sapcc · s10 · Jan 21, 2025 · Jan 27, 2025 · Jan 28, 2025
@@ -0,0 +1,14 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: pxc-db-{{ .Values.name }}-backup-scripts
+  labels:
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    system: openstack
+    type: configuration
+    component: database
+{{ include "pxc-db.labels" . | indent 4 }}
+data:
+  backup.sh: |
+{{ include (print .Template.BasePath "/bin/_backup.sh.tpl") . | indent 4 }}
@@ -0,0 +1,79 @@
+{{- if .Values.backup.dump.enabled }}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "pxc-db.clusterName" . }}-backup
+  labels:
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+    system: openstack
+    type: backup
+    component: database
+{{ include "pxc-db.labels" . | indent 4 }}
+spec:
+  schedule: {{ .Values.backup.dump.schedule | quote }}
+  concurrencyPolicy: "Forbid"
+  failedJobsHistoryLimit: 3
+  successfulJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      activeDeadlineSeconds: 1200
+      template:
+        metadata:
+          annotations:
+            {{- if and $.Values.global.linkerd_enabled $.Values.global.linkerd_requested }}
+            linkerd.io/inject: enabled
+            config.linkerd.io/opaque-ports: "3306,4444,4567,4568"
+            config.alpha.linkerd.io/proxy-enable-native-sidecar: "true"
+            {{- end }}
+        spec:
+          containers:
+          - name: backup
+            image: {{ required ".Values.global.registryAlternateRegion is missing" .Values.global.registryAlternateRegion }}/{{ .Values.backup.dump.image.name }}:{{ .Values.backup.dump.image.tag }}
+            imagePullPolicy: IfNotPresent
+            command:
+              - /bin/bash
+              - /backup-scripts/backup.sh
+            volumeMounts:
+            - name: backup-scripts
+              mountPath: /backup-scripts
+            env:
+            - name: PXC_NODE_NAME
+              value: {{ include "pxc-db.clusterName" . }}-pxc-{{ sub .Values.pxc.size 1 }}.{{ include "pxc-db.clusterName" . }}-pxc
+            - name: PXC_NODE_PORT
+              value: "33062"
+            - name: PXC_USERNAME
+              value: "xtrabackup"
+            - name: PXC_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: pxc-db-{{ .Values.name }}-secrets
+                  key: xtrabackup
+            - name: ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl (.Values.backup.s3.config.credentialsSecret) . | quote }}
+                  key: AWS_ACCESS_KEY_ID
+            - name: SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ tpl (.Values.backup.s3.config.credentialsSecret) . | quote }}
+                  key: AWS_SECRET_ACCESS_KEY
+            - name: PXC_SERVICE
+              value: {{ include "pxc-db.clusterName" . }}-pxc
+            - name: S3_BUCKET
+              value: {{ tpl (.Values.backup.dump.s3.config.bucket) . | quote }}
+            - name: S3_BUCKET_PATH
+              value: {{ tpl (.Values.backup.dump.s3.config.prefix) . | quote }}
+            - name: DEFAULT_REGION
+              value: {{ tpl (.Values.backup.s3.config.region) . | quote }}
+            - name: ENDPOINT
+              value: {{ tpl (.Values.backup.s3.config.endpointUrl) . | quote }}
+            - name: VERIFY_TLS
+              value: "false"
+          restartPolicy: OnFailure
+          volumes:
+          - name: backup-scripts
+            configMap:
+              name: pxc-db-{{ .Values.name }}-backup-scripts
+{{- end }}
@@ -0,0 +1,63 @@
+#!/bin/bash
+
+set -x
+
+export AWS_SHARED_CREDENTIALS_FILE='/tmp/aws-credfile'
+export AWS_ENDPOINT_URL="${ENDPOINT}"
+export AWS_REGION="${DEFAULT_REGION}"
+
+if [ -n "$VERIFY_TLS" ] && [[ $VERIFY_TLS == "false" ]]; then
+	AWS_S3_NO_VERIFY_SSL='--no-verify-ssl'
+    XBCLOUD_ARGS="--insecure"
+fi
+
+is_object_exist() {
+	local bucket="$1"
+	local object="$2"
+
+	aws $AWS_S3_NO_VERIFY_SSL s3api head-object  --bucket $bucket --key "$object" || NOT_EXIST=true
+	if [[ -z "$NOT_EXIST" ]]; then
+		return 1
+	fi
+}
+
+s3_add_bucket_dest() {
+	{ set +x; } 2>/dev/null
+	aws configure set aws_access_key_id "$ACCESS_KEY_ID"
+	aws configure set aws_secret_access_key "$SECRET_ACCESS_KEY"
+	set -x
+}
+
+dump_databases() {
+    { set +x; } 2>/dev/null
+    mysqldump \
+        --port="${PXC_NODE_PORT}" \
+        --host="${PXC_NODE_NAME}" \
+        --user="${PXC_USERNAME}" \
+        --password="${PXC_PASS}" \
+        --single-transaction \
+        --quick \
+        --all-databases \
+        --source-data=1 > /tmp/${date}/dump.sql
+    set -x
+}
+
+compress_dump() {
+    tar -czPf /tmp/${date}/dump.tar.gz /tmp/${date}/dump.sql
+}
+
+date=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+
+mkdir -p /tmp/${date}
+touch /tmp/${date}/xtrabackup_tablespaces
+
+dump_databases
+compress_dump
+
+xbstream --directory=/tmp/${date} -c dump.tar.gz $XBSTREAM_EXTRA_ARGS \
+		| xbcloud put $XBCLOUD_ARGS --parallel="$(grep -c processor /proc/cpuinfo)" --storage=s3 --s3-bucket="$S3_BUCKET" "$S3_BUCKET_PATH/${date}" 2>&1 \
+		| (grep -v "error: http request failed: Couldn't resolve host name" || exit 1)
+
+rm -fr /tmp/${date}
+
+sleep 600
@@ -489,6 +489,19 @@ backup:
       keep: 5
       # -- The name of the storage for the backups configured in the storages subsection
       storageName: s3-backups-daily
+  # -- Logical backup configuration (mysqldump)
+  # By default, only physical backups are enabled and needed
+  # Logical backup could be enabled if required by some dependent services
+  dump:
+    enabled: false
+    image:
+      name: percona-xtradb-cluster-operator
+      tag: 8.0.39-pxc8.0-backup-pxb8.0.35
+    schedule: "15 0 * * *"
+    s3:
+      config:
+        bucket: "pxc-logical-{{ .Values.global.region }}"
+        prefix: "{{ .Values.name }}"
 
 # -- Default Prometheus alerts and rules.
 alerts: