aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2020-11-15 19:27:57 +0100
committerAlex Auvolat <alex@adnab.me>2020-11-15 19:27:57 +0100
commite2a0c40e6bf3919e6cef6ed1789251b30367dc11 (patch)
tree5a236ef52f6af0a595815bd4132b203304d0c1d6
parent2051a21662a9b7a029bd18c7874d61c3b4d28325 (diff)
downloadinfrastructure-e2a0c40e6bf3919e6cef6ed1789251b30367dc11.tar.gz
infrastructure-e2a0c40e6bf3919e6cef6ed1789251b30367dc11.zip
Script to backup Consul KV store
-rw-r--r--app/build/backup-consul/Dockerfile21
-rwxr-xr-xapp/build/backup-consul/do_backup.sh19
-rw-r--r--app/deployment/backup.hcl67
3 files changed, 107 insertions, 0 deletions
diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile
new file mode 100644
index 0000000..ff052bf
--- /dev/null
+++ b/app/build/backup-consul/Dockerfile
@@ -0,0 +1,21 @@
+FROM amd64/debian:buster
+
+RUN apt-get update && \
+ apt-get -qq -y full-upgrade && \
+ apt-get install -y rsync wget openssh-client unzip && \
+ apt-get clean && \
+ rm -f /var/lib/apt/lists/*_*
+
+RUN mkdir -p /root/.ssh
+WORKDIR /root
+
+RUN wget https://releases.hashicorp.com/consul/1.8.5/consul_1.8.5_linux_amd64.zip && \
+ unzip consul_1.8.5_linux_amd64.zip && \
+ chmod +x consul && \
+ mv consul /usr/local/bin && \
+ rm consul_1.8.5_linux_amd64.zip
+
+COPY do_backup.sh /root/do_backup.sh
+
+CMD "/root/do_backup.sh"
+
diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh
new file mode 100755
index 0000000..049c998
--- /dev/null
+++ b/app/build/backup-consul/do_backup.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -x -e
+
+cd /root
+
+chmod 0600 .ssh/id_ed25519
+
+cat > .ssh/config <<EOF
+Host backuphost
+ HostName $TARGET_SSH_HOST
+ Port $TARGET_SSH_PORT
+ User $TARGET_SSH_USER
+EOF
+
+consul kv export > consul_kv_dump.json
+gzip consul_kv_dump.json
+
+rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"
diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl
new file mode 100644
index 0000000..8b5162c
--- /dev/null
+++ b/app/deployment/backup.hcl
@@ -0,0 +1,67 @@
+job "backup_periodic" {
+ datacenters = ["dc1"]
+
+ type = "batch"
+
+ periodic {
+ // Launch every hour
+ cron = "0 * * * * *"
+
+ // Do not allow overlapping runs.
+ prohibit_overlap = true
+ }
+
+ task "backup-consul" {
+ driver = "docker"
+
+ config {
+ image = "lxpz/backup_consul:9"
+ volumes = [
+ "secrets/id_ed25519:/root/.ssh/id_ed25519",
+ "secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
+ "secrets/known_hosts:/root/.ssh/known_hosts"
+ ]
+ network_mode = "host"
+ }
+
+ env {
+ CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
+ }
+
+ template {
+ data = <<EOH
+TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
+TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
+TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
+TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
+EOH
+
+ destination = "secrets/env_vars"
+ env = true
+ }
+
+ template {
+ data = "{{ key \"secrets/backup/id_ed25519\" }}"
+ destination = "secrets/id_ed25519"
+ }
+ template {
+ data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
+ destination = "secrets/id_ed25519.pub"
+ }
+ template {
+ data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
+ destination = "secrets/known_hosts"
+ }
+
+ resources {
+ memory = 200
+ }
+
+ restart {
+ attempts = 2
+ interval = "30m"
+ delay = "15s"
+ mode = "fail"
+ }
+ }
+}