vault: deployment manifest, some docs, backup script - expected to run
on docker host
This commit is contained in:
38
docker-30/vault/vault-backup.sh
Normal file
38
docker-30/vault/vault-backup.sh
Normal file
@@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# set -x # Enable debug output
|
||||
|
||||
# --- Configuration ---
|
||||
VAULT_DATA_DIR="${VAULT_DATA_DIR:-/srv/docker/vault/data/}"
|
||||
S3_BUCKET="${S3_BUCKET:-vault-backup}"
|
||||
MC_ALIAS="${MC_ALIAS:-synology}" # Pre-configured mc alias
|
||||
RETENTION_DAYS="${RETENTION_DAYS:-60}"
|
||||
|
||||
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
|
||||
BACKUP_FILE="/tmp/vault-backup-${TIMESTAMP}.tar.gz"
|
||||
|
||||
log() { echo "[$(date -Iseconds)] $*"; }
|
||||
|
||||
cleanup() {
|
||||
rm -f "${BACKUP_FILE}"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# --- Create backup ---
|
||||
log "Backing up ${VAULT_DATA_DIR}..."
|
||||
tar -czf "${BACKUP_FILE}" -C "$(dirname "${VAULT_DATA_DIR}")" "$(basename "${VAULT_DATA_DIR}")"
|
||||
|
||||
BACKUP_SIZE=$(stat -c%s "${BACKUP_FILE}")
|
||||
log "Backup size: ${BACKUP_SIZE} bytes"
|
||||
|
||||
# --- Upload to MinIO ---
|
||||
log "Uploading to ${MC_ALIAS}/${S3_BUCKET}..."
|
||||
set -x
|
||||
mc cp --quiet "${BACKUP_FILE}" "${MC_ALIAS}/${S3_BUCKET}/vault-backup-${TIMESTAMP}.tar.gz"
|
||||
|
||||
# --- Prune old backups ---
|
||||
log "Pruning backups older than ${RETENTION_DAYS} days..."
|
||||
mc rm --quiet --recursive --force --older-than "${RETENTION_DAYS}d" "${MC_ALIAS}/${S3_BUCKET}/"
|
||||
|
||||
log "Backup complete: vault-backup-${TIMESTAMP}.tar.gz"
|
||||
Reference in New Issue
Block a user