initital code

image/Dockerfile

@@ -0,0 +1,16 @@
+FROM centos:7
+
+RUN yum --enablerepo=extras install -y epel-release && \
+    yum install -y --setopt=tsflags=nodocs python-pip mysql && \
+    yum clean all && \
+    pip install -U pip && \
+    pip install awscli s3cmd
+
+COPY tools /opt/intly/tools
+#RUN chown -R default:root /opt/tools/intly
+
+#USER default
+
+RUN find /opt/intly/tools -type f -exec chmod +x {} \;
+
+ENTRYPOINT ["/opt/intly/tools/entrypoint.sh"]

image/tools/entrypoint.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env sh
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+component=''
+archive_backend='s3'
+encryption_engine='gpg'
+debug=''
+
+while getopts "c:b:e:d:" opt; do
+    case "$opt" in 
+    c)
+        component="$OPTARG"
+        ;;
+    b)
+        archive_backend="$OPTARG"
+        ;;
+    e)
+        encryption_engine="$OPTARG"
+        ;;
+    d)
+        debug="$OPTARG"
+        ;;
+    esac 
+done
+
+if [[ -z "$component" ]]; then
+    (>&2 echo 'Please specify a component using "-c"')
+    exit 1
+fi
+
+source "$DIR/lib/backend/$archive_backend.sh"
+source "$DIR/lib/encryption/$encryption_engine.sh"
+source "$DIR/lib/component/$component.sh"
+
+timestamp="$(date '+%H:%M:%S')"
+fname="/tmp/archive-$timestamp"
+
+url=component_get_url
+component_dump_data $url $fname.tar.gz
+encrypt_archive $fname.tar.gz
+upload_archive $fname.tar.gz.encrypted
+
+echo "[$timestamp] Backup completed"
+
+if [[ -n "$debug" ]]; then
+    echo 'Debug flag detected - will sleep for all eternity'
+    sleep infinity
+fi

image/tools/lib/backend/s3.sh

@@ -0,0 +1,5 @@
+#required env vars: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_S3_BUCKET_NAME
+function upload_archive {
+    archive_path="$1"
+    echo "TODO: upload archive \"$archive_path\" using s3 cli"
+}

image/tools/lib/component/mysql.sh

@@ -0,0 +1,8 @@
+function component_get_url {
+    echo 'mysql://localhost'
+}
+
+function component_dump_data {
+    auth_url=$1
+    echo "Use $auth_url to archive mysql data"
+}

image/tools/lib/encryption/gpg.sh

@@ -0,0 +1,4 @@
+function encrypt_archive {
+    archive_path="$1"
+    echo "encrypt archive \"$archive_path\" using opengpg"
+}

templates/openshift/backup-cronjob-template.yaml

@@ -0,0 +1,74 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: integreatly-cronjob-backup-template
+  annotations:
+    description: 'Cronjob for backing up integreatly data'
+objects:
+  - apiVersion: batch/v1beta1
+    kind: CronJob
+    metadata:
+      name: ${NAME}
+    spec:
+      schedule: ${CRON_SCHEDULE}
+      jobTemplate:
+        spec:
+          template:
+            metadata:
+              name: ${NAME}
+              labels:
+                cronjob-name: ${NAME}
+            spec:
+              containers:
+                - name: backup-cronjob
+                  image: "${IMAGE}"
+                  imagePullPolicy: Always
+                  command:
+                    - "/opt/intly/tools/entrypoint.sh"
+                    - "-c"
+                    - "${COMPONENT}"
+                    - '-b'
+                    - "${BACKEND}"
+                    - "-e"
+                    - "${ENCRYPTION}"
+                    - "-d"
+                    - "${DEBUG}"
+                  envFrom:
+                    - secretRef:
+                        name: "${COMPONENT_SECRET_NAME}"
+                    - secretRef:
+                        name: "${BACKEND_SECRET_NAME}"
+                    - secretRef:
+                        name: "${ENCRYPTION_SECRET_NAME}"
+              restartPolicy: Never
+parameters:
+  - name: NAME
+    description: Unique job name to be used in several resource name(s)
+    value: integreatly-cronjob-backup
+  - name: COMPONENT
+    description: Component name to run the backup
+    required: true
+  - name: BACKEND
+    description: Backend engine to upload the component archive
+    value: s3
+  - name: ENCRYPTION
+    description: Encryption engine to encrypt component archive before uploading it
+    value: gpg
+  - name: COMPONENT_SECRET_NAME
+    description: Component secret name to create environment variables from
+    required: true
+  - name: BACKEND_SECRET_NAME
+    description: Backend secret name to create environment variables from
+    required: true
+  - name: ENCRYPTION_SECRET_NAME
+    description: Encruption secret name to create environment variables from
+    required: true
+  - name: CRON_SCHEDULE
+    description: 'Job schedule in Cron Format [Default is everyday at 2am]'
+    value: '*/1 * * * *'
+  - name: IMAGE
+    description: 'Backup docker image URL'
+    value: 'quay.io/integreatly/backup-container:master'
+  - name: DEBUG
+    description: "Debug flag to sleep the job pod after its execution"

