From 4a00286b20eb54ceafc2406a7c0c055eea05c17f Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Fri, 16 Sep 2022 11:57:24 +0200 Subject: [PATCH 1/5] Added backup doc and fixed init.sh --- doc/BackupAndRestore.md | 37 +++++++++++++++++++ .../docker-backup/image/resources/init.sh | 1 + 2 files changed, 38 insertions(+) create mode 100644 doc/BackupAndRestore.md diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md new file mode 100644 index 0000000..68222bb --- /dev/null +++ b/doc/BackupAndRestore.md @@ -0,0 +1,37 @@ +# Backup Architecture details + +![](backup.svg) + +* we use restic to produce small & encrypted backups +* backup is scheduled at `schedule: "10 23 * * *"` +* Gitea stores files in `/data/gitea` and `/data/git/repositories`, these files are backed up. +* The postgres db is also backed up + +## Manual init the restic repository for the first time + +1. apply backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=1` +2. exec into pod and execute restore pod (press tab to get your exact pod name) + `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh` +3. remove backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=0` + + +## Manual backup the restic repository for the first time + +1. apply backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=1` +2. exec into pod and execute restore pod (press tab to get your exact pod name) + `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh` +3. remove backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=0` + + +## Manual restore + +1. apply backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=1` +2. exec into pod and execute restore pod (press tab to get your exact pod name) + `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh` +1. remove backup-and-restore pod: + `kubectl scale deployment backup-restore --replicas=0` diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh index 322b35d..5767e69 100755 --- a/infrastructure/docker-backup/image/resources/init.sh +++ b/infrastructure/docker-backup/image/resources/init.sh @@ -10,5 +10,6 @@ function main() { } source /usr/local/lib/functions.sh +source /usr/local/lib/pg-functions.sh source /usr/local/lib/file-functions.sh main From f8b4137c60010f554854b74b03ad073121264e5d Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Fri, 16 Sep 2022 12:26:18 +0200 Subject: [PATCH 2/5] Added more necessary env variables to backup-restore-deployment --- .../backup/backup-restore-deployment.yaml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/src/main/resources/backup/backup-restore-deployment.yaml b/src/main/resources/backup/backup-restore-deployment.yaml index c74145b..79f4ec7 100644 --- a/src/main/resources/backup/backup-restore-deployment.yaml +++ b/src/main/resources/backup/backup-restore-deployment.yaml @@ -22,6 +22,27 @@ spec: imagePullPolicy: IfNotPresent command: ["/entrypoint-start-and-wait.sh"] env: + - name: POSTGRES_USER + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-user + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: postgres-secret + key: postgres-password + - name: POSTGRES_DB + valueFrom: + configMapKeyRef: + name: postgres-config + key: postgres-db + - name: POSTGRES_HOST + value: "postgresql-service:5432" + - name: POSTGRES_SERVICE + value: "postgresql-service" + - name: POSTGRES_PORT + value: "5432" - name: AWS_DEFAULT_REGION value: eu-central-1 - name: AWS_ACCESS_KEY_ID_FILE @@ -35,6 +56,8 @@ spec: key: restic-repository - name: RESTIC_PASSWORD_FILE value: /var/run/secrets/backup-secrets/restic-password + - name: CERTIFICATE_FILE + value: "" volumeMounts: - name: gitea-data-volume mountPath: /var/backups From 372f5c7a40e09d0c5de3ae0039b8196a5d2c9b26 Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Fri, 16 Sep 2022 15:23:25 +0200 Subject: [PATCH 3/5] More fixed for backup image --- doc/BackupAndRestore.md | 8 ++++++-- .../image/resources/entrypoint-start-and-wait.sh | 2 ++ .../docker-backup/image/resources/entrypoint.sh | 4 +++- .../docker-backup/image/resources/init.sh | 2 +- .../image/resources/restic-snapshots.sh | 1 + .../docker-backup/image/resources/restore.sh | 16 ++++++++-------- 6 files changed, 21 insertions(+), 12 deletions(-) diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md index 68222bb..b15d4a1 100644 --- a/doc/BackupAndRestore.md +++ b/doc/BackupAndRestore.md @@ -31,7 +31,11 @@ 1. apply backup-and-restore pod: `kubectl scale deployment backup-restore --replicas=1` -2. exec into pod and execute restore pod (press tab to get your exact pod name) +2. Scale down gitea deployment: + `kubectl scale deployment gitea --replicas=0` +3. exec into pod and execute restore pod (press tab to get your exact pod name) `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh` -1. remove backup-and-restore pod: +4. Start gitea again: + `kubectl scale deployment gitea --replicas=1` +5. remove backup-and-restore pod: `kubectl scale deployment backup-restore --replicas=0` diff --git a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh index 0915071..c6addac 100644 --- a/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh +++ b/infrastructure/docker-backup/image/resources/entrypoint-start-and-wait.sh @@ -1,6 +1,7 @@ #!