From 0b80d490a8f0fc50bf81c4435b8d2abe4580097a Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:04:50 +0100 Subject: [PATCH 1/4] Back up LND dir to S3 --- site-cookbooks/kosmos-bitcoin/recipes/lnd.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb index e800b31..8db4249 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd.rb @@ -118,3 +118,8 @@ if node['bitcoin']['tor_enabled'] node.override['tor']['ControlPort'] = 9051 node.override['tor']['CookieAuthentication'] = true end + +unless node.chef_environment == 'development' + node.override['backup']['archives']['lnd'] = [node['lnd']['lnd_dir']] + include_recipe 'backup' +end From 57b5a244fa28e4b069141de2a6a9ced9e59cc401 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:05:44 +0100 Subject: [PATCH 2/4] Remove superfluous license header --- site-cookbooks/backup/recipes/default.rb | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/site-cookbooks/backup/recipes/default.rb b/site-cookbooks/backup/recipes/default.rb index 564bcaf..f2b9fa2 100644 --- a/site-cookbooks/backup/recipes/default.rb +++ b/site-cookbooks/backup/recipes/default.rb @@ -2,26 +2,6 @@ # Cookbook Name:: backup # Recipe:: default # -# Copyright 2012, Appcache Ltd / 5apps.com -# -# Permission is hereby granted, free of charge, to any person obtaining -# a copy of this software and associated documentation files (the -# "Software"), to deal in the Software without restriction, including -# without limitation the rights to use, copy, modify, merge, publish, -# distribute, sublicense, and/or sell copies of the Software, and to -# permit persons to whom the Software is furnished to do so, subject to -# the following conditions: -# -# The above copyright notice and this permission notice shall be -# included in all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE -# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION -# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. build_essential 'backup gem' From 56f58f3a1bacc2781e6ae81779ce2fa91692bb07 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:06:12 +0100 Subject: [PATCH 3/4] Install/configure AWS client --- .../kosmos-bitcoin/recipes/aws-client.rb | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb diff --git a/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb b/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb new file mode 100644 index 0000000..04e6d84 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb @@ -0,0 +1,29 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: aws-client +# + +package "awscli" + +directory "/root/.aws" + +credentials = Chef::EncryptedDataBagItem.load('credentials', 'backup') + +file "/root/.aws/config" do + mode "600" + content lazy { <<-EOF +[default] +region = #{credentials["s3_region"]} + EOF + } +end + +file "/root/.aws/credentials" do + mode "600" + content lazy { <<-EOF +[default] +aws_access_key_id = #{credentials["s3_access_key_id"]} +aws_secret_access_key = #{credentials["s3_secret_access_key"]} + EOF + } +end From 31f4a547a9d4e8a7450589877c163203462b9905 Mon Sep 17 00:00:00 2001 From: Sebastian Kippe Date: Thu, 23 Dec 2021 13:06:32 +0100 Subject: [PATCH 4/4] Backup LND SCB to S3 on change closes #359 --- nodes/bitcoin-2.json | 9 ++-- .../kosmos-bitcoin/recipes/lnd-scb-s3.rb | 47 +++++++++++++++++++ .../templates/lnd-channel-backup-s3.sh.erb | 7 +++ 3 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb create mode 100644 site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb diff --git a/nodes/bitcoin-2.json b/nodes/bitcoin-2.json index aaa9fcf..5340527 100644 --- a/nodes/bitcoin-2.json +++ b/nodes/bitcoin-2.json @@ -23,6 +23,7 @@ "kosmos-bitcoin::source", "kosmos-bitcoin::c-lightning", "kosmos-bitcoin::lnd", + "kosmos-bitcoin::lnd-scb-s3", "kosmos-bitcoin::rtl", "kosmos-bitcoin::lndhub", "kosmos_postgresql::hostsfile", @@ -48,6 +49,9 @@ "git::default", "git::package", "golang::default", + "backup::default", + "logrotate::default", + "kosmos-bitcoin::aws-client", "kosmos-nodejs::default", "nodejs::nodejs_from_package", "nodejs::repo", @@ -70,9 +74,7 @@ "nginx::commons_dir", "nginx::commons_script", "nginx::commons_conf", - "kosmos-nginx::firewall", - "backup::default", - "logrotate::default" + "kosmos-nginx::firewall" ], "platform": "ubuntu", "platform_version": "20.04", @@ -94,6 +96,7 @@ "recipe[kosmos-bitcoin::source]", "recipe[kosmos-bitcoin::c-lightning]", "recipe[kosmos-bitcoin::lnd]", + "recipe[kosmos-bitcoin::lnd-scb-s3]", "recipe[kosmos-bitcoin::rtl]", "recipe[kosmos-bitcoin::lndhub]", "role[btcpay]" diff --git a/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb b/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb new file mode 100644 index 0000000..25d794d --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb @@ -0,0 +1,47 @@ +# +# Cookbook:: kosmos-bitcoin +# Recipe:: lnd-scb-s3 +# +# Static Channel Backup for LND channel states +# + +include_recipe "kosmos-bitcoin::aws-client" + +package "inotify-tools" + +backup_script_path = "/opt/lnd-channel-backup-s3.sh" + +template backup_script_path do + source "lnd-channel-backup-s3.sh.erb" + mode '0740' + variables lnd_dir: node['lnd']['lnd_dir'], + bitcoin_network: node['bitcoin']['network'], + s3_bucket: node['backup']['s3']['bucket'], + s3_scb_dir: "#{node['name']}/lnd/#{node['bitcoin']['network']}" + notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed +end + +systemd_unit 'lnd-channel-backup.service' do + content({ + Unit: { + Description: 'LND Static Channel Backup', + Documentation: ['https://gist.github.com/alexbosworth/2c5e185aedbdac45a03655b709e255a3'], + Requires: 'lnd.service', + After: 'lnd.service' + }, + Service: { + User: 'root', + Group: 'root', + Type: 'simple', + ExecStart: backup_script_path, + Restart: 'always', + RestartSec: 1 + }, + Install: { + WantedBy: 'multi-user.target' + } + }) + verify false + triggers_reload true + action [:create, :enable, :start] +end diff --git a/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb b/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb new file mode 100644 index 0000000..d5b1c80 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/templates/lnd-channel-backup-s3.sh.erb @@ -0,0 +1,7 @@ +#!/bin/bash +set -xe -o pipefail + +while true; do + inotifywait <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup + aws s3 cp <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup "s3://<%= @s3_bucket %>/<%= @s3_scb_dir %>/channel.backup" +done