diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-01-27 16:56:02 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-01-27 16:56:02 +0100 |
commit | 84b26f347d5425fcb401a54c57c9fa034796c3f4 (patch) | |
tree | 9373e9db66ad7f705fcd547b5bc2fb989d56372d | |
parent | 3baa511fce2e5731b97cf27a18b18bd2c1af18bc (diff) | |
download | infrastructure-84b26f347d5425fcb401a54c57c9fa034796c3f4.tar.gz infrastructure-84b26f347d5425fcb401a54c57c9fa034796c3f4.zip |
Add consul backup with restic
6 files changed, 17 insertions, 9 deletions
diff --git a/app/backup/deploy/backup-daily.hcl b/app/backup/deploy/backup-daily.hcl index ef9b219..f95882f 100644 --- a/app/backup/deploy/backup-daily.hcl +++ b/app/backup/deploy/backup-daily.hcl @@ -101,7 +101,7 @@ EOH } group "backup-consul" { - task "export-kv-store" { + task "consul-kv-export" { driver = "docker" lifecycle { @@ -111,11 +111,15 @@ EOH config { image = "consul:1.11.2" + network_mode = "host" entrypoint = [ "/bin/sh", "-c" ] - NETWORK MODE HOST args = [ "/bin/consul kv export > $NOMAD_ALLOC_DIR/consul.json" ] } + env { + CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500" + } + resources { cpu = 200 memory = 200 @@ -129,22 +133,22 @@ EOH } } - task "upload-kv-store" { + task "restic-backup" { driver = "docker" config { image = "restic/restic:0.12.1" entrypoint = [ "/bin/sh", "-c" ] - args = [ "restic backup $NOMAD_ALLOC_DIR && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ] + args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ] } template { data = <<EOH -AWS_ACCESS_KEY_ID={{ key "secrets/plume/backup_aws_access_key_id" }} -AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/backup_aws_secret_access_key" }} -RESTIC_REPOSITORY={{ key "secrets/plume/backup_restic_repository" }} -RESTIC_PASSWORD={{ key "secrets/plume/backup_restic_password" }} +AWS_ACCESS_KEY_ID={{ key "secrets/backup/consul/backup_aws_access_key_id" }} +AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/consul/backup_aws_secret_access_key" }} +RESTIC_REPOSITORY={{ key "secrets/backup/consul/backup_restic_repository" }} +RESTIC_PASSWORD={{ key "secrets/backup/consul/backup_restic_password" }} EOH destination = "secrets/env_vars" diff --git a/app/backup/secrets/backup/consul/backup_aws_access_key_id b/app/backup/secrets/backup/consul/backup_aws_access_key_id new file mode 100644 index 0000000..9235e53 --- /dev/null +++ b/app/backup/secrets/backup/consul/backup_aws_access_key_id @@ -0,0 +1 @@ +USER Backup AWS access key ID diff --git a/app/backup/secrets/backup/consul/backup_aws_secret_access_key b/app/backup/secrets/backup/consul/backup_aws_secret_access_key new file mode 100644 index 0000000..f34677e --- /dev/null +++ b/app/backup/secrets/backup/consul/backup_aws_secret_access_key @@ -0,0 +1 @@ +USER Backup AWS secret access key diff --git a/app/backup/secrets/backup/consul/backup_restic_password b/app/backup/secrets/backup/consul/backup_restic_password new file mode 100644 index 0000000..fbaa5fa --- /dev/null +++ b/app/backup/secrets/backup/consul/backup_restic_password @@ -0,0 +1 @@ +USER Restic password to encrypt backups diff --git a/app/backup/secrets/backup/consul/backup_restic_repository b/app/backup/secrets/backup/consul/backup_restic_repository new file mode 100644 index 0000000..3f6cb93 --- /dev/null +++ b/app/backup/secrets/backup/consul/backup_restic_repository @@ -0,0 +1 @@ +USER Restic repository, eg. s3:https://s3.garage.tld diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md index b67e42a..a7576c0 100644 --- a/op_guide/backup_minio/README.md +++ b/op_guide/backup_minio/README.md @@ -86,7 +86,7 @@ mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID} Now it should display *only* your new bucket when running: ```bash -mc ls backup-user/ +mc ls $NEW_ACCESS_KEY_ID ``` --- |