304 lines
11 KiB
Plaintext
304 lines
11 KiB
Plaintext
velero_backup() {
|
|
#name=$(date +%y%m%d.%h%m) && velero create backup $name --exclude-namespaces velero --wait && velero backup logs $name'
|
|
name=$(date +%y%m%d.%H%M)
|
|
velero create backup $name --exclude-namespaces velero --wait
|
|
velero backup logs $name
|
|
}
|
|
|
|
export PROJECTS="${PROJECTS:-$HOME/projects}"
|
|
|
|
## STACKSPIN
|
|
export STACKSPIN="${STACKSPIN:-$PROJECTS/stackspin}"
|
|
_stackspin_cluster_cache=/var/tmp/stackspin-cluster
|
|
|
|
# Stackspin CLI Wrapper:
|
|
# Initialize once with "stack select example.org",
|
|
# then it loads the last selected cluster on startup.
|
|
# Presumes a mapping like the following in your ssh config:
|
|
# Host example.org
|
|
# Hostname [IP]
|
|
# This is a function so it can change directory.
|
|
stack() {
|
|
cmdname=${FUNCNAME:-$0}
|
|
local pod_suffix='-\(0\|[0-f]\+\)'
|
|
if test $# -lt 1; then
|
|
builtin cd "$STACKSPIN" || cd /mnt/b/media/backups/servers/stackspin/2310_stackspin
|
|
echo "Usage: $cmdname <COMMAND> [args...]"
|
|
echo "Stackspin commands: select, sso, user, push"
|
|
echo "Kubepod commands: pod, exec, app, shell, ls, logs, upload"
|
|
echo "App commands: occ, vikunja"
|
|
return 1
|
|
fi
|
|
local command="$1"
|
|
shift
|
|
case "$command" in
|
|
# stackspin administration
|
|
(select)
|
|
export _cluster_name="$1"
|
|
export _cluster_ip="$(ssh -G "$_cluster_name" | grep --max-count 1 "^hostname " | cut -d " " -f2-)"
|
|
export CLUSTER_DIR="$STACKSPIN/clusters/$_cluster_name"
|
|
export KUBECONFIG="$CLUSTER_DIR/kube_config_cluster.yml"
|
|
# Uncomment the line below to always use the main stackspin repo, even when running in a fork.
|
|
#export GITLAB_CI="true"
|
|
echo Selected Stackspin cluster "$_cluster_name" with IP "$_cluster_ip"
|
|
echo "$_cluster_name" >"$_stackspin_cluster_cache"
|
|
#test "$PWD" = "$HOME" && builtin cd "$STACKSPIN"
|
|
test -d "$STACKSPIN" && . $STACKSPIN/env/bin/activate
|
|
;;
|
|
(sso) "$cmdname" exec dashboard-backend -- flask "$@";;
|
|
(users)
|
|
if test "$1" = "delete"
|
|
then shift
|
|
for arg
|
|
do "$cmdname" user delete "$arg"
|
|
done
|
|
elif test $# -gt 0
|
|
then
|
|
for arg
|
|
do "$cmdname" user show $arg
|
|
done
|
|
else "$cmdname" users $("$cmdname" user list | sed 's|.*<\(.*\)>.*|\1|')
|
|
fi;;
|
|
(user|app)
|
|
if test "$1" = "init"
|
|
then mail="$2"
|
|
shift 2
|
|
"$cmdname" user create "$mail" &&
|
|
"$cmdname" user update "$mail" name "$*" &&
|
|
echo "Initialized user '$*' with email '$mail'"
|
|
else "$cmdname" sso cli "$command" "$@"
|
|
fi;;
|
|
(invite) (
|
|
# Mail invitation to new users
|
|
export mail=$1
|
|
export name=${2:-$(echo $mail | sed -E 's/(.*)\.(.*)@.*/\u\1 \u\2/' )}
|
|
#echo "$mail,$name"
|
|
stack user init "$mail" "$name"
|
|
stack-invite
|
|
);;
|
|
(push)
|
|
