From 1003aa7a277177f4b6139e8c472509fd6543552e Mon Sep 17 00:00:00 2001
From: Michael Jerger <michael.jerger@meissa-gmbh.de>
Date: Mon, 13 Jan 2025 13:50:45 +0100
Subject: [PATCH] backup: use config data instead of code
---
doc/BackupAndRestore.md | 20 +++---
infrastructure/backup/image/Dockerfile | 2 +-
.../backup/image/resources/backup.bb | 27 ++++----
.../backup/image/resources/bb-backup.edn | 1 +
.../backup/image/resources/change-password.bb | 21 ++++---
.../backup/image/resources/config.clj | 61 -------------------
.../backup/image/resources/install.bb | 2 +-
.../backup/image/resources/list-snapshots.bb | 19 +++---
.../backup/image/resources/restore.bb | 23 +++----
infrastructure/backup/image/resources/wait.bb | 16 +++--
infrastructure/backup/test/resources/test.bb | 49 +++++++++------
11 files changed, 91 insertions(+), 150 deletions(-)
delete mode 100644 infrastructure/backup/image/resources/config.clj
diff --git a/doc/BackupAndRestore.md b/doc/BackupAndRestore.md
index 2e4b10e..57f0893 100644
--- a/doc/BackupAndRestore.md
+++ b/doc/BackupAndRestore.md
@@ -18,20 +18,16 @@
## Manual restore
-1. Scale Cloud deployment down:
- `kubectl -n nextcloud scale deployment cloud-deployment --replicas=0`
-2. Scale backup-restore deployment up:
+1. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
3. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- restore.bb`
4. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
-5. Scale Cloud deployment up:
- `kubectl -n nextcloud scale deployment cloud-deployment --replicas=1`
## Change Password
-1. Apply restic-new-password to secret & backup deployment
+1. Check restic-new-password env is set in backup deployment
```
kind: Deployment
metadata:
@@ -43,7 +39,9 @@
env:
- name: RESTIC_NEW_PASSWORD_FILE
value: /var/run/secrets/backup-secrets/restic-new-password
- ---
+ ```
+2. Add restic-new-password to secret
+ ```
kind: Secret
metadata:
name: backup-secret
@@ -51,13 +49,13 @@
restic-password: old
restic-new-password: new
```
-2. Scale backup-restore deployment up:
+3. Scale backup-restore deployment up:
`kubectl -n nextcloud scale deployment backup-restore --replicas=1`
-3. exec into pod and execute restore pod
+4. exec into pod and execute restore pod
`kubectl -n nextcloud exec -it backup-restore -- change-password.bb`
-4. Scale backup-restore deployment down:
+5. Scale backup-restore deployment down:
`kubectl -n nextcloud scale deployment backup-restore --replicas=0`
-5. Replace restic-password with restic-new-password in secret
+6. Replace restic-password with restic-new-password in secret
```
kind: Secret
metadata:
diff --git a/infrastructure/backup/image/Dockerfile b/infrastructure/backup/image/Dockerfile
index 02a85be..69f7040 100644
--- a/infrastructure/backup/image/Dockerfile
+++ b/infrastructure/backup/image/Dockerfile
@@ -1,4 +1,4 @@
-FROM domaindrivenarchitecture/dda-backup:5.2.1
+FROM domaindrivenarchitecture/dda-backup:5.3.0
# Prepare Entrypoint Script
ADD resources /tmp
diff --git a/infrastructure/backup/image/resources/backup.bb b/infrastructure/backup/image/resources/backup.bb
index b2e9acc..da49f11 100755
--- a/infrastructure/backup/image/resources/backup.bb
+++ b/infrastructure/backup/image/resources/backup.bb
@@ -1,32 +1,31 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
+ '[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
- '[dda.backup.backup :as bak]
- '[config :as cf])
+ '[dda.backup.backup :as bak])
+
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
+
(defn prepare!
[]
- (bc/create-aws-credentials! cf/aws-config)
- (pg/create-pg-pass! cf/db-config))
+ (bc/create-aws-credentials! (:aws-config config))
+ (pg/create-pg-pass! (:db-config config)))
(defn restic-repo-init!
