Adds backup vm in Vagrant

2014-11-05 12:43:16 +00:00 · 2014-11-05 12:43:16 +00:00 · dfa5569f9b
commit dfa5569f9b
parent 4beb94f5ec
12 changed files with 101 additions and 124 deletions
--- a/23
+++ b/23
@ -24,6 +24,21 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
  config.vm.box_version = ">= 308.0.1"
  config.vm.box_url = "http://%s.release.core-os.net/amd64-usr/current/coreos_production_vagrant.json" % $update_channel

+  config.vm.define "backup" do |backup|
+    backup.vm.provider :virtualbox do |vb|
+      vb.memory = 512
+      vb.cpus = 1
+      vb.check_guest_additions = false
+      vb.functional_vboxsf = false
+    end
+     # plugin conflict
+    if Vagrant.has_plugin?("vagrant-vbguest") then
+      backup.vbguest.auto_update = false
+    end
+    backup.vm.hostname = "backup.dev"
+    backup.vm.network :private_network, ip: "192.168.65.100"
+  end
+
  (1..$num_instances).each do |i|
    config.vm.define "core-#{i}" do |core|
      core.vm.provider :virtualbox do |vb|
@ -44,8 +59,16 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
      core.vm.network :private_network, ip: "#{BASE_IP_ADDR}.#{i+1}"
      core.vm.synced_folder ".", "/data/indiehosters", id: "coreos-indiehosters", :nfs => true, :mount_options => ['nolock,vers=3,udp']
      core.vm.provision :file, source: "./cloud-config", destination: "/tmp/vagrantfile-user-data"
+      $install_insecure_keys = <<SCRIPT
+mkdir ~/.ssh
+wget https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub -O ~/.ssh/id_rsa.pub
+wget https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant -O ~/.ssh/id_rsa
+chmod 600 ~/.ssh/id_rsa
+SCRIPT
+      core.vm.provision :shell, inline: $install_insecure_keys
      core.vm.provision :shell, inline: "mkdir -p /data/runtime/haproxy/approved-certs; cp /data/indiehosters/scripts/unsecure-certs/*.pem /data/runtime/haproxy/approved-certs"
      core.vm.provision :shell, path: "./scripts/setup.sh", args: [HOSTNAME]
    end
+    
  end
 end
--- a/6
+++ b/6
@ -9,3 +9,9 @@ coreos:
  units:
    - name: etcd.service
      command: start
+write_files:
+  - path: /data/BACKUP_DESTINATION
+    permissions: 0644
+    owner: root
+    content: |
+      core@backup.dev
--- a/deploy/deploy.sh
+++ b/deploy/deploy.sh
@ -1,14 +1,10 @@
 #!/bin/sh
-if [ $# -ge 1 ]; then
-  SERVER=$1
-else
-  echo "Usage: sh ./deploy/deploy.sh server [folder [branch [user]]]"
-  exit 1
-fi
 if [ $# -ge 2 ]; then
-  FOLDER=$2
+  SERVER=$1
+  BACKUP_DEST=$2
 else
-  FOLDER="./data/"
+  echo "Usage: sh ./deploy/deploy.sh server backup_dest [branch [user]]]"
+  exit 1
 fi
 if [ $# -ge 3 ]; then
  BRANCH=$3
@ -21,20 +17,18 @@ else
  USER="core"
 fi

-if [ -e "${FOLDER}runtime/haproxy/approved-certs/${SERVER}.pem" ]; then
-  DEFAULTSITE=$SERVER
-else
-  echo "Please make sure ${FOLDER}runtime/haproxy/approved-certs/${SERVER}.pem exists, then retry"
-  exit 1
-fi
-
-echo "Hoster data folder is $FOLDER"
-echo "Infrastructure branch is $BRANCH"
+echo "Server to deploy is $SERVER"
+echo "Backups will live under $BACKUP_DEST"
+echo "IndieHosters repo branch is $BRANCH"
 echo "Remote user is $USER"
-echo "Default site is $DEFAULTSITE"

