From 83b0be5ae5abecd2076cab8b7ab2a84e9756034a Mon Sep 17 00:00:00 2001 From: EuAndreh Date: Tue, 28 May 2019 00:46:24 -0300 Subject: Add backup routing before possibly tearing down machine Create a new backup entry before running =terraform apply=, which may (or may not) destroy the current machine. This shouldn't be an issue for the backup itself, since all of the data should be stored in a separate Block Storage Volume, but we can take advantage of the sevices already needing to be taken down in order to perform a full backup of the data. --- TODOs.org | 5 ++++- backup-and-shutdown.sh | 8 -------- ci-setup.sh | 1 + provision.sh | 7 +++++-- run-backup-template.sh | 11 +++++++++++ secrets/envrc.sh | Bin 1016 -> 1553 bytes 6 files changed, 21 insertions(+), 11 deletions(-) delete mode 100755 backup-and-shutdown.sh create mode 100755 run-backup-template.sh diff --git a/TODOs.org b/TODOs.org index 2f8d3ba..596793e 100644 --- a/TODOs.org +++ b/TODOs.org @@ -27,7 +27,8 @@ Put it in an environment variable? Done by appending to content of =~/.ssh/config=. **** DOING Automate deployment with Terraform and deployment scripts **** NEXT Use DigitalOcean's Floating IP in front of the droplet -**** TODO Backup data during deployments +**** DONE Backup data during deployments +CLOSED: [2019-05-28 Tue 00:48] Is this approach feasible? Will it make the deployment take too much longer? What are the alternatives? Initial sketch of the backup commands: @@ -36,6 +37,8 @@ rsync --verbose --progress --stats --update --recursive "$HOME/backups/" "$RSYNC borg create -svp -C lzma,6 "~/borgbackup::{hostname}-{now}-${VPS_COMMIT_SHA} ${VOLUME_HOME}" rsync --verbose --progress --stats --update --recursive "$RSYNC_REMOTE" "$HOME/borgbackups/" #+END_SOURCE + +Implemented with help from https://jstaf.github.io/2018/03/12/backups-with-borg-rsync.html **** TODO Test provisioning DNS entries with other DNS registrars **** DONE Namecheap whitelist IP limitation CLOSED: [2019-05-26 Sun 17:14] diff --git a/backup-and-shutdown.sh b/backup-and-shutdown.sh deleted file mode 100755 index c880a16..0000000 --- a/backup-and-shutdown.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env bash -set -Eeuo pipefail -cd "$(dirname "${BASH_SOURCE[0]}")" - -echo "FIXME: get current backup" -echo docker-compose down -echo "FIXME: create a new backup" -echo "FIXME: rsync back new backup" diff --git a/ci-setup.sh b/ci-setup.sh index a5d0c0d..4c38993 100755 --- a/ci-setup.sh +++ b/ci-setup.sh @@ -14,6 +14,7 @@ echo "Done." # git smudge after git-crypt clears file permissions chmod 600 ./secrets/vps_box +chmod 600 ./secrets/borg_remote cat .envrc >> ~/.buildenv source .envrc diff --git a/provision.sh b/provision.sh index 42e7990..e5f6baf 100755 --- a/provision.sh +++ b/provision.sh @@ -5,8 +5,11 @@ set -Eeuo pipefail cd "$(dirname "${BASH_SOURCE[0]}")" echo "Shutting down running containers and backing up data..." -envsubst < backup-and-shutdown.sh | ssh "$TLD" 'cat > /home/vps/backup-and-shutdown.sh' -ssh "$TLD" /home/vps/backup-and-shutdown.sh +ssh "$TLD" "cd /home/vps/ && docker-compose down" +scp ./secrets/borg_remote.pub "$TLD":/root/.ssh/id_rsa.pub +scp ./secrets/borg_remote "$TLD":/root/.ssh/id_rsa +envsubst < run-backup-template.sh | ssh "$TLD" 'cat > /home/vps/run-backup.sh && chmod +x /home/vps/run-backup.sh' +ssh "$TLD" /home/vps/run-backup.sh echo "Done." echo "Running 'terraform apply'..." diff --git a/run-backup-template.sh b/run-backup-template.sh new file mode 100755 index 0000000..34184b9 --- /dev/null +++ b/run-backup-template.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +export BORG_REMOTE_PATH="${BORG_REMOTE_PATH}" +export BORG_PASSPHRASE="${BORG_PASSPHRASE}" +borg create \ + --verbose \ + --stats \ + --progress \ + --compression lzma,6 \ + "${BORG_REPO}::{hostname}-{now}-${VPS_COMMIT_SHA}" \ + "${VOLUME_HOME}" diff --git a/secrets/envrc.sh b/secrets/envrc.sh index c0a0907..4aaa2bd 100644 Binary files a/secrets/envrc.sh and b/secrets/envrc.sh differ -- cgit v1.2.3