From 9fb75c395c01c93b3ccff88dc8ce84c32df71e38 Mon Sep 17 00:00:00 2001 From: jem Date: Sun, 13 Dec 2020 12:49:12 +0100 Subject: [PATCH] add role-creation & stream-restore --- .../docker/image/resources/backup.sh | 29 ++++++++++++------- infrastrucure/docker/image/resources/init.sh | 6 ++-- .../docker/image/resources/restore.sh | 28 +++++++++--------- 3 files changed, 36 insertions(+), 27 deletions(-) diff --git a/infrastrucure/docker/image/resources/backup.sh b/infrastrucure/docker/image/resources/backup.sh index 000a29a..5bb9d0c 100755 --- a/infrastrucure/docker/image/resources/backup.sh +++ b/infrastrucure/docker/image/resources/backup.sh @@ -13,21 +13,28 @@ function main() { file_env RESTIC_PASSWORD file_env RESTIC_DAYS_TO_KEEP 14 - # TODO: add a restic unlock stmt. # backup roles - pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only > roles.sql - # TODO: remove all without oc_ - restic -v -r ${RESTIC_REPOSITORY}/db-role backup --stdin - - # backup database dump - pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \ - -U ${POSTGRES_USER} --no-password --serializable-deferrable | \ - restic -v -r ${RESTIC_REPOSITORY}/db backup --stdin + restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache - restic -r ${RESTIC_REPOSITORY}/db forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only | + grep 'oc_' | + restic -v -r ${RESTIC_REPOSITORY}/pg-role backup --stdin + + restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + + # backup database dump + restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache + + pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \ + -U ${POSTGRES_USER} --no-password --serializable-deferrable | + restic -v -r ${RESTIC_REPOSITORY}/pg-database backup --stdin + + restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune # backup nextcloud filesystem - cd /var/backups/ && restic -r ${RESTIC_REPOSITORY}/files backup . + restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache + + cd /var/backups/ && restic -v -r ${RESTIC_REPOSITORY}/files backup . restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune } diff --git a/infrastrucure/docker/image/resources/init.sh b/infrastrucure/docker/image/resources/init.sh index e037ac1..e48a555 100755 --- a/infrastrucure/docker/image/resources/init.sh +++ b/infrastrucure/docker/image/resources/init.sh @@ -6,9 +6,9 @@ function main() { file_env RESTIC_PASSWORD_FILE - restic -r ${RESTIC_REPOSITORY}/db --verbose init - restic -r ${RESTIC_REPOSITORY}/db-role --verbose init - restic -r ${RESTIC_REPOSITORY}/files --verbose init + restic -r ${RESTIC_REPOSITORY}/pg-role -v init + restic -r ${RESTIC_REPOSITORY}/pg-database -v init + restic -r ${RESTIC_REPOSITORY}/files -v init } source /usr/local/lib/functions.sh diff --git a/infrastrucure/docker/image/resources/restore.sh b/infrastrucure/docker/image/resources/restore.sh index 813defc..e0c0c71 100755 --- a/infrastrucure/docker/image/resources/restore.sh +++ b/infrastrucure/docker/image/resources/restore.sh @@ -12,26 +12,28 @@ function main() { file_env RESTIC_PASSWORD - # files - rm -rf /var/backups/* - restic -v -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/ - - # db + # create new db psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ --no-password -c "DROP DATABASE \"${POSTGRES_DB}\";" psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ --no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";" - # TODO: restore roles - psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ - --no-password -c "CREATE ROLE oc_...;" - psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ - --no-password -c "ALTER ROLE oc_... WITH NOSUPERUSER INHERIT NOCREATEROLE CREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...';" + # restore roles + restic -v -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \ + psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ + --no-password - restic -v -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin - psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ - --no-password < test-stdin/stdin + # restore db + restic -v -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \ + psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ + --no-password + # files + rm -rf /var/backups/* + restic -v -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/ + + # adjust trusted domains + php /var/www/html/occ config:system:set trusted_domains 1 --value=cloud.test.meissa-gmbh.de } source /usr/local/lib/functions.sh