alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions 1 Activity

feat: simplify script
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 58s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 27s
Details
render-manifests / render-manifests (pull_request) Successful in 1m37s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-26 12:25:17 -05:00
parent 371047eb41
commit 70832243d6
1 changed files with 10 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
clusters/cl01tl/helm/vault/templates/config-map.yaml
View File

@@ -9,59 +9,29 @@ metadata:
data: data:
snapshot.sh: | snapshot.sh: |
DATE=$(date +"%Y%m%d-%H-%M") DATE=$(date +"%Y%m%d-%H-%M")
MAX_RETRIES=5
SUCCESS=false
echo " " echo " "
echo ">> Running Vault Snapshot Script ..." echo ">> Running Vault Snapshot Script ..."
echo " " echo " "
echo ">> Verifying required commands ..." echo ">> Fetching Vault token ..."
echo " " export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID)
for i in $(seq 1 "$MAX_RETRIES"); do if [ -z "$VAULT_TOKEN" ]; then
if apk update 2>&1 >/dev/null; then echo ">> ERROR: Failed to fetch Vault token! Exiting..."
echo ">> Attempt $i: Repositories are reachable"; exit 1
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi fi
echo " " echo " "
echo ">> Taking Vault snapshot ..."
if ! command -v jq 2>&1 >/dev/null; then
echo ">> Command jq could not be found, installing";
apk add --no-cache -q jq;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " ";
echo ">> Fetching Vault token ...";
export VAULT_TOKEN=$(vault write auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID -format=json | jq -r .auth.client_token);
echo " ";
echo ">> Taking Vault snapsot ...";
vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap
echo " "; echo " "
echo ">> Setting ownership of Vault snapsot ..."; echo ">> Setting ownership of Vault snapshot ..."
chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap
echo " "; echo " "
echo ">> Completed Vault snapshot"; echo ">> Completed Vault snapshot"
--- ---
apiVersion: v1 apiVersion: v1
@@ -77,75 +47,3 @@ data:
echo " "; echo " ";
echo ">> Running S3 backup for Vault snapshot"; echo ">> Running S3 backup for Vault snapshot";
OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1) OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
STATUS=$?
if [ $STATUS -ne 0 ]; then
if echo "$OUTPUT" | grep -q "403 Forbidden"; then
MESSAGE="403 Authentication Error: Your keys are wrong or you don't have permission"
elif echo "$OUTPUT" | grep -q "404 Not Found"; then
MESSAGE="404 Error: The bucket or folder does not exist"
elif echo "$OUTPUT" | grep -q "Connection refused"; then
MESSAGE="Network Error: Cannot reach the S3 endpoint"
else
MESSAGE="Unknown Error"
echo " ";
echo ">> Unknown Error, output:"
echo " "
echo "$OUTPUT"
fi
MAX_RETRIES=5
SUCCESS=false
echo " "
echo ">> Sending message to ntfy using curl ..."
echo " "
echo ">> Verifying required commands ..."
for i in $(seq 1 "$MAX_RETRIES"); do
if apk update 2>&1 >/dev/null; then
echo ">> Attempt $i: Repositories are reachable";
SUCCESS=true;
break;
else
echo ">> Attempt $i: Connection failed, retrying in 5 seconds ...";
sleep 5;
fi;
done;
if [ "$SUCCESS" = false ]; then
echo ">> ERROR: Could not connect to apk repositories after $MAX_RETRIES attempts, exiting ...";
exit 1;
fi
if ! command -v curl 2>&1 >/dev/null; then
echo ">> Command curl could not be found, installing";
apk add --no-cache -q curl;
if [ $? -eq 0 ]; then
echo ">> Installation successful";
else
echo ">> Installation failed with exit code $?";
exit 1;
fi;
fi;
echo " "
echo ">> Sending to NTFY ..."
echo ">> Message: $MESSAGE"
HTTP_STATUS=$(curl \
--silent \
--write-out '%{http_code}' \
-H "Authorization: Bearer ${NTFY_TOKEN}" \
-H "X-Priority: 5" \
-H "X-Tags: warning" \
-H "X-Title: Vault Backup Failed for ${TARGET}" \
-d "$MESSAGE" \
${NTFY_ENDPOINT}/${NTFY_TOPIC}
)
echo ">> HTTP Status Code: $HTTP_STATUS"
else
echo " ";
echo ">> S3 Sync succeeded"
fi