jkaninda/pg-bkup
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

Fix encryption permission issue on Openshift

Browse Source
This commit is contained in:
Jonas Kaninda
2024-08-14 21:30:29 +02:00
parent 8339f19de9
commit 278c4685cf
5 changed files with 73 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
README.md
View File

@@ -79,59 +79,61 @@ networks:
``` ```
## Deploy on Kubernetes ## Deploy on Kubernetes
For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as CronJob. For Kubernetes, you don't need to run it in scheduled mode. You can deploy it as Job or CronJob.
### Simple Kubernetes CronJob usage: ### Simple Kubernetes backup Job :
```yaml ```yaml
apiVersion: batch/v1 apiVersion: batch/v1
kind: CronJob kind: Job
metadata: metadata:
name: backup-job name: backup
spec: spec:
schedule: "0 1 * * *" template:
jobTemplate:
spec: spec:
template: containers:
spec: - name: pg-bkup
containers: # In production, it is advised to lock your image tag to a proper
- name: pg-bkup # release version instead of using `latest`.
# In production, it is advised to lock your image tag to a proper # Check https://github.com/jkaninda/pg-bkup/releases
# release version instead of using `latest`. # for a list of available releases.
# Check https://github.com/jkaninda/pg-bkup/releases image: jkaninda/pg-bkup
# for a list of available releases. command:
image: jkaninda/pg-bkup - bkup
command: - backup
- bkup - --storage
- backup - ssh
- --storage - --disable-compression
- s3 resources:
- --disable-compression limits:
env: memory: "128Mi"
- name: DB_PORT cpu: "500m"
value: "5432" env:
- name: DB_HOST - name: DB_PORT
value: "" value: "5432"
- name: DB_NAME - name: DB_HOST
value: "" value: ""
- name: DB_USERNAME - name: DB_NAME
value: "" value: "dbname"
# Please use secret! - name: DB_USERNAME
- name: DB_PASSWORD value: "postgres"
value: "" # Please use secret!
- name: AWS_S3_ENDPOINT - name: DB_PASSWORD
value: "https://s3.amazonaws.com" value: ""
- name: AWS_S3_BUCKET_NAME - name: SSH_HOST_NAME
value: "xxx" value: "xxx"
- name: AWS_REGION - name: SSH_PORT
value: "us-west-2" value: "22"
- name: AWS_ACCESS_KEY - name: SSH_USER
value: "xxxx" value: "xxx"
- name: AWS_SECRET_KEY - name: SSH_PASSWORD
value: "xxxx" value: "xxxx"
- name: AWS_DISABLE_SSL - name: SSH_REMOTE_PATH
value: "false" value: "/home/toto/backup"
restartPolicy: Never # Optional, required if you want to encrypt your backup
- name: GPG_PASSPHRASE
value: "xxxx"
restartPolicy: Never
``` ```
## Available image registries ## Available image registries

26
docker/Dockerfile
View File

@@ -31,7 +31,9 @@ ENV SSH_HOST_NAME=""
ENV SSH_IDENTIFY_FILE="" ENV SSH_IDENTIFY_FILE=""
ENV SSH_PORT="22" ENV SSH_PORT="22"
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ENV VERSION="v1.2.1" ENV VERSION="v1.2.2"
ENV BACKUP_CRON_EXPRESSION=""
ENV GNUPGHOME="/tmp/gnupg"
ARG WORKDIR="/app" ARG WORKDIR="/app"
ARG BACKUPDIR="/backup" ARG BACKUPDIR="/backup"
ARG BACKUP_TMP_DIR="/tmp/backup" ARG BACKUP_TMP_DIR="/tmp/backup"
@@ -41,21 +43,23 @@ LABEL author="Jonas Kaninda"
RUN apt-get update -qq RUN apt-get update -qq
RUN apt install postgresql-client postgresql-client-common supervisor cron gnupg -y RUN apt install postgresql-client supervisor cron gnupg -y
# Clear cache # Clear cache
RUN apt-get clean && rm -rf /var/lib/apt/lists/* RUN apt-get clean && rm -rf /var/lib/apt/lists/*
RUN mkdir $WORKDIR RUN mkdir $WORKDIR
RUN mkdir $BACKUPDIR RUN mkdir $BACKUPDIR
RUN mkdir -p $BACKUP_TMP_DIR RUN mkdir -p $BACKUP_TMP_DIR && \
