-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Added paas to aks backup and restore
WHY: IT is essential that the db is restored to aks HOW: By adding the backup an restore function to workflow
- Loading branch information
Tope Emmanuel
committed
Sep 26, 2023
1 parent
490735b
commit ad39602
Showing
8 changed files
with
510 additions
and
0 deletions.
There are no files selected for viewing
172 changes: 172 additions & 0 deletions
172
.github/workflows/paas_to_aks_db_backup_and_restore_manual.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,172 @@ | ||
name: Backup and restore Postgres DB from PAAS to AKS | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
environment: | ||
description: Environment | ||
type: choice | ||
options: | ||
- development | ||
- staging | ||
- production | ||
|
||
env: | ||
BACKUP_ARTIFACT_NAME: ${{ inputs.environment }}-backup | ||
|
||
jobs: | ||
backup: | ||
name: Backup from PAAS | ||
runs-on: ubuntu-latest | ||
environment: ${{ inputs.environment }}_aks | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: Azure/login@v1 | ||
with: | ||
creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
|
||
- uses: DFE-Digital/github-actions/install-postgres-client@master | ||
|
||
- name: Set AKS environment name | ||
id: set_aks_env_name | ||
run: | | ||
case "${{ inputs.environment }}" in | ||
development) | ||
echo "ENVIRONMENT_ABR=dev" >> $GITHUB_ENV | ||
echo "TFVARS_NAME=dev" >> $GITHUB_ENV | ||
echo "KEY_VAULT_NAME=s189t01-gse-dv-inf-kv" >> $GITHUB_OUTPUT | ||
;; | ||
staging) | ||
echo "ENVIRONMENT_ABR=staging" >> $GITHUB_ENV | ||
echo "TFVARS_NAME=staging" >> $GITHUB_ENV | ||
echo "KEY_VAULT_NAME=s189t01-gse-stg-inf-kv" >> $GITHUB_OUTPUT | ||
;; | ||
production) | ||
echo "ENVIRONMENT_ABR=prod" >> $GITHUB_ENV | ||
echo "TFVARS_NAME=production" >> $GITHUB_ENV | ||
echo "KEY_VAULT_NAME=s189p01-gse-pd-inf-kv" >> $GITHUB_OUTPUT | ||
;; | ||
*) | ||
echo "unknown cluster" | ||
;; | ||
esac | ||
- name: Set environment variables | ||
shell: bash | ||
run: | | ||
tf_vars_file=terraform/aks/config/${{ inputs.environment }}.tfvars.json | ||
echo "KEY_VAULT_NAME=$(jq -r '.infra_key_vault_name' ${tf_vars_file})" >> $GITHUB_ENV | ||
echo "PAAS_SPACE=$(jq -r '.paas_space' ${tf_vars_file})" >> $GITHUB_ENV | ||
- name: Retrieve Cloudfoundry credentials from KV | ||
uses: azure/CLI@v1 | ||
id: fetch-cf-creds | ||
with: | ||
inlineScript: | | ||
SECRET_VALUE=$(az keyvault secret show --name "PAAS-USERNAME" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv) | ||
echo "::add-mask::$SECRET_VALUE" | ||
echo "PAAS-USER=$SECRET_VALUE" >> $GITHUB_OUTPUT | ||
SECRET_VALUE=$(az keyvault secret show --name "PAAS-PASSWORD" --vault-name "${{ env.KEY_VAULT_NAME}}" --query "value" -o tsv) | ||
echo "::add-mask::$SECRET_VALUE" | ||
echo "PAAS-PASSWORD=$SECRET_VALUE" >> $GITHUB_OUTPUT | ||
- uses: DFE-Digital/github-actions/setup-cf-cli@master | ||
with: | ||
CF_USERNAME: ${{ steps.fetch-cf-creds.outputs.PAAS-USER }} | ||
CF_PASSWORD: ${{ steps.fetch-cf-creds.outputs.PAAS-PASSWORD }} | ||
CF_SPACE_NAME: ${{ env.PAAS_SPACE }} | ||
