bridgehead/lib/update-bridgehead.sh

#!/bin/bash
source lib/functions.sh

AUTO_HOUSEKEEPING=${AUTO_HOUSEKEEPING:-true}

if [ "$AUTO_HOUSEKEEPING" == "true" ]; then
	A="Performing automatic maintenance: "
	if bk_is_running; then
		A="$A Cleaning docker images."
		docker system prune -a -f
	else
		A="$A Not cleaning docker images since BK is not running."
	fi
	hc_send log "$A"
	log INFO "$A"
else
	log WARN "Automatic housekeeping disabled (variable AUTO_HOUSEKEEPING != \"true\")"
fi

hc_send log "Checking for bridgehead updates ..."

CONFFILE=/etc/bridgehead/$PROJECT.conf

if [ ! -e $CONFFILE ]; then
  fail_and_report 1 "Configuration file $CONFFILE not found."
fi

source $CONFFILE

assertVarsNotEmpty SITE_ID || fail_and_report 1 "Update failed: SITE_ID empty"
export SITE_ID

checkOwner /srv/docker/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /srv/docker/bridgehead"
checkOwner /etc/bridgehead bridgehead || fail_and_report 1 "Update failed: Wrong permissions in /etc/bridgehead"

# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.
# If it is missing or expired, Secret Sync will create a new token and write it to the file.
# The git credential helper reads the token from the file during git pull.
mkdir -p /var/cache/bridgehead/secrets
touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container
log "INFO" "Running Secret Sync for the GitLab token"
docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image
docker run --rm \
  -v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \
  -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
  -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
  -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
  -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
  -e NO_PROXY=localhost,127.0.0.1 \
  -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
  -e PROXY_ID=$PROXY_ID \
  -e BROKER_URL=$BROKER_URL \
  -e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \
  -e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN: \
  docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
if [ $? -eq 0 ]; then
  log "INFO" "Secret Sync was successful"
  # In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective.
  CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin | sed -E 's|https://[^@]+@|https://|')"
  git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO"
  # Set the git credential helper
  git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh
else
  log "WARN" "Secret Sync failed"
  # Remove the git credential helper
  git -C /etc/bridgehead config --unset credential.helper
fi

# In the past the git credential helper was also set for /srv/docker/bridgehead but never used.
# Let's remove it to avoid confusion. This line can be removed at some point the future when we
# believe that it was removed on all/most production servers.
git -C /srv/docker/bridgehead config --unset credential.helper

CHANGES=""

# Check git updates
git_updated="false"
for DIR in /etc/bridgehead $(pwd); do
  log "INFO" "Checking for updates to git repo $DIR ..."
  OUT="$(git -C $DIR status --porcelain)"
  if [ -n "$OUT" ]; then
    report_error log "The working directory $DIR is modified. Changed files: $OUT"
  fi
  old_git_hash="$(git -C $DIR rev-parse --verify HEAD)"
  if [ -z "$HTTPS_PROXY_FULL_URL" ]; then
    log "INFO" "Git is using no proxy!"
    OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1)
  else
    log "INFO" "Git is using proxy ${HTTPS_PROXY_URL} from ${CONFFILE}"
    OUT=$(retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1)
  fi
  if [ $? -ne 0 ]; then
    OUT_SAN=$(echo $OUT | sed -E 's|://[^:]+:[^@]+@|://credentials@|g')
    report_error log "Unable to update git $DIR: $OUT_SAN"
  fi

