91 lines
3.1 KiB
Ruby
91 lines
3.1 KiB
Ruby
#
|
|
# Cookbook Name:: backup
|
|
# Recipe:: default
|
|
#
|
|
# Copyright 2012, Appcache Ltd / 5apps.com
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining
|
|
# a copy of this software and associated documentation files (the
|
|
# "Software"), to deal in the Software without restriction, including
|
|
# without limitation the rights to use, copy, modify, merge, publish,
|
|
# distribute, sublicense, and/or sell copies of the Software, and to
|
|
# permit persons to whom the Software is furnished to do so, subject to
|
|
# the following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be
|
|
# included in all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
|
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
|
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
|
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
|
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
build_essential 'backup gem'
|
|
|
|
# Don't try to install packages on older Ubuntu, the repositories are 404
|
|
package ["ruby", "ruby-dev", "zlib1g-dev"] if node[:platform_version].to_f >= 16.04
|
|
|
|
gem_package 'backup' do
|
|
version '5.0.0.beta.2'
|
|
end
|
|
|
|
smtp_credentials = Chef::EncryptedDataBagItem.load('credentials', 'smtp')
|
|
|
|
backup_data = Chef::EncryptedDataBagItem.load('credentials', 'backup')
|
|
backup_dir = node["backup"]["dir"]
|
|
directory backup_dir
|
|
directory "#{backup_dir}/models"
|
|
directory "#{backup_dir}/log"
|
|
|
|
template "#{backup_dir}/config.rb" do
|
|
source "config.rb.erb"
|
|
mode 0640
|
|
sensitive true
|
|
variables s3_access_key_id: backup_data["s3_access_key_id"],
|
|
s3_secret_access_key: backup_data["s3_secret_access_key"],
|
|
s3_region: backup_data["s3_region"],
|
|
encryption_password: backup_data["encryption_password"],
|
|
mail_from: "backups@kosmos.org",
|
|
mail_to: "ops@5apps.com",
|
|
mail_address: 'smtp.mailgun.org',
|
|
mail_domain: 'kosmos.org',
|
|
mail_user_name: smtp_credentials["user_name"],
|
|
mail_password: smtp_credentials["password"]
|
|
end
|
|
|
|
template "#{backup_dir}/models/default.rb" do
|
|
source "backup.rb.erb"
|
|
mode 0640
|
|
end
|
|
|
|
cron "default backup model" do
|
|
hour node['backup']['cron']['hour']
|
|
minute node['backup']['cron']['minute']
|
|
command "/usr/bin/env HOME=/root /bin/sh -l -c '/usr/local/bin/backup perform -t default --root-path #{backup_dir} >> /var/log/backup.log 2>&1'"
|
|
end
|
|
|
|
include_recipe 'logrotate'
|
|
|
|
# Write the credentials file to allow dumps without password for the root
|
|
# user (https://dev.mysql.com/doc/refman/5.7/en/option-files.html)
|
|
file "/root/.my.cnf" do
|
|
mode "600"
|
|
content lazy { <<-EOF
|
|
[client]
|
|
user=#{node["backup"]["mysql"]["username"]}
|
|
password=#{node["backup"]["mysql"]["password"]}
|
|
EOF
|
|
}
|
|
not_if { node["backup"]["mysql"]["password"].nil? }
|
|
end
|
|
|
|
logrotate_app 'backup' do
|
|
path '/var/log/backup.log'
|
|
frequency 'daily'
|
|
rotate 10
|
|
create '640 root root'
|
|
end
|