mkdir -p $GNUPGHOME
RUN chmod 777 $WORKDIR RUN chmod 777 $WORKDIR
RUN chmod 777 $BACKUPDIR RUN chmod 777 $BACKUPDIR
RUN chmod 777 $BACKUP_TMP_DIR RUN chmod 777 $BACKUP_TMP_DIR
RUN touch $BACKUP_CRON && \ RUN touch $BACKUP_CRON && \
touch $BACKUP_CRON_SCRIPT && \ touch $BACKUP_CRON_SCRIPT && \
chmod 777 $BACKUP_CRON && \ chmod 777 $BACKUP_CRON && \
chmod 777 $BACKUP_CRON_SCRIPT chmod 777 $BACKUP_CRON_SCRIPT && \
chmod 777 $GNUPGHOME
COPY --from=build /app/pg-bkup /usr/local/bin/pg-bkup COPY --from=build /app/pg-bkup /usr/local/bin/pg-bkup
RUN chmod +x /usr/local/bin/pg-bkup RUN chmod +x /usr/local/bin/pg-bkup
@@ -65,4 +69,18 @@ RUN ln -s /usr/local/bin/pg-bkup /usr/local/bin/bkup
ADD docker/supervisord.conf /etc/supervisor/supervisord.conf ADD docker/supervisord.conf /etc/supervisor/supervisord.conf
WORKDIR $WORKDIR WORKDIR $WORKDIR
# Create backup shell script
COPY <<EOF /usr/local/bin/backup
#!/bin/sh
# shellcheck disable=SC2068
/usr/local/bin/pg-bkup backup $@
EOF
# Create restore shell script
COPY <<EOF /usr/local/bin/restore
#!/bin/sh
# shellcheck disable=SC2068
/usr/local/bin/pg-bkup restore $@
EOF
RUN chmod +x /usr/local/bin/backup && \
chmod +x /usr/local/bin/restore
ENTRYPOINT ["/usr/local/bin/pg-bkup"] ENTRYPOINT ["/usr/local/bin/pg-bkup"]

4
pkg/backup.go
View File

@@ -22,7 +22,7 @@ func StartBackup(cmd *cobra.Command) {
utils.SetEnv("STORAGE_PATH", storagePath) utils.SetEnv("STORAGE_PATH", storagePath)
utils.GetEnv(cmd, "dbname", "DB_NAME") utils.GetEnv(cmd, "dbname", "DB_NAME")
utils.GetEnv(cmd, "port", "DB_PORT") utils.GetEnv(cmd, "port", "DB_PORT")
utils.GetEnv(cmd, "period", "SCHEDULE_PERIOD") utils.GetEnv(cmd, "period", "BACKUP_CRON_EXPRESSION")
//Get flag value and set env //Get flag value and set env
remotePath := utils.GetEnv(cmd, "path", "SSH_REMOTE_PATH") remotePath := utils.GetEnv(cmd, "path", "SSH_REMOTE_PATH")
@@ -77,7 +77,7 @@ func scheduledMode(storage string) {
fmt.Println(" Starting PostgreSQL Bkup... ") fmt.Println(" Starting PostgreSQL Bkup... ")
fmt.Println("***********************************") fmt.Println("***********************************")
utils.Info("Running in Scheduled mode") utils.Info("Running in Scheduled mode")
utils.Info("Execution period %s ", os.Getenv("SCHEDULE_PERIOD")) utils.Info("Execution period %s ", os.Getenv("BACKUP_CRON_EXPRESSION"))
utils.Info("Storage type %s ", storage) utils.Info("Storage type %s ", storage)
//Test database connexion //Test database connexion

2
pkg/scripts.go
View File

@@ -56,7 +56,7 @@ set -e
} }
cronContent := fmt.Sprintf(`%s root exec /bin/bash -c ". /run/supervisord.env; /usr/local/bin/backup_cron.sh >> %s" cronContent := fmt.Sprintf(`%s root exec /bin/bash -c ". /run/supervisord.env; /usr/local/bin/backup_cron.sh >> %s"
`, os.Getenv("SCHEDULE_PERIOD"), cronLogFile) `, os.Getenv("BACKUP_CRON_EXPRESSION"), cronLogFile)
if err := utils.WriteToFile(cronJob, cronContent); err != nil { if err := utils.WriteToFile(cronJob, cronContent); err != nil {
utils.Fatal("Error writing to %s: %v\n", cronJob, err) utils.Fatal("Error writing to %s: %v\n", cronJob, err)

8
scripts/backup_script.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
DB_USERNAME='db_username'
DB_PASSWORD='password'
DB_HOST='db_hostname'
DB_NAME='db_name'
BACKUP_DIR="$PWD/backup"
docker run --rm --name pg-bkup -v $BACKUP_DIR:/backup/ -e "DB_HOST=$DB_HOST" -e "DB_USERNAME=$DB_USERNAME" -e "DB_PASSWORD=$DB_PASSWORD" jkaninda/pg-bkup bkup backup -d $DB_NAME