feature: Added automated Backups for PostgreSQL

lib/functions.sh

@@ -136,6 +136,17 @@ setHostname() {
 	fi
 }
 
+# Takes 1) The Backup Directory Path 2) The name of the Service to be backuped
+# Creates 3 Backups: 1) For the past seven days 2) For the current month and 3) for each calendar week
+createEncryptedPostgresBackup(){
+  docker exec "$2" bash -c 'pg_dump -U $POSTGRES_USER $POSTGRES_DB --format=p --no-owner --no-privileges' | \
+      # TODO: Encrypt using /etc/bridgehead/pki/${SITE_ID}.priv.pem | \
+      tee "$1/$2/$(date +Last-%A).sql" | \
+      tee "$1/$2/$(date +%Y-%m).sql" > \
+      "$1/$2/$(date +%Y-KW%V).sql"
+}
+
+
 # from: https://gist.github.com/sj26/88e1c6584397bb7c13bd11108a579746
 # ex. use: retry 5 /bin/false
 function retry {

lib/install-bridgehead.sh

@@ -22,8 +22,8 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
     /bin/systemctl stop bridgehead@${PROJECT}.service, \\
     /bin/systemctl restart bridgehead@${PROJECT}.service, \\
     /bin/systemctl restart bridgehead@*.service, \\
-    /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead, \\
-    /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
+    /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/data/bridgehead, \\
+    /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/data/bridgehead
 
 bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
 EOF
@@ -37,6 +37,10 @@ if [ -z "$LDM_PASSWORD" ]; then
   echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
 fi
 
+log "INFO" "Creating directory /var/data/bridgehead for storage of persistent data."
+mkdir -p /var/data/bridgehead
+chown -R bridgehead /var/data/bridgehead
+
 log "INFO" "Registering system units for bridgehead and bridgehead-update"
 cp -v \
     lib/systemd/bridgehead\@.service \
@@ -63,4 +67,4 @@ else
   STR="Success. Next, enroll into the $PROJECT broker by creating a cryptographic certificate. To do so, run\n\n            /srv/docker/bridgehead/bridgehead enroll $PROJECT\n\nThen, you may start the bridgehead by running$STR"
 fi
 
-log "INFO" "$STR"
+log "INFO" "$STR"

lib/update-bridgehead.sh

@@ -1,6 +1,45 @@
 #!/bin/bash
 source lib/functions.sh
 
+AUTO_BACKUP=${AUTO_BACKUP:-true}
+
+if [ "$AUTO_BACKUP" == "true" ]; then
+  BACKUP_DIRECTORY="/var/data/bridgehead/backups"
+  if [ ! -d /var/data ]; then
+    log DEBUG "Created /var/data"
+    mkdir /var/data
+  fi
+  if [ ! -d /var/data/bridgehead ]; then
+    log DEBUG "Created /var/data/bridgehead"
+    mkdir /var/data/bridgehead
+  fi
+  if [ ! -d $BACKUP_DIRECTORY ]; then
+    message="Performing automatic maintenance: Creating Backup directory $BACKUP_DIRECTORY."
+    hc_send log "$message"
+    log INFO "$message"
+    mkdir -p $BACKUP_DIRECTORY
+  fi
+  BACKUP_SERVICES="$(docker ps --filter ancestor=postgres:14-alpine --format "{{.Names}}" | tr "\n" "\ ")"
+  log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES";
+  for service in $BACKUP_SERVICES; do
+    if [ ! -d $BACKUP_DIRECTORY/$service ]; then
+      message="Performing automatic maintenance: Creating Backup directory for $service in $BACKUP_DIRECTORY."
+      hc_send log "$message"
+      log INFO "$message"
+      mkdir -p $BACKUP_DIRECTORY/$service
+    fi
+    if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then
+      message="Performing automatic maintenance: Stored encrypted Backup for $service in $BACKUP_DIRECTORY."
+      hc_send log "$message"
+      log INFO "$message"
+    else
+      fail_and_report 5 "Failed to create encrypted update for $service"
+    fi
+  done
+else
+  log WARN "Automated backups are disabled (variable AUTO_BACKUPS != \"true\")"
+fi
+
 AUTO_HOUSEKEEPING=${AUTO_HOUSEKEEPING:-true}
 
 if [ "$AUTO_HOUSEKEEPING" == "true" ]; then