iamthefij/orchestration-tests
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WIP: Update oneoff backups

Browse Source
This commit is contained in:
IamTheFij 2022-07-25 16:29:35 -07:00
parent ee45e92534
commit 465c2d9c29
1 changed files with 83 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
nomad/backups/oneoff.nomad
View File

@ -3,7 +3,12 @@ variable "nextcloud_backup" {
description = "HCL config for Restic Scheduler jobs" description = "HCL config for Restic Scheduler jobs"
} }
job "backup-oneoff" { variable "consul_backup" {
type = string
description = "HCL config for Restic Scheduler jobs"
}
job "backup-oneoff-n2" {
datacenters = ["dc1"] datacenters = ["dc1"]
type = "batch" type = "batch"
@ -18,35 +23,39 @@ job "backup-oneoff" {
snapshot = "latest" snapshot = "latest"
} }
group "nextcloud" {
count = 1 constraint {
attribute = "${node.unique.name}"
# Only node with a backup job so far
# Remove when backing up all nodes
value = "n2"
}
group "backup" {
network { network {
mode = "bridge" mode = "bridge"
port "metrics" {
to = 8080
}
} }
volume "nextcloud-data" { volume "all-volumes" {
type = "host" type = "host"
read_only = true read_only = true
source = "nextcloud-data" source = "all-volumes"
}
volume "gitea-data" {
type = "host"
read_only = true
source = "gitea-data"
}
volume "authentik-data" {
type = "host"
read_only = true
source = "authentik-data"
} }
service { service {
port = "metrics"
# Add connect to mysql
connect { connect {
sidecar_service { sidecar_service {
proxy { proxy {
local_service_port = 8080
upstreams { upstreams {
destination_name = "mysql-server" destination_name = "mysql-server"
local_bind_port = 6060 local_bind_port = 6060
@ -65,37 +74,30 @@ job "backup-oneoff" {
} }
} }
} }
meta {
metrics_addr = "${NOMAD_ADDR_metrics}"
}
} }
task "backup" { task "backup" {
driver = "docker" driver = "docker"
volume_mount { volume_mount {
volume = "nextcloud-data" volume = "all-volumes"
destination = "/data/nextcloud" destination = "/data"
read_only = false read_only = true
}
volume_mount {
volume = "gitea-data"
destination = "/data/gitea"
read_only = false
}
volume_mount {
volume = "authentik-data"
destination = "/data/authentik"
read_only = false
} }
config { config {
image = "iamthefij/resticscheduler" image = "iamthefij/resticscheduler"
ports = ["backup"] ports = ["metrics"]
args = [ args = [
"-once", "-once",
"-${NOMAD_META_task}", "-${NOMAD_META_task}",
"${NOMAD_META_job_name}", "${NOMAD_META_job_name}",
"/jobs/nextcloud.hcl", # TODO: add restore arg here
"/jobs/node-jobs.hcl",
] ]
mount { mount {
@ -105,14 +107,59 @@ job "backup-oneoff" {
} }
} }
vault {
policies = [
"access-tables",
"nomad-task",
]
}
env = { env = {
"MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}" "MYSQL_HOST" = "${NOMAD_UPSTREAM_IP_mysql_server}"
"MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}" "MYSQL_PORT" = "${NOMAD_UPSTREAM_PORT_mysql_server}"
} }
template { template {
data = var.nextcloud_backup # Probably want to use database credentials that have access to dump all tables
destination = "jobs/nextcloud.hcl" data = <<EOF
{{ with secret "kv/data/nextcloud" }}
MYSQL_DATABASE={{ .Data.data.db_name }}
MYSQL_USER={{ .Data.data.db_user }}
MYSQL_PASSWORD={{ .Data.data.db_pass }}
{{ end }}
{{ with secret "kv/data/backups" }}
BACKUP_PASSPHRASE={{ .Data.data.backup_passphrase }}
{{ end }}
EOF
destination = "secrets/db.env"
env = true
}
template {
data = <<EOH
CONSUL_HTTP_ADDR={{ env "attr.unique.network.ip-address" }}:8500
EOH
destination = "local/consul.env"
env = true
}
template {
# Build jobs based on node
data = <<EOF
# Current node is {{ env "node.unique.name" }}
# Consul backup below?
{{ if eq (env "node.unique.name") "n2" -}}
# Consul backup
${var.consul_backup}
{{ end -}}
{{ range service "nextcloud" }}
# Nextcloud .Node {{ .Node }}
{{ if eq .Node (env "node.unique.name") }}
${var.nextcloud_backup}
{{ end }}{{ end }}
EOF
destination = "jobs/node-jobs.hcl"
} }
resources { resources {