diff --git a/.env b/.env index da695e4..268f75a 100644 --- a/.env +++ b/.env @@ -1,6 +1,6 @@ # Build version -BUILD_VERSION=v0.1.14 +BUILD_VERSION=v0.1.15 # Moodle version MOODLE_VERSION=3.5.2 @@ -47,3 +47,9 @@ POSTFIX_RELAYHOST= POSTFIX_RELAYHOST_PORT=587 POSTFIX_SASL_AUTH= POSTFIX_TLS= + +# Configure docker log driver - currently supports 'none', 'syslog' or 'journald' or 'json-file' (assuming no tags) +LOG_DRIVER=json-file + +# Configure the moodle backup path +MOODLE_BACKUP_ROOT=./backup diff --git a/CHANGELOG.md b/CHANGELOG.md index dffa0e1..1160fc5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## [v0.1.15] - 2018-11-19 +### Added +- Customizable log driver option +- Postgres-backup container +- Host cron job for postgres backups +- Security label disable for selinux based systems + ## [v0.1.14] - 2018-11-08 ### Added - Bake in 'postfix' as default `smtphost` diff --git a/README.md b/README.md index 8adf252..aeb76e6 100644 --- a/README.md +++ b/README.md @@ -87,3 +87,58 @@ The [Moodle eMailTest](https://moodle.org/plugins/local_mailtest) plugin is bake ```bash openssl req -x509 -newkey rsa:4096 -keyout moodle.key -out moodle.crt -days 365 -nodes -subj "/C=CA/ST=ON/L=Toronto/O=SC/OU=Org/CN=www.example.com" ``` + +## Backup and Restore + +### Manual backups + +On systems installed from .deb package, a cronjob should be automatically setup to perform backups. On a development system, you can manually run the same process: + +``` +docker-compose run postgres-backup /bin/backup_db +``` + +### Restoring a database backup + +First, ensure you have a backup and delta to restore from! On systems installed from .deb package, the files are stored on the docker host under /backups by default. + +Pause the backup cron on the docker host by commenting the job: + +``` +sed -i 's/^\([^#]\)/#\1/g' /etc/cron.d/postgres-backup +``` + +Switch to the moodle config folder: + +``` +cd /etc/moodle-docker +``` + +Enable the site maintenance page: + +``` +docker-compose exec nginx-php-moodle /usr/bin/php /opt/moodle/app/admin/cli/maintenance.php --enable +``` + +Drop and re-create the database: + +``` +docker-compose run postgres-backup /bin/drop_and_create +``` + +Restore the DB by running the script and answering the interactive prompts regarding which backup to restore: + +``` +docker-compose run postgres-backup /bin/restore_db_from_delta +``` + +Disable the site maintenance page: + +``` +docker-compose exec nginx-php-moodle /usr/bin/php /opt/moodle/app/admin/cli/maintenance.php --disable +``` +Unpause the backup: + +``` +sed -i 's/^#//g' /etc/cron.d/postgres-backup +``` diff --git a/cron/postgres-backup b/cron/postgres-backup new file mode 100644 index 0000000..4401123 --- /dev/null +++ b/cron/postgres-backup @@ -0,0 +1 @@ +0 * * * * root cd /etc/moodle-docker && /usr/local/bin/docker-compose --file /etc/moodle-docker/docker-compose.yml run postgres-backup /bin/backup_db diff --git a/dc.deb.yml b/dc.deb.yml index 721b0b6..e9b2f04 100644 --- a/dc.deb.yml +++ b/dc.deb.yml @@ -70,6 +70,7 @@ services: - "/package/dc.prod-dbonly.yml=/etc/moodle-docker/" - "/package/docker-compose.yml=/etc/moodle-docker/" - "/package/systemd/moodle-docker.service=/lib/systemd/system/" + - "/package/cron/postgres-backup=/etc/cron.d/" environment: BUILD_VERSION: "${BUILD_VERSION}" MOODLE_VERSION: "${MOODLE_VERSION}" diff --git a/docker-compose.yml b/docker-compose.yml index 93eaf6f..8c2b3ba 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,12 +2,23 @@ version: '3.6' +x-logging: + &common-logging + driver: "${LOG_DRIVER}" + +x-secopts: + &sec-opts + security_opt: + - label:disable + services: nginx-php-moodle: networks: db: mail: image: ${DOCKER_REGISTRY_URL}/nginx-php-moodle:latest + logging: *common-logging + <<: *sec-opts depends_on: - postfix - postgres @@ -60,10 +71,14 @@ services: POSTFIX_RELAYHOST_PORT: POSTFIX_SASL_AUTH: POSTFIX_TLS: + logging: *common-logging + <<: *sec-opts postgres: networks: db: image: ${DOCKER_REGISTRY_URL}/postgres:9.6 + logging: *common-logging + <<: *sec-opts environment: POSTGRES_DB: "${PGSQL_DATABASE}" POSTGRES_USER: "${PGSQL_USER}" @@ -72,10 +87,32 @@ services: - type: volume source: db target: /var/lib/postgresql/data + postgres-backup: + image: ${DOCKER_REGISTRY_URL}/postgres-backup:latest + depends_on: + - "postgres" + volumes: + - type: bind + source: ${MOODLE_BACKUP_ROOT} + target: /backup + environment: + POSTGRES_PASSWORD: "${PGSQL_PASSWORD}" + POSTGRES_USER: "${PGSQL_USER}" + POSTGRES_DB: "${PGSQL_DATABASE}" + DUMPPREFIX: "backup" + POSTGRES_HOST: "postgres" + POSTGRES_PORT: "5432" + logging: *common-logging + <<: *sec-opts + command: /bin/true + networks: + db: certbot: networks: certbot: image: ${DOCKER_REGISTRY_URL}/sc-certbot:latest + logging: *common-logging + <<: *sec-opts depends_on: - nginx-php-moodle environment: diff --git a/systemd/postinst.sh b/systemd/postinst.sh index 1875521..39e0941 100644 --- a/systemd/postinst.sh +++ b/systemd/postinst.sh @@ -32,6 +32,9 @@ else echo "Moodle data directory already exists" fi +echo "Adjust cron job permissions" +chmod 644 /etc/cron.d/postgres-backup + echo "Setting up .env file" if [ ! -f /etc/moodle-docker/.env ]; then echo "Creating .env from example file" @@ -44,6 +47,7 @@ if [ ! -f /etc/moodle-docker/.env ]; then sed -i "s/MOODLE_ADMIN_PASS=.*/MOODLE_ADMIN_PASS=${moodle_admin_pass}/g" /etc/moodle-docker/.env sed -i "s/MOODLE_UPGRADE_KEY=.*/MOODLE_UPGRADE_KEY=${moodle_upgrade_key}/g" /etc/moodle-docker/.env sed -i "s/PGSQL_PASSWORD=.*/PGSQL_PASSWORD=${pgsql_password}/g" /etc/moodle-docker/.env + sed -i "s#MOODLE_BACKUP_ROOT=.*#MOODLE_BACKUP_ROOT=/backups#g" /etc/moodle-docker/.env else echo "Nothing to do, .env already exists" fi