verbis-admin/bridgehead
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refactor: Expect User to select a Backup Directory

Browse Source
This commit is contained in:
Torben Brenner
2023-01-27 11:26:31 +01:00
parent 713dc5f4e9
commit 17d48a3636
4 changed files with 13 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@@ -128,7 +128,6 @@ All of the Bridgehead's outgoing connections are secured by transport encryption
- `/etc/bridgehead/traefik-tls` contains your Bridgehead's reverse proxies TLS certificates for [HTTPS access](#https-access). - `/etc/bridgehead/traefik-tls` contains your Bridgehead's reverse proxies TLS certificates for [HTTPS access](#https-access).
- `/etc/bridgehead/pki` contains your Bridgehead's private key (e.g., but not limited to Samply.Beam), generated as part of the [Samply.Beam enrollment](#register-with-samplybeam). - `/etc/bridgehead/pki` contains your Bridgehead's private key (e.g., but not limited to Samply.Beam), generated as part of the [Samply.Beam enrollment](#register-with-samplybeam).
- `/etc/bridgehead/trusted-ca-certs` contains third-party certificates to be trusted by the Bridgehead. For example, you want to place the certificates of your [TLS-terminating proxy](#network) here. - `/etc/bridgehead/trusted-ca-certs` contains third-party certificates to be trusted by the Bridgehead. For example, you want to place the certificates of your [TLS-terminating proxy](#network) here.
- `/var/cache/bridgehead/backup` contains automatically created backups of the databases.
Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect <volume_name>`. Your Bridgehead's actual data is not stored in the above directories, but in named docker volumes, see `docker volume ls` and `docker volume inspect <volume_name>`.
@@ -147,6 +146,8 @@ Some of the components in the bridgehead will store persistent data. For those c
2) Year-KW-XX, were XX represents the calendar week to allow re-import of at least one version per calendar week 2) Year-KW-XX, were XX represents the calendar week to allow re-import of at least one version per calendar week
3) Year-Month, to allow re-import of at least one version per month 3) Year-Month, to allow re-import of at least one version per month
To enable the Auto-Backup feature, please set the Variable `BACKUP_DIRECTORY` in your sites configuration.
### Monitoring ### Monitoring
To keep all Bridgeheads up and working and detect any errors before a user does, a central monitoring To keep all Bridgeheads up and working and detect any errors before a user does, a central monitoring

2
ccp/modules/id-management.md
View File

@@ -26,7 +26,7 @@ Upon configuration, the Bridgehead will spawn the following services:
- The `bridgehead-id-manager` at https://bridgehead.local/id-manager, provides a common interface for creating pseudonyms in the bridgehead. - The `bridgehead-id-manager` at https://bridgehead.local/id-manager, provides a common interface for creating pseudonyms in the bridgehead.
- The `bridgehead-patientlist` at https://bridgehead.local/patientlist is a local instance of the open-source software [Mainzelliste](https://mainzelliste.de). This service's primary task is to map patients IDAT to pseudonyms identifying them along the different CCP projects. - The `bridgehead-patientlist` at https://bridgehead.local/patientlist is a local instance of the open-source software [Mainzelliste](https://mainzelliste.de). This service's primary task is to map patients IDAT to pseudonyms identifying them along the different CCP projects.
- The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted as a named volume `patientlist-db-data` and backups are automatically created in `/var/cache/bridgehead/backup/bridgehead-patientlist-db`. - The `bridgehead-patientlist-db` is only accessible within the Bridgehead itself. This is a local postgresql instance storing the database for `bridgehead-patientlist`. The data is persisted as a named volume `patientlist-db-data`.
### How to import an existing database (e.g from Legacy Windows or from Backups) ### How to import an existing database (e.g from Legacy Windows or from Backups)
First you must shutdown your local bridgehead instance: First you must shutdown your local bridgehead instance:

