Add templates for site restore and backup

Dockerfile

@@ -4,7 +4,7 @@ LABEL maintainer="Drupal Admins <drupal-admins@cern.ch>"
 
 ARG restic_version=0.12.0
 
-COPY ./job_templates /job_templates
+COPY ./tekton-task-templates /tekton-task-templates
 
 COPY ./velero-restic-restore/restore_pvs.sh /scripts/restore_pvs.sh
 

chart/cluster-tasks/templates/clear-cache.yaml

@@ -10,8 +10,6 @@ spec:
     - name: namespace
       type: string
       description: The namespace of the drupal site
-  workspaces:
-    - name: job
   steps:
     - name: clear-cache
       image: {{ .Values.image }}
@@ -23,10 +21,11 @@ spec:
         echo "--------------------------- Clear cache ---------------------------"
         echo "Drupal site name: $(params.drupalSite)"
         export TASK=clear-cache
+        export OPERATION="clear-cache"
         export DRUPALSITE=$(params.drupalSite)
         export NAMESPACE=$(params.namespace)
         export SERVING_POD_IMAGE=$(oc get -n $(params.namespace) drupalsite/$(params.drupalSite) -o=jsonpath='{.status.servingPodImage}')
-        envsubst < $(workspaces.job.path)/{{ .Values.jobTemplateFile }} | oc create -n $(params.namespace) -f -
+        envsubst < /tekton-task-templates/drupal_operation_job.yaml | oc create -n $(params.namespace) -f -
         oc wait --for=condition=complete job/$TASK-$(params.drupalSite)
         jobStatus=$(oc get job/$TASK-$(params.drupalSite) -o=jsonpath='{.status.conditions[*].type}' | grep -i -E 'failed|complete' || echo "Failed")
         echo "Job status: $jobStatus"

chart/cluster-tasks/templates/database-restore.yaml

-apiVersion: tekton.dev/v1beta1
-kind: ClusterTask
-metadata:
-  name: database-restore
-spec:
-  params:
-    - name: drupalSite
-      type: string
-      description: The name of the drupal site
-    - name: namespace
-      type: string
-      description: The namespace of the drupal site
-  workspaces:
-    - name: job
-  steps:
-    - name: database-restore
-      image: {{ .Values.image }}
-      command:
-        - /bin/sh
-        - '-c'
-      args:
-      - |-
-        echo "--------------------------- Database restore ---------------------------"
-        echo "Drupal site name: $(params.drupalSite)"
-        export TASK=database-restore
-        export DRUPALSITE=$(params.drupalSite)
-        export NAMESPACE=$(params.namespace)
-        export SERVING_POD_IMAGE=$(oc get -n $(params.namespace) drupalsite/$(params.drupalSite) -o=jsonpath='{.status.servingPodImage}')
-        export ARGS="-f dbBackUp.sql"
-        envsubst < $(workspaces.job.path)/{{ .Values.jobTemplateFile }} | oc create -n $(params.namespace) -f -
-        oc wait --for=condition=complete job/$TASK-$(params.drupalSite)
-        jobStatus=$(oc get job/$TASK-$(params.drupalSite) -o=jsonpath='{.status.conditions[*].type}' | grep -i -E 'failed|complete' || echo "Failed")
-        echo "Job status: $jobStatus"
-        echo "Job logs:"
-        oc logs job/$TASK-$DRUPALSITE -n $(params.namespace)

chart/cluster-tasks/templates/database-backup.yaml → chart/cluster-tasks/templates/drupalsite-backup.yaml

