diff --git a/Dockerfile b/Dockerfile index 3fc3f2c09..aa54e22b8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ ENV VERSION_LOKI="2.9.5" # Update the system and install required packages RUN apt-get update -y && \ apt-get upgrade -y && \ - apt-get install -y curl unzip groff-base less gnupg2 git jq && \ + apt-get install -y curl unzip groff-base less gnupg2 git jq zsh && \ rm -rf /var/lib/apt/lists/* # Install specific AWS CLI version @@ -46,7 +46,6 @@ ADD rclone.conf /root/.config/rclone/rclone.conf RUN mkdir /app ADD github-backup.sh /usr/bin/backup-github -ADD gdrive-backup.sh /usr/bin/backup-gdrive ADD loki-logcli-backup.sh /usr/bin/backup-loki-logs-as-json ADD vault-backup.sh /usr/bin/backup-vault ADD s3-backup.sh /usr/bin/s3-backup @@ -54,4 +53,4 @@ ADD s3-backup.sh /usr/bin/s3-backup WORKDIR /app -CMD ["bash"] +CMD ["zsh"] diff --git a/README.md b/README.md index adfd8836f..9f4afcd17 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ - AWS S3 Credentials. Regardless of whether you backup google team drives or github repos, you will need these environment variables to be set: -```bash +```zsh export AWS_DEFAULT_REGION=us-west-2 # must be the same region as the bucket export S3_BUCKET_NAME="bucket-name" export AWS_ACCESS_KEY_ID=XXXXXXXXXXXXXXXXXXXXX @@ -14,7 +14,7 @@ export AWS_SECRET_ACCESS_KEY=XXXXXXXXXXXXXXXXXXXXX Following variables must be set -```bash +```zsh export GITHUB_ORG_TO_BACKUP="GlueOps" # Set this to the organization you want to backup. The GITHUB_TOKEN must have read access to all the repos in this organization. export GITHUB_TOKEN="" # GitH needs to have read access to all repositories within the organization. We use the fine grained access tokens (beta feature) ``` @@ -25,7 +25,7 @@ export GITHUB_TOKEN="" # GitH needs to have read access to all repositories with - Example backup -```bash +```zsh docker build . -t backup && docker run -it backup # Export ALL the variables required as mentioned in this README.md and then run: backup-github @@ -40,14 +40,14 @@ backup-github Following variables must be set -```bash +```zsh export RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS='<>' # Get this from the IAM user in the rclone google cloud service account project and remove all newlines \n export RCLONE_DRIVE_TEAM_DRIVE="XXXXXXXXXXXXXX" # team drive id ex. `0ZZH9DD53YuyEaYU7sqb` ``` - Example to run a download of the team drive to local -```bash +```zsh docker build . -t backup && docker run -it backup # Export ALL the variables required as mentioned in this README.md and then run: ./gdrive-backup.sh diff --git a/gdrive-backup.sh b/gdrive-backup.sh deleted file mode 100755 index 2af505ca4..000000000 --- a/gdrive-backup.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash - -set -e - -# Check if required variables are set -if [[ -z "${RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS}" ]]; then - echo "Error: RCLONE_DRIVE_SERVICE_ACCOUNT_CREDENTIALS is not set." - exit 1 -fi - -if [[ -z "${RCLONE_DRIVE_TEAM_DRIVE}" ]]; then - echo "Error: RCLONE_DRIVE_TEAM_DRIVE is not set." - exit 1 -fi - - -BACKUP_DATE=$(date '+%Y-%m-%d') -BACKUP_LOCATION="google_drive_team_drives/$BACKUP_DATE/$RCLONE_DRIVE_TEAM_DRIVE" -mkdir -p $BACKUP_LOCATION - -rclone copy -P --transfers=100 gdrive: "${BACKUP_LOCATION}" -tar -cf "${BACKUP_LOCATION}.tar" ${BACKUP_LOCATION} && rm -rf "${BACKUP_LOCATION}" - - -echo "Uploading everything to S3...." -cd /app -aws s3 cp --recursive google_drive_team_drives/ s3://${S3_BUCKET_NAME}/google_drive_team_drives/ \ No newline at end of file diff --git a/github-backup.sh b/github-backup.sh index aa5989fbc..0f8056ccc 100755 --- a/github-backup.sh +++ b/github-backup.sh @@ -1,6 +1,7 @@ -#!