From 465c2d9c29e5856ce660d8df90cf6bde39f84ad4 Mon Sep 17 00:00:00 2001 From: Ian Fijolek Date: Mon, 25 Jul 2022 16:29:35 -0700 Subject: [PATCH] WIP: Update oneoff backups --- nomad/backups/oneoff.nomad | 119 ++++++++++++++++++++++++++----------- 1 file changed, 83 insertions(+), 36 deletions(-) diff --git a/nomad/backups/oneoff.nomad b/nomad/backups/oneoff.nomad index 4ff7497..c14de7c 100644 --- a/nomad/backups/oneoff.nomad +++ b/nomad/backups/oneoff.nomad @@ -3,7 +3,12 @@ variable "nextcloud_backup" { description = "HCL config for Restic Scheduler jobs" } -job "backup-oneoff" { +variable "consul_backup" { + type = string + description = "HCL config for Restic Scheduler jobs" +} + +job "backup-oneoff-n2" { datacenters = ["dc1"] type = "batch" @@ -18,35 +23,39 @@ job "backup-oneoff" { snapshot = "latest" } - group "nextcloud" { - count = 1 + + constraint { + attribute = "${node.unique.name}" + # Only node with a backup job so far + # Remove when backing up all nodes + value = "n2" + } + + group "backup" { network { mode = "bridge" + + port "metrics" { + to = 8080 + } } - volume "nextcloud-data" { + volume "all-volumes" { type = "host" read_only = true - source = "nextcloud-data" - } - - volume "gitea-data" { - type = "host" - read_only = true - source = "gitea-data" - } - - volume "authentik-data" { - type = "host" - read_only = true - source = "authentik-data" + source = "all-volumes" } service { + port = "metrics" + + # Add connect to mysql connect { sidecar_service { proxy { + local_service_port = 8080 + upstreams { destination_name = "mysql-server" local_bind_port = 6060 @@ -65,37 +74,30 @@ job "backup-oneoff" { } } } + + meta { + metrics_addr = "${NOMAD_ADDR_metrics}" + } } task "backup" { driver = "docker" volume_mount { - volume = "nextcloud-data" - destination = "/data/nextcloud" - read_only = false - } - - volume_mount { - volume = "gitea-data" - destination = "/data/gitea" - read_only = false - } - - volume_mount { - volume = "authentik-data" - destination = "/data/authentik" - read_only = false + volume = "all-volumes" + destination = "/data" + read_only = true } config { image = "iamthefij/resticscheduler" - ports = ["backup"] + ports = ["metrics"] args = [ "-once", "-${NOMAD_META_task}", "${NOMAD_META_job_name}", - "/jobs/nextcloud.hcl", + # TODO: add restore arg here + "/jobs/node-jobs.hcl", ] mount { @@ -105,14 +107,59 @@ job "backup-oneoff" { } } + vault { + policies = [ + "access-tables", + "nomad-task", + ] + } + env = { "MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}" "MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}" } template { - data = var.nextcloud_backup - destination = "jobs/nextcloud.hcl" + # Probably want to use database credentials that have access to dump all tables + data = <