add role-creation & stream-restore

2020-12-13 12:49:12 +01:00 · 2020-12-13 12:49:12 +01:00 · 9fb75c395c
commit 9fb75c395c
parent d6b3110e39
3 changed files with 36 additions and 27 deletions
--- a/infrastrucure/docker/image/resources/backup.sh
+++ b/infrastrucure/docker/image/resources/backup.sh
@ -13,21 +13,28 @@ function main() {
    file_env RESTIC_PASSWORD
    file_env RESTIC_DAYS_TO_KEEP 14

-    # TODO: add a restic unlock stmt.
    # backup roles
-    pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only > roles.sql
-    # TODO: remove all without oc_
-    restic -v -r ${RESTIC_REPOSITORY}/db-role backup --stdin
+    restic -v -r ${RESTIC_REPOSITORY}/pg-role unlock --cleanup-cache
+
+    pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only |
+        grep 'oc_' |
+        restic -v -r ${RESTIC_REPOSITORY}/pg-role backup --stdin
+
+    restic -v -r ${RESTIC_REPOSITORY}/pg-role forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune

    # backup database dump
-    pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
-        -U ${POSTGRES_USER} --no-password --serializable-deferrable | \
-        restic -v -r ${RESTIC_REPOSITORY}/db backup --stdin
+    restic -v -r ${RESTIC_REPOSITORY}/pg-database unlock --cleanup-cache

-    restic -r ${RESTIC_REPOSITORY}/db forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
+    pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \
+        -U ${POSTGRES_USER} --no-password --serializable-deferrable |
+        restic -v -r ${RESTIC_REPOSITORY}/pg-database backup --stdin
+
+    restic -v -r ${RESTIC_REPOSITORY}/pg-database forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune

    # backup nextcloud filesystem
-    cd /var/backups/ && restic -r ${RESTIC_REPOSITORY}/files backup .
+    restic -v -r ${RESTIC_REPOSITORY}/files unlock --cleanup-cache
+
+    cd /var/backups/ && restic -v -r ${RESTIC_REPOSITORY}/files backup .

    restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune
 }
--- a/infrastrucure/docker/image/resources/init.sh
+++ b/infrastrucure/docker/image/resources/init.sh
@ -6,9 +6,9 @@ function main() {

    file_env RESTIC_PASSWORD_FILE

-    restic -r ${RESTIC_REPOSITORY}/db --verbose init
-    restic -r ${RESTIC_REPOSITORY}/db-role --verbose init
-    restic -r ${RESTIC_REPOSITORY}/files --verbose init
+    restic -r ${RESTIC_REPOSITORY}/pg-role -v init
+    restic -r ${RESTIC_REPOSITORY}/pg-database -v init
+    restic -r ${RESTIC_REPOSITORY}/files -v init
 }

 source /usr/local/lib/functions.sh
--- a/infrastrucure/docker/image/resources/restore.sh
+++ b/infrastrucure/docker/image/resources/restore.sh
@ -12,26 +12,28 @@ function main() {

    file_env RESTIC_PASSWORD

-    # files
-    rm -rf /var/backups/*
-    restic -v -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
-
-    # db
+    # create new db
    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
        --no-password -c "DROP DATABASE \"${POSTGRES_DB}\";"
    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
        --no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";"

-    # TODO: restore roles
+    # restore roles
+    restic -v -r ${RESTIC_REPOSITORY}/pg-role dump latest stdin | \
        psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
-        --no-password -c "CREATE ROLE oc_...;"
-    psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
-        --no-password -c "ALTER ROLE oc_... WITH NOSUPERUSER INHERIT NOCREATEROLE CREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...';"
+        --no-password

-    restic -v -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin
+    # restore db
+    restic -v -r ${RESTIC_REPOSITORY}/pg-database dump latest stdin | \
        psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \
-        --no-password < test-stdin/stdin
+        --no-password

+    # files
+    rm -rf /var/backups/*
+    restic -v -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/
+
+    # adjust trusted domains
+    php /var/www/html/occ config:system:set trusted_domains 1 --value=cloud.test.meissa-gmbh.de
 }

 source /usr/local/lib/functions.sh