Add a quick and dirty S3 restore script for when you need manual help in a pinch

This commit is contained in:
Salt 2022-05-23 01:48:13 -05:00
parent fd00a1bb50
commit 4a87d65b47
3 changed files with 67 additions and 0 deletions

View File

@ -1,5 +1,6 @@
# Which backup script to use. Configuration is somewhat unique to each script # Which backup script to use. Configuration is somewhat unique to each script
backup_script: s3backup backup_script: s3backup
restore_script: s3restore
# When to kick off backups using the systemd timer # When to kick off backups using the systemd timer
backup_time: "*-*-* 02:00:00" backup_time: "*-*-* 02:00:00"
# What format should the datestamps in the filenames of any backups be in? # What format should the datestamps in the filenames of any backups be in?

View File

@ -3,6 +3,8 @@
--- ---
- name: template out backup script - name: template out backup script
template: src={{ backup_script }}.sh dest=/opt/backup.sh mode=0700 owner=root group=root template: src={{ backup_script }}.sh dest=/opt/backup.sh mode=0700 owner=root group=root
- name: template out restore script
template: src={{ restore_script }}.sh dest=/opt/restore.sh mode=0700 owner=root group=root
- name: configure systemd service - name: configure systemd service
template: src=backup.service dest=/etc/systemd/system/backup.service mode=0644 template: src=backup.service dest=/etc/systemd/system/backup.service mode=0644
- name: configure systemd timer - name: configure systemd timer

View File

@ -0,0 +1,64 @@
#! /bin/bash
#
# s3restore.sh
# Companion script to s3backup.sh, this script obtains a listing of recent
# backups and offers the user a choice to restore from.
#
# This script offers no automation; it is intended for use by hand.
#
# NOTICE: THIS FILE CONTAINS SECRETS
# This file may contain the following secrets depending on configuration:
# * An AWS access key
# * An AWS session token
# These are NOT things you want arbitrary readers to access! Ansible will
# attempt to ensure this file has 0700 permissions, but that won't stop you
# from changing that yourself
# DO NOT ALLOW THIS FILE TO BE READ BY NON-ROOT USERS
# NOTICE: DO NOT MODIFY THIS FILE
# Any changes made will be clobbered by Ansible
# Please make any configuration changes in the main repo
set -e
url="s3://{{ backup_s3_bucket}}/{{ inventory_hostname }}/"
# AWS S3 configuration
# NOTE: THIS IS SECRET INFORMATION
export AWS_ACCESS_KEY_ID="{{ backup_s3_aws_access_key_id }}"
export AWS_SECRET_ACCESS_KEY="{{ backup_s3_aws_secret_access_key }}"
# Obtain a list possible restorable for this host
declare -a BACKUPS
printf "Querying S3 for restoreable backups (\e[35m$url\e[0m)...\n"
while read line; do
filename="$(echo "$line" | awk '{print $NF}')"
BACKUPS+=("$filename")
done < <(aws s3 ls "$url")
# Present the user with some options
printf "Possible restorable backups:\n"
printf "\e[37m\t%s\t%s\n\e[0m" "Index" "Filename"
for index in "${!BACKUPS[@]}"; do
printf "\t\e[32m%s\e[0m\t\e[34m%s\e[0m\n" "$index" "${BACKUPS[$index]}"
done
# Ensure we can write to pwd
if ! [ -w "$PWD" ]; then
printf "To restore a backup, please navigate to a writeable directory\n"
exit 1
fi
# Query for a backup to pull down
printf "Please select a backup by \e[32mindex\e[0m to pull down\n"
printf "It will be copied into the current directory as a tarball\n"
read -p "?" restoreindex
# Sanity check user input
if [ -z "${BACKUPS[$restoreindex]}" ]; then
printf "Invalid selection, aborting: $restoreindex\n"
exit 2
fi
# Copy the thing
printf "Pulling backup...\n"
aws s3 cp "$url${BACKUPS[$restoreindex]}" ./