-scp -r $FOLDER $USER@$SERVER:/data
 scp ./deploy/onServer.sh $USER@$SERVER:
+
 ssh $USER@$SERVER sudo mkdir -p /var/lib/coreos-install/
 scp cloud-config $USER@$SERVER:/var/lib/coreos-install/user_data
-ssh $USER@$SERVER sudo sh ./onServer.sh $BRANCH $DEFAULTSITE
+ssh $USER@$SERVER sudo sh ./onServer.sh $BRANCH $SERVER
+
+# overrides BACKUP_DESTINATION from cloud-config
+echo $BACKUP_DEST > ./deploy/tmp.txt
+scp ./deploy/tmp.txt $USER@SERVER:/data/BACKUP_DESTINATION
+rm ./deploy/tmp.txt
--- a/deploy/onServer.sh
+++ b/deploy/onServer.sh
@ -1,5 +1,8 @@
 #!/bin/sh

+#Usage from deploy/deploy.sh:
+#ssh $USER@$SERVER sudo sh ./onServer.sh $BRANCH $SERVER
+
 echo Starting etcd:
 /usr/bin/coreos-cloudinit --from-file=/var/lib/coreos-install/user_data

--- a/doc/deploying-a-server.md
+++ b/doc/deploying-a-server.md
@ -11,18 +11,12 @@ Make sure you read [getting started](getting-started-as-a-hoster.md) first.
 * Give the new server a name (in this example, we call the server 'k3')
 * Add k3 to your /etc/hosts with the right IP address
 * If you have used this name before, run `./deploy/forget-server-fingerprint.sh k3`
-* From the root folder of this repository, run `sh ./deploy/deploy.sh k3 ./data/ master root` (where `./data/` should contain
-  `runtime/postfix/`
-  and `runtime/haproxy/approved-certs/k3.pem`; see the existing folder `data/` in this repo for an example of what the email forwards and
-  TLS certificate files should look like).
-* Add the default site by following the 'Adding a website to your server' instructions below with domain name k3 instead of example.com
-* The rest should be automatic!
-
-### Preparing backups
-
-* ssh into your server, and run `ssh-keygen -t rsa`
+* ssh into your server, and run `ssh-keygen -t rsa`  (use all the default settings, empty passphrase)
 * set up a backups server at an independent location (at least a different data center, but preferably also a different IaaS provider, the bu25 plan of https://securedragon.net/ is a good option at 3 dollars per month).
-* set up a git server with one private git repo per domain by following http://www.git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server (instead of 'project.git' you can use 'domainname.com.git')
+* set up a git server by following http://www.git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server (no need to set up any repos like 'project.git' yet).  Let's call the backup server 'bu25' (add this to /etc/hosts on k3).
+* add the ssh key from k3 to the authorized_keys for the git user (not the root user) on bu25.
+* Exit from the double ssh back to your laptop, and from the root folder of this repository, run `sh ./deploy/deploy.sh k3 master root`
+* The rest should be automatic!