  new_git_hash="$(git -C $DIR rev-parse --verify HEAD)"
  if [ "$old_git_hash" != "$new_git_hash" ]; then
    CHANGE="Updated git repository in ${DIR} from commit $old_git_hash to $new_git_hash"
    CHANGES+="- $CHANGE\n"
    log "INFO" "$CHANGE"
    # NOTE: Link generation doesn't work on repositories placed at an self-hosted instance of bitbucket.
    # See: https://community.atlassian.com/t5/Bitbucket-questions/BitBucket-4-14-diff-between-any-two-commits/qaq-p/632974
    git_repository_url="$(git -C $DIR remote get-url origin)"
    git_repository_url=${git_repository_url/.git/}
    if [ "$( echo $git_repository_url | grep "github.com")" ]; then
      # Ensure web link even if ssh is used
      git_repository_url="${git_repository_url/git@github.com/https:\/\/github.com\/}"
      log "INFO" "You can review all changes on the repository with $git_repository_url/compare/$old_git_hash...$new_git_hash"
    elif [ "$( echo $git_repository_url | grep "git.verbis.dkfz.de")" ]; then
      git_repository_url="${git_repository_url/ssh:\/\/git@git.verbis.dkfz.de/https:\/\/git.verbis.dkfz.de\/}"
      git_repository_url="https://$(echo $git_repository_url | awk -F '@' '{print $2}')"
      log "INFO" "You can review all changes on the repository with $git_repository_url/compare?from=$old_git_hash&to=$new_git_hash"
    fi
    git_updated="true"
  fi
done

# Check docker updates
log "INFO" "Checking for updates to running docker images ..."
docker_updated="false"
for IMAGE in $($COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE config | grep "image:" | sed -e 's_^.*image: \(.*\).*$_\1_g; s_\"__g'); do
  log "INFO" "Checking for Updates of Image: $IMAGE"
  if docker pull $IMAGE | grep "Downloaded newer image"; then
    CHANGE="Image $IMAGE updated."
    CHANGES+="- $CHANGE\n"
    log "INFO" "$CHANGE"
    docker_updated="true"
  fi
done

# If anything is updated, restart service
if [ $git_updated = "true" ] || [ $docker_updated = "true" ]; then
  RES="Updates detected, now restarting bridgehead:\n$CHANGES"
  log "INFO" "$RES"
  hc_send log "$RES"
  sudo /bin/systemctl restart bridgehead@*.service
else
  RES="Nothing updated, nothing to restart."
  log "INFO" "$RES"
  hc_send log "$RES"
fi

if [ -n "${BACKUP_DIRECTORY}" ]; then
  if [ ! -d "$BACKUP_DIRECTORY" ]; then
    message="Performing automatic maintenance: Attempting to create backup directory $BACKUP_DIRECTORY."
    hc_send log "$message"
    log INFO "$message"
    mkdir -p "$BACKUP_DIRECTORY"
    chown -R "$BACKUP_DIRECTORY" bridgehead;
  fi
  checkOwner "$BACKUP_DIRECTORY" bridgehead || fail_and_report 1 "Automatic maintenance failed: Wrong permissions for backup directory $BACKUP_DIRECTORY"
  # Collect all container names that contain '-db'
  BACKUP_SERVICES="$(docker ps --filter name=-db --format "{{.Names}}" | tr "\n" "\ ")"
  log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES";
  for service in $BACKUP_SERVICES; do
    if [ ! -d "$BACKUP_DIRECTORY/$service" ]; then
      message="Performing automatic maintenance: Attempting to create backup directory for $service in $BACKUP_DIRECTORY."
      hc_send log "$message"
      log INFO "$message"
      mkdir -p "$BACKUP_DIRECTORY/$service"
    fi
    if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then
      message="Performing automatic maintenance: Stored encrypted backup for $service in $BACKUP_DIRECTORY."
      hc_send log "$message"
      log INFO "$message"
    else
      fail_and_report 5 "Failed to create encrypted update for $service"
    fi
  done
else
  log WARN "Automated backups are disabled (variable AUTO_BACKUPS != \"true\")"
fi