[]
- (rc/init! cf/file-config)
- (rc/init! cf/db-role-config)
- (rc/init! cf/db-config))
+ (rc/init! (:file-config config))
+ (rc/init! (:db-role-config config))
+ (rc/init! (:db-config config)))
(defn restic-backup!
[]
- (bak/backup-file! cf/file-config)
- (bak/backup-db-roles! cf/db-role-config)
- (bak/backup-db! cf/db-config))
+ (bak/backup-file! (:file-config config))
+ (bak/backup-db-roles! (:db-role-config config))
+ (bak/backup-db! (:db-config config)))
(t/shell "start-maintenance.sh")
(prepare!)
diff --git a/infrastructure/backup/image/resources/bb-backup.edn b/infrastructure/backup/image/resources/bb-backup.edn
index 1a7297a..11e9d9c 100644
--- a/infrastructure/backup/image/resources/bb-backup.edn
+++ b/infrastructure/backup/image/resources/bb-backup.edn
@@ -1,3 +1,4 @@
{:deps {org.clojure/spec.alpha {:mvn/version "0.4.233"}
orchestra/orchestra {:mvn/version "2021.01.01-1"}
+ aero/aero {:mvn/version "1.1.6"}
org.domaindrivenarchitecture/dda-backup {:local/root "/usr/local/lib/dda-backup"}}}
diff --git a/infrastructure/backup/image/resources/change-password.bb b/infrastructure/backup/image/resources/change-password.bb
index d8c1b82..4746a1e 100755
--- a/infrastructure/backup/image/resources/change-password.bb
+++ b/infrastructure/backup/image/resources/change-password.bb
@@ -1,20 +1,21 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require
'[dda.backup.core :as bc]
- '[dda.backup.restic :as rc]
- '[config :as cf])
+ '[dda.backup.config :as cfg]
+ '[dda.backup.restic :as rc])
-(def file-pw-change-config (merge cf/file-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
-(def db-pw-change-config (merge cf/db-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
-(def db-role-pw-change-config (merge cf/db-role-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
+
+(def file-pw-change-config (merge (:file-config config)
+ {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
+(def db-role-pw-change-config (merge (:db-role-config config)
+ {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
+(def db-pw-change-config (merge (:db-config config)
+ {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
- (bc/create-aws-credentials! cf/aws-config))
+ (bc/create-aws-credentials! (:aws-config config)))
(defn change-password!
[]
diff --git a/infrastructure/backup/image/resources/config.clj b/infrastructure/backup/image/resources/config.clj
deleted file mode 100644
index 9386f02..0000000
--- a/infrastructure/backup/image/resources/config.clj
+++ /dev/null
@@ -1,61 +0,0 @@
-(ns config
- (:require
- [dda.backup.core :as bc]))
-
-(def restic-repo {:password-file (bc/env-or-file "RESTIC_PASSWORD_FILE")
- :restic-repository (bc/env-or-file "RESTIC_REPOSITORY")})
-
-(def file-config (merge restic-repo {:backup-path "files"
- :execution-directory "/var/backups"
- :restore-target-directory "/var/backups/"
- :files ["."]}))
-
-(def file-restore-config (merge restic-repo {:backup-path "files"
- :restore-target-directory "/var/backups/"
- :clean-up-elements [".htaccess"
- ".reuse/"
- ".user.ini"
- "3rdparty/"
- "apps/"
- "composer.json"
- "composer.lock"
- "console.php"
- "core/"
- "cron.php"
- "custom_apps/"
- "data/"
- "dist/"
- "index.html"
- "index.php"
- "lib/"
- "ocs/"
- "ocs-provider/"
- "package-lock.json"
- "package.json"
- "public.php"
- "remote.php"
- "resources"
- "robots.txt"
- "status.php"
- "themes/"
- "version.php"]}))
-
-(def db-config (merge restic-repo {:backup-path "pg-database"
- :pg-host (bc/env-or-file "POSTGRES_SERVICE")
- :pg-port (bc/env-or-file "POSTGRES_PORT")
- :pg-db (bc/env-or-file "POSTGRES_DB")
- :pg-user (bc/env-or-file "POSTGRES_USER")
- :pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
-
-(def db-role-config (merge restic-repo {:backup-path "pg-role"
- :pg-role-prefix "oc_"
- :pg-host (bc/env-or-file "POSTGRES_SERVICE")
- :pg-port (bc/env-or-file "POSTGRES_PORT")
- :pg-db (bc/env-or-file "POSTGRES_DB")
- :pg-user (bc/env-or-file "POSTGRES_USER")
- :pg-password (bc/env-or-file "POSTGRES_PASSWORD")}))
-
-(def aws-config {:aws-access-key-id (bc/env-or-file "AWS_ACCESS_KEY_ID")
- :aws-secret-access-key (bc/env-or-file "AWS_SECRET_ACCESS_KEY")})
-
-(def dry-run {:dry-run true :debug true})
diff --git a/infrastructure/backup/image/resources/install.bb b/infrastructure/backup/image/resources/install.bb
index 9ae0e86..e39557f 100755
--- a/infrastructure/backup/image/resources/install.bb
+++ b/infrastructure/backup/image/resources/install.bb
@@ -6,7 +6,7 @@
(ub/upgrade-system!)
