Move to Backblaze for S3 object stores

2024-06-10 22:26:29 -05:00 · 2024-06-10 22:26:29 -05:00 · 3ca88c4d88
commit 3ca88c4d88
parent 260a797f68
4 changed files with 35 additions and 18 deletions
--- a/inventories/production/group_vars/all.yml
+++ b/inventories/production/group_vars/all.yml
@ -30,26 +30,26 @@ adminuser_ssh_authorized_keys:
 # For backups
 backup_s3_bucket: !vault |
          $ANSIBLE_VAULT;1.1;AES256
-          61393939633736616361336162633564356434363963303737366236373332653265366132393439
+          66316231643933316261303631656432376339663264666661663634616465326537303331626634
-          3333643463306561616261636466303631373866353962310a356561633833633533353937323265
+          6235616564316638386434366534663639656236393861630a303530333835353432326131653735
-          64656235616637366363323330346134656366663733393462346333613535633838333938653434
+          30313734383265376238306333323330366338646636336137653661373365633365393732386466
-          6133326433613239650a386333626339363263323134313830353963326265666336306130656534
+          3263373233653261330a663435643835643430326464623834303864646363373265336134643136
-          6534
+          6162
 backup_s3_aws_access_key_id: !vault |
          $ANSIBLE_VAULT;1.1;AES256
-          61353734383466366564333832643738313238666235336332303539383639626263633231396261
+          62343334333230643465623639633334363331353266366533366464643162333238333363633763
-          6165393062393266343661643466633163383164383032340a333833656566336331323565386162
+          3431663162666566393738396165396639353230633537610a393863663234626134373962393132
-          35646665353539616538353339616531346564636466643639326366353165313861373761396537
+          33356236626337313435383362336233366637646336663465366638343461663533373362316161
-          3731653463643838330a383065313135343763636534656133343666363237356462326236643631
+          3639313537393734350a636365366137353763333032366338323334333936633330333439376161
-          34366564373661396434663633346635663331393538363362376265653334623538
+          62613232363231346562643064383066393761353566366438363766353536386461
 backup_s3_aws_secret_access_key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
-          64316231613337333231383837333930336561633164393762343838646136393165626361346637
+          32616664316437316638636263653237386665396632313639363962376361393763373535356130
-          3364643830346533623137643530323438366665393632320a633032336664616261353734343661
+          6136353736616263326166633261356233383530613462370a353039303261306231366465326662
-          36646565383532616133353530343331663731663965656662363830363063303361373861663762
+          39326233306565306639366165393930656461383334383931323263363031623333313462316433
-          3032613362626233350a613464333230363830383334363032303730646134306331383733363036
+          3635616437373236650a353661343131303332376161316664333833393833373830623130666633
-          34346334306633306664323337643433356336366633396239306539613539633535386238346662
+          66356130646434653039363863346630363931383832353637636131626530616434
-          6232313138393062626631386135383234376361643362353966
+backup_s3_aws_endpoint_url: "https://s3.us-east-005.backblazeb2.com"
 # For zerotier
--- a/roles/backup/defaults/main.yml
+++ b/roles/backup/defaults/main.yml
@ -14,6 +14,8 @@ backup_s3_bucket: replaceme
 # Credentials for the bucket
 backup_s3_aws_access_key_id: REPLACEME
 backup_s3_aws_secret_access_key: REPLACEME
 # Changeme if you use a non-AWS S3-compatible object store (like Backblaze)
 #backup_s3_aws_endpoint_url:
 # List of files/directories to back up
 # Note that tar is NOT instructed to recurse through symlinks
@ -27,3 +29,4 @@ backup_s3backup_exclude_list_extra: []
 # Note that passing f here is probably a bad idea
 backup_s3backup_tar_args: cz
 backup_s3backup_tar_args_extra: ""
 # The backup URL to use for S3 copies
--- a/roles/backup/templates/s3backup.sh
+++ b/roles/backup/templates/s3backup.sh
@ -60,6 +60,9 @@ backup() {
 	{% endfor %}
 		"$dir" \
 		| aws s3 cp --expected-size 274877906944 - \
 {% if backup_s3_aws_endpoint_url is defined %}
 		--endpoint-url="{{ backup_s3_aws_endpoint_url }}" \
 {% endif %}
 		"s3://{{ backup_s3_bucket }}/{{ inventory_hostname }}/$dir/$(date "+{{ backup_dateformat }}").tar.gz"
 }
@ -105,6 +108,9 @@ if command -v psql > /dev/null 2>&1; then
 		sudo -u postgres pg_dump "$db" \
 			| gzip -v9 \
 			| aws s3 cp - \
 {% if backup_s3_aws_endpoint_url is defined %}
 			--endpoint-url="{{ backup_s3_aws_endpoint_url }}" \
 {% endif %}
 			"s3://{{ backup_s3_bucket }}/{{ inventory_hostname }}/pgdump/$db/$(date "+{{ backup_dateformat }}").pgsql.gz"
 	done
 fi
--- a/roles/backup/templates/s3restore.sh
+++ b/roles/backup/templates/s3restore.sh
@ -33,7 +33,11 @@ printf "Querying S3 for restoreable backups (\e[35m$url\e[0m)...\n"
 while read line; do
 	filename="$(echo "$line" | awk '{print $NF}')"
 	BACKUPS+=("$filename")
-done < <(aws s3 ls "$url")
+done < <(aws s3 \
 {% if backup_s3_aws_endpoint_url is defined %}
 	--endpoint-url="{{ backup_s3_aws_endpoint_url }}" \
 {% endif %}
 	ls "$url")
 # Present the user with some options
 printf "Possible restorable backups:\n"
@ -61,4 +65,8 @@ fi
 # Copy the thing
 printf "Pulling backup...\n"
-aws s3 cp "$url${BACKUPS[$restoreindex]}" ./
+aws s3 \
 {% if backup_s3_aws_endpoint_url is defined %}
 	--endpoint-url="{{ backup_s3_aws_endpoint_url }}" \
 {% endif %}
 	cp "$url${BACKUPS[$restoreindex]}" ./