Merge pull request #207 from SUNET/jocar-mastodon-backup

Backup Mastodon to baas2
SUNET · Oct 22, 2024 · b959106 · b959106
2 parents ab60124 + 51b444e
commit b959106
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 3 deletions.
diff --git a/manifests/mastodon/backend.pp b/manifests/mastodon/backend.pp
@@ -1,8 +1,9 @@
 # mastodon web server
 class sunet::mastodon::backend(
-  String $db_name                  = 'postgres',
-  String $db_user                  = 'postgres',
-  String $interface                = 'ens3',
+  String $db_name                        = 'postgres',
+  String $db_user                        = 'postgres',
+  String $interface                      = 'ens3',
+  Variant[String, Undef] $baas2_nodename = undef,
 ) {
   # Must set in hiera eyaml
   $db_pass=safe_hiera('db_pass')
@@ -51,4 +52,44 @@
     }
   }
 
+  if ($baas2_nodename) {
+    ensure_resource('class','sunet::baas2', {
+      nodename    => $baas2_nodename,
+      backup_dirs => [
+        '/opt/backups/',
+      ]
+    })
+
+    # Clean up old backup job
+    cron { 'run_backups':
+      ensure  => 'absent',
+      command => '/opt/scripts/backup.sh',
+      user    => 'root',
+      minute  => '31',
+      hour    => '*',
+    }
+    file { '/opt/scripts/backup.sh':
+      ensure  => 'absent',
+    }
+    #
+
+    file { '/opt/mastodon_backend/scripts':
+      ensure => directory,
+    }
+    file { '/opt/mastodon_backend/scripts/backup.sh':
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0700',
+      content => template('sunet/mastodon/backend/backup.erb.sh'),
+    }
+
+    sunet::scriptherder::cronjob { 'backup2baas':
+      cmd           => '/opt/mastodon_backend/scripts/backup.sh',
+      minute        => '31',
+      ok_criteria   => ['exit_status=0', 'max_age=2h'],
+      warn_criteria => ['exit_status=1', 'max_age=5h'],
+    }
+  }
+
 }
diff --git a/templates/mastodon/backend/backup.erb.sh b/templates/mastodon/backend/backup.erb.sh
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -eou pipefail
+
+backupdir=/opt/backups
+backuptime=$(date +%Y-%m-%d.%H)
+localretentiondays=15
+
+# Steal credentials of off docker containers env, used in connection string below
+# DOCKER_PG_LLVM_DEPS contains multiple values with tab(?) as delimiter…
+# shellcheck disable=SC1090
+source <(docker exec -u postgres postgres env | grep -v DOCKER_PG_LLVM_DEPS)
+
+mkdir -p "${backupdir}"/{postgres,redis}
+
+docker exec postgres pg_dumpall --clean --if-exists --no-password \
+        --dbname "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost" \
+       | gzip > "${backupdir}/postgres/postgres-${backuptime}.sql.gz"
+
+cp /opt/mastodon_backend/redis/dump.rdb "${backupdir}/redis/redis-${backuptime}.rdb"
+
+# Send away the dumped files
+/usr/bin/dsmc backup
+
+find "${backupdir}/postgres" -mtime +${localretentiondays} -exec rm {} \;
+find "${backupdir}/redis" -mtime +${localretentiondays} -exec rm {} \;
+
+# Only store one dump per day for files older then yesterday
+while IFS= read -r -d '' file
+do
+  oclock=$(echo "$file" | cut -d . -f 2)
+  if [ "${oclock}x" != "00x" ]; then
+    rm "$file"
+  fi
+
+done < <(find /opt/backups/ -type -f -mtime +1 -name -print0)