use deployment for manual backup restore

2021-10-01 13:43:37 +00:00 · 2021-10-01 13:43:37 +00:00 · 6115b0a121
commit 6115b0a121
parent 2966c2f0bf
11 changed files with 96 additions and 82 deletions
--- a/README.md
+++ b/README.md
@ -33,7 +33,7 @@ target/graalvm/c4k-jira src/test/resources/valid-config.edn src/test/resources/v

 ## Documentation
 * [Example Setup on Hetzner](doc/SetupOnHetzner.md)
-* [Backup and Restore](doc/BackupAndResotre.md)
+* [Backup and Restore](doc/BackupAndRestore.md)

 ## License

--- a/doc/BackupAndRestore.md
+++ b/doc/BackupAndRestore.md
@ -10,40 +10,40 @@
 ## Manual init the restic repository for the first time

 1. apply backup-and-restore pod:   
-   `kubectl apply -f src/main/resources/backup/backup-restore.yaml`
-1. exec into pod and execute restore pod   
-   `kubectl exec -it backup-restore -- /usr/local/bin/init.sh`
+   `kubectl scale deployment backup-restore --replicas=1`
+1. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
 1. remove backup-and-restore pod:   
-   `kubectl delete pod backup-restore
+   `kubectl scale deployment backup-restore --replicas=0`


 ## Manual backup the restic repository for the first time

 1.Create a jira export:    
  Jira > Settings > System -> Backup system
-1. Choose a filename `backup-filename.xml`. Your file will be stored to `/var/backup/export`.
+1. Choose a filename `backup-filename.zip`. Your file will be stored to `/var/backup/export`.
 1. apply backup-and-restore pod:   
-  `kubectl apply -f src/main/resources/backup/backup-restore.yaml`
-1. exec into pod and execute restore pod   
-   `kubectl exec -it backup-restore -- /usr/local/bin/backup.sh`
+  `kubectl scale deployment backup-restore --replicas=1`
+1. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/backup.sh`
 1. remove backup-and-restore pod:   
-   `kubectl delete pod backup-restore`
+   `kubectl scale deployment backup-restore --replicas=0`


 ## Manual restore

 1. apply backup-and-restore pod:   
-  `kubectl apply -f src/main/resources/backup/backup-restore.yaml`
-1. exec into pod and execute restore pod   
-   `kubectl exec -it backup-restore -- /usr/local/bin/restore.sh`
+  `kubectl scale deployment backup-restore --replicas=1`
+1. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/restore.sh`
 1. In case of already set up server:
   1. Import one of Jira exportet backups:   
      Jira > Settings > System > Restore System
-   1. Choose one of your bakcuped files located at `/var/jira/restic-restore/export/`.   
-      E.g. `/var/jira/restic-restore/export/backup-filename.xml`.
+   1. Choose one of your backuped files located at `/var/jira/import/`.   
+      E.g. `backup-filename.zip`.
 1. In case of installation wizzard:
   1. Choose restore from backup
-   1. Choose one of your bakcuped files located at `/var/jira/restic-restore/export/`.   
-      E.g. `/var/jira/restic-restore/export/backup-filename.xml`
+   1. Choose one of your backuped files located at `/var/jira/import/`.   
+      E.g. `backup-filename.zip`
 1. remove backup-and-restore pod:   
-   `kubectl delete pod backup-restore`
+   `kubectl scale deployment backup-restore --replicas=0`
--- a/infrastructure/docker-backup/image/resources/backup.sh
+++ b/infrastructure/docker-backup/image/resources/backup.sh
@ -7,8 +7,7 @@ function main() {
    file_env AWS_SECRET_ACCESS_KEY
    file_env RESTIC_DAYS_TO_KEEP 14

-    backup-roles ""
-    backup-fs-from-directory '/var/backups/' 'data/'
+    backup-fs-from-directory '/var/backups/' 'export/'
 }

 source /usr/local/lib/functions.sh
--- a/infrastructure/docker-backup/image/resources/restore.sh
+++ b/infrastructure/docker-backup/image/resources/restore.sh
@ -7,15 +7,12 @@ function main() {
    file_env AWS_ACCESS_KEY_ID
    file_env AWS_SECRET_ACCESS_KEY

-    # Restore latest snapshot into /var/backups/restic-restore
-    rm -rf /var/backups/restic-restore
-    restore-directory '/var/backups/restic-restore'
+    # Restore latest snapshot into /var/backups/restore
+    rm -rf /var/backups/restore
+    restore-directory '/var/backups/restore'