 ### Adding a website to your server
 * For each site you want to deploy on the server, e.g. example.com, do the following:
@ -47,9 +41,5 @@ Make sure you read [getting started](getting-started-as-a-hoster.md) first.
  * Now run `deploy/add-site.sh k3 example.com ../hoster-data/TLS/example.com.pem nginx https://github.com/someone/example.com.git root`.
    It will make sure the server is in the correct state, and git pull and scp the user data and the
    approved cert into place, start a container running the image requested, update haproxy config, and restart the haproxy container.
-  * set up a git repo for the new site on the backup server (see http://www.git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server again), and for instance if you called the backup repo example.com.git and your backup server is in /etc/hosts on k3 as 'bu25', ssh into k3 and run:
-
-    sh scripts/backup-init.sh example.com git@bu25:/opt/git/example.com.git
-
  * Test the site using your /etc/hosts. You should see the data from the git repo on both http and https.
  * Switch DNS and monitoring.
--- a/importers/backup-snapshot.sh
+++ b/importers/backup-snapshot.sh
@ -1,48 +0,0 @@
-#!/bin/bash -eux
-
-if [ -e /data/domains/$DOMAIN/mysql ]; then
-  echo backing up mysql databases for $DOMAIN
-  mkdir -p /data/domains/$DOMAIN/backup/mysql/
-  cp /data/domains/$DOMAIN/mysql/.env /data/domains/$DOMAIN/backup/mysql/.env
-  /usr/bin/docker run --link mysql-$DOMAIN:db\
-     --env-file /data/domains/$DOMAIN/mysql/.env \
-     indiehosters/mysql mysqldump --all-databases --events -u admin \
-     -p$(cat /data/domains/$DOMAIN/mysql/.env | cut -d'=' -f2) \
-     -h db > /data/domains/$DOMAIN/backup/mysql/dump.sql
-fi
-
-if [ -e /data/domains/$DOMAIN/wordpress ]; then
-  echo backing up www from wordpress for $DOMAIN
-  mkdir -p /data/domains/$DOMAIN/backup/www/
-  rsync -r /data/domains/$DOMAIN/wordpress /data/domains/$DOMAIN/backup/www/wordpress
-fi
-
-if [ -e /data/domains/$DOMAIN/nginx ]; then
-  echo backing up www from nginx for $DOMAIN
-  mkdir -p /data/domains/$DOMAIN/backup/www/nginx/
-  if [ -e /data/domains/$DOMAIN/nginx/data/GITURL ]; then
-    cp /data/domains/$DOMAIN/nginx/data/GITURL /data/domains/$DOMAIN/backup/www/nginx/GITURL
-  else
-    rsync -r /data/domains/$DOMAIN/nginx/data/www-content /data/domains/$DOMAIN/backup/www/nginx/www-content
-  fi
-fi
-
-echo copying TLS cert
-mkdir -p /data/domains/$DOMAIN/backup/TLS/
-cp /data/runtime/haproxy/approved-certs/$DOMAIN.pem /data/domains/$DOMAIN/backup/TLS/$DOMAIN.pem
-
-echo committing everything
-cd /data/domains/$DOMAIN/backup/
-pwd
-git add *
-git status
-
-git config --local user.email "backups@`hostname`"
-git config --local user.name "`hostname` hourly backups"
-git config --local push.default simple
-
-git commit -m"backup $DOMAIN @ `hostname` - `date`"
-if [ -e /data/domains/$DOMAIN/backup/BACKUPDEST ]; then
-  git pull --rebase
-  git push
-fi
--- a/scripts/backup-init.sh
+++ b/scripts/backup-init.sh
@ -1,36 +1,20 @@
-#!/bin/sh
-if [ $# -ge 2 ]; then
-  DOMAIN=$1
-  BACKUPDEST=$2
-else
-  echo "Usage: sh ./scripts/backups-init.sh domain gitrepo"
-  exit 1
+#!/bin/bash -eux
+
+BACKUP_DESTINATION=`cat /data/BACKUP_DESTINATION`
+
+echo "Intitializing backups with $BACKUP_DESTINATION"
+if [ ! -d /data/domains/$DOMAIN ]; then
+  ssh $BACKUP_DESTINATION " \
+    if [ ! -d $DOMAIN ]; then \
+      mkdir -p $DOMAIN; \
+      cd $DOMAIN; \
+      git init --bare; \
+    else
+      echo \"Git folder already present\"
+    fi"
+  git clone $BACKUP_DESTINATION:$DOMAIN /data/domains/$DOMAIN
+  cd /data/domains/$DOMAIN
+  git config --local user.email "backups@`hostname`"
+  git config --local user.name "`hostname` hourly backups"
+  git config --local push.default simple
 fi
-echo "Adding backup job for $DOMAIN to $BACKUPDEST"
-
-echo "First, trying to clone latest master from $BACKUPDEST"
-git clone $BACKUPDEST /data/domains/$DOMAIN/backup
-
-sudo mkdir -p /data/domains/$DOMAIN/backup
-sudo echo "$BACKUPDEST" > /data/domains/$DOMAIN/backup/BACKUPDEST
-
-echo initializing backups for $DOMAIN
-mkdir -p /data/domains/$DOMAIN/backup/mysql
-mkdir -p /data/domains/$DOMAIN/backup/www
-mkdir -p /data/domains/$DOMAIN/backup/TLS
-cd /data/domains/$DOMAIN/backup/
-git config --local user.email "backups@`hostname`"
-git config --local user.name "`hostname` hourly backups"
-git config --local push.default simple
-
-if [ -e /data/domains/$DOMAIN/backup/.git ]; then
-  git init
-fi
-echo "backups of $DOMAIN at IndieHosters server `hostname`" > README.md
-git add README.md
-git commit -m"initial commit"
-
-echo "Pushing initial commit to $BACKUPDEST master branch"
-cd /data/domains/$DOMAIN/backup/
-git remote add destination $BACKUPDEST
-git push -u destination master
--- a/scripts/setup.sh
+++ b/scripts/setup.sh
@ -24,10 +24,6 @@ docker pull indiehosters/wordpress
 cp /data/indiehosters/unit-files/* /etc/systemd/system
 systemctl daemon-reload

