From e2a0c40e6bf3919e6cef6ed1789251b30367dc11 Mon Sep 17 00:00:00 2001
From: Alex Auvolat <alex@adnab.me>
Date: Sun, 15 Nov 2020 19:27:57 +0100
Subject: [PATCH] Script to backup Consul KV store

---
 app/build/backup-consul/Dockerfile   | 21 +++++++++
 app/build/backup-consul/do_backup.sh | 19 ++++++++
 app/deployment/backup.hcl            | 67 ++++++++++++++++++++++++++++
 3 files changed, 107 insertions(+)
 create mode 100644 app/build/backup-consul/Dockerfile
 create mode 100755 app/build/backup-consul/do_backup.sh
 create mode 100644 app/deployment/backup.hcl

diff --git a/app/build/backup-consul/Dockerfile b/app/build/backup-consul/Dockerfile
new file mode 100644
index 0000000..ff052bf
--- /dev/null
+++ b/app/build/backup-consul/Dockerfile
@@ -0,0 +1,21 @@
+FROM amd64/debian:buster
+
+RUN apt-get update && \
+	apt-get -qq -y full-upgrade && \
+	apt-get install -y rsync wget openssh-client unzip && \
+	apt-get clean && \
+	rm -f /var/lib/apt/lists/*_*
+
+RUN mkdir -p /root/.ssh
+WORKDIR /root
+
+RUN wget https://releases.hashicorp.com/consul/1.8.5/consul_1.8.5_linux_amd64.zip && \
+	unzip consul_1.8.5_linux_amd64.zip && \
+	chmod +x consul && \
+	mv consul /usr/local/bin && \
+	rm consul_1.8.5_linux_amd64.zip
+
+COPY do_backup.sh /root/do_backup.sh
+
+CMD "/root/do_backup.sh"
+
diff --git a/app/build/backup-consul/do_backup.sh b/app/build/backup-consul/do_backup.sh
new file mode 100755
index 0000000..049c998
--- /dev/null
+++ b/app/build/backup-consul/do_backup.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -x -e
+
+cd /root
+
+chmod 0600 .ssh/id_ed25519
+
+cat > .ssh/config <<EOF
+Host backuphost
+	HostName $TARGET_SSH_HOST
+	Port $TARGET_SSH_PORT
+	User $TARGET_SSH_USER
+EOF
+
+consul kv export > consul_kv_dump.json
+gzip consul_kv_dump.json
+
+rsync -vvvz --progress consul_kv_dump.json.gz "backuphost:$TARGET_SSH_DIR/consul/"
diff --git a/app/deployment/backup.hcl b/app/deployment/backup.hcl
new file mode 100644
index 0000000..8b5162c
--- /dev/null
+++ b/app/deployment/backup.hcl
@@ -0,0 +1,67 @@
+job "backup_periodic" {
+	datacenters = ["dc1"]
+
+	type = "batch"
+
+	periodic {
+	  // Launch every hour
+	  cron = "0 * * * * *"
+
+	  // Do not allow overlapping runs.
+	  prohibit_overlap = true
+	}
+
+	task "backup-consul" {
+		driver = "docker"
+
+			config {
+				image = "lxpz/backup_consul:9"
+				volumes = [
+					"secrets/id_ed25519:/root/.ssh/id_ed25519",
+					"secrets/id_ed25519.pub:/root/.ssh/id_ed25519.pub",
+					"secrets/known_hosts:/root/.ssh/known_hosts"
+				]
+				network_mode = "host"
+			}
+
+		env {
+			CONSUL_HTTP_ADDR = "http://consul.service.2.cluster.deuxfleurs.fr:8500"
+		}
+
+		template {
+			data = <<EOH
+TARGET_SSH_USER={{ key "secrets/backup/target_ssh_user" }}
+TARGET_SSH_PORT={{ key "secrets/backup/target_ssh_port" }}
+TARGET_SSH_HOST={{ key "secrets/backup/target_ssh_host" }}
+TARGET_SSH_DIR={{ key "secrets/backup/target_ssh_dir" }}
+EOH
+
+			destination = "secrets/env_vars"
+			env = true
+		}
+
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519\" }}"
+			destination = "secrets/id_ed25519"
+		}
+		template {
+			data = "{{ key \"secrets/backup/id_ed25519.pub\" }}"
+			destination = "secrets/id_ed25519.pub"
+		}
+		template {
+			data = "{{ key \"secrets/backup/target_ssh_fingerprint\" }}"
+			destination = "secrets/known_hosts"
+		}
+
+		resources {
+			memory = 200
+		}
+
+		restart {
+			attempts = 2
+			interval = "30m"
+			delay = "15s"
+			mode = "fail"
+		}
+	}
+}