 apiVersion: tekton.dev/v1beta1
 kind: ClusterTask
 metadata:
-  name: database-backup
+  name: drupalsite-backup
 spec:
   params:
     - name: drupalSite
@@ -10,26 +10,24 @@ spec:
     - name: namespace
       type: string
       description: The namespace of the drupal site
-  workspaces:
-    - name: job
   steps:
-    - name: database-backup
+    - name: drupalsite-backup
       image: {{ .Values.image }}
       command:
         - /bin/sh
         - '-c'
       args:
       - |-
-        echo "--------------------------- Database backup ---------------------------"
+        echo "--------------------------- DrupalSite backup ---------------------------"
         echo "Drupal site name: $(params.drupalSite)"
-        export TASK=database-backup
+        export DATE=$(date +%F-%H-%M)
+        export TASK=site-backup-$DATE
         export DRUPALSITE=$(params.drupalSite)
         export NAMESPACE=$(params.namespace)
-        export SERVING_POD_IMAGE=$(oc get -n $(params.namespace) drupalsite/$(params.drupalSite) -o=jsonpath='{.status.servingPodImage}')
-        export ARGS="-f dbBackUp.sql"
-        envsubst < $(workspaces.job.path)/{{ .Values.jobTemplateFile }} | oc create -n $(params.namespace) -f -
-        oc wait --for=condition=complete job/$TASK-$(params.drupalSite)
-        jobStatus=$(oc get job/$TASK-$(params.drupalSite) -o=jsonpath='{.status.conditions[*].type}' | grep -i -E 'failed|complete' || echo "Failed")
-        echo "Job status: $jobStatus"
-        echo "Job logs:"
-        oc logs job/$TASK-$DRUPALSITE -n $(params.namespace)
+        export NAME_HASH=$(printf '%s' "$NAMESPACE/$DRUPALSITE" | md5sum | awk '{print $1}')
+        export VELERO_NAMESPACE={{ .Values.veleroNamespace }}
+        envsubst < /tekton-task-templates/backup_resource.yaml | oc create -f -
+        timeout 60s bash -c -- 'while [ $(oc get backup/$TASK-$(params.drupalSite) -n $VELERO_NAMESPACE -o jsonpath='{.status.phase}') = "Completed" ]; do printf "Backup completed successfully"; exit; done'
+        backupStatus=$(oc get backup/$TASK-$(params.drupalSite) -n $VELERO_NAMESPACE -o=jsonpath='{.status.phase}' | grep -i -E 'failed|completed|partiallyfailed' || echo "Failed")
+        sleep 
+        echo "DrupalSite backup status: $backupStatus"

chart/cluster-tasks/templates/drupalsite-restore.yaml

@@ -21,16 +21,33 @@ spec:
         - '-c'
       args:
       - |-
-        echo "--------------------------- Drupalsite PVC restore ---------------------------"
+        echo "--------------------------- Drupalsite files restore ---------------------------"
         echo "Drupal site name: $(params.drupalSite)"
-        export TASK=velero-restore
+        export DATE=$(date +%F-%H-%M)
+        export TASK=files-restore-$DATE
         export DRUPALSITE=$(params.drupalSite)
+        export NAMESPACE=$(params.namespace)
         export VELERO_BACKUP_NAME=$(params.veleroBackupName)
-        export VELERO_NAMESPACE=velero
+        export VELERO_NAMESPACE={{ .Values.veleroNamespace }}
         export OPERATIONS_IMAGE={{ .Values.image }}
-        envsubst < /job_templates/restore_job.yaml | oc create -f -
+        export RESTORE_SERVICE_ACCOUNT={{ .Values.restoreServiceAccount }}
+        envsubst < /tekton-task-templates/restore_pv_job.yaml | oc create -f -
         oc wait --for=condition=complete job/$TASK-$(params.drupalSite) -n openshift-cern-cephfs
         jobStatus=$(oc get job/$TASK-$(params.drupalSite) -n openshift-cern-cephfs -o=jsonpath='{.status.conditions[*].type}' | grep -i -E 'failed|complete' || echo "Failed")
-        echo "Job status: $jobStatus"
-        echo "Job logs:"
+        echo "Files restore Job status: $jobStatus"
+        echo "Files restore Job logs:"
         oc logs job/$TASK-$DRUPALSITE -n openshift-cern-cephfs
+
+        echo "--------------------------- Drupalsite database restore ---------------------------"
+        export TASK=db-restore-$DATE
+        export SERVING_POD_IMAGE=$(oc get -n $NAMESPACE drupalsite/$(params.drupalSite) -o=jsonpath='{.status.servingPodImage}')
+        export OPERATION="database-restore"
+        export ARGS="-f database_backup"
+        envsubst < /tekton-task-templates/drupal_operation_job.yaml | oc create -n $NAMESPACE -f -
+        oc wait --for=condition=complete job/$TASK-$(params.drupalSite)
+        jobStatus=$(oc get job/$TASK-$(params.drupalSite) -o=jsonpath='{.status.conditions[*].type}' | grep -i -E 'failed|complete' || echo "Failed")
+        echo "Database restore Job status: $jobStatus"
+        echo "Database restore Job logs:"
+        oc logs job/$TASK-$DRUPALSITE -n $(params.namespace)
+        
+

