From 488c59f667231272d629bdd3d2bd180d47c1cbd7 Mon Sep 17 00:00:00 2001 From: Moritz Date: Fri, 22 Sep 2023 14:15:31 +0200 Subject: [PATCH] Revert "feat: Backup Secrets #28" This reverts commit 2838a36d43f44f80aa76095863f463d6aae57403. --- backupbot.py | 40 ---------------------------------------- entrypoint.sh | 4 +--- 2 files changed, 1 insertion(+), 43 deletions(-) diff --git a/backupbot.py b/backupbot.py index f3bb38e..9932dde 100755 --- a/backupbot.py +++ b/backupbot.py @@ -50,41 +50,6 @@ def export_secrets(): with open(os.environ[env]) as file: os.environ[env.removesuffix('_FILE')] = file.read() -@cli.command(help='Attach all secrets to the backupbot container, this can result in a container restart') -def attach_secrets(): - client = docker.from_env() - services = client.services.list() - apps = [] - secrets = [] - secret_ids = [] - # Get all Apps that aktivate backups - for s in services: - labels = s.attrs['Spec']['Labels'] - if (backup := labels.get('backupbot.backup')) and bool(backup): - apps.append(labels['com.docker.stack.namespace']) - # Get all Secrets for these Apps - for s in services: - labels = s.attrs['Spec']['Labels'] - if labels['com.docker.stack.namespace'] in apps: - if app_secs:= s.attrs['Spec']['TaskTemplate']['ContainerSpec'].get('Secrets'): - for sec in app_secs: - if sec['SecretID'] not in secret_ids: - # Move Secret Targets to SecretName to avoid conflicts - secret_ids.append(sec['SecretID']) - sec['File']['Name'] = sec['SecretName'] - secrets.append(sec) - backupbot_service = client.services.get(os.environ['STACK_NAME']+"_app") - # Append the backupbot secrets - backupbot_secrets = backupbot_service.attrs['Spec']['TaskTemplate']['ContainerSpec']['Secrets'] - for sec in backupbot_secrets: - if os.environ['STACK_NAME'] in sec['SecretName']: - secrets.append(sec) - new_sec_ids = set(map(lambda s: s['SecretID'], secrets)) - old_sec_ids = set(map(lambda s: s['SecretID'], backupbot_secrets)) - if new_sec_ids.difference(old_sec_ids): - logging.warning("Backupbot will restart to update the secrets") - backupbot_service.update(secrets=secrets) - @cli.command() def create(): pre_commands, post_commands, backup_paths, apps = get_backup_cmds() @@ -113,12 +78,8 @@ def get_backup_cmds(): pre_commands[container] = prehook if posthook:= labels.get('backupbot.backup.post-hook'): post_commands[container] = posthook - # Backup volumes backup_paths = backup_paths.union( Path(VOLUME_PATH).glob(f"{stack_name}_*")) - # Backup secrets - backup_paths = backup_paths.union( - Path('/var/run/secrets').glob(f"{stack_name}_*")) return pre_commands, post_commands, list(backup_paths), list(backup_apps) def run_commands(commands): @@ -184,7 +145,6 @@ def list_files(snapshot, path): @click.option('snapshot', '--snapshot', '-s', envvar='SNAPSHOT', default='latest') @click.option('path', '--path', '-p', envvar='INCLUDE_PATH') def download(snapshot, path): - path = path.removesuffix('/') files = list_files(snapshot, path) filetype = [f.get('type') for f in files if f.get('path') == path][0] cmd = restic.cat.base_command() + ['dump', snapshot, path] diff --git a/entrypoint.sh b/entrypoint.sh index b5be1cf..f768e7b 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,15 +5,13 @@ set -e -o pipefail apk add --upgrade --no-cache \ restic=0.15.2-r3 \ bash=5.2.15-r5 \ + restic=0.15.2-r2 \ python3=3.11.5-r0 \ py3-pip=23.1.2-r0 # Todo use requirements file with specific versions pip install click==8.1.7 docker==6.1.3 resticpy==1.0.2 -# Attach secrets to backupbot -backup attach-secrets - if [ -n "$SSH_HOST_KEY" ] then echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts