diff --git a/.env.sample b/.env.sample index 3db56ad..f6a5251 100644 --- a/.env.sample +++ b/.env.sample @@ -9,10 +9,16 @@ RESTIC_REPOSITORY=/backups/restic CRON_SCHEDULE='30 3 * * *' # Push Notifiactions +#PUSH_PROMETHEUS_URL=https://pushgateway.example.com/metrics/job/backup +# or #PUSH_URL_START=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=start #PUSH_URL_SUCCESS=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=OK #PUSH_URL_FAIL=https://status.example.com/api/push/xxxxxxxxxx?status=down&msg=fail +# Push Basic Auth +#COMPOSE_FILE="$COMPOSE_FILE:compose.pushbasicauth.yml" +#SECRET_PUSH_BASICAUTH=v1 + # swarm-cronjob, instead of built-in cron #COMPOSE_FILE="$COMPOSE_FILE:compose.swarm-cronjob.yml" diff --git a/README.md b/README.md index 7035a9b..52a75d2 100644 --- a/README.md +++ b/README.md @@ -104,15 +104,38 @@ See [restic REST docs](https://restic.readthedocs.io/en/latest/030_preparing_a_n ## Push notifications +It is possible to configure three push events, that may trigger on the backup cronjob. Those can be used to detect failures from mointoring systems. +The events are: +- start +- success +- fail + +### Using a Prometheus Push Gateway + +[A prometheus push gateway](https://git.coopcloud.tech/coop-cloud/monitoring-ng#setup-push-gateway) can be used by setting the following env variables: +- `PUSH_PROMETHEUS_URL=pushgateway.example.com/metrics/job/backup` + +### Using custom URLs + The following env variables can be used to setup push notifications for backups. `PUSH_URL_START` is requested just before the backups starts, `PUSH_URL_SUCCESS` is only requested if the backup was successful and if the backup fails `PUSH_URL_FAIL` will be requested. Each variable is optional and independent of the other. -``` +``` PUSH_URL_START=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=start PUSH_URL_SUCCESS=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=OK PUSH_URL_FAIL=https://status.example.com/api/push/xxxxxxxxxx?status=down&msg=fail ``` +### Push endpoint behind basic auth + +Insert the basic auth secret +`abra app secret insert push_basicauth v1 "user:password"` + +Enable basic auth in the env file, by uncommenting the following line: +``` +#COMPOSE_FILE="$COMPOSE_FILE:compose.pushbasicauth.yml" +#SECRET_PUSH_BASICAUTH=v1 +``` ## Usage diff --git a/abra.sh b/abra.sh index ce50a91..f2cf33b 100644 --- a/abra.sh +++ b/abra.sh @@ -1,5 +1,7 @@ export BACKUPBOT_VERSION=v1 export SSH_CONFIG_VERSION=v1 +export ENTRYPOINT_VERSION=v17 +export CRONJOB_VERSION=v2 run_cron () { schedule="$(crontab -l | tr -s " " | cut -d ' ' -f-5)" diff --git a/compose.pushbasicauth.yml b/compose.pushbasicauth.yml new file mode 100644 index 0000000..9688b35 --- /dev/null +++ b/compose.pushbasicauth.yml @@ -0,0 +1,11 @@ +--- +version: "3.8" +services: + app: + secrets: + - push_basicauth + +secrets: + push_basicauth: + external: true + name: ${STACK_NAME}_push_basicauth_${SECRET_PUSH_BASICAUTH} diff --git a/compose.yml b/compose.yml index 5ba9e96..9d1536c 100644 --- a/compose.yml +++ b/compose.yml @@ -14,6 +14,13 @@ services: - RESTIC_PASSWORD_FILE=/run/secrets/restic_password secrets: - restic_password + configs: + - source: entrypoint + target: /entrypoint.sh + mode: 666 + - source: cronjob + target: /cronjob.sh + mode: 666 deploy: labels: - coop-cloud.${STACK_NAME}.version=0.1.0+latest @@ -31,6 +38,14 @@ secrets: restic_password: external: true name: ${STACK_NAME}_restic_password_${SECRET_RESTIC_PASSWORD_VERSION} - + +configs: + entrypoint: + name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} + file: entrypoint.sh + cronjob: + name: ${STACK_NAME}_cronjob_${CRONJOB_VERSION} + file: cronjob.sh + volumes: backups: diff --git a/cronjob.sh b/cronjob.sh new file mode 100755 index 0000000..1c00363 --- /dev/null +++ b/cronjob.sh @@ -0,0 +1,40 @@ +#!/bin/sh + +set -e + +CURL_OPTS="-s" +# Check for basic auth +if [ -n "$(cat /run/secrets/push_basicauth)" ] +then + CURL_OPTS="$CURL_OPTS -u $(cat /run/secrets/push_basicauth)" +fi + +if [ -n "$PUSH_PROMETHEUS_URL" ] +then + push_start_notification="(echo 'backup 1' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)" + push_success_notification="(echo 'backup 0' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)" + push_fail_notification="(echo 'backup -1' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)" +else + if [ -n "$PUSH_URL_START" ] + then + push_start_notification="curl $CURL_OPTS '$PUSH_URL_START'" + fi + + if [ -n "$PUSH_URL_FAIL" ] + then + push_fail_notification="curl $CURL_OPTS '$PUSH_URL_FAIL'" + fi + + if [ -n "$PUSH_URL_SUCCESS" ] + then + push_success_notification="curl $CURL_OPTS '$PUSH_URL_SUCCESS'" + fi +fi + +eval "$push_start_notification" +if [ "$(backup --machine-logs create 2>&1 | tee /tmp/backup.log && (grep -q 'backup finished' /tmp/backup.log))" ] +then + eval "$push_success_notification" +else + eval "$push_fail_notification" +fi diff --git a/entrypoint.sh b/entrypoint.sh index 5c25ed7..76fe1c7 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,22 +9,7 @@ fi cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}" -if [ -n "$PUSH_URL_START" ] -then - push_start_notification="curl -s '$PUSH_URL_START' &&" -fi - -if [ -n "$PUSH_URL_FAIL" ] -then - push_fail_notification="|| curl -s '$PUSH_URL_FAIL'" -fi - -if [ -n "$PUSH_URL_SUCCESS" ] -then - push_notification=" && (grep -q 'backup finished' /tmp/backup.log && curl -s '$PUSH_URL_SUCCESS' $push_fail_notification)" -fi - -echo "$cron_schedule $push_start_notification backup --machine-logs create 2>&1 | tee /tmp/backup.log $push_notification" | crontab - +echo "$cron_schedule /cronjob.sh" | crontab - crontab -l crond -f -d8 -L /dev/stdout