INSTALL_CONDUIT: true | ||
|
||
- name: Backup database | ||
run: | | ||
cf conduit school-experience-${{ env.ENVIRONMENT_ABR }}-pg-common-svc -- pg_dump -E utf8 --clean --compress=1 --if-exists --no-owner --no-privileges --verbose -f backup.sql.gz | ||
- name: Upload backup | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: ${{ env.BACKUP_ARTIFACT_NAME }} | ||
path: backup.sql.gz | ||
retention-days: 1 | ||
|
||
|
||
|
||
restore: | ||
name: Restore to AKS | ||
runs-on: ubuntu-latest | ||
needs: backup | ||
|
||
environment: ${{ inputs.environment }}_aks | ||
env: | ||
KEY_VAULT_NAME: ${{ needs.backup.outputs.KEY_VAULT_NAME }} | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- uses: Azure/login@v1 | ||
with: | ||
creds: ${{ secrets.AZURE_CREDENTIALS }} | ||
|
||
- name: Set environment variables | ||
shell: bash | ||
run: | | ||
tf_vars_file=terraform/aks/config/${{ inputs.environment }}.tfvars.json | ||
- run: | | ||
test_cluster_rg=s189t01-tsc-ts-rg | ||
test_cluster_name=s189t01-tsc-test-aks | ||
prod_cluster_rg=s189p01-tsc-pd-rg | ||
prod_cluster_name=s189p01-tsc-production-aks | ||
case "${{ inputs.environment }}" in | ||
development) | ||
echo "in development with rg = $test_cluster_rg clustername = $test_cluster_name" >> $GITHUB_ENV | ||
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV | ||
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV | ||
echo "app_name=get-school-experience-development" >> $GITHUB_ENV | ||
echo "key_vault_name=s189t01-gse-dv-inf-kv" >> $GITHUB_ENV | ||
;; | ||
staging) | ||
echo "cluster_rg=$test_cluster_rg" >> $GITHUB_ENV | ||
echo "cluster_name=$test_cluster_name" >> $GITHUB_ENV | ||
echo "app_name=get-school-experience-staging" >> $GITHUB_ENV | ||
echo "key_vault_name=s189t01-gse-stg-inf-kv" >> $GITHUB_ENV | ||
;; | ||
production) | ||
echo "cluster_rg=$prod_cluster_rg" >> $GITHUB_ENV | ||
echo "cluster_name=$prod_cluster_name" >> $GITHUB_ENV | ||
echo "app_name=get-school-experience-production" >> $GITHUB_ENV | ||
echo "key_vault_name=s189p01-gse-pd-inf-kv" >> $GITHUB_ENV | ||
;; | ||
*) | ||
echo "unknown cluster" | ||
;; | ||
esac | ||
- uses: azure/setup-kubectl@v3 | ||
|
||
- run: | | ||
az aks get-credentials -g ${{ env.cluster_rg }} -n ${{ env.cluster_name }} | ||
make bin/konduit.sh | ||
- name: Download backup | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: ${{ env.BACKUP_ARTIFACT_NAME }} | ||
|
||
- name: Restore database | ||
run: bin/konduit.sh -i backup.sql.gz -c -k ${{ env.key_vault_name }} -d gse-${{ inputs.environment }} get-school-experience-${{ inputs.environment }} -- psql | ||
|
||
|
||
- name: Remove PaaS event triggers | ||
shell: bash | ||
run: | | ||
bin/konduit.sh -k ${{ env.key_vault_name }} -d gse-${{ inputs.environment }} get-school-experience-${{ inputs.environment }} -- psql -c 'drop event trigger forbid_ddl_reader; drop event trigger make_readable; drop event trigger reassign_owned;' | ||
- uses: geekyeggo/delete-artifact@v2 | ||
with: | ||
name: ${{ env.BACKUP_ARTIFACT_NAME }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.