Back up LND files and channels to S3 #370
| @ -23,6 +23,7 @@ | ||||
|       "kosmos-bitcoin::source", | ||||
|       "kosmos-bitcoin::c-lightning", | ||||
|       "kosmos-bitcoin::lnd", | ||||
|       "kosmos-bitcoin::lnd-scb-s3", | ||||
|       "kosmos-bitcoin::rtl", | ||||
|       "kosmos-bitcoin::lndhub", | ||||
|       "kosmos_postgresql::hostsfile", | ||||
| @ -48,6 +49,9 @@ | ||||
|       "git::default", | ||||
|       "git::package", | ||||
|       "golang::default", | ||||
|       "backup::default", | ||||
|       "logrotate::default", | ||||
|       "kosmos-bitcoin::aws-client", | ||||
|       "kosmos-nodejs::default", | ||||
|       "nodejs::nodejs_from_package", | ||||
|       "nodejs::repo", | ||||
| @ -70,9 +74,7 @@ | ||||
|       "nginx::commons_dir", | ||||
|       "nginx::commons_script", | ||||
|       "nginx::commons_conf", | ||||
|       "kosmos-nginx::firewall", | ||||
|       "backup::default", | ||||
|       "logrotate::default" | ||||
|       "kosmos-nginx::firewall" | ||||
|     ], | ||||
|     "platform": "ubuntu", | ||||
|     "platform_version": "20.04", | ||||
| @ -94,6 +96,7 @@ | ||||
|     "recipe[kosmos-bitcoin::source]", | ||||
|     "recipe[kosmos-bitcoin::c-lightning]", | ||||
|     "recipe[kosmos-bitcoin::lnd]", | ||||
|     "recipe[kosmos-bitcoin::lnd-scb-s3]", | ||||
|     "recipe[kosmos-bitcoin::rtl]", | ||||
|     "recipe[kosmos-bitcoin::lndhub]", | ||||
|     "role[btcpay]" | ||||
|  | ||||
| @ -2,26 +2,6 @@ | ||||
| # Cookbook Name:: backup | ||||
| # Recipe:: default | ||||
| # | ||||
| # Copyright 2012, Appcache Ltd / 5apps.com | ||||
| # | ||||
| # Permission is hereby granted, free of charge, to any person obtaining | ||||
| # a copy of this software and associated documentation files (the | ||||
| # "Software"), to deal in the Software without restriction, including | ||||
| # without limitation the rights to use, copy, modify, merge, publish, | ||||
| # distribute, sublicense, and/or sell copies of the Software, and to | ||||
| # permit persons to whom the Software is furnished to do so, subject to | ||||
| # the following conditions: | ||||
| # | ||||
| # The above copyright notice and this permission notice shall be | ||||
| # included in all copies or substantial portions of the Software. | ||||
| # | ||||
| # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | ||||
| # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | ||||
| # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | ||||
| # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||||
| # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||||
| # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||||
| # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
| 
 | ||||
| build_essential 'backup gem' | ||||
| 
 | ||||
|  | ||||
							
								
								
									
										29
									
								
								site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										29
									
								
								site-cookbooks/kosmos-bitcoin/recipes/aws-client.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,29 @@ | ||||
| # | ||||
| # Cookbook:: kosmos-bitcoin | ||||
| # Recipe:: aws-client | ||||
| # | ||||
| 
 | ||||
| package "awscli" | ||||
| 
 | ||||
| directory "/root/.aws" | ||||
| 
 | ||||
| credentials = Chef::EncryptedDataBagItem.load('credentials', 'backup') | ||||
| 
 | ||||
| file "/root/.aws/config" do | ||||
|   mode "600" | ||||
|   content lazy { <<-EOF | ||||
| [default] | ||||
| region = #{credentials["s3_region"]} | ||||
|   EOF | ||||
|   } | ||||
| end | ||||
| 
 | ||||
| file "/root/.aws/credentials" do | ||||
|   mode "600" | ||||
|   content lazy { <<-EOF | ||||
| [default] | ||||
| aws_access_key_id = #{credentials["s3_access_key_id"]} | ||||
| aws_secret_access_key = #{credentials["s3_secret_access_key"]} | ||||
|   EOF | ||||
|   } | ||||
| end | ||||
							
								
								
									
										47
									
								
								site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								site-cookbooks/kosmos-bitcoin/recipes/lnd-scb-s3.rb
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | ||||
| # | ||||
| # Cookbook:: kosmos-bitcoin | ||||
| # Recipe:: lnd-scb-s3 | ||||
| # | ||||
| # Static Channel Backup for LND channel states | ||||
| # | ||||
| 
 | ||||
| include_recipe "kosmos-bitcoin::aws-client" | ||||
| 
 | ||||
| package "inotify-tools" | ||||
| 
 | ||||
| backup_script_path = "/opt/lnd-channel-backup-s3.sh" | ||||
| 
 | ||||
| template backup_script_path do | ||||
|   source "lnd-channel-backup-s3.sh.erb" | ||||
|   mode '0740' | ||||
|   variables lnd_dir: node['lnd']['lnd_dir'], | ||||
|             bitcoin_network: node['bitcoin']['network'], | ||||
|             s3_bucket: node['backup']['s3']['bucket'], | ||||
|             s3_scb_dir: "#{node['name']}/lnd/#{node['bitcoin']['network']}" | ||||
|   notifies :restart, "systemd_unit[lnd-channel-backup.service]", :delayed | ||||
| end | ||||
| 
 | ||||
| systemd_unit 'lnd-channel-backup.service' do | ||||
|   content({ | ||||
|     Unit: { | ||||
|       Description: 'LND Static Channel Backup', | ||||
|       Documentation: ['https://gist.github.com/alexbosworth/2c5e185aedbdac45a03655b709e255a3'], | ||||
|       Requires: 'lnd.service', | ||||
|       After: 'lnd.service' | ||||
|     }, | ||||
|     Service: { | ||||
|       User: 'root', | ||||
|       Group: 'root', | ||||
|       Type: 'simple', | ||||
|       ExecStart: backup_script_path, | ||||
|       Restart: 'always', | ||||
|       RestartSec: 1 | ||||
|     }, | ||||
|     Install: { | ||||
|       WantedBy: 'multi-user.target' | ||||
|     } | ||||
|   }) | ||||
|   verify false | ||||
|   triggers_reload true | ||||
|   action [:create, :enable, :start] | ||||
| end | ||||
| @ -118,3 +118,8 @@ if node['bitcoin']['tor_enabled'] | ||||
|   node.override['tor']['ControlPort'] = 9051 | ||||
|   node.override['tor']['CookieAuthentication'] = true | ||||
| end | ||||
| 
 | ||||
| unless node.chef_environment == 'development' | ||||
|   node.override['backup']['archives']['lnd'] = [node['lnd']['lnd_dir']] | ||||
|   include_recipe 'backup' | ||||
| end | ||||
|  | ||||
| @ -0,0 +1,7 @@ | ||||
| #!/bin/bash | ||||
| set -xe -o pipefail | ||||
| 
 | ||||
| while true; do | ||||
|   inotifywait <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup | ||||
|   aws s3 cp <%= @lnd_dir %>/data/chain/bitcoin/<%= @bitcoin_network %>/channel.backup "s3://<%= @s3_bucket %>/<%= @s3_scb_dir %>/channel.backup" | ||||
| done | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user