compare
c57b62f
to
ba1445a
Compare
@@ -20,6 +20,7 @@ profiles::backup::receiver::targets: | |||
- redmine01 | |||
- master02 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Slightly related question: shouldn't this be controller01
now? I may have messed that up in the Jenkins migration.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Most probably it should
No description provided.