Working on Missing newsyslog

971bf8e7 · Srinivas Rao Puttagunta · 6b199b44 · 971bf8e7 · 971bf8e7 · 971bf8e7
Commit 971bf8e7 authored 5 years ago by Srinivas Rao Puttagunta
--- a/files/etc/newsyslog/master
+++ b/files/etc/newsyslog/master
+# master -- Backup an LDAP server database
+#
+
+set logdir  = /var/log/%n
+set save    = /var/log/OLD/%n
+
+dbarchive {
+   stop:    run /usr/sbin/ldap-backup
+   log: db-ldif logdir root 0 644
+
+   archive: db-ldif  save  30
--- a/manifests/backups.pp
+++ b/manifests/backups.pp
@@ -20,6 +20,28 @@ class su_ldap::backups(
    $master_name = "ldap/ldap-${env}master.stanford.edu"
  }

+  # cron jobs we care about
+  file {
+    '/etc/cron.d/master-audit':
+      mode    => '0644',
+      source  => 'puppet:///modules/su_ldap/etc/cron.d/master-audit';
+    '/etc/cron.d/master-restart':
+      mode    => '0644',
+      content => template('su_ldap/etc/cron.d/master-restart.erb');
+  }
+
+  # We want a newsyslog task to rotate the LDAP _data_ (as opposed to the
+  # LDAP logs) into a local directory. If this is the production master,
+  # we want to rotate the data into AFS as well.
+  #
+  $save_to_afs  = true
+  file { '/etc/newsyslog/master':
+    ensure  => file,
+    mode    => '0644',
+    content => template('su_ldap/etc/newsyslog/master.erb'),
+    require => File['/etc/newsyslog'],
+  }
+
  ## Directory where we put GCP credentials
  file {'/etc/ldapadmin':
    ensure => directory;
@@ -78,14 +100,5 @@ class su_ldap::backups(
     }
  }

-  # cron jobs we care about
-  file {
-    '/etc/cron.d/master-audit':
-      mode    => '0644',
-      source  => 'puppet:///modules/su_ldap/etc/cron.d/master-audit';
-    '/etc/cron.d/master-restart':
-      mode    => '0644',
-      content => template('s_ldap/etc/cron.d/master-restart.erb');
-  }

 }
--- a/templates/etc/newsyslog/master.erb
+++ b/templates/etc/newsyslog/master.erb
+# master -- Rotate production master backup into AFS.
+#
+# This newsyslog configuration file rotates the LDAP database into
+# the local log directory as well as into AFS.
+#
+# Look for the file /var/log/db-ldif:
+#
+# 1. Make a compressed copy of /var/log/db-ldif and put this compressed
+#    copy into /var/log/OLD/ rotating the older versions. Allow up to 30
+#    such compressed copies.
+#
+# 2. Make a compressed copy of /var/log/db-ldif and put this compressed
+#    copy into
+#    /afs/ir/service/directory/data/backups/%Y/%M/%d/%m.%n. Recall that %Y
+#    is the year number, %M is the month number, %d is the day number, %m
+#    the server name, and %n is 'db-ldif'.
+#    Example:
+#    /afs/ir/service/directory/data/backups/2015/11/2015-11-01/directory-master0.db-ldif.gz
+
+set logfile  = /var/log/%n
+set save     = /var/lib/ldap/logs/OLD/%n
+<% if (@save_to_afs) then -%>
+set archive  = /afs/ir/service/directory/data/backups/%Y/%M/%d/%m.%n
+<% end -%>
+
+dbarchive {
+   stop: run /usr/sbin/ldap-backup
+   log:  db-ldif logfile root 0 644
+
+   archive: db-ldif  save   30
+<% if (@save_to_afs) then -%>
+   archive: db-ldif  archive 0
+<% end -%>
+}