-# Activate default domain
-sh /data/indiehosters/scripts/activate-user.sh $HOSTNAME static
-etcdctl set /services/default '{"app":"static", "hostname":"'$HOSTNAME'"}'
-
 # Configure and start HAproxy
 mkdir -p /data/runtime/haproxy/approved-certs
 systemctl enable haproxy-confd.service
--- a/unit-files/backup@.service
+++ b/unit-files/backup@.service
@ -1,7 +1,31 @@
 [Unit]
-Description= Back up mysql and www data to a git repo and optionally push it out
+Description=Back up domain data to a git repo and push it out

 [Service]
 Type=oneshot
 Environment=DOMAIN=%i
-ExecStart=/data/indiehosters/importers/backup-snapshot.sh
+ExecStartPre=/bin/bash -euxc ' \
+  if [ -e /data/domains/$DOMAIN/mysql ]; then \
+    echo "Backing up mysql databases for $DOMAIN"; \
+    /usr/bin/docker run \
+      --link mysql-$DOMAIN:db \
+      --env-file /data/domains/$DOMAIN/mysql/.env \
+      indiehosters/mysql \
+        mysqldump \
+          --all-databases \
+          --events \
+          -u admin \
+          -p$(cat /data/domains/$DOMAIN/mysql/.env | cut -d'=' -f2) \
+          -h db \
+          > /data/domains/$DOMAIN/mysql/dump.sql; \
+  fi'
+
+ExecStart=/bin/bash -euxc ' \
+  echo "Committing everything"; \
+  cd /data/domains/$DOMAIN/; \
+  git add *; \
+  git status; \
+  git commit -m"backup $DOMAIN @ `hostname` - `date`"; \
+  # be careful: hidden sync functionnality; \
+  git pull --rebase; \
+  git push'
--- a/unit-files/static-git-importer@.service
+++ b/unit-files/static-git-importer@.service
@ -7,6 +7,8 @@ Before=static-git@%i.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+Environment=DOMAIN=%i
+ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
  domain_folder=/data/domains/%i; \
  cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \
--- a/unit-files/static-importer@.service
+++ b/unit-files/static-importer@.service
@ -7,6 +7,8 @@ Before=static@%i.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+Environment=DOMAIN=%i
+ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
  domain_folder=/data/domains/%i; \
  cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \
--- a/unit-files/wordpress-importer@.service
+++ b/unit-files/wordpress-importer@.service
@ -12,6 +12,7 @@ BindsTo=wordpress@%i.service
 Type=oneshot
 RemainAfterExit=yes
 Environment=DOMAIN=%i
+ExecStartPre=/data/indiehosters/scripts/backup-init.sh
 ExecStart=/bin/bash -euxc ' \
  domain_folder=/data/domains/%i; \
  cp $domain_folder/TLS/%i.pem /data/runtime/haproxy/approved-certs/%i.pem; \