8
lib/install-bridgehead.sh
View File

@@ -22,8 +22,8 @@ Cmnd_Alias BRIDGEHEAD${PROJECT^^} = \\
/bin/systemctl stop bridgehead@${PROJECT}.service, \\ /bin/systemctl stop bridgehead@${PROJECT}.service, \\
/bin/systemctl restart bridgehead@${PROJECT}.service, \\ /bin/systemctl restart bridgehead@${PROJECT}.service, \\
/bin/systemctl restart bridgehead@*.service, \\ /bin/systemctl restart bridgehead@*.service, \\
/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead, \\ /bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead, \\
/usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead /var/cache/bridgehead /usr/bin/chown -R bridgehead /etc/bridgehead /srv/docker/bridgehead
bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^} bridgehead ALL= NOPASSWD: BRIDGEHEAD${PROJECT^^}
EOF EOF
@@ -37,10 +37,6 @@ if [ -z "$LDM_PASSWORD" ]; then
echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf; echo -e "## Local Data Management Basic Authentication\n# User: $PROJECT\nLDM_PASSWORD=$generated_passwd" >> /etc/bridgehead/${PROJECT}.local.conf;
fi fi
log "INFO" "Creating directory /var/cache/bridgehead for storage of backups."
mkdir -p /var/cache/bridgehead
chown -R bridgehead /var/cache/bridgehead
log "INFO" "Registering system units for bridgehead and bridgehead-update" log "INFO" "Registering system units for bridgehead and bridgehead-update"
cp -v \ cp -v \
lib/systemd/bridgehead\@.service \ lib/systemd/bridgehead\@.service \

19
lib/update-bridgehead.sh
View File

@@ -103,27 +103,24 @@ else
hc_send log "$RES" hc_send log "$RES"
fi fi
AUTO_BACKUP=${AUTO_BACKUP:-true} if [ -z "${BACKUP_DIRECTORY}" ]; then
if [ ! -d "$BACKUP_DIRECTORY" ]; then
if [ "$AUTO_BACKUP" == "true" ]; then message="Performing automatic maintenance: Attempting to create backup directory $BACKUP_DIRECTORY."
BACKUP_DIRECTORY="/var/cache/bridgehead/backup"
if [ ! -d $BACKUP_DIRECTORY ]; then
message="Performing automatic maintenance: Creating Backup directory $BACKUP_DIRECTORY."
hc_send log "$message" hc_send log "$message"
log INFO "$message" log INFO "$message"
mkdir -p $BACKUP_DIRECTORY mkdir -p "$BACKUP_DIRECTORY"
fi fi
BACKUP_SERVICES="$(docker ps --filter ancestor=postgres:14-alpine --format "{{.Names}}" | tr "\n" "\ ")" BACKUP_SERVICES="$(docker ps --filter ancestor=postgres:14-alpine --format "{{.Names}}" | tr "\n" "\ ")"
log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES"; log INFO "Performing automatic maintenance: Creating Backups for $BACKUP_SERVICES";
for service in $BACKUP_SERVICES; do for service in $BACKUP_SERVICES; do
if [ ! -d $BACKUP_DIRECTORY/$service ]; then if [ ! -d "$BACKUP_DIRECTORY/$service" ]; then
message="Performing automatic maintenance: Creating Backup directory for $service in $BACKUP_DIRECTORY." message="Performing automatic maintenance: Attempting to create backup directory for $service in $BACKUP_DIRECTORY."
hc_send log "$message" hc_send log "$message"
log INFO "$message" log INFO "$message"
mkdir -p $BACKUP_DIRECTORY/$service mkdir -p "$BACKUP_DIRECTORY/$service"
fi fi
if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then if createEncryptedPostgresBackup "$BACKUP_DIRECTORY" "$service"; then
message="Performing automatic maintenance: Stored encrypted Backup for $service in $BACKUP_DIRECTORY." message="Performing automatic maintenance: Stored encrypted backup for $service in $BACKUP_DIRECTORY."
hc_send log "$message" hc_send log "$message"
log INFO "$message" log INFO "$message"
else else