(in/install! "bb-backup.edn" :target-name "bb.edn" :mod "0440")
-(in/install! "config.clj" :mod "0440")
+(in/install! "config.edn" :mod "0440")
(in/install! "init.bb")
(in/install! "backup.bb")
(in/install! "restore.bb")
diff --git a/infrastructure/backup/image/resources/list-snapshots.bb b/infrastructure/backup/image/resources/list-snapshots.bb
index fb97cdd..178b27a 100755
--- a/infrastructure/backup/image/resources/list-snapshots.bb
+++ b/infrastructure/backup/image/resources/list-snapshots.bb
@@ -1,22 +1,21 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require
'[dda.backup.core :as bc]
- '[dda.backup.restic :as rc]
- '[config :as cf])
+ '[dda.backup.config :as cfg]
+ '[dda.backup.restic :as rc])
+
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
+
(defn prepare!
[]
- (bc/create-aws-credentials! cf/aws-config))
+ (bc/create-aws-credentials! (:aws-config config)))
(defn list-snapshots!
[]
- (rc/list-snapshots! cf/file-config)
- (rc/list-snapshots! cf/db-role-config)
- (rc/list-snapshots! cf/db-config))
+ (rc/list-snapshots! (:file-config config))
+ (rc/list-snapshots! (:db-role-config config))
+ (rc/list-snapshots! (:db-config config)))
(prepare!)
(list-snapshots!)
diff --git a/infrastructure/backup/image/resources/restore.bb b/infrastructure/backup/image/resources/restore.bb
index 5f41f21..09bd358 100755
--- a/infrastructure/backup/image/resources/restore.bb
+++ b/infrastructure/backup/image/resources/restore.bb
@@ -1,27 +1,24 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require
'[babashka.tasks :as t]
'[dda.backup.core :as bc]
+ '[dda.backup.config :as cfg]
'[dda.backup.postgresql :as pg]
- '[dda.backup.restore :as rs]
- '[config :as cf])
+ '[dda.backup.restore :as rs])
+
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
- (bc/create-aws-credentials! cf/aws-config)
- (pg/create-pg-pass! cf/db-config))
+ (bc/create-aws-credentials! (:aws-config config))
+ (pg/create-pg-pass! (:db-config config)))
(defn restic-restore!
[]
- (pg/drop-create-db! cf/db-config)
- (rs/restore-db-roles! cf/db-role-config)
- (rs/restore-db! cf/db-config)
- (rs/restore-file! cf/file-restore-config)
- )
+ (pg/drop-create-db! (:db-config config))
+ (rs/restore-db-roles! (:db-role-config config))
+ (rs/restore-db! (:db-config config))
+ (rs/restore-file! (:file-restore-config config)))
(t/shell "start-maintenance.sh")
(prepare!)
diff --git a/infrastructure/backup/image/resources/wait.bb b/infrastructure/backup/image/resources/wait.bb
index 620b789..bd0ecd9 100755
--- a/infrastructure/backup/image/resources/wait.bb
+++ b/infrastructure/backup/image/resources/wait.bb
@@ -1,21 +1,19 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require
'[dda.backup.core :as bc]
- '[dda.backup.postgresql :as pg]
- '[config :as cf])
+ '[dda.backup.config :as cfg]
+ '[dda.backup.postgresql :as pg])
+
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
(defn prepare!
