From 657ea56d3d763f130e8396a50332fbc72f1e3937 Mon Sep 17 00:00:00 2001 From: bom Date: Fri, 12 Nov 2021 09:54:17 +0100 Subject: [PATCH] added support for local certificate --- .../docker/image/resources/file-functions.sh | 66 +++++++++++--- .../docker/image/resources/pg-functions.sh | 90 ++++++++++++++----- 2 files changed, 122 insertions(+), 34 deletions(-) diff --git a/infrastructure/docker/image/resources/file-functions.sh b/infrastructure/docker/image/resources/file-functions.sh index 743135f..90abccf 100644 --- a/infrastructure/docker/image/resources/file-functions.sh +++ b/infrastructure/docker/image/resources/file-functions.sh @@ -1,34 +1,72 @@ +#! /bin/bash + function init-file-repo() { - restic -r ${RESTIC_REPOSITORY}/files -v init + local command="restic -r ${RESTIC_REPOSITORY}/files -v init" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command} --cacert ${CERTIFICATE_FILE} + else + ${command} + fi } - +# First arg is the directory, second is optional for the path to a certificate file function backup-directory() { local directory="$1"; shift - restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache" + local command-backup="cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup ." + local command-forget="restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune" - cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup . - - restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-backup} --cacert ${CERTIFICATE_FILE} + ${command-forget} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-backup} + ${command-forget} + fi } # First arg is the directory, the remaining args are the sub-directories (relative to the first directory) to backup. function backup-fs-from-directory() { local directory="$1"; shift - restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache - - cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup $@ - - restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache" + local command-backup="cd ${directory} && restic -v -r ${RESTIC_REPOSITORY}/files backup $@" + local command-forget="restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-backup} --cacert ${CERTIFICATE_FILE} + ${command-forget} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-backup} + ${command-forget} + fi + } function restore-directory() { local directory="$1"; shift - restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache" + local command-restore="restic -v -r $RESTIC_REPOSITORY/files restore latest --target ${directory}" - rm -rf ${directory}* - restic -v -r $RESTIC_REPOSITORY/files restore latest --target ${directory} + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + rm -rf ${directory}* + ${command-restore} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + rm -rf ${directory}* + ${command-restore} + fi + } \ No newline at end of file diff --git a/infrastructure/docker/image/resources/pg-functions.sh b/infrastructure/docker/image/resources/pg-functions.sh index cdf93f1..f0e7885 100644 --- a/infrastructure/docker/image/resources/pg-functions.sh +++ b/infrastructure/docker/image/resources/pg-functions.sh @@ -1,9 +1,25 @@ function init-role-repo() { - restic -r ${RESTIC_REPOSITORY}/pg-role -v init + + local command="restic -r ${RESTIC_REPOSITORY}/pg-role -v init" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command} --cacert ${CERTIFICATE_FILE} + else + ${command} + fi + } function init-database-repo() { - restic -r ${RESTIC_REPOSITORY}/pg-database -v init + local command="restic -r ${RESTIC_REPOSITORY}/pg-database -v init" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command} --cacert ${CERTIFICATE_FILE} + else + ${command} + fi } function drop-create-db() { @@ -24,37 +40,71 @@ function create-pg-pass() { function backup-roles() { local role_prefix="$1"; shift - restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache - - pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only | \ + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache" + local command-pg-dump="pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only | \ grep "${role_prefix}" | \ - restic -r ${RESTIC_REPOSITORY}/pg-role backup --stdin + restic -r ${RESTIC_REPOSITORY}/pg-role backup --stdin" + local command-forget="restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune" - restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-pg-dump} --cacert ${CERTIFICATE_FILE} + ${command-forget} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-pg-dump} + ${command-forget} + fi } function backup-db-dump() { - restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache - - pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \ + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache" + local command-pg-dump="pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \ -U ${POSTGRES_USER} --no-password --serializable-deferrable | \ - restic -r ${RESTIC_REPOSITORY}/pg-database backup --stdin + restic -r ${RESTIC_REPOSITORY}/pg-database backup --stdin" + local command-forget="restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune" - restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-pg-dump} --cacert ${CERTIFICATE_FILE} + ${command-forget} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-pg-dump} + ${command-forget} + fi } function restore-roles() { - restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache - - restic -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \ + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache" + local command-pg-dump="restic -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \ psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ - --no-password + --no-password" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-pg-dump} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-pg-dump} + fi } function restore-db() { - restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache - - restic -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \ + local command-unlock="restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache" + local command-pg-dump="restic -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \ psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ - --no-password + --no-password" + + if [ -z ${CERTIFICATE_FILE} ]; + then + ${command-unlock} --cacert ${CERTIFICATE_FILE} + ${command-pg-dump} --cacert ${CERTIFICATE_FILE} + else + ${command-unlock} + ${command-pg-dump} + fi } \ No newline at end of file