Automate disk snapshots in addition to S3.

dokterbob · dokterbob · commit 4556a7cb84ad · 2020-04-05T18:35:56.000+01:00
diff --git a/roles/snapshots/defaults/main.yml b/roles/snapshots/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+snapshot_disk_name: ipfs_disk
+snapshot_disk_path: /var/lib/elasticsearch/backup
+snapshot_s3_name: ipfs_s3
+snapshot_s3_bucket: ipfs-search-snapshots
diff --git a/roles/snapshots/files/ipfs-search-snapshot.sh b/roles/snapshots/files/ipfs-search-snapshot.sh
diff --git a/roles/snapshots/handlers/tasks.yml b/roles/snapshots/handlers/tasks.yml
@@ -0,0 +1,3 @@
+---
+- name: restart elasticsearch
+  systemd: daemon_reload=yes state=restarted name=elasticsearch
diff --git a/roles/snapshots/tasks/disk.yml b/roles/snapshots/tasks/disk.yml
@@ -0,0 +1,34 @@
+---
+- name: Check snapshot repository
+  uri:
+    url: "http://127.0.0.1:9200/_snapshot/{{ snapshot_disk_name }}"
+    status_code: 200, 404
+  register: snapshot_check
+- name: Create snapshot repository
+  uri:
+    url: "http://127.0.0.1:9200/_snapshot/{{ snapshot_disk_name }}"
+    method: PUT
+    body_format: json
+    body: |
+      {
+        "type": "fs",
+        "settings": {
+          "location": "{{ snapshot_disk_path }}",
+          "compress": true,
+          "chunk_size": "524288000B"
+        }
+      }
+  when: snapshot_check.status == 404
+- name: Install snapshot script
+  template: src=ipfs-search-snapshot.sh dest=/usr/local/bin/ipfs-search-snapshot-disk.sh mode=755
+  vars:
+    - snapshot_name: "{{ snapshot_disk_name }}"
+- name: Elasticsearch daily snapshot cronjob
+  cron:
+    name: "Elasticsearch S3 snapshot"
+    cron_file: /etc/crontab
+    minute: 16
+    hour: 4
+    backup: yes
+    user: nobody
+    job: "/usr/local/bin/ipfs-search-snapshot-disk.sh"
diff --git a/roles/snapshots/tasks/main.yml b/roles/snapshots/tasks/main.yml
@@ -1,64 +1,9 @@
 ---
-- name: Check snapshot repository
-  uri:
-    url: http://127.0.0.1:9200/_snapshot/ipfs_s3
-    status_code: 200, 404
-  register: snapshot_check
-- name: Check keystore
-  command: /usr/share/elasticsearch/bin/elasticsearch-keystore list
-  register: keystore
-  failed_when: keystore.rc not in [0, 65]
-- name: Loading secrets
-  include_vars:
-    file: ../../vault/secrets.yml
-  when: |
-    keystore.rc == 65 or \
-    's3.client.default.access_key' not in keystore.stdout" or \
-    's3.client.default.secret_key' not in keystore.stdout
-- name: Create keystore
-  command: /usr/share/elasticsearch/bin/elasticsearch-keystore create
-  when: keystore.rc == 65
-- name: Add S3 access key
-  command: /usr/share/elasticsearch/bin/elasticsearch-keystore add s3.client.default.access_key --stdin
-  args:
-    stdin: "{{ s3_access_key }}"
-  when: "'s3.client.default.access_key' not in keystore.stdout"
-  register: added_access_key
-- name: Add S3 secret key
-  command: /usr/share/elasticsearch/bin/elasticsearch-keystore add s3.client.default.secret_key --stdin
-  args:
-    stdin: "{{ s3_secret_key }}"
-  when: "'s3.client.default.secret_key' not in keystore.stdout"
-  register: added_secret_key
-- name: Restart elasticsearch
-  systemd: daemon_reload=yes state=restarted name=elasticsearch
-  when: added_access_key.changed or added_secret_key.changed
-- name: Wait for elasticsearch to be ready
-  wait_for:
-    host: 127.0.0.1
-    port: 9200
-- name: Create snapshot repository
-  uri:
-    url: http://127.0.0.1:9200/_snapshot/ipfs_s3
-    method: PUT
-    body_format: json
-    body: |
-      {
-        "type": "s3",
-        "settings": {
-          "bucket": "ipfs-search-snapshots",
-          "storage_class": "standard_ia"
-        }
-      }
-  when: snapshot_check.status == 404
-- name: Install snapshot script
-  copy: src=ipfs-search-snapshot.sh dest=/usr/local/bin/ipfs-search-snapshot.sh mode=755
-- name: Elasticsearch daily snapshot cronjob
-  cron:
-    name: "Elasticsearch snapshot"
-    cron_file: /etc/crontab
-    minute: 16
-    hour: 3
-    backup: yes
-    user: nobody
-    job: "/usr/local/bin/ipfs-search-snapshot.sh"
