From 17d48a3636c812d7d2ac1a07b6adab20c930d75c Mon Sep 17 00:00:00 2001 From: Torben Brenner Date: Fri, 27 Jan 2023 11:26:31 +0100 Subject: [PATCH] refactor: Expect User to select a Backup Directory --- README.md | 3 ++- ccp/modules/id-management.md | 2 +- lib/install-bridgehead.sh | 8 ++------ lib/update-bridgehead.sh | 19 ++++++++----------- 4 files changed, 13 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index e1d3286..8fba0c9 100644 --- a/README.md +++ b/README.md @@ -128,7 +128,6 @@ All of the Bridgehead's outgoing connections are secured by transport encryption - `/etc/bridgehead/traefik-tls` contains your Bridgehead's reverse proxies TLS certificates for [HTTPS access](#https-access). - `/etc/bridgehead/pki` contains your Bridgehead's private key (e.g., but not limited to Samply.Beam), generated as part of the [Samply.Beam enrollment](#register-with-samplybeam). - `/etc/bridgehead/trusted-ca-certs` contains third-party certificates to be trusted by the Bridgehead. For example, you want to place the certificates of your [TLS-terminating proxy](#network) here. - - `/var/cache/bridgehead/backup` contains automatically created backups of the databases. Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect `. @@ -147,6 +146,8 @@ Some of the components in the bridgehead will store persistent data. For those c 2) Year-KW-XX, were XX represents the calendar week to allow re-import of at least one version per calendar week 3) Year-Month, to allow re-import of at least one version per month +To enable the Auto-Backup feature, please set the Variable `BACKUP_DIRECTORY` in your sites configuration. + ### Monitoring To keep all Bridgeheads up and working and detect any errors before a user does, a central monitoring diff --git a/ccp/modules/id-management.md b/ccp/modules/id-management.md index e18d3f8..98da3d1 100644 --- a/ccp/modules/id-management.md +++ b/ccp/modules/id-management.md @@ -26,7 +26,7 @@ Upon configuration, the Bridgehead will spawn the following services: - The `bridgehead-id-manager` at https://bridgehead.local/id-manager, provides a common interface for creating pseudonyms in the bridgehead. - The `bridgehead-patientlist` at https://bridgehead.local/patientlist is a local instance of the open-source software [Mainzelliste](https://mainzelliste.de). This service's primary task is to map patients IDAT to pseudonyms identifying them along the different CCP projects. -- The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted as a named volume `patientlist-db-data` and backups are automatically created in `/var/cache/bridgehead/backup/bridgehead-patientlist-db`. +- The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted as a named volume `patientlist-db-data`. ### How to import an existing database (e.g from Legacy Windows or from Backups) First you must shutdown your local bridgehead instance: diff --git a/lib/install-bridgehead.sh b/lib/install-bridgehead.sh index f1aff73..c42119f 100755 --- a/lib/install-bridgehead.sh +++ b/lib/install-bridgehead.sh @@ -22,8 +22,8 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\ /bin/systemctl stop bridgehead@${PROJECT}.service, \\ /bin/systemctl restart bridgehead@${PROJECT}.service, \\ /bin/systemctl restart bridgehead@*.service, \\ - /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead, \\ - /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead + /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead, \\ + /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} EOF @@ -37,10 +37,6 @@ if [ -z "$LDM_PASSWORD" ]; then echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; fi -log "INFO" "Creating directory /var/cache/bridgehead for storage of backups." -mkdir -p /var/cache/bridgehead -chown -R bridgehead /var/cache/bridgehead - log "INFO" "Registering system units for bridgehead and bridgehead-update" cp -v \ lib/systemd/bridgehead\@.service \ diff --git a/lib/update-bridgehead.sh b/lib/update-bridgehead.sh index 7fb3688..276f60c 100755 --- a/lib/update-bridgehead.sh +++ b/lib/update-bridgehead.sh @@ -103,27 +103,24 @@ else hc_send log "$RES" fi -AUTO_BACKUP=${AUTO_BACKUP:-true} - -if [ "$AUTO_BACKUP" == "true" ]; then - BACKUP_DIRECTORY="/var/cache/bridgehead/backup" - if [ ! -d $BACKUP_DIRECTORY ]; then - message="Performing automatic maintenance: Creating Backup directory $BACKUP_DIRECTORY." +if [ -z "${BACKUP_DIRECTORY}" ]; then + if [ ! -d "$BACKUP_DIRECTORY" ]; then + message="Performing automatic maintenance: Attempting to create backup directory $BACKUP_DIRECTORY." hc_send log "$message" log INFO "$message" - mkdir -p $BACKUP_DIRECTORY + mkdir -p "$BACKUP_DIRECTORY" fi BACKUP_SERVICES="$(docker ps --filter ancestor=postgres:14-alpine --format "{{.Names}}" | tr "\n" "\ ")" log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES"; for service in $BACKUP_SERVICES; do - if [ ! -d $BACKUP_DIRECTORY/$service ]; then - message="Performing automatic maintenance: Creating Backup directory for $service in $BACKUP_DIRECTORY." + if [ ! -d "$BACKUP_DIRECTORY/$service" ]; then + message="Performing automatic maintenance: Attempting to create backup directory for $service in $BACKUP_DIRECTORY." hc_send log "$message" log INFO "$message" - mkdir -p $BACKUP_DIRECTORY/$service + mkdir -p "$BACKUP_DIRECTORY/$service" fi if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then - message="Performing automatic maintenance: Stored encrypted Backup for $service in $BACKUP_DIRECTORY." + message="Performing automatic maintenance: Stored encrypted backup for $service in $BACKUP_DIRECTORY." hc_send log "$message" log INFO "$message" else