From 0ae5b0136e3cb01dc6d9ab54bf0c4361d46d10d9 Mon Sep 17 00:00:00 2001 From: Simon Date: Tue, 26 Nov 2024 18:10:24 +0100 Subject: [PATCH] update backup labels --- .drone.yml | 1 + .env.sample | 1 + abra.sh | 3 ++- compose.yml | 17 +++++++++++------ pg_backup.sh | 34 ++++++++++++++++++++++++++++++++++ 5 files changed, 49 insertions(+), 7 deletions(-) create mode 100644 pg_backup.sh diff --git a/.drone.yml b/.drone.yml index d3d9187..4cd2bc9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -21,6 +21,7 @@ steps: SECRET_DB_PASSWORD_VERSION: v1 SECRET_DB_ROOT_PASSWORD_VERSION: v1 SECRET_LIMESURVEY_ADMIN_PASSWORD_VERSION: v1 + PG_BACKUP_VERSION: v1 trigger: branch: - main diff --git a/.env.sample b/.env.sample index c867406..1d5b77e 100644 --- a/.env.sample +++ b/.env.sample @@ -4,6 +4,7 @@ DOMAIN=limesurvey.example.com ## Domain aliases #EXTRA_DOMAINS=', `www.limesurvey.example.com`' +ENABLE_BACKUPS=true LETS_ENCRYPT_ENV=production diff --git a/abra.sh b/abra.sh index 8069c2e..33db106 100644 --- a/abra.sh +++ b/abra.sh @@ -1 +1,2 @@ -export ENTRYPOINT_VERSION=v1 \ No newline at end of file +export ENTRYPOINT_VERSION=v1 +export PG_BACKUP_VERSION=v1 \ No newline at end of file diff --git a/compose.yml b/compose.yml index 7f0ee06..13c0499 100644 --- a/compose.yml +++ b/compose.yml @@ -42,8 +42,6 @@ services: #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" - "coop-cloud.${STACK_NAME}.version=1.0.0+6.6.5-240924-apache" - - "backupbot.backup=true" - - "backupbot.backup.path=/var/www/html/upload/surveys,/var/www/html/application/config" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8080"] interval: 30s @@ -60,14 +58,18 @@ services: - POSTGRES_PASSWORD_FILE=/run/secrets/db_password secrets: - db_password + configs: + - source: pg_backup + target: /pg_backup.sh + mode: 0555 volumes: - postgres:/var/lib/postgresql/data deploy: labels: - backupbot.backup: "true" - backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql" - backupbot.backup.post-hook: "rm -rf /tmp/backup" - backupbot.backup.path: "/tmp/backup/" + backupbot.backup: "${ENABLE_BACKUPS:-true}" + backupbot.backup.pre-hook: "/pg_backup.sh backup" + backupbot.backup.volumes.database.path: "backup.sql" + backupbot.restore.post-hook: '/pg_backup.sh restore' volumes: app: @@ -83,6 +85,9 @@ configs: entrypoint: name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION} file: entrypoint.sh + pg_backup: + name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION} + file: pg_backup.sh secrets: db_password: diff --git a/pg_backup.sh b/pg_backup.sh new file mode 100644 index 0000000..e83074d --- /dev/null +++ b/pg_backup.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +set -e + +BACKUP_FILE='/var/lib/postgresql/data/backup.sql' + +function backup { + export PGPASSWORD=$(cat /run/secrets/db_password) + pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE +} + +function restore { + cd /var/lib/postgresql/data/ + restore_config(){ + # Restore allowed connections + cat pg_hba.conf.bak > pg_hba.conf + su postgres -c 'pg_ctl reload' + } + # Don't allow any other connections than local + cp pg_hba.conf pg_hba.conf.bak + echo "local all all trust" > pg_hba.conf + su postgres -c 'pg_ctl reload' + trap restore_config EXIT INT TERM + + # Recreate Database + psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" + createdb -U ${POSTGRES_USER} ${POSTGRES_DB} + psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE + + trap - EXIT INT TERM + restore_config +} + +$@