kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Fix backup email notifications #366

Merged
greg merged 3 commits from bugfix/358-backups into master 2021-12-01 22:52:58 +00:00
Conversation 1 Commits 3 Files Changed 3 +33 -3
3 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/backups.md
View File

@ -12,4 +12,10 @@ The S3 credentials as well as the backup password are stored in the
To decrypt a backup archive, use the following command: To decrypt a backup archive, use the following command:
openssl aes-256-cbc -d -base64 -pbkdf2 -in my_backup.tar.enc -out my_backup.tar
If you get an error message along the lines of "bad decrypt", the archive was
likely encrypted before we switched the key derivation scheme. Try without
`-pbkdf2` in this case:
openssl aes-256-cbc -d -base64 -in my_backup.tar.enc -out my_backup.tar openssl aes-256-cbc -d -base64 -in my_backup.tar.enc -out my_backup.tar

8
site-cookbooks/backup/recipes/default.rb
View File

@ -32,6 +32,8 @@ gem_package 'backup' do
version '5.0.0.beta.2' version '5.0.0.beta.2'
end end
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup') backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
backup_dir = node["backup"]["dir"] backup_dir = node["backup"]["dir"]
directory backup_dir directory backup_dir
@ -46,8 +48,12 @@ template "#{backup_dir}/config.rb" do
s3_secret_access_key: backup_data["s3_secret_access_key"], s3_secret_access_key: backup_data["s3_secret_access_key"],
s3_region: backup_data["s3_region"], s3_region: backup_data["s3_region"],
encryption_password: backup_data["encryption_password"], encryption_password: backup_data["encryption_password"],
mail_from: "backups@kosmos.org",
mail_to: "ops@5apps.com", mail_to: "ops@5apps.com",
mail_from: "backups@kosmos.org" mail_address: 'smtp.mailgun.org',
mail_domain: 'kosmos.org',
mail_user_name: smtp_credentials["user_name"],
mail_password: smtp_credentials["password"]
end end
template "#{backup_dir}/models/default.rb" do template "#{backup_dir}/models/default.rb" do

22
site-cookbooks/backup/templates/default/config.rb.erb
View File

@ -6,6 +6,18 @@
# Documentation: http://backup.github.io/backup # Documentation: http://backup.github.io/backup
# Issue Tracker: https://github.com/backup/backup/issues # Issue Tracker: https://github.com/backup/backup/issues
#
# Monkey patch to not use deprecated key derivation scheme
# https://github.com/backup/backup/issues/949#issuecomment-589883577
#
module OpenSSLFixDeprecatedKeyDerivation
def options
super + ' -pbkdf2'
end
end
require 'backup/encryptor/open_ssl'
Backup::Encryptor::OpenSSL.prepend(OpenSSLFixDeprecatedKeyDerivation)
Storage::S3.defaults do |s3| Storage::S3.defaults do |s3|
s3.access_key_id = "<%= @s3_access_key_id %>" s3.access_key_id = "<%= @s3_access_key_id %>"
s3.secret_access_key = "<%= @s3_secret_access_key %>" s3.secret_access_key = "<%= @s3_secret_access_key %>"
@ -22,7 +34,13 @@ end
Notifier::Mail.defaults do |mail| Notifier::Mail.defaults do |mail|
mail.from = "<%= node.name %> <<%= @mail_from %>>" mail.from = "<%= node.name %> <<%= @mail_from %>>"
mail.to = "<%= @mail_to %>" mail.to = "<%= @mail_to %>"
mail.delivery_method = :sendmail mail.address = "<%= @mail_address %>"
mail.domain = "<%= @mail_domain %>"
mail.user_name = "<%= @mail_user_name %>"
mail.password = "<%= @mail_password %>"
mail.port = <%= @mail_port || 587 %>
mail.authentication = "<%= @mail_authentication || 'plain' %>"
mail.encryption = <%= @mail_encryption || ':starttls' %>
end end
<%- if node["backup"]["mongodb"] -%> <%- if node["backup"]["mongodb"] -%>
@ -75,7 +93,7 @@ preconfigure 'KosmosBackup' do
encrypt_with OpenSSL encrypt_with OpenSSL
notify_by Mail do |mail| notify_by Mail do |mail|
mail.on_success = false mail.on_success = false
mail.on_warning = false mail.on_warning = true
mail.on_failure = true mail.on_failure = true
end end
end end