Use s3 for backups #432
Use s3 for backups #432
Conversation
| export AWS_ACCESS_KEY_ID= | ||
| export AWS_SECRET_ACCESS_KEY= |
There was a problem hiding this comment.
Required to write or read the bucket
| @@ -28,6 +30,7 @@ export DB_BACKUP_DEPLOY_KEY=Tm90IGFjdHVhbGx5IGEgcHJpdmF0ZSBrZXkuLi4g8J+ZhAo= | |||
| export DB_BACKUP_SUB_DIR=agimus | |||
| export DB_BACKUP_GITHUB_USER= | |||
| export DB_BACKUP_GITHUB_EMAIL= | |||
| export S3_BUCKET_NAME=aggy-brain-backups | |||
There was a problem hiding this comment.
The bucket needs to already exist otherwise the backups will fail. This bucket does.
| @@ -5,7 +5,7 @@ FROM ubuntu:20.04 | |||
| RUN rm /bin/sh && ln -s /bin/bash /bin/sh \ | |||
| && apt-get update \ | |||
| && DEBIAN_FRONTEND=noninteractive apt-get install -y \ | |||
| curl wget apt-utils python3 python3-pip make build-essential locales openssl git jq tzdata sudo lsb-release mysql-client \ | |||
| curl wget apt-utils python3 python3-pip make build-essential locales openssl git jq tzdata sudo lsb-release mysql-client s3cmd \ | |||
There was a problem hiding this comment.
This is a handy tool to interact with s3-like APIs.
| @@ -17,6 +17,10 @@ help: ## Displays this help dialog (to set repo/fork ownker REPO_OWNWER=[github- | |||
| @echo "" | |||
| @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf " \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST) | |||
|
|
|||
| define guard | |||
There was a problem hiding this comment.
This will check that a particular environment variable is defined before allowing execution to pass.
| @@ -95,50 +99,30 @@ db-seed: ## Reload the database from a file at $DB_SEED_FILEPATH | |||
| @docker-compose exec -T app mysql -h$(DB_HOST) -u$(DB_USER) -p$(DB_PASS) <<< "create database FoD;" | |||
| @docker-compose exec -T app mysql -h$(DB_HOST) -u$(DB_USER) -p$(DB_PASS) $(DB_NAME) < $(DB_SEED_FILEPATH) | |||
|
|
|||
| DB_DUMP_S3_PREFIX=$(shell date +%Y-%m-%d) | |||
There was a problem hiding this comment.
Each backup is stored in a folder like bucket/2023-07-09/ which makes it easier to find the most recent bucket with sort.
| @@ -3,7 +3,6 @@ | |||
| class Backups(commands.Cog): | |||
| def __init__(self, bot): | |||
| self.bot = bot | |||
| self.commit_base_url = "https://github.com/Friends-of-DeSoto/database/commit/" | |||
There was a problem hiding this comment.
Since the point of this PR is to stop using the repo, no need to have this.
| backup_hashes = run_make_backup() | ||
| if not backup_hashes: | ||
| await ctx.send(f"Something went wrong with the backup! No databases have been wiped out, I don't think.") | ||
| else: | ||
| embed = discord.Embed( | ||
| title=f"BACKUP {backup_hashes['new']} COMPLETE", | ||
| title=f"BACKUP {backup_hashes['backup_name']} COMPLETE", |
There was a problem hiding this comment.
The backup_name will be a string like s3://aggy-brain-backups/2023-06-09/bot-dump.sql-1686322965.sql.gz.
| embed.add_field(name="🌟 NEW BACKUP 🌟", value=f"`{backup_hashes['backup_name']}`", inline=False) | ||
| embed.add_field(name="Presigned URL (valid 15m) to new backup", value=f"{backup_hashes['url']}", inline=False) |
There was a problem hiding this comment.
There's a new make command to generate a pre-signed URL that allows anyone with the link to access it for 15 minutes so that whoever kicked off the backup can download it. That time limit can always be changed in the Makefile.
| set -euo pipefail | ||
| IFS=$'\n\t' |
There was a problem hiding this comment.
| function setupDotEnv() { | ||
| if [ -f .env ] | ||
| then | ||
| set -o allexport; source .env; set +o allexport |
There was a problem hiding this comment.
A handy way in bash and zsh to load and export environment variables from a file. source
There was a problem hiding this comment.
Looks good to me but would still like @mathew-fleisch to give it the official 👍
|
This slide right off my radar. Is this still something y'all are interested in? If not, I'll close out this PR and tear down the infra. |
Looks good to me, but I'm also not really a devops guy which is why I was checking with Drax. I'll ping him on the Discord as well, but also wanted to ask 2 quick questions:
Once we have it ready to go, you'll also want to bump the version in Thanks for the effort and time on this, much appreciated @magikid! |
|
Yeah, I have the keys for jp00p but I've also invited all y'all to the team on DigitalOcean. I haven't tested it lately but I think I did because I see backups in the bucket from around the time I opened this. I'll try to find some time to test again. |
This totally reworks how and where database backups are stored. Instead of storing database dumps in a git repo, store them in a DigitalOcean bucket.
magikid
force-pushed
the
use-s3-for-backups
branch
from
be6be3d
to
b9655ed
Compare
|
Migrated to #532 |
Relates to #431
The infrastructure is managed through terraform cloud in https://github.com/Friends-of-DeSoto/digitalocean-terraform