postgres-backup/entrypoint.sh at main · th0th/postgres-backup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
#!/bin/bash
set -eo pipefail

# destination
: "${DESTINATION_KIND:?Please set the environment variable.}"
DESTINATION_KINDS=(s3 sftp)
if [[ ! " ${DESTINATION_KINDS[*]} " =~ " ${DESTINATION_KIND} " ]]; then
  printf "error: DESTINATION_KIND should be one of these: %s\n" "${DESTINATION_KINDS[*]}"
  exit 1
fi

# postgres
: "${POSTGRES_DB:?Please set the environment variable.}"
POSTGRES_HOST="${POSTGRES_HOST:-postgres}"
POSTGRES_PORT="${POSTGRES_PORT:-5432}"
POSTGRES_USER="${POSTGRES_USER:-postgres}"
POSTGRES_VERSION="${POSTGRES_VERSION:-18}"

POSTGRES_VERSIONS=(16 17 18)
if [[ ! " ${POSTGRES_VERSIONS[*]} " =~ " ${POSTGRES_VERSION} " ]]; then
  printf "error: POSTGRES_VERSION should be one of these: %s\n" "${POSTGRES_VERSIONS[*]}"
  exit 1
fi

# destination: s3
if [[ "${DESTINATION_KIND}" == "s3" ]]; then
  : "${S3_ACCESS_KEY_ID:?Please set the environment variable.}"
  : "${S3_REGION:?Please set the environment variable.}"
  : "${S3_SECRET_ACCESS_KEY:?Please set the environment variable.}"
  S3_PROVIDER="${S3_PROVIDER:-AWS}"
  S3_STORAGE_CLASS="${S3_STORAGE_CLASS:-STANDARD_IA}"
fi

# destination: sftp
if [[ "${DESTINATION_KIND}" == "sftp" ]]; then
  : "${SFTP_HOST:?Please set the environment variable.}"
  : "${SFTP_USER:?Please set the environment variable.}"
  SFTP_PORT="${SFTP_PORT:-22}"

  # Check if either password or private key is provided
  if [[ -z "${SFTP_PASSWORD}" && -z "${SFTP_PRIVATE_KEY}" ]]; then
    echo "error: Either SFTP_PASSWORD or SFTP_PRIVATE_KEY must be set for SFTP authentication"
    exit 1
  fi

  # Check that both are not provided
  if [[ -n "${SFTP_PASSWORD}" && -n "${SFTP_PRIVATE_KEY}" ]]; then
    echo "error: Only one of SFTP_PASSWORD or SFTP_PRIVATE_KEY should be set, not both"
    exit 1
  fi
fi

# logic starts here
BACKUP_FILE_NAME=$(date +"${POSTGRES_DB}-%F-%H_%M_%S.sql")

# dump command
DUMP_CMD=""
if [[ "${POSTGRES_PASSWORD}" != "" ]]; then
  DUMP_CMD+="PGPASSWORD=\"${POSTGRES_PASSWORD}\" "
fi
DUMP_CMD+="/usr/libexec/postgresql${POSTGRES_VERSION}/pg_dump "
DUMP_CMD+="--dbname=\"${POSTGRES_DB}\" "
DUMP_CMD+="--file \"${BACKUP_FILE_NAME}\" "
DUMP_CMD+="--format=c "
DUMP_CMD+="--host=\"${POSTGRES_HOST}\" "
DUMP_CMD+="--port=\"${POSTGRES_PORT}\" "
DUMP_CMD+="--username=\"${POSTGRES_USER}\" "

# upload command
UPLOAD_CMD="rclone copyto --config \"\" "
if [[ "${DESTINATION_KIND}" == "s3" ]]; then
  UPLOAD_CMD+="--s3-no-check-bucket "
fi
UPLOAD_CMD+="./${BACKUP_FILE_NAME} "
UPLOAD_CMD+="\""
if [[ "${DESTINATION_KIND}" == "s3" ]]; then
  UPLOAD_CMD+=":s3,access_key_id=${S3_ACCESS_KEY_ID},"
  UPLOAD_CMD+="provider=AWS,"
  UPLOAD_CMD+="region=${S3_REGION},"
  UPLOAD_CMD+="secret_access_key=${S3_SECRET_ACCESS_KEY},"
  UPLOAD_CMD+="storage_class=${S3_STORAGE_CLASS}"
  if [[ -n "${S3_ENDPOINT}" ]]; then
    UPLOAD_CMD+=",endpoint=${S3_ENDPOINT}"
  fi
  UPLOAD_CMD+=":${DESTINATION_PATH}/${BACKUP_FILE_NAME}"
elif [[ "${DESTINATION_KIND}" == "sftp" ]]; then
  UPLOAD_CMD+=":sftp,host=${SFTP_HOST},"
  if [[ -n "${SFTP_PASSWORD}" ]]; then
    # rclone requires passwords to be obscured using its own obscure command
    SFTP_PASSWORD_OBSCURED=$(echo "${SFTP_PASSWORD}" | rclone obscure -)
    UPLOAD_CMD+="pass=${SFTP_PASSWORD_OBSCURED},"
  elif [[ -n "${SFTP_PRIVATE_KEY}" ]]; then
    UPLOAD_CMD+="key_file=/tmp/sftp_private_key,"
  fi
  UPLOAD_CMD+="port=${SFTP_PORT},"
  UPLOAD_CMD+="user=${SFTP_USER}"
  UPLOAD_CMD+=":${DESTINATION_PATH}/${BACKUP_FILE_NAME}"
fi
UPLOAD_CMD+="\" "
UPLOAD_CMD+="--quiet"

# let's go
SECONDS=0

# create private key file if SFTP_PRIVATE_KEY is provided
if [[ "${DESTINATION_KIND}" == "sftp" && -n "${SFTP_PRIVATE_KEY}" ]]; then
  echo "${SFTP_PRIVATE_KEY}" | base64 -d > /tmp/sftp_private_key
  chmod 600 /tmp/sftp_private_key
fi

printf "Dumping the database..."
eval "${DUMP_CMD}"
printf " Done.\n"

printf "Uploading..."
eval "${UPLOAD_CMD}"
printf " Done.\n"

SECONDS_ON_COMPLETE="${SECONDS}"

if [[ -n "${WEBGAZER_HEARTBEAT_URL}" ]]; then
  printf "Sending heartbeat to WebGazer..."
  curl -Ssf -o /dev/null "${WEBGAZER_HEARTBEAT_URL}?seconds=${SECONDS_ON_COMPLETE}"
  printf " Done.\n"
fi

if [[ -n "${GATUS_EXTERNAL_ENDPOINT_TOKEN}" && -n "${GATUS_EXTERNAL_ENDPOINT_URL}" ]]; then
  printf "Sending heartbeat to Gatus..."
  curl \
    -X POST \
    -H "Authorization: Bearer ${GATUS_EXTERNAL_ENDPOINT_TOKEN}" \
    "${GATUS_EXTERNAL_ENDPOINT_URL}?success=true&duration=${SECONDS_ON_COMPLETE}s"
  printf " Done.\n"
fi

if [[ "${DESTINATION_KIND}" == "sftp" && -n "${SFTP_PRIVATE_KEY}" ]]; then
  rm -f /tmp/sftp_private_key
fi