Add consul backup with restic
This commit is contained in:
parent
3baa511fce
commit
84b26f347d
|
|
@ -101,7 +101,7 @@ EOH
|
||||||
}
|
}
|
||||||
|
|
||||||
group "backup-consul" {
|
group "backup-consul" {
|
||||||
task "export-kv-store" {
|
task "consul-kv-export" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
lifecycle {
|
lifecycle {
|
||||||
|
|
@ -111,11 +111,15 @@ EOH
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "consul:1.11.2"
|
image = "consul:1.11.2"
|
||||||
|
network_mode = "host"
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
entrypoint = [ "/bin/sh", "-c" ]
|
||||||
NETWORK MODE HOST
|
|
||||||
args = [ "/bin/consul kv export > $NOMAD_ALLOC_DIR/consul.json" ]
|
args = [ "/bin/consul kv export > $NOMAD_ALLOC_DIR/consul.json" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
env {
|
||||||
|
CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
|
||||||
|
}
|
||||||
|
|
||||||
resources {
|
resources {
|
||||||
cpu = 200
|
cpu = 200
|
||||||
memory = 200
|
memory = 200
|
||||||
|
|
@ -129,22 +133,22 @@ EOH
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
task "upload-kv-store" {
|
task "restic-backup" {
|
||||||
driver = "docker"
|
driver = "docker"
|
||||||
|
|
||||||
config {
|
config {
|
||||||
image = "restic/restic:0.12.1"
|
image = "restic/restic:0.12.1"
|
||||||
entrypoint = [ "/bin/sh", "-c" ]
|
entrypoint = [ "/bin/sh", "-c" ]
|
||||||
args = [ "restic backup $NOMAD_ALLOC_DIR && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
|
args = [ "restic backup $NOMAD_ALLOC_DIR/consul.json && restic forget --keep-within 1m1d --keep-within-weekly 3m --keep-within-monthly 1y ; restic prune --max-unused 50% --max-repack-size 2G ; restic check" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
template {
|
template {
|
||||||
data = <<EOH
|
data = <<EOH
|
||||||
AWS_ACCESS_KEY_ID={{ key "secrets/plume/backup_aws_access_key_id" }}
|
AWS_ACCESS_KEY_ID={{ key "secrets/backup/consul/backup_aws_access_key_id" }}
|
||||||
AWS_SECRET_ACCESS_KEY={{ key "secrets/plume/backup_aws_secret_access_key" }}
|
AWS_SECRET_ACCESS_KEY={{ key "secrets/backup/consul/backup_aws_secret_access_key" }}
|
||||||
RESTIC_REPOSITORY={{ key "secrets/plume/backup_restic_repository" }}
|
RESTIC_REPOSITORY={{ key "secrets/backup/consul/backup_restic_repository" }}
|
||||||
RESTIC_PASSWORD={{ key "secrets/plume/backup_restic_password" }}
|
RESTIC_PASSWORD={{ key "secrets/backup/consul/backup_restic_password" }}
|
||||||
EOH
|
EOH
|
||||||
|
|
||||||
destination = "secrets/env_vars"
|
destination = "secrets/env_vars"
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
USER Backup AWS access key ID
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
USER Backup AWS secret access key
|
||||||
1
app/backup/secrets/backup/consul/backup_restic_password
Normal file
1
app/backup/secrets/backup/consul/backup_restic_password
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
USER Restic password to encrypt backups
|
||||||
|
|
@ -0,0 +1 @@
|
||||||
|
USER Restic repository, eg. s3:https://s3.garage.tld
|
||||||
|
|
@ -86,7 +86,7 @@ mc admin policy set deuxfleurs $POLICY_NAME user=${NEW_ACCESS_KEY_ID}
|
||||||
Now it should display *only* your new bucket when running:
|
Now it should display *only* your new bucket when running:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
mc ls backup-user/
|
mc ls $NEW_ACCESS_KEY_ID
|
||||||
```
|
```
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
|
||||||
Reference in a new issue