docker/persistsync/Dockerfile

@@ -0,0 +1,9 @@
+FROM alpine
+MAINTAINER Haiku, Inc <haiku-inc@gmail.com>
+
+RUN apk add --update bash rsync gnupg rsync xz tar
+
+ADD https://dl.minio.io/client/mc/release/linux-amd64/mc /usr/local/bin/mc
+ADD pvsync.sh /usr/local/bin/pvsync
+RUN chmod 755 /usr/local/bin/mc
+RUN mkdir -p /pvs

docker/persistsync/Makefile

@@ -0,0 +1,4 @@
+default:
+	docker build --no-cache --tag docker.io/haiku/persistsync .
+push:
+	docker push docker.io/haiku/persistsync

docker/persistsync/README.md

@@ -0,0 +1,16 @@
+# persistsync
+
+I'm a simple container to backup/restore encrypted persistant volume data to an s3 bucket.
+
+## Usage
+
+### Docker
+**Backup**
+```
+docker run -it -V volume:/pvs/volume docker.io/haiku/persistsync pvsync backup volume s3user s3password encryptionpassword
+```
+
+**Restore**
+```
+docker run -it -V volume:/pvs/volume docker.io/haiku/persistsync pvsync restore volume s3user s3password encryptionpassword
+```

docker/persistsync/pvsync.sh

@@ -0,0 +1,104 @@
+#!/bin/bash
+
+if [[ $# -ne 5 ]]; then
+	echo "Backup / Restore persistant volume data"
+	echo "Usage: $0 [backup|restore] <pv_name> <s3_key> <s3_secret> <gpg_secret>"
+	exit 1
+fi
+
+if ! [ -x "$(command -v mc)" ]; then
+  echo 'Error: mc is not installed.' >&2
+  exit 1
+fi
+
+if ! [ -x "$(command -v gpg)" ]; then
+  echo 'Error: gpg is not installed.' >&2
+  exit 1
+fi
+
+BASE="/pvs"
+ACTION="$1"
+VOLUME="$2"
+S3_NAME="s3remote"
+S3_HOST="http://s3.wasabisys.com"
+S3_BUCKET="persistent-snapshots"
+S3_KEY="$3"
+S3_SECRET="$4"
+SECRET="$5"
+
+if [[ ! -d "$BASE/$VOLUME" ]]; then
+	echo "Error: '$BASE/$VOLUME' isn't present on local container! (pvc not mounted?)"
+	exit 1
+fi
+
+case $ACTION in
+	backup)
+		SNAPSHOT_NAME=${VOLUME}_$(date +"%Y-%m-%d").tar.xz
+		echo "Snapshot ${VOLUME}..."
+		cd $BASE/$VOLUME
+		tar -cvJf /tmp/$SNAPSHOT_NAME *
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted performing snapshot! (tar)"
+			exit 1
+		fi
+		cd /tmp
+		echo $SECRET | gpg --batch --yes --passphrase-fd 0 --symmetric --cipher-algo TWOFISH /tmp/$SNAPSHOT_NAME
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted performing encryption! (gpg)"
+			rm /tmp/$SNAPSHOT_NAME
+			exit 1
+		fi
+		rm /tmp/$SNAPSHOT_NAME
+		mc config host add $S3_NAME $S3_HOST $S3_KEY $S3_SECRET --api "s3v4"
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted configuring s3! (mc)"
+			rm /tmp/$SNAPSHOT_NAME.gpg
+			exit 1
+		fi
+		mc cp /tmp/$SNAPSHOT_NAME.gpg $S3_NAME/$S3_BUCKET/$VOLUME/$SNAPSHOT_NAME.gpg
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted during upload! (mc)"
+			rm /tmp/$SNAPSHOT_NAME.gpg
+			exit 1
+		fi
+		echo "Snapshot of ${VOLUME} completed successfully! ($S3_BUCKET/$VOLUME/$SNAPSHOT_NAME.gpg)"
+		;;
+
+	restore)
+		mc config host add $S3_NAME $S3_HOST $S3_KEY $S3_SECRET --api "s3v4"
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted configuring s3! (mc)"
+			exit 1
+		fi
+		# We assume the latest is at the bottom of the mc ls.
+		# It seems to be true in my testing so far... but this feels sketch
+		LATEST=$(mc ls -q $S3_NAME/$S3_BUCKET/$VOLUME/ | tail -1 | awk '{ print $5 }')
+		echo "Found $LATEST to be the latest snapshot..."
+		mc cp $S3_NAME/$S3_BUCKET/$VOLUME/$LATEST /tmp/$LATEST
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted getting snapshot from s3! (mc)"
+			rm /tmp/$LATEST
+			exit 1
+		fi
+		echo $SECRET | gpg --batch --yes --passphrase-fd 0 -o /tmp/$VOLUME-restore.tar.xz -d /tmp/$LATEST
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted decrypting snapshot! (gpg)"
+			rm /tmp/$LATEST
+			exit 1
+		fi
+		rm /tmp/$LATEST
+		tar -C /pvs/$VOLUME -xvf /tmp/$VOLUME-restore.tar.xz
+		if [[ $? -ne 0 ]]; then
+			echo "Error: Problem encounted extracting snapshot! (tar)"
+			rm /tmp/$VOLUME-restore.tar.xz
+			exit 1
+		fi
+		rm /tmp/$VOLUME-restore.tar.xz
+		echo "Restore of ${VOLUME} completed successfully!"
+		;;
+
+	*)
+		echo "Invalid action provided!"
+		exit 1
+		;;
+esac