diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-01-27 16:32:57 +0100 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-01-27 16:32:57 +0100 |
| commit | 3baa511fce2e5731b97cf27a18b18bd2c1af18bc (patch) | |
| tree | 851706ae9e63dcb81a3e7066278c507c8063b47a /op_guide | |
| parent | 00d7106a18b8ab27910b04bfabb0bb5bb0d4fd00 (diff) | |
| download | infrastructure-3baa511fce2e5731b97cf27a18b18bd2c1af18bc.tar.gz infrastructure-3baa511fce2e5731b97cf27a18b18bd2c1af18bc.zip | |
Plume backup + WIP consul
Diffstat (limited to 'op_guide')
| -rw-r--r-- | op_guide/backup_minio/README.md | 56 |
1 files changed, 46 insertions, 10 deletions
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md index 31194e5..b67e42a 100644 --- a/op_guide/backup_minio/README.md +++ b/op_guide/backup_minio/README.md @@ -3,9 +3,12 @@ Add the admin account as `deuxfleurs` to your `~/.mc/config` file You need to choose some names/identifiers: ```bash -export BUCKET_NAME=example -export NEW_ACCESS_KEY_ID=hello +export ENDPOINT="https://s3.garage.tld" +export SERVICE_NAME="example" + +export BUCKET_NAME="backups-${SERVICE_NAME}" +export NEW_ACCESS_KEY_ID="key-${SERVICE_NAME}" export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 32) export POLICY_NAME="policy-$BUCKET_NAME" ``` @@ -22,7 +25,19 @@ Create a new user: mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY ``` -Add this new user to your `~/.mc/config.json` file, as `backup-user` for example. +Add this new user to your `~/.mc/config.json`, run this command before to generate the snippet to copy/paste: + +``` +cat > /dev/stdout <<EOF +"$NEW_ACCESS_KEY_ID": { + "url": "$ENDPOINT", + "accessKey": "$NEW_ACCESS_KEY_ID", + "secretKey": "$NEW_SECRET_ACCESS_KEY", + "api": "S3v4", + "path": "auto" +}, +EOF +``` --- @@ -79,8 +94,6 @@ mc ls backup-user/ Now we need to initialize the repository with restic. ```bash -export ENDPOINT="https://garage.tld" - export AWS_ACCESS_KEY_ID=$NEW_ACCESS_KEY_ID export AWS_SECRET_ACCESS_KEY=$NEW_SECRET_ACCESS_KEY export RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME" @@ -101,16 +114,39 @@ See your snapshots with: restic snapshots ``` +Check also these useful commands: + +``` +restic ls +restic diff +restic help +``` + --- Add the secrets to Consul, near your service secrets. The idea is that the backuping service is a component of the global running service. -You must add: - - `backup_aws_access_key_id` - - `backup_aws_secret_access_key` - - `backup_restic_repository` - - `backup_restic_password` +You must run in `app/<name>/secrets/<subpath>`: + +```bash +echo "USER Backup AWS access key ID" > backup_aws_access_key_id +echo "USER Backup AWS secret access key" > backup_aws_secret_access_key +echo "USER Restic repository, eg. s3:https://s3.garage.tld" > backup_restic_repository +echo "USER Restic password to encrypt backups" > backup_restic_password +``` + +Then run secretmgr: +```bash +# Spawning a nix shell is an easy way to get all the dependencies you need +nix-shell + +# Check that secretmgr works for you +python3 secretmgr.py check <name> + +# Now interactively feed the secrets +python3 secretmgr.py gen <name> +``` --- |