Closes #194 (closed) Closes #40 (closed)
Context
- given that we can automatically back up the db and keystore, it would be nice to automatically restore from backups! (both to recover from an emergency and to migrate to new servers when/if we want)
- this MR builds off of the work to ship nightly automated encrypted remote backups performed in #193 (closed) and provides bash scripts and ansible playbooks to restore from the latest backup
- i (aguestuser) just used the changes it introduced to successfully use the backup/restore cycle to move the app to a new server! :)
Changes
- add
bin/restore
(called fromplaybooks/restore.yml
), which:- copies backups from backup server, and decrypts/untars them
- loads db backup into db via psql (after creating db)
- moves keystore into appropriate spot for signald docker named volume
- improve and provide bugfixes to backup code:
- fix incorrect
tar
usage inbin/backup
, refactor encryption variables/commands for clarity - add missing
tasks
header toplaybooks/provision_backup_src.yml
- provide (missing)
playbooks/backup.yml
(useful for running an on-the-spot backup before migrating to make sure that restored data is up-to-date) - fix bug in
bin/psql
(typo in/dev/null
) which is useful for verifying that restore process correctly restored the db
- fix incorrect
- update the encrypted team-friendo inventory template to reflect the new network topology created by running
restore
on prod
Edited by aguestuser