#!/local/usr/ruby/shims/ruby # The first line is for deployment machines only. For local machines, use: #!/usr/bin/env ruby # You can find more extensive documentation of this script at # https://github.com/ontohub/ontohub/blob/staging/doc/backup_and_restore_of_ontohub_data.md # Description # This backup script creates and restores backups of ontohub data. It includes: # * bare git repositories (data/repositories) # * named symlinks to git repositories (data/git_daemon and data/git_ssh) # * the postgres database # # Usage # First note: Run this as the root user, e.g. with sudo. # To create a backup, run this script with the argument `create`: # # script/backup create # Then a backup named with the current date and time is created in the # backup directory (see below). # # To restore a backup, run this script with the argument `restore ` # # script/backup restore 2015-01-01_00-00 # Then the selected backup is fully restored # # Backup directory # For production machines, the backup directory is: # /data/ontohub_data_backup # # Super user privileges # To create and restore, we need root privileges. Otherwise file modes are not # preserved. This script will call `sudo` when needed and inform you about the # reason for calling `sudo`. If you don't allow sudo, a backup will be created # or restored anyway, but the file modes and ownership are not preserved. # Then, you need to adjust them manually. # # Maintenance mode # While backing up and restoring the data, the maintenance mode is activated. # This way we guarantee data consistency of the backup. require 'tmpdir.rb' require 'fileutils' require 'pathname' require 'open3' EXIT_CODES = { backup_missing: 1, maintenance_already_enabled: 2, wrong_user: 3, target_not_a_directory: 4, bad_arguments: 5, } module Backup class Backup # Amount of backups that have to be there at least BACKUPS_COUNT = 30 # Backups are kept for at least 365 days BACKUPS_VALIDITY_TIME = 365 * 60 * 60 * 24 MAINTENANCE_FILE = 'maintenance.txt' SQL_DUMP_FILE = 'ontohub_sql_dump.postgresql' REPOSITORY_FILE = 'ontohub_repositories.tar.gz' DATA_DIRS = %w(repositories git_daemon git_ssh) # Use 'sudo' on most systems SUDO_BINARY = '+' attr_reader :db_name, :data_root, :backup_root, :backup_instance_dir attr_reader :dry_run, :verbose, :sql_dump_as_db_user def initialize(db_name, data_root, backup_root, verbose: false, dry_run: true, sql_dump_as_db_user: nil, user: nil, group: nil) @db_name = db_name @backup_root = Pathname.new(backup_root) @data_root = Pathname.new(data_root) @data_root_basename = @data_root.basename.to_s @data_dirs = DATA_DIRS.map { |dir| File.join(@data_root_basename, dir) } @user = user @group = group @dry_run = dry_run @verbose = verbose @sql_dump_as_db_user = sql_dump_as_db_user end def create puts 'Creating backup...' enable_maintenance_mode initialize_backup create_sql_dump create_repository_archive # We needed to create the directory for the script to continue later on. Dir.rmdir(backup_instance_dir) if dry_run disable_maintenance_mode puts "Created backup in #{backup_instance_dir}" self.class.prune(backup_root) end def restore(backup_name) enable_maintenance_mode initialize_restore(backup_name) restore_sql_dump restore_repository_archive disable_maintenance_mode puts "Restored backup from #{backup_instance_dir}" end def self.prune(backup_root) if !Dir.exists?(backup_root) $stderr.puts "Nothing to prune: There is no backup directory." return end now = Time.now backup_dirs_allowed_to_delete(Dir.new(backup_root).entries).each do |dir| backup = backup_root.join(dir) if now - File.new(backup).ctime > BACKUPS_VALIDITY_TIME puts "removing old backup: #{dir}" FileUtils.rm_r(backup) end end end protected def new_backup_name Time.now.strftime("%Y-%m-%d_%H-%M-%S") end def initialize_backup @backup_instance_dir = backup_root.join(new_backup_name) puts "FileUtils.mkdir_p #{backup_instance_dir}" if verbose # Create directory even in dry run to let the script continue. FileUtils.mkdir_p(backup_instance_dir) puts "FileUtils.chown #{@user} #{@group} #{backup_instance_dir}" if verbose FileUtils.chown(@user, @group, backup_instance_dir) end def create_sql_dump puts 'Creating SQL dump...' Dir.chdir(backup_instance_dir) do exec('pg_dump', *pg_user_switch, '-Fc', db_name, '-f', backup_instance_dir.join(SQL_DUMP_FILE), user: @user) end end def create_repository_archive puts 'Creating repository archive...' Dir.chdir(data_root.join('..')) do archive_file = backup_instance_dir.join(REPOSITORY_FILE) exec('tar', verbose ? '-v' : '', '-czf', archive_file.to_s, *@data_dirs, user: @user) end end def initialize_restore(backup_name) @backup_instance_dir = backup_root.join(backup_name) unless Dir.exists?