-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use s3 for backups #432
Use s3 for backups #432
Conversation
export AWS_ACCESS_KEY_ID= | ||
export AWS_SECRET_ACCESS_KEY= |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Required to write or read the bucket
@@ -28,6 +30,7 @@ export DB_BACKUP_DEPLOY_KEY=Tm90IGFjdHVhbGx5IGEgcHJpdmF0ZSBrZXkuLi4g8J+ZhAo= | |||
export DB_BACKUP_SUB_DIR=agimus | |||
export DB_BACKUP_GITHUB_USER= | |||
export DB_BACKUP_GITHUB_EMAIL= | |||
export S3_BUCKET_NAME=aggy-brain-backups |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The bucket needs to already exist otherwise the backups will fail. This bucket does.
@@ -5,7 +5,7 @@ FROM ubuntu:20.04 | |||
RUN rm /bin/sh && ln -s /bin/bash /bin/sh \ | |||
&& apt-get update \ | |||
&& DEBIAN_FRONTEND=noninteractive apt-get install -y \ | |||
curl wget apt-utils python3 python3-pip make build-essential locales openssl git jq tzdata sudo lsb-release mysql-client \ | |||
curl wget apt-utils python3 python3-pip make build-essential locales openssl git jq tzdata sudo lsb-release mysql-client s3cmd \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a handy tool to interact with s3-like APIs.
@@ -17,6 +17,10 @@ help: ## Displays this help dialog (to set repo/fork ownker REPO_OWNWER=[github- | |||
@echo "" | |||
@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) | |||
|
|||
define guard |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will check that a particular environment variable is defined before allowing execution to pass.
@@ -95,50 +99,30 @@ db-seed: ## Reload the database from a file at $DB_SEED_FILEPATH | |||
@docker-compose exec -T app mysql -h$(DB_HOST) -u$(DB_USER) -p$(DB_PASS) <<< "create database FoD;" | |||
@docker-compose exec -T app mysql -h$(DB_HOST) -u$(DB_USER) -p$(DB_PASS) $(DB_NAME) < $(DB_SEED_FILEPATH) | |||
|
|||
DB_DUMP_S3_PREFIX=$(shell date +%Y-%m-%d) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Each backup is stored in a folder like bucket/2023-07-09/
which makes it easier to find the most recent bucket with sort
.
@@ -3,7 +3,6 @@ | |||
class Backups(commands.Cog): | |||
def __init__(self, bot): | |||
self.bot = bot | |||
self.commit_base_url = "https://github.com/Friends-of-DeSoto/database/commit/" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the point of this PR is to stop using the repo, no need to have this.
backup_hashes = run_make_backup() | ||
if not backup_hashes: | ||
await ctx.send(f"Something went wrong with the backup! No databases have been wiped out, I don't think.") | ||
else: | ||
embed = discord.Embed( | ||
title=f"BACKUP {backup_hashes['new']} COMPLETE", | ||
title=f"BACKUP {backup_hashes['backup_name']} COMPLETE", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The backup_name
will be a string like s3://aggy-brain-backups/2023-06-09/bot-dump.sql-1686322965.sql.gz
.
embed.add_field(name="🌟 NEW BACKUP 🌟", value=f"`{backup_hashes['backup_name']}`", inline=False) | ||
embed.add_field(name="Presigned URL (valid 15m) to new backup", value=f"{backup_hashes['url']}", inline=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a new make command to generate a pre-signed URL that allows anyone with the link to access it for 15 minutes so that whoever kicked off the backup can download it. That time limit can always be changed in the Makefile.
set -euo pipefail | ||
IFS=$'\n\t' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
function setupDotEnv() { | ||
if [ -f .env ] | ||
then | ||
set -o allexport; source .env; set +o allexport |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A handy way in bash and zsh to load and export environment variables from a file. source
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me but would still like @mathew-fleisch to give it the official 👍
This slide right off my radar. Is this still something y'all are interested in? If not, I'll close out this PR and tear down the infra. |
Looks good to me, but I'm also not really a devops guy which is why I was checking with Drax. I'll ping him on the Discord as well, but also wanted to ask 2 quick questions:
Once we have it ready to go, you'll also want to bump the version in Thanks for the effort and time on this, much appreciated @magikid! |
Yeah, I have the keys for jp00p but I've also invited all y'all to the team on DigitalOcean. I haven't tested it lately but I think I did because I see backups in the bucket from around the time I opened this. I'll try to find some time to test again. |
This totally reworks how and where database backups are stored. Instead of storing database dumps in a git repo, store them in a DigitalOcean bucket.
be6be3d
to
b9655ed
Compare
Migrated to #532 |
Relates to #431
The infrastructure is managed through terraform cloud in https://github.com/Friends-of-DeSoto/digitalocean-terraform