From d6b3110e3916d9c6e0bf611b4ae8503c3598c787 Mon Sep 17 00:00:00 2001 From: jem Date: Sat, 12 Dec 2020 21:01:33 +0100 Subject: [PATCH] role missing --- infrastrucure/docker/image/resources/backup.sh | 12 +++++++++--- infrastrucure/docker/image/resources/init.sh | 1 + infrastrucure/docker/image/resources/restore.sh | 11 +++++++++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/infrastrucure/docker/image/resources/backup.sh b/infrastrucure/docker/image/resources/backup.sh index d5b070b..000a29a 100755 --- a/infrastrucure/docker/image/resources/backup.sh +++ b/infrastrucure/docker/image/resources/backup.sh @@ -13,17 +13,23 @@ function main() { file_env RESTIC_PASSWORD file_env RESTIC_DAYS_TO_KEEP 14 + # TODO: add a restic unlock stmt. + # backup roles + pg_dumpall -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U${POSTGRES_USER} --no-password --roles-only > roles.sql + # TODO: remove all without oc_ + restic -v -r ${RESTIC_REPOSITORY}/db-role backup --stdin + # backup database dump pg_dump -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} \ - -U ${POSTGRES_USER_FILE} --no-password --serializable-deferrable | \ - restic -r ${RESTIC_REPOSITORY}/db backup --stdin + -U ${POSTGRES_USER} --no-password --serializable-deferrable | \ + restic -v -r ${RESTIC_REPOSITORY}/db backup --stdin restic -r ${RESTIC_REPOSITORY}/db forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune # backup nextcloud filesystem cd /var/backups/ && restic -r ${RESTIC_REPOSITORY}/files backup . - restic -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune + restic -v -r ${RESTIC_REPOSITORY}/files forget --keep-last 1 --keep-within ${RESTIC_DAYS_TO_KEEP}d --prune } source /usr/local/lib/functions.sh diff --git a/infrastrucure/docker/image/resources/init.sh b/infrastrucure/docker/image/resources/init.sh index 932803a..e037ac1 100755 --- a/infrastrucure/docker/image/resources/init.sh +++ b/infrastrucure/docker/image/resources/init.sh @@ -7,6 +7,7 @@ function main() { file_env RESTIC_PASSWORD_FILE restic -r ${RESTIC_REPOSITORY}/db --verbose init + restic -r ${RESTIC_REPOSITORY}/db-role --verbose init restic -r ${RESTIC_REPOSITORY}/files --verbose init } diff --git a/infrastrucure/docker/image/resources/restore.sh b/infrastrucure/docker/image/resources/restore.sh index 2a9caa1..813defc 100755 --- a/infrastrucure/docker/image/resources/restore.sh +++ b/infrastrucure/docker/image/resources/restore.sh @@ -14,14 +14,21 @@ function main() { # files rm -rf /var/backups/* - restic -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/ + restic -v -r $RESTIC_REPOSITORY/files restore latest --target /var/backups/ # db psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ --no-password -c "DROP DATABASE \"${POSTGRES_DB}\";" psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ --no-password -c "CREATE DATABASE \"${POSTGRES_DB}\";" - restic -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin + + # TODO: restore roles + psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ + --no-password -c "CREATE ROLE oc_...;" + psql -d template1 -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ + --no-password -c "ALTER ROLE oc_... WITH NOSUPERUSER INHERIT NOCREATEROLE CREATEDB LOGIN NOREPLICATION NOBYPASSRLS PASSWORD 'md5...';" + + restic -v -r ${RESTIC_REPOSITORY}/db restore latest --target test-stdin psql -d ${POSTGRES_DB} -h ${POSTGRES_SERVICE} -p ${POSTGRES_PORT} -U ${POSTGRES_USER} \ --no-password < test-stdin/stdin