test -f "$1" && $EDITOR "$1"
|
|
# Allow force: https://open.greenhost.net/xeruf/stackspout/-/settings/repository#js-protected-branches-settings
|
|
git commit "$@"
|
|
git push &&
|
|
flux reconcile source git -n flux-system "$(basename $(git rev-parse --show-toplevel))"
|
|
flux reconcile kustomization -n flux-system "$(basename $(git rev-parse --show-toplevel))"
|
|
;;
|
|
# FLUX
|
|
(flux)
|
|
case "$1" in
|
|
(env) # Apply changes to .flux.env
|
|
kubectl apply -k "$CLUSTER_DIR"
|
|
flux reconcile -n flux-system kustomization velero
|
|
flux get -A kustomizations --no-header | awk -F' ' '{system("flux reconcile -n " $1 " kustomization " $2)}'
|
|
;;
|
|
esac
|
|
;;
|
|
(reconcile)
|
|
app=$1
|
|
namespace=${2:-stackspout}
|
|
if flux suspend helmrelease -n $namespace $app
|
|
then flux resume helmrelease -n $namespace $app
|
|
else flux suspend helmrelease -n stackspin-apps $app
|
|
flux resume helmrelease -n stackspin-apps $app
|
|
fi
|
|
flux suspend kustomization $app
|
|
flux resume kustomization $app
|
|
;;
|
|
(edit)
|
|
# Edit the URL for an application
|
|
app=$1
|
|
kubectl edit configmap -n flux-system stackspin-$app-kustomization-variables
|
|
"$0" reconcile $app
|
|
;;
|
|
# Velero
|
|
(restic)
|
|
(
|
|
namespace=stackspin
|
|
case $1 in (-n|--namespace) namespace=$2; shift 2;; esac
|
|
source $CLUSTER_DIR/.flux.env || exit $?
|
|
export RESTIC_REPOSITORY="s3:${backup_s3_url}/${backup_s3_bucket}/${backup_s3_prefix}/restic/$namespace"
|
|
export AWS_ACCESS_KEY_ID="${backup_s3_aws_access_key_id}"
|
|
export AWS_SECRET_ACCESS_KEY="${backup_s3_aws_secret_access_key}"
|
|
export RESTIC_PASSWORD="$(kubectl get secret -n velero velero-repo-credentials -o jsonpath='{.data.repository-password}' | base64 -d)"
|
|
restic "$@"
|
|
)
|
|
;;
|
|
(backup)
|
|
backupname=$(date +%y%m%d.%H%m)
|
|
velero create backup $backupname --exclude-namespaces velero --wait
|
|
velero backup logs $backupname;;
|
|
(restore)
|
|
test $# -lt 2 && echo "$0 $command <backup> <app> [namespace]" >&2 && return 1
|
|
backup=$1; app=$2
|
|
namespace=${3:-stackspin-apps} # TODO automatically handle stackspout apps
|
|
restore="${backup}-$app-$(date +%s)"
|
|
if test "$app" = dashboard
|
|
then kust=single-sign-on
|
|
hr="$kust-database"
|
|
namespace=stackspin
|
|
else hr="$app"
|
|
kust="$app"
|
|
fi
|
|
flux suspend kustomization $kust
|
|
flux suspend helmrelease -n $namespace $hr
|
|
kubectl delete all -n $namespace -l stackspin.net/backupSet=$app
|
|
kubectl delete secret -n $namespace -l stackspin.net/backupSet=$app
|
|
kubectl delete configmap -n $namespace -l stackspin.net/backupSet=$app
|
|
kubectl delete pvc -n $namespace -l stackspin.net/backupSet=$app
|
|
velero restore create $restore --from-backup=$backup -l stackspin.net/backupSet=$app
|
|
echo "Waiting a few seconds for $app backup to restore..."
