Closes #193 (closed)
Context
first leg of epic described in #40 (closed).
Behavior
- every night run a cron job runs that:
- makes a copy of the
signal_datavolume andpg_dumpsthe db - writes encrypted versions of both to the filesystem (encrypted to 2 maintainer keys)
-
scps those files to a backup server - destroys old backups on the backup server
- makes a copy of the
- the script itself lives in
bin/backup - the crontab that runs the script lives in
ansible/files/crontab/root - the script relies on tooling that is provisioned autmatically by ansible. see:
- ssh config files and pub/private keys need to scp backups to target are in
/ansible/files/.ssh/root - provision steps for prod (including loading crontab and creating
sb_deployuser that scp's files to backup target) are in theprod_user-tagged tasks inansible/playbooks/provision.yml - provision steps for backup target are in
ansible/playbooks/provision_backup.yml
- ssh config files and pub/private keys need to scp backups to target are in