Initial Commit

itbm · May 21, 2019 · 0e52741 · 0e52741
commit 0e52741
Show file tree

Hide file tree

Showing 5 changed files with 265 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,33 @@
+FROM alpine:3.9
+LABEL maintainer="ITBM"
+
+RUN apk update \
+	&& apk add postgresql-client \
+	&& apk add python py2-pip && pip install awscli && apk del py2-pip \
+	&& apk add openssl \
+	&& apk add curl \
+	&& curl -L --insecure https://github.com/odise/go-cron/releases/download/v0.0.6/go-cron-linux.gz | zcat > /usr/local/bin/go-cron && chmod u+x /usr/local/bin/go-cron \
+	&& apk del curl \
+	&& rm -rf /var/cache/apk/*
+
+ENV POSTGRES_DATABASE **None**
+ENV POSTGRES_HOST **None**
+ENV POSTGRES_PORT 5432
+ENV POSTGRES_USER **None**
+ENV POSTGRES_PASSWORD **None**
+ENV POSTGRES_EXTRA_OPTS ''
+ENV S3_ACCESS_KEY_ID **None**
+ENV S3_SECRET_ACCESS_KEY **None**
+ENV S3_BUCKET **None**
+ENV S3_REGION us-west-1
+ENV S3_PREFIX 'backup'
+ENV S3_ENDPOINT **None**
+ENV S3_S3V4 no
+ENV SCHEDULE **None**
+ENV ENCRYPTION_PASSWORD **None**
+ENV DELETE_OLDER_THAN **None**
+
+ADD run.sh run.sh
+ADD backup.sh backup.sh
+
+CMD ["sh", "run.sh"]
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright for portions of project mysql-backup-s3 are held by Johannes Schickling, 2017 as part of project Dockerfiles. All other copyright for project mysql-back-s3 are held by ITBM, 2019.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,98 @@
+# postgres-backup-s3
+
+Backup PostgresSQL to S3 (supports periodic backups)
+
+## Basic Usage
+
+```sh
+$ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET=my-bucket -e S3_PREFIX=backup -e POSTGRES_DATABASE=dbname -e POSTGRES_USER=user -e POSTGRES_PASSWORD=password -e POSTGRES_HOST=localhost itbm/postgres-backup-s3
+```
+
+## Kubernetes Deployment
+
+```
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: backup
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgresql
+  namespace: backup
+spec:
+  selector:
+    matchLabels:
+      app: postgresql
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: postgresql
+    spec:
+      containers:
+      - name: postgresql
+        image: itbm/postgresql-backup-s3
+        imagePullPolicy: Always
+        env:
+        - name: POSTGRES_DATABASE
+          value: ""
+        - name: POSTGRES_HOST
+          value: ""
+        - name: POSTGRES_PORT
+          value: ""
+        - name: POSTGRES_PASSWORD
+          value: ""
+        - name: POSTGRES_USER
+          value: ""
+        - name: S3_ACCESS_KEY_ID
+          value: ""
+        - name: S3_SECRET_ACCESS_KEY
+          value: ""
+        - name: S3_BUCKET
+          value: ""
+        - name: S3_ENDPOINT
+          value: ""
+        - name: S3_PREFIX
+          value: ""
+        - name: SCHEDULE
+          value: ""
+```
+
+## Environment variables
+
+- `POSTGRES_DATABASE` list of databases you want to backup (default: --all-databases)
+- `POSTGRES_HOST` the postgresql host *required*
+- `POSTGRES_PORT` the postgresql port (default: )
+- `POSTGRES_USER` the postgresql user *required*
+- `POSTGRES_PASSWORD` the postgresql password *required*
+- `POSTGRES_EXTRA_OPTS` extra postgresql options
+- `S3_ACCESS_KEY_ID` your AWS access key *required*
+- `S3_SECRET_ACCESS_KEY` your AWS secret key *required*
+- `S3_BUCKET` your AWS S3 bucket path *required*
+- `S3_PREFIX` path prefix in your bucket (default: 'backup')
+- `S3_REGION` the AWS S3 bucket region (default: us-west-1)
+- `S3_ENDPOINT` the AWS Endpoint URL, for S3 Compliant APIs such as [minio](https://minio.io) (default: none)
+- `S3_S3V4` set to `yes` to enable AWS Signature Version 4, required for [minio](https://minio.io) servers (default: no)
+- `SCHEDULE` backup schedule time, see explainatons below
+- `ENCRYPTION_PASSWORD` password to encrypt the backup. Can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`
+- `DELETE_OLDER_THAN` delete old backups, see explanation and warning below
+
+### Automatic Periodic Backups
+
+You can additionally set the `SCHEDULE` environment variable like `-e SCHEDULE="@daily"` to run the backup automatically.