chart/cluster-tasks/values.yaml

 image: gitlab-registry.cern.ch/drupal/paas/drupal-operations/openshift-cli:velero-restore
-
-jobTemplateFile: job-operations-template.yaml
+restoreServiceAccount: ""
+veleroNamespace: ""

examples/clear-cache-taskrun.yaml

@@ -11,8 +11,4 @@ spec:
       value: test-dimitra-drupalsite
     - name: namespace
       value: test-dimitra
-  workspaces:
-    - name: job
-      configmap:
-        name: job-operations-template-configmap
   serviceAccountName: tektoncd

examples/database-backup-taskrun.yaml → examples/drupalsite-backup-taskrun.yaml

 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
-  generateName: database-backup-
+  generateName: drupalsite-backup-
 spec:
   taskRef:
-    name: database-backup
+    name: drupalsite-backup
     kind: ClusterTask
   params:
     - name: drupalSite
       value: test-dimitra-drupalsite
     - name: namespace
       value: test-dimitra
-  workspaces:
-    - name: job
-      configmap:
-        name: job-operations-template-configmap
   serviceAccountName: tektoncd

examples/database-restore-taskrun.yaml → examples/drupalsite-restore-taskrun.yaml

 apiVersion: tekton.dev/v1beta1
 kind: TaskRun
 metadata:
-  generateName: database-restore-
+  generateName: drupalsite-restore-
 spec:
   taskRef:
     name: database-restore
@@ -11,8 +11,4 @@ spec:
       value: test-dimitra-drupalsite
     - name: namespace
       value: test-dimitra
-  workspaces:
-    - name: job
-      configmap:
-        name: job-operations-template-configmap
   serviceAccountName: tektoncd

tekton-task-templates/backup_resource.yaml

+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: $TASK-$DRUPALSITE
+  namespace: $VELERO_NAMESPACE
+  labels:
+    drupal.webservices.cern.ch/drupalSite: $NAME_HASH
+  annotations:
+    drupal.webservices.cern.ch/drupalSite: $NAMESPACE/$DRUPALSITE
+spec:
+  hooks: {}
+  includedNamespaces:
+  - $NAMESPACE
+  includedResources:
+  - pods
+  labelSelector:
+    matchLabels:
+      app: drupal
+      drupalSite: $DRUPALSITE
+  ttl: 720h0m0s
+status: {}

tekton-task-templates/drupal_operation_job.yaml

+kind: Job
+apiVersion: batch/v1
+metadata:
+  name: $TASK-$DRUPALSITE
+  namespace: $NAMESPACE
+  labels:
+    app: drupal-$TASK
+spec:
+  activeDeadlineSeconds: 86400
+  ttlSecondsAfterFinished: 86400
+  backoffLimit: 3
+  completions: 1
+  parallelism: 1
+  template:
+    spec:
+      containers:
+      - command:
+        - sh
+        - /operations/$OPERATION.sh 
+        - $ARGS
+        env:
+        - name: DRUPAL_SHARED_VOLUME
+          value: /drupal-data
+        envFrom:
+        - secretRef:
+            name: dbcredentials-$DRUPALSITE
+        image: $SERVING_POD_IMAGE
+        imagePullPolicy: Always
+        name: taskrun
+        volumeMounts:
+        - mountPath: /drupal-data
+          name: drupal-directory
+      dnsPolicy: ClusterFirst
+      restartPolicy: Never
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: drupal-directory
+        persistentVolumeClaim:
+          claimName: pv-claim-$DRUPALSITE

