-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpg_b2_backup.sh
More file actions
executable file
·105 lines (90 loc) · 2.76 KB
/
pg_b2_backup.sh
File metadata and controls
executable file
·105 lines (90 loc) · 2.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
#!/bin/bash
#
# Prerequisites:
# sudo apt install backblaze-b2 pv lbzip2
#
# pass seven args:
# - database name (needs to exist in postgres)
# - app name (meta information)
# - symmetric encryption password
# - bucket name (target of the upload)
# - backblaze account id
# - backblaze app key
# - qualifier (optional, defaults to daily)
#
# example: ./pg_b2_backup.sh foo next-big-thing top_secret backups xyy yzz daily
#
# the resulting file can be decrypted again with something like
# gpg --batch --passphrase top_secret --output foo_next-big-thing_2020-04-20.dump.bz2 --decrypt foo_next-big-thing_2020-04-20.dump.bz2.gpg
set -e
date
# Verify we are root
if [ "$EUID" -ne 0 ]; then
echo "Please run as root"
exit 1
fi
# Read arguments
DB=$1
APP=$2
PASS=$3
BUCKET=$4
B2_APP_KEY_ID=$5
B2_APP_KEY=$6
# the qualifier is used as a prefix for the file name, so lifecycle rules can be created in b2
QUALIFIER=${7:-daily}
echo "Backing up db ${DB} of app ${APP} to bucket ${BUCKET} with qualifier ${QUALIFIER}."
# Showing progress may spam log files, so we only do it when running in an interactive shell (e.g. for debugging the script).
SHOW_PROGRESS=false
if [ -t 1 ]; then
echo "Running in a TTY."
SHOW_PROGRESS=true
else
echo "Running outside a TTY."
fi
DUMPDIR="/tmp"
#will look like: daily_2017-12-31_app_db.dump
FILENAME=${QUALIFIER}_$(date +%Y-%m-%d)_${APP}_${DB}.dump.bz2.gpg
DUMPFILE=${DUMPDIR}/${FILENAME}
mkdir -p ${DUMPDIR}
# cleanup any old backups
if [ -f "${DUMPFILE}" ]; then
rm -f "${DUMPFILE}}"
fi
# Ensure dump file is cleaned up on exit
# shellcheck disable=SC2064 # the value is not changing
trap "rm -f ${DUMPFILE} && echo 'Dump file at ${DUMPFILE} cleaned up'" EXIT
# Dump & Encrypt it
# See https://community.centminmod.com/threads/compression-comparison-benchmarks-zstd-vs-brotli-vs-pigz-vs-bzip2-vs-xz-etc.12764/
# for comparison of compression algorithms. We pick lbzip2 for a great balance of speed and compression ratio.
echo "Dumping & encrypting at ${DUMPFILE}"
pv_zip() {
if [ "${SHOW_PROGRESS}" = true ]; then
pv | lbzip2;
else
lbzip2;
fi
}
su - postgres -c "pg_dump ${DB}" | pv_zip | gpg --batch --passphrase "${PASS}" --output "${DUMPFILE}" --symmetric
echo "Dumped and encrypted at ${DUMPFILE}"
# calculate sha1 sum
SHA1=$(sha1sum "${DUMPFILE}" | sed -En "s/^([0-9a-f]{40}).*/\1/p")
echo "sha1sum is ${SHA1}"
#log in to backblaze
backblaze-b2 authorize-account "${B2_APP_KEY_ID}" "${B2_APP_KEY}"
echo "Logged into b2"
# upload it
PROGRESS=""
if [ "${SHOW_PROGRESS}" = false ]; then
PROGRESS="--noProgress"
fi
backblaze-b2 upload-file --sha1 "${SHA1}" \
--info app="${APP}" --info db="${DB}" \
${PROGRESS} \
"${BUCKET}" \
"${DUMPFILE}" \
"${FILENAME}"
echo "Uploaded to b2"
# log out
backblaze-b2 clear-account
echo "Logged out of b2"
echo "Done"