+- name: Configuring S3 snapshots
+  import_tasks: s3.yml
+  tags:
+    - snapshots-s3
+- name: Configuring disk snapshots
+  import_tasks: disk.yml
+  tags:
+    - snapshots-disk
diff --git a/roles/snapshots/tasks/s3.yml b/roles/snapshots/tasks/s3.yml
@@ -0,0 +1,67 @@
+---
+- name: Check snapshot repository
+  uri:
+    url: "http://127.0.0.1:9200/_snapshot/{{ snapshot_s3_name }}"
+    status_code: 200, 404
+  register: snapshot_check
+- name: Check keystore
+  command: /usr/share/elasticsearch/bin/elasticsearch-keystore list
+  register: keystore
+  failed_when: keystore.rc not in [0, 65]
+- name: Loading secrets
+  include_vars:
+    file: ../../vault/secrets.yml
+  when: |
+    keystore.rc == 65 or
+    's3.client.default.access_key' not in keystore.stdout or
+    's3.client.default.secret_key' not in keystore.stdout
+- name: Create keystore
+  command: /usr/share/elasticsearch/bin/elasticsearch-keystore create
+  when: keystore.rc == 65
+- name: Add S3 access key
+  command: /usr/share/elasticsearch/bin/elasticsearch-keystore add s3.client.default.access_key --stdin
+  args:
+    stdin: "{{ s3_access_key }}"
+  when: "'s3.client.default.access_key' not in keystore.stdout"
+  register: added_access_key
+- name: Add S3 secret key
+  command: /usr/share/elasticsearch/bin/elasticsearch-keystore add s3.client.default.secret_key --stdin
+  args:
+    stdin: "{{ s3_secret_key }}"
+  when: "'s3.client.default.secret_key' not in keystore.stdout"
+  register: added_secret_key
+- name: Restart elasticsearch
+  systemd: daemon_reload=yes state=restarted name=elasticsearch
+  when: added_access_key.changed or added_secret_key.changed
+- name: Wait for elasticsearch to be ready
+  wait_for:
+    host: 127.0.0.1
+    port: 9200
+- name: Create snapshot repository
+  uri:
+    url: "http://127.0.0.1:9200/_snapshot/{{ snapshot_s3_name }}"
+    method: PUT
+    body_format: json
+    body: |
+      {
+        "type": "s3",
+        "settings": {
+          "bucket": "{{ snapshot_s3_bucket }}",
+          "storage_class": "standard_ia",
+          "compress": true
+        }
+      }
+  when: snapshot_check.status == 404
+- name: Install snapshot script
+  template: src=ipfs-search-snapshot.sh dest=/usr/local/bin/ipfs-search-snapshot-disk.sh mode=755
+  vars:
+    - snapshot_name: "{{ snapshot_s3_name }}"
+- name: Elasticsearch daily snapshot cronjob
+  cron:
+    name: "Elasticsearch S3 snapshot"
+    cron_file: /etc/crontab
+    minute: 16
+    hour: 3
+    backup: yes
+    user: nobody
+    job: "/usr/local/bin/ipfs-search-snapshot-s3.sh"
diff --git a/roles/snapshots/templates/ipfs-search-snapshot-publish.sh b/roles/snapshots/templates/ipfs-search-snapshot-publish.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+IPFS=""
+SNAPSHOT_DIR=""
+KEY_NAME=""
+
+echo "Publishing most recent IPFS snapshot to: $KEY_NAME"
+
+OLD_HASH=""
+echo "Latest snapshot: $OLD_HASH"
+
+# Add dir to IPFS
+NEW_HASH=`$IPFS add -w --nocopy --fscache $SNAPSHOT_DIR`
+STATUS=$?
+
+if [[ $STATUS == "0" ]]; then
+    echo "Success creating snapshot: $NEW_HASH"
+
+    echo "Replacing pin for $OLD_HASH with $NEW_HASH"
+    $IPFS pin update $OLD_HASH $NEW_HASH
+
+    echo "Publishing to $KEY_NAME"
+    $IPFS name publish --key $KEY_NAME $NEW_HASH
+
+    echo "Performing filestore garbage collection"
+    $IPFS filestore gc
+else
+    echo "Error creating new snapshot!"
+    exit -1
+fi
+
+
diff --git a/roles/snapshots/templates/ipfs-search-snapshot.sh b/roles/snapshots/templates/ipfs-search-snapshot.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+curl -s -XPUT http://127.0.0.1:9200/_snapshot/{{ snapshot_name }}/snapshot_`date +'%y%m%d_%H%M'` | jq -e '.accepted' > /dev/null

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+- name: restart elasticsearch`
	`3`	`+ systemd: daemon_reload=yes state=restarted name=elasticsearch`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/sh`
	`2`	`+`
	`3`	+curl -s -XPUT http://127.0.0.1:9200/_snapshot/{{ snapshot_name }}/snapshot_`date +'%y%m%d_%H%M'` \| jq -e '.accepted' > /dev/null