Backup refactor.

- Change from a single backup that's overwritten everytime to a multiple, dated backups. - Save the last 30 days of backups. - Save backups under the host's /var/backups instead of a Docker volume. Easier to backup. - Add a restore script so that at least I would have some idea on how to restore this backup. Last thing I want to do when I need this backup is to try and figure out how to restore it.

Backup refactor.
0e9ca1fd · nimrod · 82bad8df · 0e9ca1fd · 0e9ca1fd · 0e9ca1fd
Commit 0e9ca1fd authored 3 years ago by nimrod
--- a/crond/crontab
+++ b/crond/crontab
 @weekly docker exec ldap_ldap_1 backup || wget --spider https://notify.shore.co.il/send?message=LDAP%20backup%20failed.
+@daily docker exec ldap_ldap_1 find /var/backups/ldap -atime +30 -delete
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -37,7 +37,7 @@ services:
    volumes:
      - _run_slapd:/run/slapd
      - ldap:/var/lib/ldap
-      - backup_ldap:/var/backups/ldap
+      - /var/backups/ldap:/var/backups/ldap
      - /var/ssl/dhparams:/var/ssl/dhparams:ro

  ldap-account-manager:
@@ -68,9 +68,6 @@ volumes:
  _run_slapd:
    name: run_slapd
  ldap:
-  backup_ldap:
-    labels:
-      snapshot: 'true'

 networks:
  default:

--- a/slapd/Dockerfile
+++ b/slapd/Dockerfile
@@ -30,6 +30,7 @@ COPY --chown=root:root config.ldif /usr/share/slapd/
 COPY --chown=root:root skel.ldif /usr/share/slapd/
 COPY --chown=root:root entrypoint /usr/local/sbin/
 COPY --chown=root:root backup /usr/local/sbin/
+COPY --chown=root:root restore /usr/local/sbin/
 EXPOSE 389 636
 VOLUME [ "/var/lib/ldap" ]
 VOLUME [ "/run/slapd" ]

--- a/slapd/backup
+++ b/slapd/backup
 #!/bin/sh
 set -eux

+cleanup () {
+    rm -rf "$tempdir"
+}
+
 alias slapcat='slapcat -vF /var/lib/ldap/config'

-slapcat -n0 -l /var/backups/ldap/config.ldif
+now="$(date --utc --iso-8601=seconds)"
+trap 'cleanup' INT QUIT EXIT TERM
+tempdir="$(mktemp -d)"
+
+slapcat -n0 -l "$tempdir/config.ldif"

 for dn in $(ldapsearch -Y EXTERNAL -LLL -s base -b '' o namingContexts | sed -n '/namingContexts/ s/namingContexts: //gp')
 do
-    slapcat -b "$dn" -l "/var/backups/ldap/$dn.ldif"
+    slapcat -b "$dn" -l "$tempdir/$dn.ldif"
 done
+
+tar -zcf "/var/backups/ldap/$now.tar.gz" -C "$tempdir" .
--- a/slapd/restore
+++ b/slapd/restore
+#!/bin/sh
+set -eux
+
+cleanup () {
+    rm -rf "$tempdir"
+}
+
+alias slapadd='slapadd -vF /var/lib/ldap/config'
+
+src="$1"
+
+trap 'cleanup' INT QUIT EXIT TERM
+
+tempdir="$(mktemp -d)"
+
+tar -xzf "$src" -C "$tempdir"
+
+slapadd -c -n0 -l "$tempdir/config.ldif"
+
+# shellcheck disable=SC2044
+for file in $(find "$tempdir" -type f -name '*.ldif' \! -name config.ldif -printf '%f\n')
+do
+    dn="${file%.ldif}"
+    slapadd -c -b "$dn" -l "$tempdir/$file"
+done