[]
- (bc/create-aws-credentials! cf/aws-config)
- (pg/create-pg-pass! cf/db-config))
+ (bc/create-aws-credentials! (:aws-config config))
+ (pg/create-pg-pass! (:db-config config)))
(defn wait! []
(while true
(Thread/sleep 1000)))
(prepare!)
-(wait!)
\ No newline at end of file
+(wait!)
diff --git a/infrastructure/backup/test/resources/test.bb b/infrastructure/backup/test/resources/test.bb
index 203fd27..83e51b8 100755
--- a/infrastructure/backup/test/resources/test.bb
+++ b/infrastructure/backup/test/resources/test.bb
@@ -1,17 +1,16 @@
#!/usr/bin/env bb
-(require
- '[babashka.fs :as fs])
-(-> "/usr/local/bin/config.clj" fs/file load-file)
-
(require '[babashka.tasks :as tasks]
'[dda.backup.core :as bc]
+ '[dda.backup.config :as cfg]
'[dda.backup.restic :as rc]
'[dda.backup.postgresql :as pg]
'[dda.backup.backup :as bak]
- '[dda.backup.restore :as rs]
- '[config :as cf])
+ '[dda.backup.restore :as rs])
-(def file-pw-change-config (merge cf/file-config {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
+(def config (cfg/read-config "/usr/local/bin/config.edn"))
+
+(def file-pw-change-config (merge (:file-config config)
+ {:new-password-file (bc/env-or-file "RESTIC_NEW_PASSWORD_FILE")}))
(defn prepare!
[]
@@ -21,29 +20,39 @@
(defn restic-repo-init!
[]
- (rc/init! cf/file-config)
- (rc/init! (merge cf/db-role-config cf/dry-run))
- (rc/init! (merge cf/db-config cf/dry-run)))
+ (rc/init! (:file-config config))
+ (rc/init! (merge (:db-role-config config)
+ (:dry-run config)))
+ (rc/init! (merge (:db-config config)
+ (:dry-run config))))
(defn restic-backup!
[]
- (bak/backup-file! cf/file-config)
- (bak/backup-db-roles! (merge cf/db-role-config cf/dry-run))
- (bak/backup-db! (merge cf/db-config cf/dry-run)))
+ (bak/backup-file! (:file-config config))
+ (bak/backup-db-roles! (merge (:db-role-config config)
+ (:dry-run config)))
+ (bak/backup-db! (merge (:db-config config)
+ (:dry-run config))))
(defn list-snapshots!
[]
- (rc/list-snapshots! cf/file-config)
- (rc/list-snapshots! (merge cf/db-role-config cf/dry-run))
- (rc/list-snapshots! (merge cf/db-config cf/dry-run)))
+ (rc/list-snapshots! (:file-config config))
+ (rc/list-snapshots! (merge (:db-role-config config)
+ (:dry-run config)))
+ (rc/list-snapshots! (merge (:db-config config)
+ (:dry-run config))))
(defn restic-restore!
[]
- (pg/drop-create-db! (merge cf/db-config cf/dry-run))
- (rs/restore-db-roles! (merge cf/db-role-config cf/dry-run))
- (rs/restore-db! (merge cf/db-config cf/dry-run))
- (rs/restore-file! (merge cf/file-restore-config cf/dry-run)))
+ (pg/drop-create-db! (merge (:db-config config)
+ (:dry-run config)))
+ (rs/restore-db-roles! (merge (:db-role-config config)
+ (:dry-run config)))
+ (rs/restore-db! (merge (:db-config config)
+ (:dry-run config)))
+ (rs/restore-file! (merge (:file-restore-config config)
+ (:dry-run config))))
(defn change-password!
[]