#TODO: the following block can be deleted after successful update at all sites
if [ ! -z "$LDM_PASSWORD" ]; then
  FILE="/etc/bridgehead/$PROJECT.local.conf"
  log "INFO" "Migrating LDM_PASSWORD to encrypted credentials in $FILE"
  add_basic_auth_user $PROJECT $LDM_PASSWORD "LDM_AUTH" $PROJECT
  add_basic_auth_user $PROJECT $LDM_PASSWORD "NNGM_AUTH" $PROJECT
  sed -i "/LDM_PASSWORD/{d;}" $FILE
fi

exit 0

# TODO: Print last commit explicit
Reformated files with unix coding 2021-12-22 13:18:41 +01:00			`#!/bin/bash`
Several fixes to shell scripts 2022-01-10 16:31:48 +01:00			`source lib/functions.sh`
Reformated files with unix coding 2021-12-22 13:18:41 +01:00
Add housekeeping task (docker image cleanup) 2022-10-20 16:55:05 +02:00			`AUTO_HOUSEKEEPING=${AUTO_HOUSEKEEPING:-true}`

			`if [ "$AUTO_HOUSEKEEPING" == "true" ]; then`
Don't delete docker images if BK is not running 2023-03-08 10:37:37 +01:00			`A="Performing automatic maintenance: "`
			`if bk_is_running; then`
			`A="$A Cleaning docker images."`
			`docker system prune -a -f`
			`else`
			`A="$A Not cleaning docker images since BK is not running."`
			`fi`
Add housekeeping task (docker image cleanup) 2022-10-20 16:55:05 +02:00			`hc_send log "$A"`
			`log INFO "$A"`
			`else`
			`log WARN "Automatic housekeeping disabled (variable AUTO_HOUSEKEEPING != \"true\")"`
			`fi`

Clarified log message 2022-10-06 12:05:36 +02:00			`hc_send log "Checking for bridgehead updates ..."`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00
Use secret-sync for gitpassword (#257) --------- Co-authored-by: Tim Schumacher <tim@tschumacher.net> Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> Co-authored-by: Tim Schumacher <tim.schumacher@dkfz-heidelberg.de> 2025-01-28 14:53:49 +01:00			`CONFFILE=/etc/bridgehead/$PROJECT.conf`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00
			`if [ ! -e $CONFFILE ]; then`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`fail_and_report 1 "Configuration file $CONFFILE not found."`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00			`fi`

			`source $CONFFILE`

Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`assertVarsNotEmpty SITE_ID \|\| fail_and_report 1 "Update failed: SITE_ID empty"`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00			`export SITE_ID`

Fix error messages about wrong permissions 2023-09-19 11:33:19 +02:00			`checkOwner /srv/docker/bridgehead bridgehead \|\| fail_and_report 1 "Update failed: Wrong permissions in /srv/docker/bridgehead"`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`checkOwner /etc/bridgehead bridgehead \|\| fail_and_report 1 "Update failed: Wrong permissions in /etc/bridgehead"`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00
Use secret-sync for gitpassword (#257) --------- Co-authored-by: Tim Schumacher <tim@tschumacher.net> Co-authored-by: Jan <59206115+Threated@users.noreply.github.com> Co-authored-by: Tim Schumacher <tim.schumacher@dkfz-heidelberg.de> 2025-01-28 14:53:49 +01:00			`# Use Secret Sync to validate the GitLab token in /var/cache/bridgehead/secrets/gitlab_token.`
			`# If it is missing or expired, Secret Sync will create a new token and write it to the file.`
			`# The git credential helper reads the token from the file during git pull.`
			`mkdir -p /var/cache/bridgehead/secrets`
			`touch /var/cache/bridgehead/secrets/gitlab_token # the file has to exist to be mounted correctly in the Docker container`
			`log "INFO" "Running Secret Sync for the GitLab token"`
			`docker pull docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest # make sure we have the latest image`
			`docker run --rm \`
			`-v /var/cache/bridgehead/secrets/gitlab_token:/usr/local/cache \`
			`-v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \`
			`-v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \`
			`-v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \`
			`-e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \`
			`-e NO_PROXY=localhost,127.0.0.1 \`
			`-e ALL_PROXY=$HTTPS_PROXY_FULL_URL \`
			`-e PROXY_ID=$PROXY_ID \`
			`-e BROKER_URL=$BROKER_URL \`
			`-e GITLAB_PROJECT_ACCESS_TOKEN_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \`
			`-e SECRET_DEFINITIONS=GitLabProjectAccessToken:BRIDGEHEAD_CONFIG_REPO_TOKEN: \`
			`docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest`
			`if [ $? -eq 0 ]; then`
			`log "INFO" "Secret Sync was successful"`
			`# In the past we used to hardcode tokens into the repository URL. We have to remove those now for the git credential helper to become effective.`
			`CLEAN_REPO="$(git -C /etc/bridgehead remote get-url origin \| sed -E 's\|https://[^@]+@\|https://\|')"`
			`git -C /etc/bridgehead remote set-url origin "$CLEAN_REPO"`
			`# Set the git credential helper`
			`git -C /etc/bridgehead config credential.helper /srv/docker/bridgehead/lib/gitlab-token-helper.sh`
			`else`
			`log "WARN" "Secret Sync failed"`
			`# Remove the git credential helper`
			`git -C /etc/bridgehead config --unset credential.helper`
			`fi`

