-
Notifications
You must be signed in to change notification settings - Fork 48
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Backup and restore from s3 bucket #3640
Conversation
9ddc631
to
d496297
Compare
⛔ Feature branch deployment currently inactive.If the PR is still open, you can add the |
d496297
to
a97eebb
Compare
Session with @pmattmann showed: |
a97eebb
to
e8ccd4c
Compare
Redid the implementation now with an image, after #3640 (comment) I will rebase onto devel and update the github actions in the moved workflow files as soon as i have review |
type: string | ||
description: | | ||
The sourceFile of the backup in the bucket to restore, e.g. | ||
ecamp3-dev/2023-07-17-12-55-33-ecamp3-dev.sql.gz.gpg |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How will we know what to enter here? Is it possible to mistakenly restore prod on dev this way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is only for dev and pr, and on dev you don't have the access rights and the encryption key to use a prod or staging backup
@@ -8,3 +8,19 @@ POSTGRES_ADMIN_URL= | |||
BASIC_AUTH_ENABLED=false | |||
BASIC_AUTH_USERNAME=test | |||
BASIC_AUTH_PASSWORD=test | |||
|
|||
BACKUP_SCHEDULE=@hourly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is that the default? Isn't that a bit much? One prod backup is around 16MB right now, but on eCamp v2 a prod dump is roughly 1GB.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is just if you want to deploy the containers and the helm chart from your local machine.
The problem is shell globbing, which turns your cron expression "2 * * * *" into "2 ...".
But for my tests i even set it to all 3 minutes, because i don't want to wait that long for the job to execute, and i don't leave the deployment up for long.
The prod backup we used on the last hackaton ist 2.4 MB compressed.
BACKUP_ENCRYPTION_KEY=test | ||
|
||
#RESTORE_SOURCE_FILE=latest | ||
RESTORE_SOURCE_APP=${instance_name}-1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why you chose this value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the deploy script also allows to deploy the helm chart multiple times in one go.
That's why the deployment app name is in my case bacluc-1.
But we could also remove the value here, because then it uses the app name generated in the chart
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did a session with @BacLuc and he was able to answer all my conceptual questions.
e8ccd4c
to
960f60b
Compare
this was the rebase force push |
sorry, this force push was a fail |
960f60b
to
a674d57
Compare
a674d57
to
84eb548
Compare
This was the correct rebase force push: https://github.com/ecamp/ecamp3/compare/960f60b958595a31e94aa1b380ddab8f7ca43a43..a674d5722ff7cb0da79d19e39e7da6921b3fa02e And this fixes the comment of @carlobeltrame |
How to create and upload the backup was inspired from here: https://github.com/itbm/postgresql-backup-s3/blob/master/backup.sh
How to encrypt/decrypt de backup was inspired by here: https://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html
To decrypt the backup:
gpg --passphrase=${ENCRYPTION_KEY} --batch -d backup.sql.gz.gpg > backup.sql.gz; gunzip backup.sql.gz
Chose to use a workflow_dispatch instead of a cronjob to start a little simpler.
Because we need to migrate the database after the restore (because we load old data in a potentially newer codebase),
the restore is implemented with a helm hook.
Please review carefully, because we can only start to test the workflows when they are merged.Could test it thoroughly on my fork: #3478 (comment)
Issue: #3478