Puppet Class: gitlab::rsync

Defined in:
modules/gitlab/manifests/rsync.pp

Overview

SPDX-License-Identifier: Apache-2.0 sets up rsync of backups between 2 GitLab servers activates rsync for push from the primary to secondary T285867

Parameters:

  • active_host (Stdlib::Fqdn)
  • passive_hosts (Array[Stdlib::Fqdn]) (defaults to: [])
  • ensure (Wmflib::Ensure) (defaults to: absent)
  • rsync_interval (Systemd::Timer::Schedule) (defaults to: {'start' => 'OnCalendar', 'interval' => '*-*-* 01:00:00'})
  • backup_dir_data (Stdlib::Unixpath) (defaults to: '/srv/gitlab-backup')
  • backup_dir_config (Stdlib::Unixpath) (defaults to: '/etc/gitlab/config_backup')


5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'modules/gitlab/manifests/rsync.pp', line 5

class gitlab::rsync (
    Stdlib::Fqdn $active_host,
    Array[Stdlib::Fqdn] $passive_hosts          = [],
    Wmflib::Ensure $ensure                      = absent,
    Systemd::Timer::Schedule $rsync_interval    = {'start' => 'OnCalendar', 'interval' => '*-*-* 01:00:00'},
    Stdlib::Unixpath         $backup_dir_data   = '/srv/gitlab-backup',
    Stdlib::Unixpath         $backup_dir_config = '/etc/gitlab/config_backup',
){
    # only activate rsync/firewall hole on the server that is NOT active
    if $ensure != 'present' {
        $ensure_job = 'absent'
        $ensure_sync = 'absent'
    }
    elsif $facts['fqdn'] == $active_host {
        $ensure_job = 'present'
        $ensure_sync = 'absent'
    } else {
        $ensure_job = 'absent'
        $ensure_sync = 'present'
    }

    # On the replica, only one folder is used for config and data
    # backup due to restrictions in writing to /etc/. So only one
    # rsync server module is needed.
    rsync::server::module { 'data-backup':
        ensure         => $ensure_sync,
        path           => "${backup_dir_data}/latest/",
        read_only      => 'no',
        hosts_allow    => [$active_host],
        auto_ferm      => true,
        auto_ferm_ipv6 => true,
    }

    $passive_hosts.each | Stdlib::Fqdn $passive_host | {
        systemd::timer::job { "rsync-data-backup-${passive_host}":
            ensure      => $ensure_job,
            user        => 'root',
            description => 'rsync GitLab data backup primary to a secondary server',
            command     => "/usr/bin/rsync -avp --delete ${backup_dir_data}/latest/ rsync://${passive_host}/data-backup",
            interval    => $rsync_interval,
        }
        systemd::timer::job { "rsync-config-backup-${passive_host}":
            ensure      => $ensure_job,
            user        => 'root',
            description => 'rsync GitLab config backup primary to a secondary server',
            command     => "/usr/bin/rsync -avp --delete ${backup_dir_config}/latest/ rsync://${passive_host}/data-backup",
            interval    => $rsync_interval,
        }
    }
}