addons
/
mb-backup-manager
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix restic password permission issue

main
Anthony 2025-06-03 01:51:32 +08:00
parent 741ab55f05
commit da6f8574ed
2 changed files with 63 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
manifest.jps
View File

@ -304,77 +304,36 @@ actions:
message: Database backup add-on is already installed on ${env.name}. Backup addon installation is not possible. message: Database backup add-on is already installed on ${env.name}. Backup addon installation is not possible.
installRestic: installRestic:
cmd [cp]: |- - cmd[cp]:
# Download the latest Restic release user: root
curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64.bz2 -o restic.bz2 commands:
# Download and install Restic
# Decompress the downloaded file - curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64.bz2 -o restic.bz2
bzip2 -d restic.bz2 - bzip2 -d restic.bz2
- chmod +x restic
# Make the binary executable - mv restic /usr/local/bin/
chmod +x restic
# Create password file if it doesn't exist
# Move it to a directory in your PATH - if [ ! -f /etc/restic-password ]; then head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 > /etc/restic-password; fi
sudo mv restic /usr/local/bin/
# Fix the core issue: Make password readable by everyone
# Create the Restic password file with a random password if it doesn't exist - chmod 644 /etc/restic-password
if [ ! -f /etc/restic-password ]; then
head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 | sudo tee /etc/restic-password # Create backup and log directories
fi - mkdir -p /mnt/backups
- mkdir -p /home/jelastic/mb-backups/logs
# Detect web server environment and set appropriate ownership - chmod -R 755 /home/jelastic/mb-backups/logs
WEB_USER="" - chmod 755 /mnt/backups
if id "litespeed" &>/dev/null; then
WEB_USER="litespeed"
elif id "nginx" &>/dev/null; then
WEB_USER="nginx"
elif id "www-data" &>/dev/null; then
WEB_USER="www-data"
elif id "apache" &>/dev/null; then
WEB_USER="apache"
else
WEB_USER="root"
fi
echo "Detected web server user: $WEB_USER"
# Set ownership with fallback to root
if [ "$WEB_USER" != "root" ]; then
sudo chown $WEB_USER:$WEB_USER /etc/restic-password
# Make readable by all users in case of permission issues
sudo chmod 644 /etc/restic-password
else
sudo chown root:root /etc/restic-password
sudo chmod 644 /etc/restic-password
fi
# Ensure backup directories exist with proper permissions
sudo mkdir -p /mnt/backups
sudo chown $WEB_USER:$WEB_USER /mnt/backups
sudo chmod 755 /mnt/backups
# Set up log rotation for backup logs
echo "/var/log/backup_addon.log {
weekly
rotate 52
missingok
notifempty
compress
copytruncate
}" > /etc/logrotate.d/backup-addon
user: root
importScripts: importScripts:
- cmd[cp]: - cmd[cp]:
user: root user: root
commands: commands:
- mkdir -p /home/jelastic/mb-backups - mkdir -p /home/jelastic/mb-backups
- mkdir -p /home/litespeed/mb-backups/logs - mkdir -p /home/jelastic/mb-backups/logs
- mkdir -p /home/litespeed/mb-backups/logs/auto - mkdir -p /home/jelastic/mb-backups/logs/auto
- mkdir -p /home/litespeed/mb-backups/logs/manual - mkdir -p /home/jelastic/mb-backups/logs/manual
- mkdir -p /home/litespeed/mb-backups/logs/restore - mkdir -p /home/jelastic/mb-backups/logs/restore
- sudo chown -R litespeed:litespeed /home/litespeed/mb-backups/logs
- sudo chmod -R u+rw /home/litespeed/mb-backups/logs
- cd /home/jelastic/mb-backups - cd /home/jelastic/mb-backups
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_all.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_all.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_core_files.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_core_files.sh
@ -386,8 +345,7 @@ actions:
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/view_snapshots.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/view_snapshots.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_backup_repo.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_backup_repo.sh
- curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_repo_stats.sh - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_repo_stats.sh
- chmod +x /home/litespeed/mb-backups/*.sh - chmod +x /home/jelastic/mb-backups/*.sh
- sudo chown -R litespeed:litespeed /home/litespeed/mb-backups
removeScripts: removeScripts:
- cmd[cp]: - cmd[cp]:

43
scripts/imports/check_repo_stats.sh
View File

@ -6,12 +6,13 @@ set -e
# Configuration # Configuration
BACKUP_REPO_PATH="/mnt/backups" BACKUP_REPO_PATH="/mnt/backups"
PASSWORD_FILE="/etc/restic-password" PASSWORD_FILE="/etc/restic-password"
LOG_DIR="/home/litespeed/logs" LOG_DIR="/home/jelastic/mb-backups/logs"
LOG_FILE="${LOG_DIR}/repo_stats_$(date +'%Y-%m-%d').log" LOG_FILE="${LOG_DIR}/repo_stats_$(date +'%Y-%m-%d').log"
RETENTION_POLICY="--keep-last 7 --prune" # Modify retention policy as needed RETENTION_POLICY="--keep-last 7 --prune" # Modify retention policy as needed
# Ensure the log directory exists # Ensure the log directory exists with proper permissions
mkdir -p "$LOG_DIR" mkdir -p "$LOG_DIR"
chmod 755 "$LOG_DIR"
# Logging function # Logging function
log_message() { log_message() {
@ -114,6 +115,16 @@ validate_repository() {
export RESTIC_PASSWORD="$restic_password" export RESTIC_PASSWORD="$restic_password"
export RESTIC_REPOSITORY="$BACKUP_REPO_PATH" export RESTIC_REPOSITORY="$BACKUP_REPO_PATH"
# Set the password and repository
export RESTIC_PASSWORD=$(cat /etc/restic-password)
export RESTIC_REPOSITORY="/mnt/backups"
# Initialize the repository
restic init
# Verify it worked
restic snapshots
# Test repository access # Test repository access
if ! restic snapshots &>/dev/null; then if ! restic snapshots &>/dev/null; then
log_message "ERROR: Unable to access the Restic repository at $BACKUP_REPO_PATH" log_message "ERROR: Unable to access the Restic repository at $BACKUP_REPO_PATH"
@ -122,10 +133,32 @@ validate_repository() {
# Check if repository needs initialization # Check if repository needs initialization
if [ ! -d "$BACKUP_REPO_PATH" ] || [ -z "$(ls -A "$BACKUP_REPO_PATH" 2>/dev/null)" ]; then if [ ! -d "$BACKUP_REPO_PATH" ] || [ -z "$(ls -A "$BACKUP_REPO_PATH" 2>/dev/null)" ]; then
log_message "Repository appears to be empty or non-existent. It may need initialization." log_message "Repository appears to be empty or non-existent. Initializing repository..."
log_message "Run check_backup_repo.sh to initialize the repository." if restic init; then
log_message "Repository initialized successfully."
else
log_message "ERROR: Failed to initialize repository."
exit 1
fi
else
# Repository exists but might not be a valid Restic repository
log_message "Repository directory exists but may not be a valid Restic repository."
log_message "Attempting to initialize as new repository..."
if restic init; then
log_message "Repository initialized successfully."
else
log_message "ERROR: Repository exists but is not accessible. Manual intervention required."
log_message "Directory contents:"
ls -la "$BACKUP_REPO_PATH" 2>/dev/null || echo "Cannot list directory"
exit 1
fi
fi
# Test access again after initialization
if ! restic snapshots &>/dev/null; then
log_message "ERROR: Repository initialization succeeded but still cannot access repository."
exit 1
fi fi
exit 1
fi fi
log_message "Repository access validated successfully." log_message "Repository access validated successfully."