|
|
sleep 10
|
|
velero restore describe $restore
|
|
echo "Press enter if backup is ready to resume flux resources:"
|
|
read
|
|
test $app = dashboard && kubectl delete secret -n stackspin hydra && flux reconcile helmrelease -n stackspin hydra
|
|
flux resume helmrelease -n $namespace $hr # TODO timeout
|
|
flux resume kustomization $kust
|
|
;;
|
|
(restore-pvc)
|
|
test $# -lt 1 && echo "$0 $command <app> [dir]" >&2 && return 1
|
|
local app=$1
|
|
if test -d "$2"
|
|
then dir="$2"
|
|
target=$(ssh "$_cluster_name" find /var/lib/Stackspin/local-storage/ -maxdepth 1 -name "*$app")
|
|
test -z "$target" && echo "No target found for ${app}" && return 1
|
|
ssh "$_cluster_name" mv -v "$target" "$target.$(date +%s)"
|
|
rsync --links --hard-links --times --recursive --info=progress2,remove,symsafe,flist,del --human-readable "$dir/" "$_cluster_name:$target/"
|
|
else
|
|
for vol in $(ls -d pvc*$app* | cut -d_ -f3 | sort)
|
|
do "$cmdname" restore-pvc $vol $(find -maxdepth 1 -name "*$vol")
|
|
done
|
|
fi
|
|
;;
|
|
# KUBE
|
|
# app clis
|
|
(occ) "$cmdname" exec nc-nextcloud -c nextcloud -it -- su www-data -s /bin/bash -c "php $command $*";;
|
|
(vikunja*)
|
|
local pod=$command
|
|
case "$1" in
|
|
(dump|export) cd "$PROJECTS/vikunja"
|
|
"$cmdname" exec "$pod-api" -- sh -c 'rm -f *.zip && ./vikunja dump >/dev/null && ls --color -lAhF >&2 && cat *.zip' >"$pod-dump_$(date +%F).zip"
|
|
;;
|
|
(restore)
|
|
if ! test -f "$2"
|
|
then echo "Usage: $0 vikunja[suffix] restore <file>" >&2
|
|
return 2
|
|
fi
|
|
file=$2
|
|
"$cmdname" upload "$pod-api" "$file"
|
|
"$cmdname" exec "$pod-api" -it -- ./vikunja restore "$file"
|
|
;;
|
|
(psql) kubectl exec -it -n $("$cmdname" pod "$pod-postgresql") -- sh -c "PGPASSWORD=$(kubectl get secret --namespace stackspout $pod-postgresql -o jsonpath='{.data.password}' | base64 --decode) psql -h localhost -U vikunja -p 5432 vikunja";;
|
|
(*) echo "Unknown $command subcommand";;
|
|
esac
|
|
;;
|
|
(maria)
|
|
app=$1
|
|
pw="$(kubectl get secret -n flux-system stackspin-$app-variables --template '{{.data.mariadb_password}}' | base64 -d 2>/dev/null ||
|
|
kubectl get secret -n flux-system stackspin-$app-variables --template "{{.data.${app}_mariadb_password}}" | base64 -d)"
|
|
case $app in
|
|
(nextcloud) n=nc-mariadb;;
|
|
(wordpress) n=wordpress-database;;
|
|
(*) n=$app-mariadb;;
|
|
esac
|
|
"$cmdname" exec $n -it -- env "MYSQL_PWD=$pw" mysql -u $app "$@"
|
|
;;
|
|
(mariar)
|
|
name="$1-mariadb"
|
|
shift
|
|
"$cmdname" exec "$name" -it -- env "MYSQL_PWD=$(kubectl get secret -n $(kubectl get secret --all-namespaces -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers | grep --color=never -- "$name") -o jsonpath='{.data.mariadb-root-password}' | base64 -d)" mysql -u root "$@"
|
|
;;
|
|
# high-level
|
|
(shell)
|
|
container=$1
|
|
shift
|
|
test "$1" = "-c" && pod=$2 && shift 2
|
|
"$cmdname" exec "$container" -c "$pod" -it -- /bin/sh "$@";;
|
|
(ls)
|
|
if test $# -gt 1 && ! [[ "$2" =~ ".*/.*" ]]
|
|
then "$cmdname" exec "$1" "$2" "$3" -it -- ls -lAhF --group-directories-first "${@:4}"
|
|