/bin/bash function main() { + create-pg-pass while true; do sleep 1m @@ -8,4 +9,5 @@ function main() { } source /usr/local/lib/functions.sh +source /usr/local/lib/pg-functions.sh main \ No newline at end of file diff --git a/infrastructure/docker-backup/image/resources/entrypoint.sh b/infrastructure/docker-backup/image/resources/entrypoint.sh index b25e15f..96df4f3 100755 --- a/infrastructure/docker-backup/image/resources/entrypoint.sh +++ b/infrastructure/docker-backup/image/resources/entrypoint.sh @@ -1,9 +1,11 @@ #!/bin/bash function main() { - + create-pg-pass + /usr/local/bin/backup.sh } source /usr/local/lib/functions.sh +source /usr/local/lib/pg-functions.sh main diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh index 5767e69..baac041 100755 --- a/infrastructure/docker-backup/image/resources/init.sh +++ b/infrastructure/docker-backup/image/resources/init.sh @@ -4,7 +4,7 @@ function main() { file_env AWS_ACCESS_KEY_ID file_env AWS_SECRET_ACCESS_KEY - init-role-repo + #init-role-repo init-database-repo init-file-repo } diff --git a/infrastructure/docker-backup/image/resources/restic-snapshots.sh b/infrastructure/docker-backup/image/resources/restic-snapshots.sh index ca889ce..1d97a2c 100755 --- a/infrastructure/docker-backup/image/resources/restic-snapshots.sh +++ b/infrastructure/docker-backup/image/resources/restic-snapshots.sh @@ -7,6 +7,7 @@ function main() { file_env AWS_SECRET_ACCESS_KEY restic -r ${RESTIC_REPOSITORY}/files snapshots + restic -r ${RESTIC_REPOSITORY}/pg-database snapshots } source /usr/local/lib/functions.sh diff --git a/infrastructure/docker-backup/image/resources/restore.sh b/infrastructure/docker-backup/image/resources/restore.sh index b56b97d..0d9d10d 100755 --- a/infrastructure/docker-backup/image/resources/restore.sh +++ b/infrastructure/docker-backup/image/resources/restore.sh @@ -15,16 +15,16 @@ function main() { rm -rf /var/backups/restore restore-directory '/var/backups/restore' - rm -rf /data/gitea/* - rm -rf /data/git/repositories/* - cp /var/backups/restore/gitea/* /data/gitea/ - cp /var/backups/restore/git/repositories/* /data/git/repositories/ + rm -rf /var/backups/gitea/* + rm -rf /var/backups/git/repositories/* + cp -r /var/backups/restore/gitea/* /var/backups/gitea/ + cp -r /var/backups/restore/git/repositories/* /var/backups/git/repositories/ - # adjust file permissions - chown -R git:git /data + # adjust file permissions for the git user + chown -R 1000:1000 /var/backups - # Regenerate Git Hooks - /usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks + # TODO: Regenerate Git Hooks + #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks # Restore db drop-create-db From 4dda50ec694fa4f77e47a3350c7a34da58a849ab Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Fri, 16 Sep 2022 15:45:04 +0200 Subject: [PATCH 4/5] Use dda-backup:1.0.6 --- infrastructure/docker-backup/image/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infrastructure/docker-backup/image/Dockerfile b/infrastructure/docker-backup/image/Dockerfile index 9b6d4f0..02f5ca9 100644 --- a/infrastructure/docker-backup/image/Dockerfile +++ b/infrastructure/docker-backup/image/Dockerfile @@ -1,4 +1,4 @@ -FROM domaindrivenarchitecture/dda-backup:1.0.5 +FROM domaindrivenarchitecture/dda-backup:1.0.6 # Prepare Entrypoint Script ADD resources /tmp From 5ff22f425aa2ac520a0e75fba10a96304650a762 Mon Sep 17 00:00:00 2001 From: Clemens Geibel Date: Fri, 16 Sep 2022 16:44:14 +0200 Subject: [PATCH 5/5] Remove unused pg-role functions --- infrastructure/docker-backup/image/resources/backup.sh | 1 - infrastructure/docker-backup/image/resources/init.sh | 1 - infrastructure/docker-backup/image/resources/restore.sh | 3 +-- 3 files changed, 1 insertion(+), 4 deletions(-) diff --git a/infrastructure/docker-backup/image/resources/backup.sh b/infrastructure/docker-backup/image/resources/backup.sh index 9bdbde1..d2549fd 100755 --- a/infrastructure/docker-backup/image/resources/backup.sh +++ b/infrastructure/docker-backup/image/resources/backup.sh @@ -8,7 +8,6 @@ function main() { file_env RESTIC_DAYS_TO_KEEP 30 file_env RESTIC_MONTHS_TO_KEEP 12 - #backup-roles 'TODO' backup-db-dump backup-fs-from-directory '/var/backups/' 'gitea/' 'git/repositories/' } diff --git a/infrastructure/docker-backup/image/resources/init.sh b/infrastructure/docker-backup/image/resources/init.sh index baac041..1f47fa5 100755 --- a/infrastructure/docker-backup/image/resources/init.sh +++ b/infrastructure/docker-backup/image/resources/init.sh @@ -4,7 +4,6 @@ function main() { file_env AWS_ACCESS_KEY_ID file_env AWS_SECRET_ACCESS_KEY - #init-role-repo init-database-repo init-file-repo } diff --git a/infrastructure/docker-backup/image/resources/restore.sh b/infrastructure/docker-backup/image/resources/restore.sh index 0d9d10d..2289ab2 100755 --- a/infrastructure/docker-backup/image/resources/restore.sh +++ b/infrastructure/docker-backup/image/resources/restore.sh @@ -23,12 +23,11 @@ function main() { # adjust file permissions for the git user chown -R 1000:1000 /var/backups - # TODO: Regenerate Git Hooks + # TODO: Regenerate Git Hooks? Do we need this? #/usr/local/bin/gitea -c '/data/gitea/conf/app.ini' admin regenerate hooks # Restore db drop-create-db - #restore-roles restore-db }