(backup_instance_dir) $stderr.puts ( "Error: Backup '#{backup_name}' does not exist in #{backup_root}.") exit EXIT_CODES[:backup_missing] end end def restore_sql_dump 'Restoring SQL dump...' Dir.chdir(backup_instance_dir) do exec('pg_restore', '-n', 'public', '-c', *pg_user_switch, '-d', db_name, SQL_DUMP_FILE, user: @user) end end def restore_repository_archive puts 'Restoring repository archive...' Dir.chdir(data_root.join('..')) do tmpdir = Dir.mktmpdir move_data_dirs_to_tmpdir(tmpdir) begin extract_archive remove_tmpdir(tmpdir) rescue => e puts <<-MSG An error occured while restoring the repositories: #{e.message} You can find the pre-restore repositories at #{tmpdir} Do something about it. MSG raise e end end end def move_data_dirs_to_tmpdir(tmpdir) puts "FileUtils.mv(#{@data_dirs}, #{tmpdir})" if verbose FileUtils.mv(@data_dirs, tmpdir) unless dry_run rescue Errno::EACCES puts <<-MSG As the current user I have no access to move the repository data directories #{@data_dirs.join(' ')} to a temporary directory #{tmpdir}. This is used as a backup for the case of an error while restoring. To continue, I try the command again using sudo. MSG exec('mv', *@data_dirs, tmpdir, user: 'root') unless dry_run end def extract_archive archive_file = backup_instance_dir.join(REPOSITORY_FILE) puts <<-MSG Super user privileges are needed to reset the file permissions as they were before the backup. If you refuse to enter the password (Ctl-C) or enter a wrong password, only the permissions will not be restored and all restored files will belong to the current user/group. MSG exec('tar', verbose ? 'vxf' : 'xf', archive_file.to_s, *@data_dirs, user: 'root') end def remove_tmpdir(tmpdir) puts "FileUtils.remove_entry(#{tmpdir})" if verbose FileUtils.remove_entry(tmpdir) # even do this in dry run rescue Errno::EACCES puts <<-MSG As the current user I have no access to remove the temporary directory #{tmpdir}. To continue, I try the command again using sudo. MSG exec('rm', '-r', tmpdir, user: 'root') end def enable_maintenance_mode puts 'Enabling maintenance mode...' if File.exist?(maintenance_file) $stderr.puts 'Maintenance mode was already enabled.' $stderr.puts "Please check the file #{maintenance_file}" $stderr.puts 'Aborting.' exit EXIT_CODES[:maintenance_already_enabled] end puts "FileUtils.touch #{maintenance_file}" if verbose FileUtils.touch maintenance_file unless dry_run end def disable_maintenance_mode puts 'Disabling maintenance mode...' puts "FileUtils.rm #{maintenance_file}" if verbose FileUtils.rm maintenance_file unless dry_run end # Execute a command as the given user. def exec(*args, user: nil) print "[executing next command in #{Dir.getwd}" if verbose print " as user #{user}" if verbose && user puts "]" if verbose out = args.join(' ') puts out if verbose if !dry_run if user == 'root' exec_system(*[sudo, *args]) elsif user # This looks strange because of the combination of + and sudo. # It is needed on our deployment machines to get the environment right. # On other machines, remove the call of +. exec_system(*['+', 'sudo', '-u', user, 'bash', '-c', "cd #{Dir.getwd} && #{escape_arguments(args)}"]) else exec_system(*args) end end end def sudo SUDO_BINARY end def exec_system(*args) # puts args.join(' ') # For debugging system(*args) end def escape_arguments(args) rest = args[1..-1].map do |arg| if arg.to_s.include?(' ') %("#{arg.gsub('"', '\"')}") else arg end end ([args[0]] + rest).join(' ') end def maintenance_file data_root.join(MAINTENANCE_FILE) end def pg_user_switch sql_dump_as_db_user ? %W(-U #{sql_dump_as_db_user}) : [] end def self.backup_dirs_allowed_to_delete(entries) entries.reject{ |entry| %w(. ..).include?(entry) }[0..-(BACKUPS_COUNT+1)] end end end def data_root(rails_root) ENV['DATA_ROOT'] ||'/data/git' end # Don't allow this to be run as the root user. if ENV['USER'] != 'root' puts 'Running this script as a normal user is disabled.' puts 'Please run it as root.' exit EXIT_CODES[:wrong_user] end # We assume, this script runs in "RAILS_ROOT/script/". RAILS_ROOT = Pathname.new(__FILE__).dirname.join('..') BACKUP_ROOT_PRODUCTION = '/data/ontohub_data_backup' USER = 'ontohub' GROUP = 'webservd' DATABASE = 'ontohub' unless File.exist?(BACKUP_ROOT_PRODUCTION) FileUtils.mkdir_p(BACKUP_ROOT_PRODUCTION) end BACKUP_ROOT = File.realpath(BACKUP_ROOT_PRODUCTION) unless File.directory?(BACKUP_ROOT) $stderr.puts "Target path is not a directory: #{BACKUP_ROOT}" exit EXIT_CODES[:target_not_a_directory] end backup = Backup::Backup.new(DATABASE, data_root(RAILS_ROOT), BACKUP_ROOT, sql_dump_as_db_user: 'ontohub', user: USER, group: GROUP, dry_run: false, verbose: true) case ARGV.first when 'create' backup.create when 'restore' if ARGV.length == 1 $stderr.puts( 'To restore a backup, you need to specify one with the arguments') $stderr.puts('"restore backup_name"') exit EXIT_CODES[:bad_arguments] end backup_name = ARGV[1] backup.restore(backup_name) when 'prune' Backup::Backup.prune(BACKUP_ROOT) else $stderr.puts 'unknown or missing parameter' $stderr.puts 'use parameter "create" or "restore " or "prune"' exit EXIT_CODES[:bad_arguments] end