-    # Restore data dir backup
-    rm -rf /var/backups/data/*
-    cp -a /var/backups/restic-restore/data/* /var/backups/data
-
-    # /opt/atlassian-jira-software-standalone/bin/start-jira.sh
+    cp /var/backups/restore/export/*.zip /var/backups/import/
+    chown 901:901 /var/backups/import/*.zip
 }

 source /usr/local/lib/functions.sh
--- a/infrastructure/docker-backup/test/Dockerfile
+++ b/infrastructure/docker-backup/test/Dockerfile
@ -1,5 +1,8 @@
 FROM c4k-jira-backup

+RUN apt update
+RUN apt -yqq --no-install-recommends --yes install curl default-jre-headless
+
 RUN curl -L -o /tmp/serverspec.jar \
    https://github.com/DomainDrivenArchitecture/dda-serverspec-crate/releases/download/2.0.0/dda-serverspec-standalone.jar

--- a/src/main/cljc/dda/c4k_jira/backup.cljc
+++ b/src/main/cljc/dda/c4k_jira/backup.cljc
@ -4,12 +4,13 @@
  #?(:cljs [shadow.resource :as rc])
  [dda.c4k-common.yaml :as yaml]
  [dda.c4k-common.base64 :as b64]
-  [dda.c4k-common.common :as cm]))
+  [dda.c4k-common.common :as cm]
+  [dda.c4k-common.prefixes :as pf]))

-(s/def ::aws-access-key-id cm/bash-env-string?)
-(s/def ::aws-secret-access-key cm/bash-env-string?)
-(s/def ::restic-password cm/bash-env-string?)
-(s/def ::restic-repository cm/bash-env-string?)
+(s/def ::aws-access-key-id pf/bash-env-string?)
+(s/def ::aws-secret-access-key pf/bash-env-string?)
+(s/def ::restic-password pf/bash-env-string?)
+(s/def ::restic-repository pf/bash-env-string?)

 #?(:cljs
   (defmethod yaml/load-resource :backup [resource-name]
@ -17,6 +18,7 @@
       "backup/config.yaml" (rc/inline "backup/config.yaml")
       "backup/cron.yaml" (rc/inline "backup/cron.yaml")
       "backup/secret.yaml" (rc/inline "backup/secret.yaml")
+       "backup/backup-restore-deployment.yaml" (rc/inline "backup/backup-restore-deployment.yaml")
       (throw (js/Error. "Undefined Resource!")))))

 (defn generate-config [my-conf]
@ -28,6 +30,9 @@
 (defn generate-cron []
   (yaml/from-string (yaml/load-resource "backup/cron.yaml")))

+(defn generate-backup-restore-deployment []
+  (yaml/from-string (yaml/load-resource "backup/backup-restore-deployment.yaml")))
+
 (defn generate-secret [my-auth]
  (let [{:keys [aws-access-key-id aws-secret-access-key restic-password]} my-auth]
    (->
--- a/src/main/cljc/dda/c4k_jira/core.cljc
+++ b/src/main/cljc/dda/c4k_jira/core.cljc
@ -39,7 +39,8 @@
           (when (contains? config :restic-repository)
             [(yaml/to-string (backup/generate-config config))
              (yaml/to-string (backup/generate-secret config))
-              (yaml/to-string (backup/generate-cron))]))))
+              (yaml/to-string (backup/generate-cron))
+              (yaml/to-string (backup/generate-backup-restore-deployment))]))))