/bin/bash +#!/bin/zsh -set -e +setopt ERR_EXIT +setopt PIPE_FAIL # Check if required variables are set if [[ -z "${GITHUB_ORG_TO_BACKUP}" ]]; then diff --git a/loki-logcli-backup.sh b/loki-logcli-backup.sh index 15efbb8fd..1cb221a2d 100755 --- a/loki-logcli-backup.sh +++ b/loki-logcli-backup.sh @@ -1,5 +1,6 @@ -#!/bin/bash -set -e +#!/bin/zsh +setopt ERR_EXIT +setopt PIPE_FAIL cleanup() { echo "Cleaning up..." @@ -93,4 +94,4 @@ done if [ "$ERRORS" -gt 0 ]; then echo "ERROR: Found $ERRORS errors. Exiting the script." exit 1 -fi \ No newline at end of file +fi diff --git a/s3-backup.sh b/s3-backup.sh index bf8df2485..c83894f18 100755 --- a/s3-backup.sh +++ b/s3-backup.sh @@ -1,5 +1,6 @@ -#!/bin/bash -set -e +#!/bin/zsh +setopt ERR_EXIT +setopt PIPE_FAIL # Ensure all required environment variables are set if [ -z "$SRC_AWS_ACCESS_KEY_ID" ] || [ -z "$SRC_AWS_SECRET_ACCESS_KEY" ] || [ -z "$DST_AWS_ACCESS_KEY_ID" ] || [ -z "$DST_AWS_SECRET_ACCESS_KEY" ] || [ -z "$SRC_BUCKET" ] || [ -z "$DST_BUCKET" ]; then diff --git a/test-vault-snapshot/README.md b/test-vault-snapshot/README.md index c165304ae..74449a385 100644 --- a/test-vault-snapshot/README.md +++ b/test-vault-snapshot/README.md @@ -19,8 +19,8 @@ If you make an error in the process then it's recommended to delete everything, Start the container with: -```bash -docker run -it -p 8200:8200 -v `pwd`/data:/data backup bash +```zsh +docker run -it -p 8200:8200 -v `pwd`/data:/data backup zsh ``` Run the following script to: @@ -31,7 +31,7 @@ Run the following script to: - Unseal vault - Login to vault with the root token -```bash +```zsh mkdir -p /data/raft cat > /data/raft/peers.json << EOF [ @@ -60,7 +60,7 @@ vault login $root_token Create an S3 PRESIGNED URL to the backup that we want to restore. Limit the time to 10mins or whatever you feel is appropriate. And then export the url as a variable in the same terminal session from above. -```bash +```zsh S3_PRESIGNED_DOWNLOAD_URL="https://time-sensitive-and-authenticated-url-to-download-backup-from-s3" curl -o backup_to_restore.snap $S3_PRESIGNED_DOWNLOAD_URL vault operator raft snapshot restore -force backup_to_restore.snap @@ -68,13 +68,13 @@ vault operator raft snapshot restore -force backup_to_restore.snap # In the same terminal session unseal with the unseal token for the backup you just restored -```bash +```zsh vault operator unseal 55ebb6859b269cd1ce501989ebba821baf84076c28d84008474aa3fddc0a24b3 ``` # In the same terminal session, login with the root token for the backup you unsealed/restored. -```bash +```zsh vault login hvs.fm0DOOSsPTwqB7rFFNbJgCle ``` diff --git a/vault-backup.sh b/vault-backup.sh index 27004d9b8..152b14100 100755 --- a/vault-backup.sh +++ b/vault-backup.sh @@ -1,7 +1,7 @@ -#!/bin/bash - -set -e +#!/bin/zsh +setopt ERR_EXIT +setopt PIPE_FAIL date=$(date '+%Y-%m-%d') echo "Starting Vault backup...@ ${date}"