#!/bin/bash # Vault Raft Snapshot Backup Script # Creates automated backups of Vault cluster set -euo pipefail # Load IP configuration SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)" source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true # Colors RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' BLUE='\033[0;34m' NC='\033[0m' log_info() { echo -e "${BLUE}[INFO]${NC} $1"; } log_success() { echo -e "${GREEN}[✓]${NC} $1"; } log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; } log_error() { echo -e "${RED}[✗]${NC} $1"; } # Configuration PROXMOX_HOST_1="${PROXMOX_HOST_1:-192.168.11.11}" VAULT_CONTAINER="${VAULT_CONTAINER:-8640}" VAULT_TOKEN="${VAULT_TOKEN:-}" BACKUP_DIR="${BACKUP_DIR:-/home/intlc/projects/proxmox/.secure/vault-backups}" RETENTION_DAYS="${RETENTION_DAYS:-30}" if [ -z "$VAULT_TOKEN" ]; then log_error "VAULT_TOKEN environment variable is required" log_info "Usage: VAULT_TOKEN= ./scripts/vault-backup.sh" exit 1 fi # Create backup directory mkdir -p "$BACKUP_DIR" chmod 700 "$BACKUP_DIR" # Generate backup filename BACKUP_FILE="$BACKUP_DIR/vault-snapshot-$(date +%Y%m%d-%H%M%S).snapshot" echo "═══════════════════════════════════════════════════════════" echo " Vault Raft Snapshot Backup" echo "═══════════════════════════════════════════════════════════" echo "" log_info "Creating Raft snapshot..." log_info "Backup file: $BACKUP_FILE" # Create snapshot if ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_CONTAINER -- bash -c 'export VAULT_ADDR=http://127.0.0.1:8200 && export VAULT_TOKEN=$VAULT_TOKEN && vault operator raft snapshot save -'" > "$BACKUP_FILE" 2>/dev/null; then BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1) log_success "Snapshot created successfully ($BACKUP_SIZE)" else log_error "Failed to create snapshot" exit 1 fi # Compress backup log_info "Compressing backup..." if gzip "$BACKUP_FILE"; then BACKUP_FILE="${BACKUP_FILE}.gz" BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1) log_success "Backup compressed ($BACKUP_SIZE)" else log_warn "Compression failed, keeping uncompressed backup" fi # Clean up old backups log_info "Cleaning up backups older than $RETENTION_DAYS days..." find "$BACKUP_DIR" -name "vault-snapshot-*.snapshot*" -type f -mtime +$RETENTION_DAYS -delete DELETED_COUNT=$(find "$BACKUP_DIR" -name "vault-snapshot-*.snapshot*" -type f | wc -l) log_success "Retained $DELETED_COUNT backup(s)" # Create backup index BACKUP_INDEX="$BACKUP_DIR/backup-index.txt" echo "$(date -Iseconds) | $BACKUP_FILE | $(du -h "$BACKUP_FILE" | cut -f1)" >> "$BACKUP_INDEX" log_success "Backup index updated" echo "" log_success "✅ Backup completed successfully" log_info "Backup location: $BACKUP_FILE" log_info "To restore: vault operator raft snapshot restore $BACKUP_FILE" echo ""