Merge pull request #27 from zcash-hackworks/pantheon-backup

Added pantheon-backup image
2020-09-09 13:09:49 -04:00 · 2020-09-09 13:09:49 -04:00 · 3efb57eb89
parent 5c9f8473e7 b45c624128
commit 3efb57eb89
3 changed files with 118 additions and 0 deletions
--- a/pantheon-backup/Dockerfile
+++ b/pantheon-backup/Dockerfile
@ -0,0 +1,18 @@
+FROM php:7.4.10-cli
+
+RUN apt-get update \
+  && echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
+  && apt-get install -y apt-transport-https ca-certificates git gnupg \
+  && curl https://packages.cloud.google.com/apt/doc/apt-key.gpg |  apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
+  && apt-get update \
+  && apt-get install -y  google-cloud-sdk
+RUN useradd --home-dir /srv/website-backups-pantheon \
+            --shell /bin/bash \
+            --create-home \
+            website-backups-pantheon
+USER website-backups-pantheon
+WORKDIR /srv/website-backups-pantheon
+RUN curl -O https://raw.githubusercontent.com/pantheon-systems/terminus-installer/master/builds/installer.phar && php installer.phar install
+
+ADD pantheon-backup.sh /srv/website-backups-pantheon/pantheon-backup.sh
+ENTRYPOINT [ "/srv/website-backups-pantheon/pantheon-backup.sh" ]
--- a/pantheon-backup/README.md
+++ b/pantheon-backup/README.md
@ -0,0 +1,40 @@
+# pantheon-backup
+
+A Docker container to create website backups at Pantheon and back them up to GCP buckets.
+
+## Build
+
+docker build . -t electriccoinco/pantheon-backup
+
+## Usage
+
+### Requirements
+
+#### Environmental variables
+The entrypoint script requires 2 environmental variables.
+
+- `PANTHEON_MACHINE_TOKEN`  
+  Secret generated by Panthen https://pantheon.io/docs/machine-tokens/
+- `GCP_SERVICEACCOUNT_FILE`   
+A file path, inside the container, that points to a [GCP service account](https://developers.google.com/identity/protocols/oauth2/service-account) file with write access to `gs://website-backups-pantheon`
+
+#### Mounts
+- Mount a volume that maps a [GCP service account](https://developers.google.com/identity/protocols/oauth2/service-account) file to the path provided by `GCP_SERVICEACCOUNT_FILE`
+
+### Example
+
+```
+docker run --rm \
+  -e PANTHEON_MACHINE_TOKEN=MYSECRETTOKEN \
+  -e GCP_SERVICEACCOUNT_FILE=/tmp/service.json \
+  -v ./zcash-web-4c4432846cf1.json:/tmp/service.json \
+  electriccoinco/pantheon-backup:latest
+```
+
+### Troubleshooting
+
+Skip the entrypoint script and start a bash shell inside the container.
+
+```
+docker run --rm -ti --entrypoint bash electriccoinco/pantheon-backup:latest
+```
--- a/pantheon-backup/pantheon-backup.sh
+++ b/pantheon-backup/pantheon-backup.sh
@ -0,0 +1,60 @@
+#!/bin/bash
+# pantheon-backups.sh
+# Script to download Pantheon site backups
+set -eo pipefail
+
+if [[ ! -n ${PANTHEON_MACHINE_TOKEN} ]];then
+  echo "PANTHEON_MACHINE_TOKEN must be set"
+  exit 1
+fi
+if [[ ! -n ${GCP_SERVICEACCOUNT_FILE} ]];then
+  echo "GCP_SERVICEACCOUNT_FILE must be set"
+  exit 1
+fi
+
+/srv/website-backups-pantheon/vendor/bin/terminus auth:login --machine-token="${PANTHEON_MACHINE_TOKEN}"
+gcloud auth activate-service-account --key-file "${GCP_SERVICEACCOUNT_FILE}"
+
+# Site names to backup (e.g. 'site-one site-two')
+export SITENAMES="cryptocomm electriccoinco-wordpress zcash-wordpress"
+# Site environments to backup (any combination of dev, test and live)
+export SITEENVS="live"
+# Elements of backup to be downloaded.
+export ELEMENTS="code files db"
+# Add a date and unique string to the filename
+BACKUPDATE=$(date +%Y%m%d%s);export BACKUPDATE
+# This sets the proper file extension
+export EXTENSION="tar.gz"
+export DBEXTENSION="sql.gz"
+# Hide Terminus update messages
+export TERMINUS_HIDE_UPDATE_MESSAGES=1
+
+# iterate through sites to backup
+for thissite in $SITENAMES; do
+	echo "Making backup of $thissite"
+
+  # iterate through current site environments
+  for thisenv in $SITEENVS; do
+    # Local backup directory (create if it does not exist, requires trailing slash)
+    BACKUPDIR="$thissite.$thisenv"
+    mkdir -p "$BACKUPDIR"
+
+    # create backup
+    # We don't really do this because Pantheon already creates scheduled backups - Remove to just download those
+    ${HOME}/vendor/bin/terminus backup:create "$thissite"."$thisenv"
+
+    # iterate through backup elements
+    for element in $ELEMENTS; do
+      # download current site backups
+      if [[ $element == "db" ]]; then
+        ${HOME}/vendor/bin/terminus backup:get --element="$element" --to="$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$DBEXTENSION "$thissite"."$thisenv"
+        # Upload database backup to Google Cloud Bucket: website-backups-pantheon
+        gsutil cp "$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$DBEXTENSION gs://website-backups-pantheon/"$BACKUPDIR"/
+      else
+        ${HOME}/vendor/bin/terminus backup:get --element="$element" --to="$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$EXTENSION "$thissite"."$thisenv"
+        # Upload files and code backups to Google Cloud Bucket: website-backups-pantheon
+        gsutil cp "$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$EXTENSION gs://website-backups-pantheon/"$BACKUPDIR"/
+      fi
+    done
+  done
+done