			`# In the past the git credential helper was also set for /srv/docker/bridgehead but never used.`
			`# Let's remove it to avoid confusion. This line can be removed at some point the future when we`
			`# believe that it was removed on all/most production servers.`
			`git -C /srv/docker/bridgehead config --unset credential.helper`
Uniform dktk and c4 docker-compose files 2022-01-11 14:40:16 +01:00
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`CHANGES=""`

Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`# Check git updates`
Fix git update detection 2022-10-17 16:11:34 +02:00			`git_updated="false"`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`for DIR in /etc/bridgehead $(pwd); do`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00			`log "INFO" "Checking for updates to git repo $DIR ..."`
Move warning up 2022-11-04 16:12:08 +01:00			`OUT="$(git -C $DIR status --porcelain)"`
			`if [ -n "$OUT" ]; then`
Until all BBMRI-ERIC bridgeheads are onboarded with git, don't consider missing git info an error 2022-11-04 17:24:23 +01:00			`report_error log "The working directory $DIR is modified. Changed files: $OUT"`
Move warning up 2022-11-04 16:12:08 +01:00			`fi`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`old_git_hash="$(git -C $DIR rev-parse --verify HEAD)"`
Fixed git proxy check 2023-10-20 16:47:15 +02:00			`if [ -z "$HTTPS_PROXY_FULL_URL" ]; then`
			`log "INFO" "Git is using no proxy!"`
Retry git fetch/pull to make it more resilient to e.g. network outages 2022-11-29 08:36:05 +01:00			`OUT=$(retry 5 git -C $DIR fetch 2>&1 && retry 5 git -C $DIR pull 2>&1)`
fix: Ensured use of HTTP_PROXY_URL in update job 2022-09-30 11:49:18 +02:00			`else`
Comment out HTTP proxy parsing 2023-10-23 13:06:59 +02:00			`log "INFO" "Git is using proxy ${HTTPS_PROXY_URL} from ${CONFFILE}"`
git requires http proxy config even vor https connections 2023-10-25 10:47:02 +02:00			`OUT=$(retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR fetch 2>&1 && retry 5 git -c http.proxy=$HTTPS_PROXY_FULL_URL -c https.proxy=$HTTPS_PROXY_FULL_URL -C $DIR pull 2>&1)`
Report git errors 2022-11-04 15:26:27 +01:00			`fi`
			`if [ $? -ne 0 ]; then`
fix: remove credentials from git remote, if update fails (#253) Signed-off-by: Patrick Skowronek <patrick.skowronek@dkfz-heidelberg.de> 2024-12-10 17:18:07 +01:00			`OUT_SAN=$(echo $OUT \| sed -E 's\|://[^:]+:[^@]+@\|://credentials@\|g')`
			`report_error log "Unable to update git $DIR: $OUT_SAN"`
Add missing newline in update-bridgehead.sh 2022-09-30 13:42:41 +02:00			`fi`
feature: Added warning for modified working directories 2022-11-04 15:54:08 +01:00
Add missing newline in update-bridgehead.sh 2022-09-30 13:42:41 +02:00			`new_git_hash="$(git -C $DIR rev-parse --verify HEAD)"`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`if [ "$old_git_hash" != "$new_git_hash" ]; then`
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`CHANGE="Updated git repository in ${DIR} from commit $old_git_hash to $new_git_hash"`
Fix git update detection 2022-10-17 16:11:34 +02:00			`CHANGES+="- $CHANGE\n"`
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`log "INFO" "$CHANGE"`
feature: Added Link to Git Diff to Update Logs 2022-05-16 11:02:51 +02:00			`# NOTE: Link generation doesn't work on repositories placed at an self-hosted instance of bitbucket.`
