aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorQuentin Dufour <quentin@deuxfleurs.fr>2022-01-27 16:56:02 +0100
committerQuentin Dufour <quentin@deuxfleurs.fr>2022-01-27 16:56:02 +0100
commit84b26f347d5425fcb401a54c57c9fa034796c3f4 (patch)
tree9373e9db66ad7f705fcd547b5bc2fb989d56372d
parent3baa511fce2e5731b97cf27a18b18bd2c1af18bc (diff)
downloadinfrastructure-84b26f347d5425fcb401a54c57c9fa034796c3f4.tar.gz
infrastructure-84b26f347d5425fcb401a54c57c9fa034796c3f4.zip
Add consul backup with restic
-rw-r--r--app/backup/deploy/backup-daily.hcl20
-rw-r--r--app/backup/secrets/backup/consul/backup_aws_access_key_id1
-rw-r--r--app/backup/secrets/backup/consul/backup_aws_secret_access_key1
-rw-r--r--app/backup/secrets/backup/consul/backup_restic_password1
-rw-r--r--app/backup/secrets/backup/consul/backup_restic_repository1
-rw-r--r--op_guide/backup_minio/README.md2
6 files changed, 17 insertions, 9 deletions
diff --git a/app/backup/deploy/backup-daily.hcl b/app/backup/deploy/backup-daily.hcl
index ef9b219..f95882f 100644
--- a/app/backup/deploy/backup-daily.hcl
+++ b/app/backup/deploy/backup-daily.hcl
@@ -101,7 +101,7 @@ EOH
}
group "backup-consul" {
- task "export-kv-store" {
+ task "consul-kv-export" {
driver = "docker"
lifecycle {
@@ -111,11 +111,15 @@ EOH
config {
image = "consul:1.11.2"
+ network_mode = "host"
entrypoint = [ "/bin/sh", "-c" ]
- NETWORK MODE HOST
args = [ "/bin/consul kv export > $NOMAD_ALLOC_DIR/consul.json" ]
}
+ env {
+ CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
+ }
+
resources {
cpu = 200
memory = 200
@@ -129,22 +133,22 @@ EOH
}
}
- task "upload-kv-store" {
+ task "restic-backup" {
driver = "docker"
config {
image = "restic/restic:0.12.1"
entrypoint = [ "/bin/sh", "-c" ]
- args = [ "restic backup $NOMAD_ALLOC_DIR && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
+ args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
}
template {
data = <<EOH
-AWS_ACCESS_KEY_ID={{ key "secrets/plume/backup_aws_access_key_id" }}
-AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/backup_aws_secret_access_key" }}
-RESTIC_REPOSITORY={{ key "secrets/plume/backup_restic_repository" }}
-RESTIC_PASSWORD={{ key "secrets/plume/backup_restic_password" }}
+AWS_ACCESS_KEY_ID={{ key "secrets/backup/consul/backup_aws_access_key_id" }}
+AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/consul/backup_aws_secret_access_key" }}
+RESTIC_REPOSITORY={{ key "secrets/backup/consul/backup_restic_repository" }}
+RESTIC_PASSWORD={{ key "secrets/backup/consul/backup_restic_password" }}
EOH
destination = "secrets/env_vars"
diff --git a/app/backup/secrets/backup/consul/backup_aws_access_key_id b/app/backup/secrets/backup/consul/backup_aws_access_key_id
new file mode 100644
index 0000000..9235e53
--- /dev/null
+++ b/app/backup/secrets/backup/consul/backup_aws_access_key_id
@@ -0,0 +1 @@
+USER Backup AWS access key ID
diff --git a/app/backup/secrets/backup/consul/backup_aws_secret_access_key b/app/backup/secrets/backup/consul/backup_aws_secret_access_key
new file mode 100644
index 0000000..f34677e
--- /dev/null
+++ b/app/backup/secrets/backup/consul/backup_aws_secret_access_key
@@ -0,0 +1 @@
+USER Backup AWS secret access key
diff --git a/app/backup/secrets/backup/consul/backup_restic_password b/app/backup/secrets/backup/consul/backup_restic_password
new file mode 100644
index 0000000..fbaa5fa
--- /dev/null
+++ b/app/backup/secrets/backup/consul/backup_restic_password
@@ -0,0 +1 @@
+USER Restic password to encrypt backups
diff --git a/app/backup/secrets/backup/consul/backup_restic_repository b/app/backup/secrets/backup/consul/backup_restic_repository
new file mode 100644
index 0000000..3f6cb93
--- /dev/null
+++ b/app/backup/secrets/backup/consul/backup_restic_repository
@@ -0,0 +1 @@
+USER Restic repository, eg. s3:https://s3.garage.tld
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md
index b67e42a..a7576c0 100644
--- a/op_guide/backup_minio/README.md
+++ b/op_guide/backup_minio/README.md
@@ -86,7 +86,7 @@ mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
Now it should display *only* your new bucket when running:
```bash
-mc ls backup-user/
+mc ls $NEW_ACCESS_KEY_ID
```
---