aboutsummaryrefslogtreecommitdiff
path: root/op_guide/backup_minio
diff options
context:
space:
mode:
Diffstat (limited to 'op_guide/backup_minio')
-rw-r--r--op_guide/backup_minio/README.md62
1 files changed, 60 insertions, 2 deletions
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md
index 9e1fb62..7084498 100644
--- a/op_guide/backup_minio/README.md
+++ b/op_guide/backup_minio/README.md
@@ -6,7 +6,7 @@ You need to choose some names/identifiers:
export BUCKET_NAME=example
export NEW_ACCESS_KEY_ID=hello
-export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60)
+export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 32)
export POLICY_NAME="policy-$BUCKET_NAME"
```
@@ -22,7 +22,7 @@ Create a new user:
mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
```
-Add this new user to your `~/.mc/config.json` file
+Add this new user to your `~/.mc/config.json` file, as `backup-user` for example.
---
@@ -53,6 +53,7 @@ cat > /tmp/policy.json <<EOF
}
]
}
+EOF
```
Register it:
@@ -67,4 +68,61 @@ Set it to your user:
mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
```
+Now it should display *only* your new bucket when running:
+```bash
+mc ls backup-user/
+```
+
+---
+
+Now we need to initialize the repository with restic.
+
+```bash
+export ENDPOINT="https://garage.tld"
+
+export AWS_ACCESS_KEY_ID=$NEW_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY=$NEW_SECRET_ACCESS_KEY
+export RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME"
+export RESTIC_PASSWORD=$(openssl rand -base64 32)
+```
+
+Then init the repo for restic from your machine:
+
+```
+restic init
+```
+
+*I am using restic version `restic 0.12.1 compiled with go1.16.9 on linux/amd64`*
+
+See your snapshots with:
+
+```
+restic snapshots
+```
+
+---
+
+Add the secrets to Consul, near your service secrets.
+The idea is that the backuping service is a component of the global running service.
+You must add:
+ - `backup_aws_access_key_id`
+ - `backup_aws_secret_access_key`
+ - `backup_aws_endpoint`
+ - `backup_restic_password`
+
+
+---
+
+Now we need a service that runs:
+
+```
+restic backup .
+```
+
+And also that garbage collect snapshots.
+I propose:
+
+```
+restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
+```