# # Cookbook Name:: backup # Recipe:: default # apt_package 'postgresql-client-12' build_essential 'backup gem' package ['libxml2-dev', 'libcurl4-gnutls-dev'] # Don't try to install packages on older Ubuntu, the repositories are 404 package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04 gem_package 'backup' do version '5.0.0.beta.3' end smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp') backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup') backup_dir = node["backup"]["dir"] directory backup_dir directory "#{backup_dir}/models" directory "#{backup_dir}/log" template "#{backup_dir}/config.rb" do source "config.rb.erb" mode 0640 sensitive true variables s3_access_key_id: backup_data["s3_access_key_id"], s3_secret_access_key: backup_data["s3_secret_access_key"], s3_endpoint: backup_data["s3_endpoint"], s3_region: backup_data["s3_region"], encryption_password: backup_data["encryption_password"], mail_from: "backups@kosmos.org", mail_to: "ops@5apps.com", mail_address: 'smtp.mailgun.org', mail_domain: 'kosmos.org', mail_user_name: smtp_credentials["user_name"], mail_password: smtp_credentials["password"] end template "#{backup_dir}/models/default.rb" do source "backup.rb.erb" mode 0640 end cron "default backup model" do hour node['backup']['cron']['hour'] minute node['backup']['cron']['minute'] command "/usr/bin/env HOME=/root /bin/sh -l -c '/usr/local/bin/backup perform -t default --root-path #{backup_dir} >> /var/log/backup.log 2>&1'" end include_recipe 'logrotate' # Write the credentials file to allow dumps without password for the root # user (https://dev.mysql.com/doc/refman/5.7/en/option-files.html) file "/root/.my.cnf" do mode "600" content lazy { <<-EOF [client] user=#{node["backup"]["mysql"]["username"]} password=#{node["backup"]["mysql"]["password"]} EOF } not_if { node["backup"]["mysql"]["password"].nil? } end logrotate_app 'backup' do path '/var/log/backup.log' frequency 'daily' rotate 10 create '640 root root' end