Fix restic password permission issue

2025-06-03 01:51:32 +08:00 · 2025-06-03 01:51:32 +08:00 · da6f8574ed
parent 741ab55f05
commit da6f8574ed
2 changed files with 63 additions and 72 deletions
--- a/manifest.jps
+++ b/manifest.jps
@ -304,77 +304,36 @@ actions:
          message: Database backup add-on is already installed on ${env.name}. Backup addon installation is not possible.

  installRestic:
-    cmd [cp]: |-
-      # Download the latest Restic release
-      curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64.bz2 -o restic.bz2
+    - cmd[cp]:
+        user: root
+        commands:
+          # Download and install Restic
+          - curl -L https://github.com/restic/restic/releases/download/v0.15.2/restic_0.15.2_linux_amd64.bz2 -o restic.bz2
+          - bzip2 -d restic.bz2
+          - chmod +x restic
+          - mv restic /usr/local/bin/
          
-      # Decompress the downloaded file
-      bzip2 -d restic.bz2
+          # Create password file if it doesn't exist
+          - if [ ! -f /etc/restic-password ]; then head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 > /etc/restic-password; fi
          
-      # Make the binary executable
-      chmod +x restic
+          # Fix the core issue: Make password readable by everyone
+          - chmod 644 /etc/restic-password
          
-      # Move it to a directory in your PATH
-      sudo mv restic /usr/local/bin/
-
-      # Create the Restic password file with a random password if it doesn't exist
-      if [ ! -f /etc/restic-password ]; then
-        head /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 | sudo tee /etc/restic-password
-      fi
-
-      # Detect web server environment and set appropriate ownership
-      WEB_USER=""
-      if id "litespeed" &>/dev/null; then
-        WEB_USER="litespeed"
-      elif id "nginx" &>/dev/null; then
-        WEB_USER="nginx"
-      elif id "www-data" &>/dev/null; then
-        WEB_USER="www-data"
-      elif id "apache" &>/dev/null; then
-        WEB_USER="apache"
-      else
-        WEB_USER="root"
-      fi
-
-      echo "Detected web server user: $WEB_USER"
-
-      # Set ownership with fallback to root
-      if [ "$WEB_USER" != "root" ]; then
-        sudo chown $WEB_USER:$WEB_USER /etc/restic-password
-        # Make readable by all users in case of permission issues
-        sudo chmod 644 /etc/restic-password
-      else
-        sudo chown root:root /etc/restic-password
-        sudo chmod 644 /etc/restic-password
-      fi
-
-      # Ensure backup directories exist with proper permissions
-      sudo mkdir -p /mnt/backups
-      sudo chown $WEB_USER:$WEB_USER /mnt/backups
-      sudo chmod 755 /mnt/backups
-
-      # Set up log rotation for backup logs
-      echo "/var/log/backup_addon.log {
-          weekly
-          rotate 52
-          missingok
-          notifempty
-          compress
-          copytruncate
-        }" > /etc/logrotate.d/backup-addon
-    user: root
+          # Create backup and log directories
+          - mkdir -p /mnt/backups
+          - mkdir -p /home/jelastic/mb-backups/logs
+          - chmod -R 755 /home/jelastic/mb-backups/logs
+          - chmod 755 /mnt/backups

  importScripts:
  - cmd[cp]:
      user: root
      commands:
        - mkdir -p /home/jelastic/mb-backups
-        - mkdir -p /home/litespeed/mb-backups/logs
-        - mkdir -p /home/litespeed/mb-backups/logs/auto
-        - mkdir -p /home/litespeed/mb-backups/logs/manual
-        - mkdir -p /home/litespeed/mb-backups/logs/restore
-        - sudo chown -R litespeed:litespeed /home/litespeed/mb-backups/logs
-        - sudo chmod -R u+rw /home/litespeed/mb-backups/logs
+        - mkdir -p /home/jelastic/mb-backups/logs
+        - mkdir -p /home/jelastic/mb-backups/logs/auto
+        - mkdir -p /home/jelastic/mb-backups/logs/manual
+        - mkdir -p /home/jelastic/mb-backups/logs/restore
        - cd /home/jelastic/mb-backups
        - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_all.sh
        - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/backup_core_files.sh
@ -386,8 +345,7 @@ actions:
        - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/view_snapshots.sh
        - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_backup_repo.sh
        - curl -O https://deploy-proxy.mightybox.io/addons/mb-backup-manager/raw/branch/main/scripts/imports/check_repo_stats.sh
-        - chmod +x /home/litespeed/mb-backups/*.sh
-        - sudo chown -R litespeed:litespeed /home/litespeed/mb-backups
+        - chmod +x /home/jelastic/mb-backups/*.sh

  removeScripts:
    - cmd[cp]:
--- a/scripts/imports/check_repo_stats.sh
+++ b/scripts/imports/check_repo_stats.sh
@ -6,12 +6,13 @@ set -e
 # Configuration
 BACKUP_REPO_PATH="/mnt/backups"
 PASSWORD_FILE="/etc/restic-password"
-LOG_DIR="/home/litespeed/logs"
+LOG_DIR="/home/jelastic/mb-backups/logs"
 LOG_FILE="${LOG_DIR}/repo_stats_$(date +'%Y-%m-%d').log"
 RETENTION_POLICY="--keep-last 7 --prune" # Modify retention policy as needed

-# Ensure the log directory exists
+# Ensure the log directory exists with proper permissions
 mkdir -p "$LOG_DIR"
+chmod 755 "$LOG_DIR"

 # Logging function
 log_message() {
@ -114,6 +115,16 @@ validate_repository() {
    export RESTIC_PASSWORD="$restic_password"
    export RESTIC_REPOSITORY="$BACKUP_REPO_PATH"

+    # Set the password and repository
+    export RESTIC_PASSWORD=$(cat /etc/restic-password)
+    export RESTIC_REPOSITORY="/mnt/backups"
+
+    # Initialize the repository
+    restic init
+
+    # Verify it worked
+    restic snapshots
+
    # Test repository access
    if ! restic snapshots &>/dev/null; then
        log_message "ERROR: Unable to access the Restic repository at $BACKUP_REPO_PATH"
@ -122,10 +133,32 @@ validate_repository() {
        
        # Check if repository needs initialization
        if [ ! -d "$BACKUP_REPO_PATH" ] || [ -z "$(ls -A "$BACKUP_REPO_PATH" 2>/dev/null)" ]; then
-            log_message "Repository appears to be empty or non-existent. It may need initialization."
-            log_message "Run check_backup_repo.sh to initialize the repository."
+            log_message "Repository appears to be empty or non-existent. Initializing repository..."
+            if restic init; then
+                log_message "Repository initialized successfully."
+            else
+                log_message "ERROR: Failed to initialize repository."
+                exit 1
+            fi
+        else
+            # Repository exists but might not be a valid Restic repository
+            log_message "Repository directory exists but may not be a valid Restic repository."
+            log_message "Attempting to initialize as new repository..."
+            if restic init; then
+                log_message "Repository initialized successfully."
+            else
+                log_message "ERROR: Repository exists but is not accessible. Manual intervention required."
+                log_message "Directory contents:"
+                ls -la "$BACKUP_REPO_PATH" 2>/dev/null || echo "Cannot list directory"
+                exit 1
+            fi
+        fi
+        
+        # Test access again after initialization
+        if ! restic snapshots &>/dev/null; then
+            log_message "ERROR: Repository initialization succeeded but still cannot access repository."
+            exit 1
        fi
-        exit 1
    fi
    
    log_message "Repository access validated successfully."