else for container in $("$cmdname" kube get "$1" pod -o "jsonpath={.spec.containers[*].name}")
|
|
do highlight "Listing content of $container" &&
|
|
"$cmdname" ls "$1" -c "$container" "${@:2}"
|
|
done
|
|
fi;;
|
|
(upload)
|
|
kubectl cp "$2" -n $("$cmdname" pod "$1$pod_suffix"):$2 "${@:3}"
|
|
"$cmdname" ls "$1" "${@:3}";;
|
|
(exec) "$cmdname" kube exec "$@";;
|
|
(logs) podname=$1
|
|
shift
|
|
"$cmdname" kube logs "$podname" | $(command which ${LOGPAGER:-lnav} || { which bat >/dev/null && echo "bat --number -l toml" } || echo 'less -RF') "$@";;
|
|
# low-level
|
|
(kube)
|
|
test $# -gt 1 || { echo "Please provide a command and pod name" >&2 && return 1; }
|
|
local pods=$("$cmdname" pod "$2$pod_suffix") || { echo "No pod found for $2" >&2 && return 1; }
|
|
local subcommand=$1
|
|
shift 2
|
|
local commands=()
|
|
for arg
|
|
do case "$arg" in (-*) break;; (*) commands+="$arg"; shift;; esac
|
|
done
|
|
local IFS=$'\n'
|
|
for namespacedpod in $pods; do
|
|
test "$subcommand" = get ||
|
|
highlight "Running $subcommand on $namespacedpod" >&2
|
|
local IFS=' '
|
|
kubectl "$subcommand" "${commands[@]}" -n $namespacedpod "$@"
|
|
done;;
|
|
(pod)
|
|
test $# -gt 0 && local podname=$1 && shift
|
|
if ! kubectl get pods --all-namespaces --field-selector="status.phase=Running" -o=custom-columns=S:.metadata.namespace,N:.metadata.name --no-headers "$@" | grep --color=never -- "$podname"
|
|
then code=$?
|
|
echo "No pod found for $podname" >&2
|
|
return $code
|
|
fi
|
|
;;
|
|
# stackspin bare
|
|
(*) if which "$cmdname-$command" >/dev/null 2>&1
|
|
then "$cmdname-$command" "$@"
|
|
return $?
|
|
fi
|
|
builtin cd "$STACKSPIN"
|
|
# Since the install command can also be given bare to install stackspin itself
|
|
if test "$command" = "install"; then
|
|
case "$1" in
|
|
([a-z]*)
|
|
for arg
|
|
do kubectl exec -n stackspin deploy/dashboard -c backend -- flask cli app install "$arg"
|
|
done;;
|
|
(""|-*)
|
|
python3 -m pip install --upgrade pip
|
|
python3 -m pip install -r requirements.txt
|
|
python3 -m stackspin "$@" "$_cluster_name" "$command"
|
|
cp -nv "install/.flux.env.example" "clusters/$_cluster_name/.flux.env" &&
|
|
$EDITOR "clusters/$_cluster_name/.flux.env"
|
|
cp -nv install/kustomization.yaml $CLUSTER_DIR/
|
|
kubectl get namespace flux-system 2>/dev/null || kubectl create namespace flux-system
|
|
kubectl apply -k $CLUSTER_DIR
|
|
./install/install-stackspin.sh
|
|
;;
|
|
esac
|
|
else python3 -m stackspin "$_cluster_name" "$command" "$@"
|
|
fi;;
|
|
esac
|
|
}
|
|
|
|
cat "$_stackspin_cluster_cache" 2>/dev/null |
|
|
while read cluster; do stack select "$cluster"; done
|
|
|
|
test -z "$DISPLAY" && test "$XDG_VTNR" != 1 || return 0
|
|
# The following runs only on headless machines
|
|
|
|
which kubectl >/dev/null ||
|
|
{ kubectl() { sudo k3s kubectl "$@"; } && export -f kubectl; }
|
|
|
|
export PATH="$PATH:$HOME/.local/bin/server"
|
|
|
|
test -d "$MUSIC" || export MUSIC="/srv/funkwhale/data/music/janek"
|
|
|
|
test -f "$HOME/.rvm/scripts/rvm" &&
|
|
source "$HOME/.rvm/scripts/rvm" && # Load RVM into a shell session *as a function*
|
|
rvm use 3.0
|