meissa/c4k-nextcloud
6
0
Fork 0
Code Issues Pull requests Projects Releases27 Packages Wiki Activity

backup: use config data instead of code

Browse source
This commit is contained in:
Michael Jerger 2025-01-13 13:50:45 +01:00
parent 6c7c38b25b
commit 1003aa7a27
11 changed files with 91 additions and 150 deletions

20
doc/BackupAndRestore.md
View file

@ -18,20 +18,16 @@
## Manual restore
1. Scale Cloud deployment down:
`kubectl -n nextcloud scale deployment cloud-deployment --replicas=0`
2. Scale backup-restore deployment up:
1. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
3. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- restore.bb`
4. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
5. Scale Cloud deployment up:
`kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
## Change Password
1. Apply restic-new-password to secret & backup deployment
1. Check restic-new-password env is set in backup deployment
```
kind: Deployment
metadata:
@ -43,7 +39,9 @@
env:
- name: RESTIC_NEW_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-new-password
---
```
2. Add restic-new-password to secret
```
kind: Secret
metadata:
name: backup-secret
@ -51,13 +49,13 @@
restic-password: old
restic-new-password: new
```
2. Scale backup-restore deployment up:
3. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
3. exec into pod and execute restore pod
4. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- change-password.bb`
4. Scale backup-restore deployment down:
5. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
5. Replace restic-password with restic-new-password in secret
6. Replace restic-password with restic-new-password in secret
```
kind: Secret
metadata:

2
infrastructure/backup/image/Dockerfile
View file

@ -1,4 +1,4 @@
FROM domaindrivenarchitecture/dda-backup:5.2.1
FROM domaindrivenarchitecture/dda-backup:5.3.0
# Prepare Entrypoint Script
ADD resources /tmp

27
infrastructure/backup/image/resources/backup.bb
View file

@ -1,32 +1,31 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[config :as cf])
'[dda.backup.backup :as bak])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn restic-repo-init!
[]
(rc/init! cf/file-config)
(rc/init! cf/db-role-config)
(rc/init! cf/db-config))
(rc/init! (:file-config config))
(rc/init! (:db-role-config config))
(rc/init! (:db-config config)))
(defn restic-backup!
[]
(bak/backup-file! cf/file-config)
(bak/backup-db-roles! cf/db-role-config)
(bak/backup-db! cf/db-config))
(bak/backup-file! (:file-config config))
(bak/backup-db-roles! (:db-role-config config))
(bak/backup-db! (:db-config config)))
(t/shell "start-maintenance.sh")
(prepare!)

1
infrastructure/backup/image/resources/bb-backup.edn
View file

@ -1,3 +1,4 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
aero/aero {:mvn/version "1.1.6"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}

21
infrastructure/backup/image/resources/change-password.bb
View file

@ -1,20 +1,21 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[config :as cf])
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc])
(def file-pw-change-config (merge cf/file-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def db-pw-change-config (merge cf/db-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def db-role-pw-change-config (merge cf/db-role-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(def file-pw-change-config (merge (:file-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def db-role-pw-change-config (merge (:db-role-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def db-pw-change-config (merge (:db-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config))
(bc/create-aws-credentials! (:aws-config config)))
(defn change-password!
[]

61
infrastructure/backup/image/resources/config.clj
View file

@ -1,61 +0,0 @@
(ns config
(:require
[dda.backup.core :as bc]))
(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
:restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
(def file-config (merge restic-repo {:backup-path "files"
:execution-directory "/var/backups"
:restore-target-directory "/var/backups/"
:files ["."]}))
(def file-restore-config (merge restic-repo {:backup-path "files"
:restore-target-directory "/var/backups/"
:clean-up-elements [".htaccess"
".reuse/"
".user.ini"
"3rdparty/"
"apps/"
"composer.json"
"composer.lock"
"console.php"
"core/"
"cron.php"
"custom_apps/"
"data/"
"dist/"
"index.html"
"index.php"
"lib/"
"ocs/"
"ocs-provider/"
"package-lock.json"
"package.json"
"public.php"
"remote.php"
"resources"
"robots.txt"
"status.php"
"themes/"
"version.php"]}))
(def db-config (merge restic-repo {:backup-path "pg-database"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def db-role-config (merge restic-repo {:backup-path "pg-role"
