From 4a87d65b470134d8e99aad585917e2a6a2d9a1b6 Mon Sep 17 00:00:00 2001 From: Salt Date: Mon, 23 May 2022 01:48:13 -0500 Subject: [PATCH] Add a quick and dirty S3 restore script for when you need manual help in a pinch --- roles/backup/defaults/main.yml | 1 + roles/backup/tasks/main.yml | 2 + roles/backup/templates/s3restore.sh | 64 +++++++++++++++++++++++++++++ 3 files changed, 67 insertions(+) create mode 100644 roles/backup/templates/s3restore.sh diff --git a/roles/backup/defaults/main.yml b/roles/backup/defaults/main.yml index 4df9988..0a176f1 100644 --- a/roles/backup/defaults/main.yml +++ b/roles/backup/defaults/main.yml @@ -1,5 +1,6 @@ # Which backup script to use. Configuration is somewhat unique to each script backup_script: s3backup +restore_script: s3restore # When to kick off backups using the systemd timer backup_time: "*-*-* 02:00:00" # What format should the datestamps in the filenames of any backups be in? diff --git a/roles/backup/tasks/main.yml b/roles/backup/tasks/main.yml index 2460bdd..2880cce 100644 --- a/roles/backup/tasks/main.yml +++ b/roles/backup/tasks/main.yml @@ -3,6 +3,8 @@ --- - name: template out backup script template: src={{ backup_script }}.sh dest=/opt/backup.sh mode=0700 owner=root group=root +- name: template out restore script + template: src={{ restore_script }}.sh dest=/opt/restore.sh mode=0700 owner=root group=root - name: configure systemd service template: src=backup.service dest=/etc/systemd/system/backup.service mode=0644 - name: configure systemd timer diff --git a/roles/backup/templates/s3restore.sh b/roles/backup/templates/s3restore.sh new file mode 100644 index 0000000..4456ee8 --- /dev/null +++ b/roles/backup/templates/s3restore.sh @@ -0,0 +1,64 @@ +#! /bin/bash +# +# s3restore.sh +# Companion script to s3backup.sh, this script obtains a listing of recent +# backups and offers the user a choice to restore from. +# +# This script offers no automation; it is intended for use by hand. +# +# NOTICE: THIS FILE CONTAINS SECRETS +# This file may contain the following secrets depending on configuration: +# * An AWS access key +# * An AWS session token +# These are NOT things you want arbitrary readers to access! Ansible will +# attempt to ensure this file has 0700 permissions, but that won't stop you +# from changing that yourself +# DO NOT ALLOW THIS FILE TO BE READ BY NON-ROOT USERS + +# NOTICE: DO NOT MODIFY THIS FILE +# Any changes made will be clobbered by Ansible +# Please make any configuration changes in the main repo + +set -e +url="s3://{{ backup_s3_bucket}}/{{ inventory_hostname }}/" + +# AWS S3 configuration +# NOTE: THIS IS SECRET INFORMATION +export AWS_ACCESS_KEY_ID="{{ backup_s3_aws_access_key_id }}" +export AWS_SECRET_ACCESS_KEY="{{ backup_s3_aws_secret_access_key }}" + +# Obtain a list possible restorable for this host +declare -a BACKUPS +printf "Querying S3 for restoreable backups (\e[35m$url\e[0m)...\n" +while read line; do + filename="$(echo "$line" | awk '{print $NF}')" + BACKUPS+=("$filename") +done < <(aws s3 ls "$url") + +# Present the user with some options +printf "Possible restorable backups:\n" +printf "\e[37m\t%s\t%s\n\e[0m" "Index" "Filename" +for index in "${!BACKUPS[@]}"; do + printf "\t\e[32m%s\e[0m\t\e[34m%s\e[0m\n" "$index" "${BACKUPS[$index]}" +done + +# Ensure we can write to pwd +if ! [ -w "$PWD" ]; then + printf "To restore a backup, please navigate to a writeable directory\n" + exit 1 +fi + +# Query for a backup to pull down +printf "Please select a backup by \e[32mindex\e[0m to pull down\n" +printf "It will be copied into the current directory as a tarball\n" +read -p "?" restoreindex + +# Sanity check user input +if [ -z "${BACKUPS[$restoreindex]}" ]; then + printf "Invalid selection, aborting: $restoreindex\n" + exit 2 +fi + +# Copy the thing +printf "Pulling backup...\n" +aws s3 cp "$url${BACKUPS[$restoreindex]}" ./