diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-03-20 17:25:40 +0000 |
|---|---|---|
| committer | Baserock Gerrit <gerrit@baserock.org> | 2015-03-30 12:48:25 +0000 |
| commit | 39473587d6b669ccecc6907641aad72942b7fbba (patch) | |
| tree | 5096d9a73989233f9507976dc59fa13c3d2c9c6c /baserock_gerrit | |
| parent | 78aec02baca3b28760b38ccef05005b5fd57806e (diff) | |
| download | infrastructure-39473587d6b669ccecc6907641aad72942b7fbba.tar.gz | |
Add a simple data backup mechanism
The technique used is: create a new SSH key for backup automation, and
authorize it to log in as 'root' to instances.
To reduce potential harm if the key somehow gets compromised, it is
limited to logging in from a single IP, and it is limited to running
the 'backup-snapshot' program on the instances.
Inside each instance, the `backup-snapshot` script is used as a wrapper
for the `rsync --server` process. This script pauses running services,
takes a snapshot of the data volume, and then runs the RSync server.
Change-Id: I3c98ffe3dc2fa1373bd0df2388145636e491bf57
Diffstat (limited to 'baserock_gerrit')
| -rw-r--r-- | baserock_gerrit/backup-snapshot.conf | 5 | ||||
| -rw-r--r-- | baserock_gerrit/instance-backup-config.yml | 29 |
2 files changed, 34 insertions, 0 deletions
diff --git a/baserock_gerrit/backup-snapshot.conf b/baserock_gerrit/backup-snapshot.conf new file mode 100644 index 00000000..e8e2f3fc --- /dev/null +++ b/baserock_gerrit/backup-snapshot.conf @@ -0,0 +1,5 @@ +services: + - lorry-controller-minion@1.service + - gerrit.service + +volume: /dev/vg0/gerrit diff --git a/baserock_gerrit/instance-backup-config.yml b/baserock_gerrit/instance-backup-config.yml new file mode 100644 index 00000000..60434b5d --- /dev/null +++ b/baserock_gerrit/instance-backup-config.yml @@ -0,0 +1,29 @@ +# Instance backup configuration for the baserock.org Gerrit system. +--- +- hosts: gerrit + gather_facts: false + vars: + FRONTEND_IP: 192.168.222.21 + tasks: + - name: backup-snapshot script + copy: src=../backup-snapshot dest=/usr/bin/backup-snapshot mode=755 + + - name: backup-snapshot config + copy: src=backup-snapshot.conf dest=/etc/backup-snapshot.conf + + # Would be good to limit this to 'backup' user. + - name: passwordless sudo + lineinfile: dest=/etc/sudoers state=present line='%wheel ALL=(ALL) NOPASSWD:ALL' validate='visudo -cf %s' + + # We need to give the backup automation 'root' access, because it needs to + # manage system services, LVM volumes, and mounts, and because it needs to + # be able to read private data. The risk of having the backup key + # compromised is mitigated by only allowing it to execute the + # 'backup-snapshot' script, and limiting the hosts it can be used from. + - name: access for backup SSH key + authorized_key: + user: root + key: "{{ lookup('file', '../keys/backup.key.pub') }}" + # Quotes are important in this options, the OpenSSH server will reject + # the entry if the 'from' or 'command' values are not quoted. + key_options: 'from="{{FRONTEND_IP}}",no-agent-forwarding,no-port-forwarding,no-X11-forwarding,command="/usr/bin/backup-snapshot"' |