From fc80d3190827cfd56df7bf206b520aa59a7cbd7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= <jakub@status.im>
Date: Wed, 31 Jul 2019 15:07:59 -0400
Subject: [PATCH] configure backups and s3 upload for dev db
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jakub Sokołowski <jakub@status.im>
---
 ansible/group_vars/db.dev.yml                 | 10 ++++
 ansible/main.yml                              |  7 +--
 ansible/roles/mongodb-backups/README.md       |  3 ++
 .../roles/mongodb-backups/defaults/main.yml   | 18 +++++++
 .../roles/mongodb-backups/handlers/main.yml   |  3 ++
 ansible/roles/mongodb-backups/tasks/main.yml  | 50 +++++++++++++++++++
 6 files changed, 88 insertions(+), 3 deletions(-)
 create mode 100644 ansible/roles/mongodb-backups/README.md
 create mode 100644 ansible/roles/mongodb-backups/defaults/main.yml
 create mode 100644 ansible/roles/mongodb-backups/handlers/main.yml
 create mode 100644 ansible/roles/mongodb-backups/tasks/main.yml

diff --git a/ansible/group_vars/db.dev.yml b/ansible/group_vars/db.dev.yml
index e36ca61..c4bd17f 100644
--- a/ansible/group_vars/db.dev.yml
+++ b/ansible/group_vars/db.dev.yml
@@ -26,3 +26,13 @@ mongodb_users:
 mongodb_replication_replset: ""
 mongodb_security_keyfile: ""
 mongodb_oplog_users: []
+
+# backups auth
+mongodb_backup_db_name: '{{ mongodb_users[0].database }}'
+mongodb_backup_db_user: '{{ mongodb_users[0].name }}'
+mongodb_backup_db_pass: '{{ mongodb_users[0].password }}'
+
+# backup uploads to S3
+mongodb_backup_bucket_name: 's3://dev-dap-ps-mongodb-backups'
+mongodb_backup_access_key: '{{lookup("passwordstore", "cloud/aws/s3/mongodb-backups/access-key")}}'
+mongodb_backup_secret_key: '{{lookup("passwordstore", "cloud/aws/s3/mongodb-backups/secret-key")}}'
diff --git a/ansible/main.yml b/ansible/main.yml
index 8023080..5a04284 100644
--- a/ansible/main.yml
+++ b/ansible/main.yml
@@ -1,9 +1,10 @@
 ---
 - name: Configure MongoDB
-  hosts: db.dev
+  hosts: mongodb
   roles:
-    - mongodb-firewall
-    - mongodb
+    #- mongodb
+    #- mongodb-firewall
+    - mongodb-backups
   post_tasks:
     - name: MongoDB URI string
       debug:
diff --git a/ansible/roles/mongodb-backups/README.md b/ansible/roles/mongodb-backups/README.md
new file mode 100644
index 0000000..9160d76
--- /dev/null
+++ b/ansible/roles/mongodb-backups/README.md
@@ -0,0 +1,3 @@
+# Description
+
+This role configures a cron job for making MongoDB dumps and uploading them to S3.
diff --git a/ansible/roles/mongodb-backups/defaults/main.yml b/ansible/roles/mongodb-backups/defaults/main.yml
new file mode 100644
index 0000000..f9e00fe
--- /dev/null
+++ b/ansible/roles/mongodb-backups/defaults/main.yml
@@ -0,0 +1,18 @@
+---
+# path for mongodump backups
+mongodb_backup_path: '/var/tmp/backups/mongodb'
+mongodb_backup_file_prefix: '{{ mongodb_backup_db_name | replace("-", "_") }}'
+mongodb_backup_script: '/var/lib/backups/{{ mongodb_backup_db_name | replace("-", "_") }}_dump.sh'
+mongodb_backup_frequency: daily
+
+# db auth
+mongodb_backup_db_name: ~
+mongodb_backup_db_user: ~
+mongodb_backup_db_pass: ~
+mongodb_backup_db_addr: 'localhost'
+mongodb_backup_db_port: 27017
+
+# s3 auth
+mongodb_backup_bucket_name: ~
+mongodb_backup_access_key: ~
+mongodb_backup_secret_key: ~
diff --git a/ansible/roles/mongodb-backups/handlers/main.yml b/ansible/roles/mongodb-backups/handlers/main.yml
new file mode 100644
index 0000000..bd6da46
--- /dev/null
+++ b/ansible/roles/mongodb-backups/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4
diff --git a/ansible/roles/mongodb-backups/tasks/main.yml b/ansible/roles/mongodb-backups/tasks/main.yml
new file mode 100644
index 0000000..358c5ca
--- /dev/null
+++ b/ansible/roles/mongodb-backups/tasks/main.yml
@@ -0,0 +1,50 @@
+---
+- name: MongoDB | Create directores for DB dumps
+  file:
+    path: '{{ item }}'
+    state: directory
+    group: adm
+    mode: 0775
+  with_items:
+    - '/var/lib/backups'
+    - '{{ mongodb_backup_path }}'
+
+- name: MongoDB | Create DB dump script
+  copy:
+    dest: '{{ mongodb_backup_script }}'
+    content: |
+      #!/usr/bin/env bash
+      TSTAMP=$(date -u +%Y%m%d%H%M%S)
+      BKP_DIR={{ mongodb_backup_path }}
+      mongodump \
+        --verbose \
+        --host={{ mongodb_backup_db_addr | mandatory }} \
+        --port={{ mongodb_backup_db_port | mandatory }} \
+        --username={{ mongodb_backup_db_user | mandatory }} \
+        --password={{ mongodb_backup_db_pass | mandatory }} \
+        --db={{ mongodb_backup_db_name | mandatory }} \
+        --authenticationDatabase={{ mongodb_backup_db_name | mandatory }} \
+        --out=${BKP_DIR}/{{ mongodb_backup_file_prefix }}_dump_${TSTAMP}.bson
+    group: adm
+    mode: 0750
+
+- name: MongoDB | Configure DB dump cron job
+  cron:
+    name: MongoDB Dump
+    special_time: '{{ mongodb_backup_frequency }}'
+    user: root
+    job: '{{ mongodb_backup_script }}'
+
+- name: MongoDB | Configure S3 upload cron job
+  include_role:
+    name: s3cmd-backup
+  vars:
+    backup_name: mongodb-backups
+    backup_number: 1
+    backup_hour: 4
+    backup_day: '*'
+    backup_directory: '/var/tmp/backups'
+    backup_base_domain: 's3.amazonaws.com'
+    backup_bucket_name: '{{ mongodb_backup_bucket_name | mandatory }}'
+    backup_access_key: '{{ mongodb_backup_access_key | mandatory }}'
+    backup_secret_key: '{{ mongodb_backup_secret_key | mandatory }}'