			`# See: https://community.atlassian.com/t5/Bitbucket-questions/BitBucket-4-14-diff-between-any-two-commits/qaq-p/632974`
feature: Added Link to Gitdiff for Gitlab 2022-05-19 12:11:37 +02:00			`git_repository_url="$(git -C $DIR remote get-url origin)"`
			`git_repository_url=${git_repository_url/.git/}`
			`if [ "$( echo $git_repository_url \| grep "github.com")" ]; then`
			`# Ensure web link even if ssh is used`
			`git_repository_url="${git_repository_url/git@github.com/https:\/\/github.com\/}"`
			`log "INFO" "You can review all changes on the repository with $git_repository_url/compare/$old_git_hash...$new_git_hash"`
			`elif [ "$( echo $git_repository_url \| grep "git.verbis.dkfz.de")" ]; then`
			`git_repository_url="${git_repository_url/ssh:\/\/git@git.verbis.dkfz.de/https:\/\/git.verbis.dkfz.de\/}"`
			`git_repository_url="https://$(echo $git_repository_url \| awk -F '@' '{print $2}')"`
			`log "INFO" "You can review all changes on the repository with $git_repository_url/compare?from=$old_git_hash&to=$new_git_hash"`
feature: Added Link to Git Diff to Update Logs 2022-05-16 11:02:51 +02:00			`fi`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`git_updated="true"`
			`fi`
			`done`
Uniform dktk and c4 docker-compose files 2022-01-11 14:40:16 +01:00
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`# Check docker updates`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00			`log "INFO" "Checking for updates to running docker images ..."`
Reformated files with unix coding 2021-12-22 13:18:41 +01:00			`docker_updated="false"`
Use backwards compatible compose config version 2024-02-09 17:18:50 +01:00			`for IMAGE in $($COMPOSE -p $PROJECT -f ./minimal/docker-compose.yml -f ./$PROJECT/docker-compose.yml $OVERRIDE config \| grep "image:" \| sed -e 's_^.image: \(.\).*$_\1_g; s_\"__g'); do`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00			`log "INFO" "Checking for Updates of Image: $IMAGE"`
			`if docker pull $IMAGE \| grep "Downloaded newer image"; then`
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`CHANGE="Image $IMAGE updated."`
Fix git update detection 2022-10-17 16:11:34 +02:00			`CHANGES+="- $CHANGE\n"`
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`log "INFO" "$CHANGE"`
Reformated files with unix coding 2021-12-22 13:18:41 +01:00			`docker_updated="true"`
			`fi`
			`done`
Fixed naming Update the git config repo 2022-05-11 10:30:18 +02:00
			`# If anything is updated, restart service`
Reformated files with unix coding 2021-12-22 13:18:41 +01:00			`if [ $git_updated = "true" ] \|\| [ $docker_updated = "true" ]; then`
Be more specific about what changed on an update 2022-10-17 16:07:25 +02:00			`RES="Updates detected, now restarting bridgehead:\n$CHANGES"`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`log "INFO" "$RES"`
			`hc_send log "$RES"`
Update deployment 2022-09-30 15:35:37 +02:00			`sudo /bin/systemctl restart bridgehead@*.service`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00			`else`
Monitoring for bridgehead startup and update (#22) 2022-10-06 10:45:50 +02:00			`RES="Nothing updated, nothing to restart."`
			`log "INFO" "$RES"`
			`hc_send log "$RES"`
