Backup and restore from s3 bucket #3640
Conversation
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
9ddc631
to
d496297
Compare
⛔ Feature branch deployment currently inactive.If the PR is still open, you can add the |
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
d496297
to
a97eebb
Compare
|
Session with @pmattmann showed: |
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
a97eebb
to
e8ccd4c
Compare
|
Redid the implementation now with an image, after #3640 (comment) I will rebase onto devel and update the github actions in the moved workflow files as soon as i have review |
| type: string | ||
| description: | | ||
| The sourceFile of the backup in the bucket to restore, e.g. | ||
| ecamp3-dev/2023-07-17-12-55-33-ecamp3-dev.sql.gz.gpg |
There was a problem hiding this comment.
How will we know what to enter here? Is it possible to mistakenly restore prod on dev this way?
There was a problem hiding this comment.
This is only for dev and pr, and on dev you don't have the access rights and the encryption key to use a prod or staging backup
| @@ -8,3 +8,19 @@ POSTGRES_ADMIN_URL= | |||
| BASIC_AUTH_ENABLED=false | |||
| BASIC_AUTH_USERNAME=test | |||
| BASIC_AUTH_PASSWORD=test | |||
|
|
|||
| BACKUP_SCHEDULE=@hourly | |||
There was a problem hiding this comment.
Is that the default? Isn't that a bit much? One prod backup is around 16MB right now, but on eCamp v2 a prod dump is roughly 1GB.
There was a problem hiding this comment.
This is just if you want to deploy the containers and the helm chart from your local machine.
The problem is shell globbing, which turns your cron expression "2 * * * *" into "2 ...".
But for my tests i even set it to all 3 minutes, because i don't want to wait that long for the job to execute, and i don't leave the deployment up for long.
The prod backup we used on the last hackaton ist 2.4 MB compressed.
| BACKUP_ENCRYPTION_KEY=test | ||
|
|
||
| #RESTORE_SOURCE_FILE=latest | ||
| RESTORE_SOURCE_APP=${instance_name}-1 |
There was a problem hiding this comment.
Can you explain why you chose this value?
There was a problem hiding this comment.
the deploy script also allows to deploy the helm chart multiple times in one go.
That's why the deployment app name is in my case bacluc-1.
But we could also remove the value here, because then it uses the app name generated in the chart
There was a problem hiding this comment.
Did a session with @BacLuc and he was able to answer all my conceptual questions.
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
e8ccd4c
to
960f60b
Compare
|
this was the rebase force push |
sorry, this force push was a fail |
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
960f60b
to
a674d57
Compare
BacLuc
force-pushed
the
backup-and-restore-from-s3-bucket
branch
from
a674d57
to
84eb548
Compare
|
This was the correct rebase force push: https://github.com/ecamp/ecamp3/compare/960f60b958595a31e94aa1b380ddab8f7ca43a43..a674d5722ff7cb0da79d19e39e7da6921b3fa02e And this fixes the comment of @carlobeltrame |
How to create and upload the backup was inspired from here: https://github.com/itbm/postgresql-backup-s3/blob/master/backup.sh
How to encrypt/decrypt de backup was inspired by here: https://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html
To decrypt the backup:
gpg --passphrase=${ENCRYPTION_KEY} --batch -d backup.sql.gz.gpg > backup.sql.gz; gunzip backup.sql.gzChose to use a workflow_dispatch instead of a cronjob to start a little simpler.
Because we need to migrate the database after the restore (because we load old data in a potentially newer codebase),
the restore is implemented with a helm hook.
Please review carefully, because we can only start to test the workflows when they are merged.Could test it thoroughly on my fork: #3478 (comment)
Issue: #3478