+
+More information about the scheduling can be found [here](http://godoc.org/github.com/robfig/cron#hdr-Predefined_schedules).
+
+### Delete Old Backups
+
+You can additionally set the `DELETE_OLDER_THAN` environment variable like `-e DELETE_OLDER_THAN="30 days ago"` to delete old backups.
+
+WARNING: this will delete all files in the S3_PREFIX path, not just those created by this script.
+
+### Encryption
+
+You can additionally set the `ENCRYPTION_PASSWORD` environment variable like `-e ENCRYPTION_PASSWORD="superstrongpassword"` to encrypt the backup. It can be decrypted using `openssl aes-256-cbc -d -in backup.sql.gz.enc -out backup.sql.gz`.
diff --git a/backup.sh b/backup.sh
@@ -0,0 +1,100 @@
+#! /bin/sh
+
+set -e
+set -o pipefail
+
+if [ "${S3_ACCESS_KEY_ID}" = "**None**" ]; then
+  echo "You need to set the S3_ACCESS_KEY_ID environment variable."
+  exit 1
+fi
+
+if [ "${S3_SECRET_ACCESS_KEY}" = "**None**" ]; then
+  echo "You need to set the S3_SECRET_ACCESS_KEY environment variable."
+  exit 1
+fi
+
+if [ "${S3_BUCKET}" = "**None**" ]; then
+  echo "You need to set the S3_BUCKET environment variable."
+  exit 1
+fi
+
+if [ "${POSTGRES_DATABASE}" = "**None**" ]; then
+  echo "You need to set the POSTGRES_DATABASE environment variable."
+  exit 1
+fi
+
+if [ "${POSTGRES_HOST}" = "**None**" ]; then
+  if [ -n "${POSTGRES_PORT_5432_TCP_ADDR}" ]; then
+    POSTGRES_HOST=$POSTGRES_PORT_5432_TCP_ADDR
+    POSTGRES_PORT=$POSTGRES_PORT_5432_TCP_PORT
+  else
+    echo "You need to set the POSTGRES_HOST environment variable."
+    exit 1
+  fi
+fi
+
+if [ "${POSTGRES_USER}" = "**None**" ]; then
+  echo "You need to set the POSTGRES_USER environment variable."
+  exit 1
+fi
+
+if [ "${POSTGRES_PASSWORD}" = "**None**" ]; then
+  echo "You need to set the POSTGRES_PASSWORD environment variable or link to a container named POSTGRES."
+  exit 1
+fi
+
+if [ "${S3_ENDPOINT}" == "**None**" ]; then
+  AWS_ARGS=""
+else
+  AWS_ARGS="--endpoint-url ${S3_ENDPOINT}"
+fi
+
+# env vars needed for aws tools
+export AWS_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID
+export AWS_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY
+export AWS_DEFAULT_REGION=$S3_REGION
+
+export PGPASSWORD=$POSTGRES_PASSWORD
+POSTGRES_HOST_OPTS="-h $POSTGRES_HOST -p $POSTGRES_PORT -U $POSTGRES_USER $POSTGRES_EXTRA_OPTS"
+
+echo "Creating dump of ${POSTGRES_DATABASE} database from ${POSTGRES_HOST}..."
+
+SRC_FILE=dump.sql.gz
+DEST_FILE=${POSTGRES_DATABASE}_$(date +"%Y-%m-%dT%H:%M:%SZ").sql.gz
+
+pg_dump $POSTGRES_HOST_OPTS $POSTGRES_DATABASE | gzip > $SRC_FILE
+
+if [ "${ENCRYPTION_PASSWORD}" != "**None**" ]; then
+  echo "Encrypting ${SRC_FILE}"
+  openssl enc -aes-256-cbc -in $SRC_FILE -out ${SRC_FILE}.enc -k $ENCRYPTION_PASSWORD
+  if [ $? != 0 ]; then
+    >&2 echo "Error encrypting ${SRC_FILE}"
+  fi
+  rm $SRC_FILE
+  SRC_FILE="${SRC_FILE}.enc"
+  DEST_FILE="${DEST_FILE}.enc"
+fi
+
+echo "Uploading dump to $S3_BUCKET"
+
+cat $SRC_FILE | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/$DEST_FILE || exit 2
+
+if [ "${DELETE_OLDER_THAN}" != "**None**" ]; then
+  aws $AWS_ARGS s3 ls s3://$S3_BUCKET/$S3_PREFIX/ | grep " PRE " -v | while read -r line;
+    do
+      created=`echo $line|awk {'print $1" "$2'}`
+      created=`date -d "$created" +%s`
+      older_than=`date -d "$DELETE_OLDER_THAN" +%s`
+      if [ $created -lt $older_than ]
+        then
+          fileName=`echo $line|awk {'print $4'}`
+          if [ $fileName != "" ]
+            then
+              printf 'Deleting "%s"\n' $fileName
+              aws $AWS_ARGS s3 rm s3://$S3_BUCKET/$S3_PREFIX/$fileName
+          fi
+      fi
+    done;
+fi
+
+echo "SQL backup uploaded successfully"
diff --git a/run.sh b/run.sh
@@ -0,0 +1,13 @@
+#! /bin/sh
+
+set -e
+
+if [ "${S3_S3V4}" = "yes" ]; then
+    aws configure set default.s3.signature_version s3v4
+fi
+
+if [ "${SCHEDULE}" = "**None**" ]; then
+  sh backup.sh
+else
+  exec go-cron "$SCHEDULE" /bin/sh backup.sh
+fi