:pg-role-prefix "oc_"
:pg-host (bc/env-or-file "POSTGRES_SERVICE")
:pg-port (bc/env-or-file "POSTGRES_PORT")
:pg-db (bc/env-or-file "POSTGRES_DB")
:pg-user (bc/env-or-file "POSTGRES_USER")
:pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
:aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
(def dry-run {:dry-run true :debug true})

2
infrastructure/backup/image/resources/install.bb
View file

@ -6,7 +6,7 @@
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0440")
(in/install! "config.clj" :mod "0440")
(in/install! "config.edn" :mod "0440")
(in/install! "init.bb")
(in/install! "backup.bb")
(in/install! "restore.bb")

19
infrastructure/backup/image/resources/list-snapshots.bb
View file

@ -1,22 +1,21 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[dda.backup.core :as bc]
'[dda.backup.restic :as rc]
'[config :as cf])
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config))
(bc/create-aws-credentials! (:aws-config config)))
(defn list-snapshots!
[]
(rc/list-snapshots! cf/file-config)
(rc/list-snapshots! cf/db-role-config)
(rc/list-snapshots! cf/db-config))
(rc/list-snapshots! (:file-config config))
(rc/list-snapshots! (:db-role-config config))
(rc/list-snapshots! (:db-config config)))
(prepare!)
(list-snapshots!)

23
infrastructure/backup/image/resources/restore.bb
View file

@ -1,27 +1,24 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.postgresql :as pg]
'[dda.backup.restore :as rs]
'[config :as cf])
'[dda.backup.restore :as rs])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn restic-restore!
[]
(pg/drop-create-db! cf/db-config)
(rs/restore-db-roles! cf/db-role-config)
(rs/restore-db! cf/db-config)
(rs/restore-file! cf/file-restore-config)
)
(pg/drop-create-db! (:db-config config))
(rs/restore-db-roles! (:db-role-config config))
(rs/restore-db! (:db-config config))
(rs/restore-file! (:file-restore-config config)))
(t/shell "start-maintenance.sh")
(prepare!)

16
infrastructure/backup/image/resources/wait.bb
View file

@ -1,21 +1,19 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require
'[dda.backup.core :as bc]
'[dda.backup.postgresql :as pg]
'[config :as cf])
'[dda.backup.config :as cfg]
'[dda.backup.postgresql :as pg])
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
(bc/create-aws-credentials! cf/aws-config)
(pg/create-pg-pass! cf/db-config))
(bc/create-aws-credentials! (:aws-config config))
(pg/create-pg-pass! (:db-config config)))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
(wait!)
(wait!)

49
infrastructure/backup/test/resources/test.bb
View file

@ -1,17 +1,16 @@
#!/usr/bin/env bb
(require
'[babashka.fs :as fs])
(-> "/usr/local/bin/config.clj" fs/file load-file)
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
'[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
'[dda.backup.restore :as rs]
'[config :as cf])
'[dda.backup.restore :as rs])
(def file-pw-change-config (merge cf/file-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(def config (cfg/read-config "/usr/local/bin/config.edn"))
(def file-pw-change-config (merge (:file-config config)
{:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
@ -21,29 +20,39 @@
(defn restic-repo-init!
[]
(rc/init! cf/file-config)
(rc/init! (merge cf/db-role-config cf/dry-run))
(rc/init! (merge cf/db-config cf/dry-run)))
(rc/init! (:file-config config))
(rc/init! (merge (:db-role-config config)
(:dry-run config)))
(rc/init! (merge (:db-config config)
(:dry-run config))))
(defn restic-backup!
[]
(bak/backup-file! cf/file-config)
(bak/backup-db-roles! (merge cf/db-role-config cf/dry-run))
(bak/backup-db! (merge cf/db-config cf/dry-run)))
(bak/backup-file! (:file-config config))
(bak/backup-db-roles! (merge (:db-role-config config)
(:dry-run config)))
(bak/backup-db! (merge (:db-config config)
(:dry-run config))))
(defn list-snapshots!
[]
(rc/list-snapshots! cf/file-config)
(rc/list-snapshots! (merge cf/db-role-config cf/dry-run))
(rc/list-snapshots! (merge cf/db-config cf/dry-run)))
(rc/list-snapshots! (:file-config config))
(rc/list-snapshots! (merge (:db-role-config config)
(:dry-run config)))
(rc/list-snapshots! (merge (:db-config config)
(:dry-run config))))
(defn restic-restore!
[]
(pg/drop-create-db! (merge cf/db-config cf/dry-run))
(rs/restore-db-roles! (merge cf/db-role-config cf/dry-run))
(rs/restore-db! (merge cf/db-config cf/dry-run))
(rs/restore-file! (merge cf/file-restore-config cf/dry-run)))
(pg/drop-create-db! (merge (:db-config config)
(:dry-run config)))
(rs/restore-db-roles! (merge (:db-role-config config)
(:dry-run config)))
(rs/restore-db! (merge (:db-config config)
(:dry-run config)))
(rs/restore-file! (merge (:file-restore-config config)
(:dry-run config))))
(defn change-password!
[]