feat: Adds monitoring setup for prometheus push gateway

.env.sample

@@ -9,10 +9,16 @@ RESTIC_REPOSITORY=/backups/restic
 CRON_SCHEDULE='30 3 * * *'
 
 # Push Notifiactions
+#PUSH_PROMETHEUS_URL=https://pushgateway.example.com/metrics/job/backup
+# or
 #PUSH_URL_START=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=start
 #PUSH_URL_SUCCESS=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=OK
 #PUSH_URL_FAIL=https://status.example.com/api/push/xxxxxxxxxx?status=down&msg=fail
 
+# Push Basic Auth
+#COMPOSE_FILE="$COMPOSE_FILE:compose.pushbasicauth.yml"
+#SECRET_PUSH_BASICAUTH=v1
+
 # swarm-cronjob, instead of built-in cron
 #COMPOSE_FILE="$COMPOSE_FILE:compose.swarm-cronjob.yml"
 

README.md

@@ -104,15 +104,38 @@ See [restic REST docs](https://restic.readthedocs.io/en/latest/030_preparing_a_n
 
 ## Push notifications
 
+It is possible to configure three push events, that may trigger on the backup cronjob. Those can be used to detect failures from mointoring systems.
+The events are:
+- start
+- success
+- fail
+
+### Using a Prometheus Push Gateway
+
+[A prometheus push gateway](https://git.coopcloud.tech/coop-cloud/monitoring-ng#setup-push-gateway) can be used by setting the following env variables:
+- `PUSH_PROMETHEUS_URL=pushgateway.example.com/metrics/job/backup`
+
+### Using custom URLs
+
 The following env variables can be used to setup push notifications for backups. `PUSH_URL_START` is requested just before the backups starts, `PUSH_URL_SUCCESS` is only requested if the backup was successful and if the backup fails `PUSH_URL_FAIL` will be requested.
 Each variable is optional and independent of the other.
-```
 
+```
 PUSH_URL_START=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=start
 PUSH_URL_SUCCESS=https://status.example.com/api/push/xxxxxxxxxx?status=up&msg=OK
 PUSH_URL_FAIL=https://status.example.com/api/push/xxxxxxxxxx?status=down&msg=fail
 ```
 
+### Push endpoint behind basic auth
+
+Insert the basic auth secret
+`abra app secret insert <backupbot_name> push_basicauth v1 "user:password"`
+
+Enable basic auth in the env file, by uncommenting the following line:
+```
+#COMPOSE_FILE="$COMPOSE_FILE:compose.pushbasicauth.yml"
+#SECRET_PUSH_BASICAUTH=v1
+```
 
 ## Usage
 

abra.sh

@@ -1,5 +1,7 @@
 export BACKUPBOT_VERSION=v1
 export SSH_CONFIG_VERSION=v1
+export ENTRYPOINT_VERSION=v17
+export CRONJOB_VERSION=v2
 
 run_cron () {
     schedule="$(crontab -l | tr -s " " | cut -d ' ' -f-5)"

compose.pushbasicauth.yml

@@ -0,0 +1,11 @@
+---
+version: "3.8"
+services:
+  app:
+    secrets:
+      - push_basicauth
+
+secrets:
+  push_basicauth:
+    external: true
+    name: ${STACK_NAME}_push_basicauth_${SECRET_PUSH_BASICAUTH}

compose.yml

@@ -14,6 +14,13 @@ services:
       - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
     secrets:
       - restic_password
+    configs:
+      - source: entrypoint
+        target: /entrypoint.sh
+        mode: 666
+      - source: cronjob
+        target: /cronjob.sh
+        mode: 666
     deploy:
       labels:
         - coop-cloud.${STACK_NAME}.version=0.1.0+latest
@@ -32,5 +39,13 @@ secrets:
     external: true
     name: ${STACK_NAME}_restic_password_${SECRET_RESTIC_PASSWORD_VERSION}
 
+configs:
+  entrypoint:
+    name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
+    file: entrypoint.sh
+  cronjob:
+    name: ${STACK_NAME}_cronjob_${CRONJOB_VERSION}
+    file: cronjob.sh
+
 volumes:
   backups:

cronjob.sh

@@ -0,0 +1,40 @@
+#!/bin/sh
+
+set -e
+
+CURL_OPTS="-s"
+# Check for basic auth
+if [ -n "$(cat /run/secrets/push_basicauth)" ]
+then
+    CURL_OPTS="$CURL_OPTS -u $(cat /run/secrets/push_basicauth)"
+fi
+
+if [ -n "$PUSH_PROMETHEUS_URL" ]
+then
+    push_start_notification="(echo 'backup 1' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)"
+    push_success_notification="(echo 'backup 0' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)"
+    push_fail_notification="(echo 'backup -1' | curl $CURL_OPTS --data-binary @- $PUSH_PROMETHEUS_URL)"
+else
+    if [ -n "$PUSH_URL_START" ]
+    then
+        push_start_notification="curl $CURL_OPTS '$PUSH_URL_START'"
+    fi
+
+    if [ -n "$PUSH_URL_FAIL" ]
+    then
+        push_fail_notification="curl $CURL_OPTS '$PUSH_URL_FAIL'"
+    fi
+
+    if [ -n "$PUSH_URL_SUCCESS" ]
+    then
+        push_success_notification="curl $CURL_OPTS '$PUSH_URL_SUCCESS'"
+    fi
+fi
+
+eval "$push_start_notification"
+if [ "$(backup --machine-logs create  2>&1 | tee /tmp/backup.log && (grep -q 'backup finished' /tmp/backup.log))" ]
+then
+    eval "$push_success_notification"
+else
+    eval "$push_fail_notification"
+fi

entrypoint.sh

@@ -9,22 +9,7 @@ fi
 
 cron_schedule="${CRON_SCHEDULE:?CRON_SCHEDULE not set}"
 
-if [ -n "$PUSH_URL_START" ]
-then
-    push_start_notification="curl -s '$PUSH_URL_START' &&"
-fi
-
-if [ -n "$PUSH_URL_FAIL" ]
-then
-    push_fail_notification="|| curl -s '$PUSH_URL_FAIL'"
-fi
-
-if [ -n "$PUSH_URL_SUCCESS" ]
-then
-    push_notification=" && (grep -q 'backup finished' /tmp/backup.log && curl -s '$PUSH_URL_SUCCESS' $push_fail_notification)"
-fi
-
-echo "$cron_schedule $push_start_notification backup --machine-logs create  2>&1 | tee /tmp/backup.log $push_notification" | crontab -
+echo "$cron_schedule /cronjob.sh" | crontab -
 crontab -l
 
 crond -f -d8 -L /dev/stdout