check with version

.gitignore

@@ -111,3 +111,4 @@ venv.bak/
 .lsp/
 .calva/
 .cpcache/
+infrastructure/backup/image/resources/backup-repository-state.edn

infrastructure/backup/doc/backup_dev_notes.md

@@ -0,0 +1,44 @@
+## Init Statemachine
+
+### Inputs
+1. `restic-password: ""`
+2. `restic-password-to-rotate: ""`
+
+### Manual init the restic repository for the first time
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. exec into pod and execute restore pod (press tab to get your exact pod name)   
+   `kubectl exec -it backup-restore-... -- /usr/local/bin/init.sh`
+3. remove backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=0`
+
+### Password Rotation
+
+1. apply backup-and-restore pod:   
+   `kubectl scale deployment backup-restore --replicas=1`
+2. add new password to restic repository   
+    `restic key add ....`   
+    => Trigger ::   
+    field (1) credential current   
+    filed (2) credential new
+3. replace field (1) with (2) & clear (2)
+4. remove old key - ???  
+`restic remove ....`
+
+
+```mermaid
+stateDiagram-v2
+    [*] --> init
+    init --> backup_ready: trigger, restic-password !empty
+    backup_ready --> new_password_added: restic-password !empty && restic-password-to-rotate !empty 
+    new_password_added --> backup_ready: restic-password !empty && restic-password-to-rotate empty
+```
+
+### First Steps
+
+1. Cloud Testserver hochfahren
+2. Dort backup-restore deployment (leeres Secret mgl.?), neues Secret "rotation-credential-secret" als Daten
+3. mounten von angelegtem Secret in Pod backup-restore
+4. ba*bash*ka Skript in pod starten -> liest Secret ?leer
+5. Micha cons. 

infrastructure/backup/image/resources/restic_management.clj

@@ -0,0 +1,33 @@
+#! /usr/bin/env bb
+
+(ns restic-management
+  (:require
+   [clojure.spec.alpha :as s]
+   [clojure.java.io :as io]
+   [clojure.edn :as edn]))
+
+(s/def ::state string?)
+
+(s/def ::backup-repository-state
+  (s/keys :req-un [::state]))
+
+(def state {:state ""})
+
+(defn store-backup-repository-state [s]
+  (spit "backup-repository-state.edn" s))
+
+(defn read-backup-repository-state []
+   (try
+     (with-open [r (io/reader "backup-repository-state.edn")]
+       (edn/read (java.io.PushbackReader. r)))
+  
+     (catch java.io.IOException e
+       (printf "Couldn't open '%s': %s\n" "backup-repository-state.edn" (.getMessage e)))
+     (catch RuntimeException e
+       (printf "Error parsing edn file '%s': %s\n" "backup-repository-state.edn" (.getMessage e)))))
+
+(println (read-backup-repository-state))
+
+(println (:state (read-backup-repository-state)))
+
+(println (s/valid? ::backup-repository-state (read-backup-repository-state)))

infrastructure/clj-cljs/image/resources/install.sh

@@ -6,7 +6,7 @@ function main() {
     upgradeSystem
 
     mkdir -p /usr/share/man/man1
-    apt-get -qqy install openjdk-17-jre-headless leiningen curl
+    apt-get -qqy install curl openjdk-17-jre-headless leiningen
     
     # shadow-cljs
     npm install -g npm
@@ -15,14 +15,14 @@ function main() {
     # download kubeconform & graalvm
     kubeconform_version="0.6.4"
 
-    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/kubeconform-linux-amd64.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
     curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS
 
     # checksum kubeconform
     checksum
 
     # install kubeconform
-    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
+    tar -C /usr/local/bin -xf /tmp/kubeconform-linux-amd64.tar.gz --exclude=LICENSE
 
     #install pyb
     apt-get -qqy install python3 python3-pip git
@@ -36,15 +36,9 @@ function main() {
 }
 
 function checksum() {
-    checksum_var=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
+    awk '{print $1 "  /tmp/" $2}' /tmp/CHECKSUMS|sed -n '2p' > /tmp/kubeconform-checksum
-    sha256sum_var=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
+    cat /tmp/kubeconform-checksum
-    
+    sha256sum -c --status /tmp/kubeconform-checksum
-    if [ $checksum_var == $sha256sum_var ]; then
-        echo "Kubeconform checksum verification succesful" 
-    else
-        echo "Failure in kubeconform checksum verification"
-        exit 1
-    fi
 }
 
 source /tmp/install_functions_debian.sh

infrastructure/clj/image/resources/install.sh

@@ -12,7 +12,7 @@ function main() {
     kubeconform_version="0.6.4"
     graalvm_jdk_version="21.0.2"
 
-    curl -SsLo /tmp/kubeconform.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
+    curl -SsLo /tmp/kubeconform-linux-amd64.tar.gz https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/kubeconform-linux-amd64.tar.gz
     curl -SsLo /tmp/CHECKSUMS https://github.com/yannh/kubeconform/releases/download/v${kubeconform_version}/CHECKSUMS
     curl -SsLo /tmp/graalvm-community-jdk.tar.gz https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz
     curl -SsLo /tmp/graalvm-checksum https://github.com/graalvm/graalvm-ce-builds/releases/download/jdk-${graalvm_jdk_version}/graalvm-community-jdk-${graalvm_jdk_version}_linux-x64_bin.tar.gz.sha256
@@ -21,7 +21,7 @@ function main() {
     checksum
 
     # install kubeconform
-    tar -C /usr/local/bin -xf /tmp/kubeconform.tar.gz --exclude=LICENSE
+    tar -C /usr/local/bin -xf /tmp/kubeconform-linux-amd64.tar.gz --exclude=LICENSE
 
     # install graalvm
     tar -C /usr/lib/jvm/ -xf /tmp/graalvm-community-jdk.tar.gz
@@ -36,25 +36,21 @@ function main() {
     pip3 install pybuilder 'ddadevops>=4.7.0' deprecation dda-python-terraform boto3 pyyaml inflection --break-system-packages 
 
     #check
-    native-image --help
+    native-image --version
-    lein --help
+    lein -v
 
     cleanupDocker
     } > /dev/null
 }
 
 function checksum() {
-    checksum_kubeconform=$(awk '{print $1}' /tmp/CHECKSUMS|sed -n '2p')
+    #kubeconform
-    sha256sum_kubeconform=$(sha256sum /tmp/kubeconform.tar.gz|awk '{print $1}')
+    awk '{print $1 "  /tmp/" $2}' /tmp/CHECKSUMS|sed -n '2p' > /tmp/kubeconform-checksum
-    checksum_graalvm_jdk=$(awk '{print $1}' /tmp/graalvm-checksum)
+    sha256sum -c --status /tmp/kubeconform-checksum
-    sha256sum_graalvm_jdk=$(sha256sum /tmp/graalvm-community-jdk.tar.gz|awk '{print $1}')
     
-    if [ $checksum_kubeconform == $sha256sum_kubeconform -a $checksum_graalvm_jdk == $sha256sum_graalvm_jdk ]; then
+    #graalvm
-        echo "Kubeconform & graalvm_jdk checksum verification succesful" 
+    echo "  /tmp/graalvm-community-jdk.tar.gz"|tee -a /tmp/graalvm-checksum
-    else
+    sha256sum -c --status /tmp/graalvm-checksum
-        echo "Failure in kubeconform|graalvm_jdk checksum verification"
-        exit 1
-    fi
 }
 
 source /tmp/install_functions_debian.sh