fbda1b4beb
Some checks failed
Deploy to Phoenix / deploy (push) Has been cancelled
- ADD_CHAIN138_TO_LEDGER_LIVE: Ledger form done; public code review repo bis-innovations/LedgerLive; init/push commands - CONTRACT_DEPLOYMENT_RUNBOOK: Chain 138 gas price 1 gwei, 36-addr check, TransactionMirror workaround - CONTRACT_*: AddressMapper, MirrorManager deployed 2026-02-12; 36-address on-chain check - NEXT_STEPS_FOR_YOU: Ledger done; steps completable now (no LAN); run-completable-tasks-from-anywhere - MASTER_INDEX, OPERATOR_OPTIONAL, SMART_CONTRACTS_INVENTORY_SIMPLE: updates - LEDGER_BLOCKCHAIN_INTEGRATION_COMPLETE: bis-innovations/LedgerLive reference Co-authored-by: Cursor <cursoragent@cursor.com>
89 lines
3.0 KiB
Bash
Executable File
89 lines
3.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# Vault Raft Snapshot Backup Script
|
|
# Creates automated backups of Vault cluster
|
|
|
|
set -euo pipefail
|
|
|
|
# Load IP configuration
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
PROJECT_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
|
|
source "${PROJECT_ROOT}/config/ip-addresses.conf" 2>/dev/null || true
|
|
|
|
|
|
# Colors
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m'
|
|
|
|
log_info() { echo -e "${BLUE}[INFO]${NC} $1"; }
|
|
log_success() { echo -e "${GREEN}[✓]${NC} $1"; }
|
|
log_warn() { echo -e "${YELLOW}[⚠]${NC} $1"; }
|
|
log_error() { echo -e "${RED}[✗]${NC} $1"; }
|
|
|
|
# Configuration
|
|
PROXMOX_HOST_1="${PROXMOX_HOST_1:-192.168.11.11}"
|
|
VAULT_CONTAINER="${VAULT_CONTAINER:-8640}"
|
|
VAULT_TOKEN="${VAULT_TOKEN:-}"
|
|
BACKUP_DIR="${BACKUP_DIR:-/home/intlc/projects/proxmox/.secure/vault-backups}"
|
|
RETENTION_DAYS="${RETENTION_DAYS:-30}"
|
|
|
|
if [ -z "$VAULT_TOKEN" ]; then
|
|
log_error "VAULT_TOKEN environment variable is required"
|
|
log_info "Usage: VAULT_TOKEN=<token> ./scripts/vault-backup.sh"
|
|
exit 1
|
|
fi
|
|
|
|
# Create backup directory
|
|
mkdir -p "$BACKUP_DIR"
|
|
chmod 700 "$BACKUP_DIR"
|
|
|
|
# Generate backup filename
|
|
BACKUP_FILE="$BACKUP_DIR/vault-snapshot-$(date +%Y%m%d-%H%M%S).snapshot"
|
|
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo " Vault Raft Snapshot Backup"
|
|
echo "═══════════════════════════════════════════════════════════"
|
|
echo ""
|
|
|
|
log_info "Creating Raft snapshot..."
|
|
log_info "Backup file: $BACKUP_FILE"
|
|
|
|
# Create snapshot
|
|
if ssh root@"$PROXMOX_HOST_1" "pct exec $VAULT_CONTAINER -- bash -c 'export VAULT_ADDR=http://127.0.0.1:8200 && export VAULT_TOKEN=$VAULT_TOKEN && vault operator raft snapshot save -'" > "$BACKUP_FILE" 2>/dev/null; then
|
|
BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
|
|
log_success "Snapshot created successfully ($BACKUP_SIZE)"
|
|
else
|
|
log_error "Failed to create snapshot"
|
|
exit 1
|
|
fi
|
|
|
|
# Compress backup
|
|
log_info "Compressing backup..."
|
|
if gzip "$BACKUP_FILE"; then
|
|
BACKUP_FILE="${BACKUP_FILE}.gz"
|
|
BACKUP_SIZE=$(du -h "$BACKUP_FILE" | cut -f1)
|
|
log_success "Backup compressed ($BACKUP_SIZE)"
|
|
else
|
|
log_warn "Compression failed, keeping uncompressed backup"
|
|
fi
|
|
|
|
# Clean up old backups
|
|
log_info "Cleaning up backups older than $RETENTION_DAYS days..."
|
|
find "$BACKUP_DIR" -name "vault-snapshot-*.snapshot*" -type f -mtime +$RETENTION_DAYS -delete
|
|
DELETED_COUNT=$(find "$BACKUP_DIR" -name "vault-snapshot-*.snapshot*" -type f | wc -l)
|
|
log_success "Retained $DELETED_COUNT backup(s)"
|
|
|
|
# Create backup index
|
|
BACKUP_INDEX="$BACKUP_DIR/backup-index.txt"
|
|
echo "$(date -Iseconds) | $BACKUP_FILE | $(du -h "$BACKUP_FILE" | cut -f1)" >> "$BACKUP_INDEX"
|
|
log_success "Backup index updated"
|
|
|
|
echo ""
|
|
log_success "✅ Backup completed successfully"
|
|
log_info "Backup location: $BACKUP_FILE"
|
|
log_info "To restore: vault operator raft snapshot restore $BACKUP_FILE"
|
|
|
|
echo ""
|