diff options
Diffstat (limited to 'op_guide/backup_minio')
-rw-r--r-- | op_guide/backup_minio/README.md | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/op_guide/backup_minio/README.md b/op_guide/backup_minio/README.md index 9e1fb62..7084498 100644 --- a/op_guide/backup_minio/README.md +++ b/op_guide/backup_minio/README.md @@ -6,7 +6,7 @@ You need to choose some names/identifiers: export BUCKET_NAME=example export NEW_ACCESS_KEY_ID=hello -export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60) +export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 32) export POLICY_NAME="policy-$BUCKET_NAME" ``` @@ -22,7 +22,7 @@ Create a new user: mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY ``` -Add this new user to your `~/.mc/config.json` file +Add this new user to your `~/.mc/config.json` file, as `backup-user` for example. --- @@ -53,6 +53,7 @@ cat > /tmp/policy.json <<EOF } ] } +EOF ``` Register it: @@ -67,4 +68,61 @@ Set it to your user: mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID} ``` +Now it should display *only* your new bucket when running: +```bash +mc ls backup-user/ +``` + +--- + +Now we need to initialize the repository with restic. + +```bash +export ENDPOINT="https://garage.tld" + +export AWS_ACCESS_KEY_ID=$NEW_ACCESS_KEY_ID +export AWS_SECRET_ACCESS_KEY=$NEW_SECRET_ACCESS_KEY +export RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME" +export RESTIC_PASSWORD=$(openssl rand -base64 32) +``` + +Then init the repo for restic from your machine: + +``` +restic init +``` + +*I am using restic version `restic 0.12.1 compiled with go1.16.9 on linux/amd64`* + +See your snapshots with: + +``` +restic snapshots +``` + +--- + +Add the secrets to Consul, near your service secrets. +The idea is that the backuping service is a component of the global running service. +You must add: + - `backup_aws_access_key_id` + - `backup_aws_secret_access_key` + - `backup_aws_endpoint` + - `backup_restic_password` + + +--- + +Now we need a service that runs: + +``` +restic backup . +``` + +And also that garbage collect snapshots. +I propose: + +``` +restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y +``` |