Merge pull request #27 from zcash-hackworks/pantheon-backup
Added pantheon-backup image
This commit is contained in:
commit
3efb57eb89
|
@ -0,0 +1,18 @@
|
|||
FROM php:7.4.10-cli
|
||||
|
||||
RUN apt-get update \
|
||||
&& echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" > /etc/apt/sources.list.d/google-cloud-sdk.list \
|
||||
&& apt-get install -y apt-transport-https ca-certificates git gnupg \
|
||||
&& curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key --keyring /usr/share/keyrings/cloud.google.gpg add - \
|
||||
&& apt-get update \
|
||||
&& apt-get install -y google-cloud-sdk
|
||||
RUN useradd --home-dir /srv/website-backups-pantheon \
|
||||
--shell /bin/bash \
|
||||
--create-home \
|
||||
website-backups-pantheon
|
||||
USER website-backups-pantheon
|
||||
WORKDIR /srv/website-backups-pantheon
|
||||
RUN curl -O https://raw.githubusercontent.com/pantheon-systems/terminus-installer/master/builds/installer.phar && php installer.phar install
|
||||
|
||||
ADD pantheon-backup.sh /srv/website-backups-pantheon/pantheon-backup.sh
|
||||
ENTRYPOINT [ "/srv/website-backups-pantheon/pantheon-backup.sh" ]
|
|
@ -0,0 +1,40 @@
|
|||
# pantheon-backup
|
||||
|
||||
A Docker container to create website backups at Pantheon and back them up to GCP buckets.
|
||||
|
||||
## Build
|
||||
|
||||
docker build . -t electriccoinco/pantheon-backup
|
||||
|
||||
## Usage
|
||||
|
||||
### Requirements
|
||||
|
||||
#### Environmental variables
|
||||
The entrypoint script requires 2 environmental variables.
|
||||
|
||||
- `PANTHEON_MACHINE_TOKEN`
|
||||
Secret generated by Panthen https://pantheon.io/docs/machine-tokens/
|
||||
- `GCP_SERVICEACCOUNT_FILE`
|
||||
A file path, inside the container, that points to a [GCP service account](https://developers.google.com/identity/protocols/oauth2/service-account) file with write access to `gs://website-backups-pantheon`
|
||||
|
||||
#### Mounts
|
||||
- Mount a volume that maps a [GCP service account](https://developers.google.com/identity/protocols/oauth2/service-account) file to the path provided by `GCP_SERVICEACCOUNT_FILE`
|
||||
|
||||
### Example
|
||||
|
||||
```
|
||||
docker run --rm \
|
||||
-e PANTHEON_MACHINE_TOKEN=MYSECRETTOKEN \
|
||||
-e GCP_SERVICEACCOUNT_FILE=/tmp/service.json \
|
||||
-v ./zcash-web-4c4432846cf1.json:/tmp/service.json \
|
||||
electriccoinco/pantheon-backup:latest
|
||||
```
|
||||
|
||||
### Troubleshooting
|
||||
|
||||
Skip the entrypoint script and start a bash shell inside the container.
|
||||
|
||||
```
|
||||
docker run --rm -ti --entrypoint bash electriccoinco/pantheon-backup:latest
|
||||
```
|
|
@ -0,0 +1,60 @@
|
|||
#!/bin/bash
|
||||
# pantheon-backups.sh
|
||||
# Script to download Pantheon site backups
|
||||
set -eo pipefail
|
||||
|
||||
if [[ ! -n ${PANTHEON_MACHINE_TOKEN} ]];then
|
||||
echo "PANTHEON_MACHINE_TOKEN must be set"
|
||||
exit 1
|
||||
fi
|
||||
if [[ ! -n ${GCP_SERVICEACCOUNT_FILE} ]];then
|
||||
echo "GCP_SERVICEACCOUNT_FILE must be set"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
/srv/website-backups-pantheon/vendor/bin/terminus auth:login --machine-token="${PANTHEON_MACHINE_TOKEN}"
|
||||
gcloud auth activate-service-account --key-file "${GCP_SERVICEACCOUNT_FILE}"
|
||||
|
||||
# Site names to backup (e.g. 'site-one site-two')
|
||||
export SITENAMES="cryptocomm electriccoinco-wordpress zcash-wordpress"
|
||||
# Site environments to backup (any combination of dev, test and live)
|
||||
export SITEENVS="live"
|
||||
# Elements of backup to be downloaded.
|
||||
export ELEMENTS="code files db"
|
||||
# Add a date and unique string to the filename
|
||||
BACKUPDATE=$(date +%Y%m%d%s);export BACKUPDATE
|
||||
# This sets the proper file extension
|
||||
export EXTENSION="tar.gz"
|
||||
export DBEXTENSION="sql.gz"
|
||||
# Hide Terminus update messages
|
||||
export TERMINUS_HIDE_UPDATE_MESSAGES=1
|
||||
|
||||
# iterate through sites to backup
|
||||
for thissite in $SITENAMES; do
|
||||
echo "Making backup of $thissite"
|
||||
|
||||
# iterate through current site environments
|
||||
for thisenv in $SITEENVS; do
|
||||
# Local backup directory (create if it does not exist, requires trailing slash)
|
||||
BACKUPDIR="$thissite.$thisenv"
|
||||
mkdir -p "$BACKUPDIR"
|
||||
|
||||
# create backup
|
||||
# We don't really do this because Pantheon already creates scheduled backups - Remove to just download those
|
||||
${HOME}/vendor/bin/terminus backup:create "$thissite"."$thisenv"
|
||||
|
||||
# iterate through backup elements
|
||||
for element in $ELEMENTS; do
|
||||
# download current site backups
|
||||
if [[ $element == "db" ]]; then
|
||||
${HOME}/vendor/bin/terminus backup:get --element="$element" --to="$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$DBEXTENSION "$thissite"."$thisenv"
|
||||
# Upload database backup to Google Cloud Bucket: website-backups-pantheon
|
||||
gsutil cp "$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$DBEXTENSION gs://website-backups-pantheon/"$BACKUPDIR"/
|
||||
else
|
||||
${HOME}/vendor/bin/terminus backup:get --element="$element" --to="$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$EXTENSION "$thissite"."$thisenv"
|
||||
# Upload files and code backups to Google Cloud Bucket: website-backups-pantheon
|
||||
gsutil cp "$BACKUPDIR"/"$thissite".$thisenv."$element"."$BACKUPDATE".$EXTENSION gs://website-backups-pantheon/"$BACKUPDIR"/
|
||||
fi
|
||||
done
|
||||
done
|
||||
done
|
Loading…
Reference in New Issue