Reformated files with unix coding 2021-12-22 13:18:41 +01:00			`fi`
Make git update use new credential helper that fetches git creds from vault. 2022-05-31 13:56:44 +02:00
fix: Repaired check for Auto Updates 2023-02-09 09:50:30 +01:00			`if [ -n "${BACKUP_DIRECTORY}" ]; then`
refactor: Expect User to select a Backup Directory 2023-01-27 11:26:31 +01:00			`if [ ! -d "$BACKUP_DIRECTORY" ]; then`
			`message="Performing automatic maintenance: Attempting to create backup directory $BACKUP_DIRECTORY."`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`hc_send log "$message"`
			`log INFO "$message"`
refactor: Expect User to select a Backup Directory 2023-01-27 11:26:31 +01:00			`mkdir -p "$BACKUP_DIRECTORY"`
refactor: Added Monitoring for backup permissions 2023-01-27 11:31:36 +01:00			`chown -R "$BACKUP_DIRECTORY" bridgehead;`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`fi`
Fix error messages about wrong permissions 2023-09-19 11:33:19 +02:00			`checkOwner "$BACKUP_DIRECTORY" bridgehead \|\| fail_and_report 1 "Automatic maintenance failed: Wrong permissions for backup directory $BACKUP_DIRECTORY"`
refactor: Use -db as Indicator for Backups 2023-01-27 11:49:18 +01:00			`# Collect all container names that contain '-db'`
			`BACKUP_SERVICES="$(docker ps --filter name=-db --format "{{.Names}}" \| tr "\n" "\ ")"`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES";`
			`for service in $BACKUP_SERVICES; do`
refactor: Expect User to select a Backup Directory 2023-01-27 11:26:31 +01:00			`if [ ! -d "$BACKUP_DIRECTORY/$service" ]; then`
			`message="Performing automatic maintenance: Attempting to create backup directory for $service in $BACKUP_DIRECTORY."`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`hc_send log "$message"`
			`log INFO "$message"`
refactor: Expect User to select a Backup Directory 2023-01-27 11:26:31 +01:00			`mkdir -p "$BACKUP_DIRECTORY/$service"`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`fi`
			`if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then`
refactor: Expect User to select a Backup Directory 2023-01-27 11:26:31 +01:00			`message="Performing automatic maintenance: Stored encrypted backup for $service in $BACKUP_DIRECTORY."`
refactor: Move Backups after the Update 2023-01-27 11:15:09 +01:00			`hc_send log "$message"`
			`log INFO "$message"`
			`else`
			`fail_and_report 5 "Failed to create encrypted update for $service"`
			`fi`
			`done`
			`else`
			`log WARN "Automated backups are disabled (variable AUTO_BACKUPS != \"true\")"`
			`fi`

fix nngm migration 2023-08-15 15:34:49 +02:00			`#TODO: the following block can be deleted after successful update at all sites`
add migration for old credentials 2023-08-15 13:55:07 +02:00			`if [ ! -z "$LDM_PASSWORD" ]; then`
			`FILE="/etc/bridgehead/$PROJECT.local.conf"`
			`log "INFO" "Migrating LDM_PASSWORD to encrypted credentials in $FILE"`
			`add_basic_auth_user $PROJECT $LDM_PASSWORD "LDM_AUTH" $PROJECT`
fix nngm migration 2023-08-15 15:34:49 +02:00			`add_basic_auth_user $PROJECT $LDM_PASSWORD "NNGM_AUTH" $PROJECT`
add migration for old credentials 2023-08-15 13:55:07 +02:00			`sed -i "/LDM_PASSWORD/{d;}" $FILE`
			`fi`

feature: Added Link to Git Diff to Update Logs 2022-05-16 11:02:51 +02:00			`exit 0`

			`# TODO: Print last commit explicit`