 (defn-spec generate any?
  [my-config config?
--- a/src/main/cljs/dda/c4k_jira/browser.cljs
+++ b/src/main/cljs/dda/c4k_jira/browser.cljs
@ -15,11 +15,11 @@
                                            (br/generate-input-field "restic-repository" "(Optional) Your restic-repository:" "restic-repository" "dda.c4k_jira.browser")
                                            (br/generate-input-field "issuer" "(Optional) Your issuer prod/staging:" "" "dda.c4k_jira.browser")
                                            [(br/generate-br)]
-                                            (br/generate-text-area "auth" "Your auth.edn:" "{:postgres-db-user \" jira \"
-         :postgres-db-password \" jira-db-password \"
-         :aws-access-key-id \" aws-id \"
-         :aws-secret-access-key \" aws-secret \"
-         :restic-password \" restic-password \"}"
+                                            (br/generate-text-area "auth" "Your auth.edn:" "{:postgres-db-user \"jira\"
+         :postgres-db-password \"jira-db-password\"
+         :aws-access-key-id \"aws-id\"
+         :aws-secret-access-key \"aws-secret\"
+         :restic-password \"restic-password\"}"
                                                                   "5" "dda.c4k_jira.browser")
                                            [(br/generate-br)]
                                            (br/generate-button "generate-button" "Generate c4k yaml"))))]
--- a/src/main/resources/backup/backup-restore-deployment.yaml
+++ b/src/main/resources/backup/backup-restore-deployment.yaml
@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backup-restore
+spec:
+  replicas: 0
+  selector:
+    matchLabels:
+      app: backup-restore
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: backup-restore
+        app.kubernetes.io/name: backup-restore
+        app.kubernetes.io/part-of: jira
+    spec:
+      containers:
+      - image: domaindrivenarchitecture/c4k-jira-backup
+        name: backup-app
+        imagePullPolicy: IfNotPresent
+        command: ["/entrypoint-start-and-wait.sh"]
+        env:
+        - name: AWS_DEFAULT_REGION
+          value: eu-central-1
+        - name: AWS_ACCESS_KEY_ID_FILE
+          value: /var/run/secrets/backup-secrets/aws-access-key-id
+        - name: AWS_SECRET_ACCESS_KEY_FILE
+          value: /var/run/secrets/backup-secrets/aws-secret-access-key
+        - name: RESTIC_REPOSITORY
+          valueFrom:
+            configMapKeyRef:
+              name: backup-config
+              key: restic-repository
+        - name: RESTIC_PASSWORD_FILE
+          value: /var/run/secrets/backup-secrets/restic-password
+        volumeMounts:
+        - name: jira-data-volume
+          mountPath: /var/backups
+        - name: backup-secret-volume
+          mountPath: /var/run/secrets/backup-secrets
+          readOnly: true
+      volumes:
+      - name: jira-data-volume
+        persistentVolumeClaim:
+          claimName: jira-pvc
+      - name: backup-secret-volume
+        secret:
+          secretName: backup-secret
--- a/src/main/resources/backup/backup-restore.yaml
+++ b/src/main/resources/backup/backup-restore.yaml
@ -1,41 +0,0 @@
-kind: Pod
-apiVersion: v1
-metadata:
-  name: backup-restore
-  labels:
-    app.kubernetes.io/name: backup-restore
-    app.kubernetes.io/part-of: jira
-spec:
-  containers:
-  - name: backup-app
-    image: domaindrivenarchitecture/c4k-jira-backup
-    imagePullPolicy: IfNotPresent
-    command: ["/entrypoint-start-and-wait.sh"]
-    env:
-    - name: AWS_DEFAULT_REGION
-      value: eu-central-1
-    - name: AWS_ACCESS_KEY_ID_FILE
-      value: /var/run/secrets/backup-secrets/aws-access-key-id
-    - name: AWS_SECRET_ACCESS_KEY_FILE
-      value: /var/run/secrets/backup-secrets/aws-secret-access-key
-    - name: RESTIC_REPOSITORY
-      valueFrom:
-        configMapKeyRef:
-          name: backup-config
-          key: restic-repository
-    - name: RESTIC_PASSWORD_FILE
-      value: /var/run/secrets/backup-secrets/restic-password
-    volumeMounts:
-    - name: jira-data-volume
-      mountPath: /var/backups
-    - name: backup-secret-volume
-      mountPath: /var/run/secrets/backup-secrets
-      readOnly: true
-  volumes:
-  - name: jira-data-volume
-    persistentVolumeClaim:
-      claimName: jira-pvc
-  - name: backup-secret-volume
-    secret:
-      secretName: backup-secret
-  restartPolicy: OnFailure
--- a/src/test/cljc/dda/c4k_jira/core_test.cljc
+++ b/src/test/cljc/dda/c4k_jira/core_test.cljc
@ -5,7 +5,7 @@
   [dda.c4k-jira.core :as cut]))

 (deftest should-k8s-objects
-  (is (= 15
+  (is (= 16
         (count (cut/k8s-objects {:fqdn "jira-neu.prod.meissa-gmbh.de"
                                  :postgres-db-user "jira"
                                  :postgres-db-password "jira-db-password"
@ -16,7 +16,7 @@
                                  :aws-secret-access-key "aws-secret"
                                  :restic-password "restic-pw"
                                  :restic-repository "restic-repository"}))))
-  (is (= 13
+  (is (= 14
         (count (cut/k8s-objects {:fqdn "jira-neu.prod.meissa-gmbh.de"
                                  :postgres-db-user "jira"
                                  :postgres-db-password "jira-db-password"