Update guide

This commit is contained in:
Quentin 2022-01-26 19:31:44 +01:00
parent a68a1e1da7
commit 453b633268

View file

@ -6,7 +6,7 @@ You need to choose some names/identifiers:
export BUCKET_NAME=example export BUCKET_NAME=example
export NEW_ACCESS_KEY_ID=hello export NEW_ACCESS_KEY_ID=hello
export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 60) export NEW_SECRET_ACCESS_KEY=$(openssl rand -base64 32)
export POLICY_NAME="policy-$BUCKET_NAME" export POLICY_NAME="policy-$BUCKET_NAME"
``` ```
@ -22,7 +22,7 @@ Create a new user:
mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY mc admin user add deuxfleurs $NEW_ACCESS_KEY_ID $NEW_SECRET_ACCESS_KEY
``` ```
Add this new user to your `~/.mc/config.json` file Add this new user to your `~/.mc/config.json` file, as `backup-user` for example.
--- ---
@ -53,6 +53,7 @@ cat > /tmp/policy.json <<EOF
} }
] ]
} }
EOF
``` ```
Register it: Register it:
@ -67,4 +68,61 @@ Set it to your user:
mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID} mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
``` ```
Now it should display *only* your new bucket when running:
```bash
mc ls backup-user/
```
---
Now we need to initialize the repository with restic.
```bash
export ENDPOINT="https://garage.tld"
export AWS_ACCESS_KEY_ID=$NEW_ACCESS_KEY_ID
export AWS_SECRET_ACCESS_KEY=$NEW_SECRET_ACCESS_KEY
export RESTIC_REPOSITORY="s3:$ENDPOINT/$BUCKET_NAME"
export RESTIC_PASSWORD=$(openssl rand -base64 32)
```
Then init the repo for restic from your machine:
```
restic init
```
*I am using restic version `restic 0.12.1 compiled with go1.16.9 on linux/amd64`*
See your snapshots with:
```
restic snapshots
```
---
Add the secrets to Consul, near your service secrets.
The idea is that the backuping service is a component of the global running service.
You must add:
- `backup_aws_access_key_id`
- `backup_aws_secret_access_key`
- `backup_aws_endpoint`
- `backup_restic_password`
---
Now we need a service that runs:
```
restic backup .
```
And also that garbage collect snapshots.
I propose:
```
restic forget --prune --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y
```