Merge pull request 'Back up LND files and channels to S3' (#370) from feature/359-lnd_channel_backups into master

Reviewed-on: #370
2022-01-03 17:38:46 +00:00 · 2022-01-03 17:38:46 +00:00 · 62ff4e51b7
parent 7adee84adf 31f4a547a9
commit 62ff4e51b7
6 changed files with 94 additions and 23 deletions
--- a/nodes/bitcoin-2.json
+++ b/nodes/bitcoin-2.json
@ -23,6 +23,7 @@
      "kosmos-bitcoin::source",
      "kosmos-bitcoin::c-lightning",
      "kosmos-bitcoin::lnd",
+      "kosmos-bitcoin::lnd-scb-s3",
      "kosmos-bitcoin::rtl",
      "kosmos-bitcoin::lndhub",
      "kosmos_postgresql::hostsfile",
@ -48,6 +49,9 @@
      "git::default",
      "git::package",
      "golang::default",
+      "backup::default",
+      "logrotate::default",
+      "kosmos-bitcoin::aws-client",
      "kosmos-nodejs::default",
      "nodejs::nodejs_from_package",
      "nodejs::repo",
@ -70,9 +74,7 @@
      "nginx::commons_dir",
      "nginx::commons_script",
      "nginx::commons_conf",
-      "kosmos-nginx::firewall",
-      "backup::default",
-      "logrotate::default"
+      "kosmos-nginx::firewall"
    ],
    "platform": "ubuntu",
    "platform_version": "20.04",
@ -94,6 +96,7 @@
    "recipe[kosmos-bitcoin::source]",
    "recipe[kosmos-bitcoin::c-lightning]",
    "recipe[kosmos-bitcoin::lnd]",
+    "recipe[kosmos-bitcoin::lnd-scb-s3]",
    "recipe[kosmos-bitcoin::rtl]",
    "recipe[kosmos-bitcoin::lndhub]",
    "role[btcpay]"
--- a/site-cookbooks/backup/recipes/default.rb
+++ b/site-cookbooks/backup/recipes/default.rb
@ -2,26 +2,6 @@
 # Cookbook Name:: backup
 # Recipe:: default
 #
-# Copyright 2012, Appcache Ltd / 5apps.com
-#
-# Permission is hereby granted, free of charge, to any person obtaining
-# a copy of this software and associated documentation files (the
-# "Software"), to deal in the Software without restriction, including
-# without limitation the rights to use, copy, modify, merge, publish,
-# distribute, sublicense, and/or sell copies of the Software, and to
-# permit persons to whom the Software is furnished to do so, subject to
-# the following conditions:
-#
-# The above copyright notice and this permission notice shall be
-# included in all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
-# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
-# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

 build_essential 'backup gem'

--- a/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb
@ -0,0 +1,29 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: aws-client
+#
+
+package "awscli"
+
+directory "/root/.aws"
+
+credentials = Chef::EncryptedDataBagItem.load('credentials', 'backup')
+
+file "/root/.aws/config" do
+  mode "600"
+  content lazy { <<-EOF
+[default]
+region = #{credentials["s3_region"]}
+  EOF
+  }
+end
+
+file "/root/.aws/credentials" do
+  mode "600"
+  content lazy { <<-EOF
+[default]
+aws_access_key_id = #{credentials["s3_access_key_id"]}
+aws_secret_access_key = #{credentials["s3_secret_access_key"]}
+  EOF
+  }
+end
--- a/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb
@ -0,0 +1,47 @@
+#
+# Cookbook:: kosmos-bitcoin
+# Recipe:: lnd-scb-s3
+#
+# Static Channel Backup for LND channel states
+#
+
+include_recipe "kosmos-bitcoin::aws-client"
+
+package "inotify-tools"
+
+backup_script_path = "/opt/lnd-channel-backup-s3.sh"
+
+template backup_script_path do
+  source "lnd-channel-backup-s3.sh.erb"
+  mode '0740'
+  variables lnd_dir: node['lnd']['lnd_dir'],
+            bitcoin_network: node['bitcoin']['network'],
+            s3_bucket: node['backup']['s3']['bucket'],
+            s3_scb_dir: "#{node['name']}/lnd/#{node['bitcoin']['network']}"
+  notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed
+end
+
+systemd_unit 'lnd-channel-backup.service' do
+  content({
+    Unit: {
+      Description: 'LND Static Channel Backup',
+      Documentation: ['https://gist.github.com/alexbosworth/2c5e185aedbdac45a03655b709e255a3'],
+      Requires: 'lnd.service',
+      After: 'lnd.service'
+    },
+    Service: {
+      User: 'root',
+      Group: 'root',
+      Type: 'simple',
+      ExecStart: backup_script_path,
+      Restart: 'always',
+      RestartSec: 1
+    },
+    Install: {
+      WantedBy: 'multi-user.target'
+    }
+  })
+  verify false
+  triggers_reload true
+  action [:create, :enable, :start]
+end
--- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
+++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb
@ -118,3 +118,8 @@ if node['bitcoin']['tor_enabled']
  node.override['tor']['ControlPort'] = 9051
  node.override['tor']['CookieAuthentication'] = true
 end
+
+unless node.chef_environment == 'development'
+  node.override['backup']['archives']['lnd'] = [node['lnd']['lnd_dir']]
+  include_recipe 'backup'
+end
--- a/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb
+++ b/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb
@ -0,0 +1,7 @@
+#!/bin/bash
+set -xe -o pipefail
+
+while true; do
+  inotifywait <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup
+  aws s3 cp <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup "s3://<%= @s3_bucket %>/<%= @s3_scb_dir %>/channel.backup"
+done