templates/openshift/backup-job-template.yaml

@@ -0,0 +1,70 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+  name: "integreatly-job-backup-template"
+  annotations:
+    description: 'Job for backing up integreatly data on deman'
+objects:
+  - apiVersion: batch/v1
+    kind: Job
+    metadata:
+      name: ${NAME}
+    spec:
+      parallelism: 1
+      completions: 1
+      template:
+        metadata:
+          name: ${NAME}
+          labels:
+            job-name: ${NAME}
+        spec:
+          containers:
+            - name: backup-job
+              image: "${IMAGE}"
+              imagePullPolicy: Always
+              command:
+                - "/opt/intly/tools/entrypoint.sh"
+                - "-c"
+                - "${COMPONENT}"
+                - '-b'
+                - "${BACKEND}"
+                - "-e"
+                - "${ENCRYPTION}"
+                - "-d"
+                - "${DEBUG}"
+              envFrom:
+                - secretRef:
+                    name: "${COMPONENT_SECRET_NAME}"
+                - secretRef:
+                    name: "${BACKEND_SECRET_NAME}"
+                - secretRef:
+                    name: "${ENCRYPTION_SECRET_NAME}"
+          restartPolicy: Never
+parameters:
+  - name: NAME
+    description: Unique job name to be used in several resource name(s)
+    value: integreatly-job-backup
+  - name: COMPONENT
+    description: Component name to run the backup
+    required: true
+  - name: BACKEND
+    description: Backend engine to upload the component archive
+    value: s3
+  - name: ENCRYPTION
+    description: Encryption engine to encrypt component archive before uploading it
+    value: gpg
+  - name: COMPONENT_SECRET_NAME
+    description: Component secret name to create environment variables from
+    required: true
+  - name: BACKEND_SECRET_NAME
+    description: Backend secret name to create environment variables from
+    required: true
+  - name: ENCRYPTION_SECRET_NAME
+    description: Encruption secret name to create environment variables from
+    required: true
+  - name: IMAGE
+    description: 'Backup docker image URL'
+    value: 'quay.io/integreatly/backup-container:master'
+  - name: DEBUG
+    description: "Debug flag to sleep the job pod after its execution"

templates/openshift/sample-config/gpg-secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sample-gpg-secret
+type: Opaque 
+stringData: 
+  GPG_RECIPIENT: myself
+  GPG_TRUST_MODEL: always

templates/openshift/sample-config/mysql-secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sample-mysql-secret
+type: Opaque 
+stringData: 
+  MYSQL_HOST: localhost
+  MYSQL_PORT: '3306'
+  MYSQL_USER: admin
+  MYSQL_PASSWORD: admin

templates/openshift/sample-config/s3-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sample-s3-secret
+type: Opaque 
+stringData: 
+  AWS_S3_BUCKET_NAME: my_aws_bucket_name
+  AWS_ACCESS_KEY_ID: my_aws_key_id
+  AWS_SECRET_ACCESS_KEY: my_aws_access_key