forked from coop-cloud/backup-bot-two
40
backupbot.py
40
backupbot.py
@ -50,41 +50,6 @@ def export_secrets():
|
||||
with open(os.environ[env]) as file:
|
||||
os.environ[env.removesuffix('_FILE')] = file.read()
|
||||
|
||||
@cli.command(help='Attach all secrets to the backupbot container, this can result in a container restart')
|
||||
def attach_secrets():
|
||||
client = docker.from_env()
|
||||
services = client.services.list()
|
||||
apps = []
|
||||
secrets = []
|
||||
secret_ids = []
|
||||
# Get all Apps that aktivate backups
|
||||
for s in services:
|
||||
labels = s.attrs['Spec']['Labels']
|
||||
if (backup := labels.get('backupbot.backup')) and bool(backup):
|
||||
apps.append(labels['com.docker.stack.namespace'])
|
||||
# Get all Secrets for these Apps
|
||||
for s in services:
|
||||
labels = s.attrs['Spec']['Labels']
|
||||
if labels['com.docker.stack.namespace'] in apps:
|
||||
if app_secs:= s.attrs['Spec']['TaskTemplate']['ContainerSpec'].get('Secrets'):
|
||||
for sec in app_secs:
|
||||
if sec['SecretID'] not in secret_ids:
|
||||
# Move Secret Targets to SecretName to avoid conflicts
|
||||
secret_ids.append(sec['SecretID'])
|
||||
sec['File']['Name'] = sec['SecretName']
|
||||
secrets.append(sec)
|
||||
backupbot_service = client.services.get(os.environ['STACK_NAME']+"_app")
|
||||
# Append the backupbot secrets
|
||||
backupbot_secrets = backupbot_service.attrs['Spec']['TaskTemplate']['ContainerSpec']['Secrets']
|
||||
for sec in backupbot_secrets:
|
||||
if os.environ['STACK_NAME'] in sec['SecretName']:
|
||||
secrets.append(sec)
|
||||
new_sec_ids = set(map(lambda s: s['SecretID'], secrets))
|
||||
old_sec_ids = set(map(lambda s: s['SecretID'], backupbot_secrets))
|
||||
if new_sec_ids.difference(old_sec_ids):
|
||||
logging.warning("Backupbot will restart to update the secrets")
|
||||
backupbot_service.update(secrets=secrets)
|
||||
|
||||
@cli.command()
|
||||
def create():
|
||||
pre_commands, post_commands, backup_paths, apps = get_backup_cmds()
|
||||
@ -113,12 +78,8 @@ def get_backup_cmds():
|
||||
pre_commands[container] = prehook
|
||||
if posthook:= labels.get('backupbot.backup.post-hook'):
|
||||
post_commands[container] = posthook
|
||||
# Backup volumes
|
||||
backup_paths = backup_paths.union(
|
||||
Path(VOLUME_PATH).glob(f"{stack_name}_*"))
|
||||
# Backup secrets
|
||||
backup_paths = backup_paths.union(
|
||||
Path('/var/run/secrets').glob(f"{stack_name}_*"))
|
||||
return pre_commands, post_commands, list(backup_paths), list(backup_apps)
|
||||
|
||||
def run_commands(commands):
|
||||
@ -184,7 +145,6 @@ def list_files(snapshot, path):
|
||||
@click.option('snapshot', '--snapshot', '-s', envvar='SNAPSHOT', default='latest')
|
||||
@click.option('path', '--path', '-p', envvar='INCLUDE_PATH')
|
||||
def download(snapshot, path):
|
||||
path = path.removesuffix('/')
|
||||
files = list_files(snapshot, path)
|
||||
filetype = [f.get('type') for f in files if f.get('path') == path][0]
|
||||
cmd = restic.cat.base_command() + ['dump', snapshot, path]
|
||||
|
||||
@ -5,15 +5,13 @@ set -e -o pipefail
|
||||
apk add --upgrade --no-cache \
|
||||
restic=0.15.2-r3 \
|
||||
bash=5.2.15-r5 \
|
||||
restic=0.15.2-r2 \
|
||||
python3=3.11.5-r0 \
|
||||
py3-pip=23.1.2-r0
|
||||
|
||||
# Todo use requirements file with specific versions
|
||||
pip install click==8.1.7 docker==6.1.3 resticpy==1.0.2
|
||||
|
||||
# Attach secrets to backupbot
|
||||
backup attach-secrets
|
||||
|
||||
if [ -n "$SSH_HOST_KEY" ]
|
||||
then
|
||||
echo "$SSH_HOST_KEY" > /root/.ssh/known_hosts
|
||||
|
||||
Reference in New Issue
Block a user