job_templates/restore_job.yaml → tekton-task-templates/restore_pv_job.yaml

@@ -7,6 +7,7 @@ metadata:
     app: velero-restore
 spec:
   activeDeadlineSeconds: 86400
+  ttlSecondsAfterFinished: 86400
   backoffLimit: 3
   template:
     metadata:
@@ -36,6 +37,8 @@ spec:
               value: $VELERO_NAMESPACE
             - name: VELERO_BACKUP_NAME
               value: $VELERO_BACKUP_NAME
+            - name: DATABASE_BACKUP_FILENAME
+              value: $DATABASE_BACKUP_FILENAME
             - name: AWS_ACCESS_KEY_ID
               valueFrom:
                 secretKeyRef:
@@ -72,7 +75,7 @@ spec:
       dnsPolicy: ClusterFirst
       nodeSelector:
         node-role.kubernetes.io/infra: ''
-      serviceAccountName: cephfs-backup-job
-      serviceAccount: cephfs-backup-job
+      serviceAccountName: $RESTORE_SERVICE_ACCOUNT
+      serviceAccount: $RESTORE_SERVICE_ACCOUNT
       securityContext: {}
       schedulerName: default-scheduler

velero-restic-restore/restore_pvs.sh

@@ -24,26 +24,30 @@ OPENSTACK_MANILA_SECRET=$(openstack token issue -f json | jq -r '.id')
 validateVar "$OPENSTACK_MANILA_SECRET" "OPENSTACK_MANILA_SECRET"
 
 # Use the velero backup name, to fetch the PodVolumeBackup resource and the ID of the restic snapshot, PV name accordingly
-
-POD_VOLUME_BACKUP=`oc get PodVolumeBackup -n $VELERO_NAMESPACE -l velero.io/backup-name=$VELERO_BACKUP_NAME -o name`
+# List the PodVolumeBackup resources by label filtering
+POD_VOLUME_BACKUP=`oc get PodVolumeBackup -n "$VELERO_NAMESPACE" -l velero.io/backup-name="$VELERO_BACKUP_NAME" -o name`
 validateVar "$POD_VOLUME_BACKUP" "POD_VOLUME_BACKUP"
 
-POD_VOLUME_BACKUP_JSON=`oc get $POD_VOLUME_BACKUP -n $VELERO_NAMESPACE -o json`
+# Fetch the PodVolumeBackup resource json
+POD_VOLUME_BACKUP_JSON=`oc get "$POD_VOLUME_BACKUP" -n "$VELERO_NAMESPACE" -o json`
 validateVar "$POD_VOLUME_BACKUP_JSON" "POD_VOLUME_BACKUP_JSON"
 
+# Fetch the Restic snapshot ID
 RESTIC_SNAPSHOT_ID=$(echo "$POD_VOLUME_BACKUP_JSON" | jq -r '.status.snapshotID')
 validateVar "$RESTIC_SNAPSHOT_ID" "RESTIC_SNAPSHOT_ID"
 echo $RESTIC_SNAPSHOT_ID
 
+# Fetch the Restic Repo URL
 RESTIC_REPO=$(echo "$POD_VOLUME_BACKUP_JSON" | jq -r '.spec.repoIdentifier')
 validateVar "$RESTIC_REPO" "RESTIC_REPO"
 echo $RESTIC_REPO
 
+# Fetch the PV name
 PV_NAME=pvc-$(echo "$POD_VOLUME_BACKUP_JSON" | jq -r '.spec.tags["pvc-uid"]')
 validateVar "$PV_NAME" "PV_NAME"
 echo $PV_NAME
 
-PV_JSON=`oc get pv $PV_NAME -o json`
+PV_JSON=`oc get pv "$PV_NAME" -o json`
 validateVar "$PV_JSON" "PV_JSON"
 
 NAMESPACE_CSI_DRIVER=$(echo "$PV_JSON" | jq -r '.spec.csi.nodeStageSecretRef.namespace')
@@ -65,7 +69,7 @@ echo $MANILA_EXPORT_LOCATIONS
 
 # Stores monitors and path of the PV, similar to
 # 137.138.121.135:6789,188.184.85.133:6789,188.184.91.157:6789:/volumes/_nogroup/337f5361-bee2-415b-af8e-53eaec1add43
-CEPHFS_PATH_PV=$(echo $MANILA_EXPORT_LOCATIONS | jq -r '.export_locations[]?.path')
+CEPHFS_PATH_PV=$(echo "$MANILA_EXPORT_LOCATIONS" | jq -r '.export_locations[]?.path')
 validateVar "$CEPHFS_PATH_PV" "CEPHFS_PATH_PV"
 echo $CEPHFS_PATH_PV
 
@@ -74,7 +78,7 @@ MANILA_ACCESS_RULES=$(curl -X GET -H "X-Auth-Token: $OPENSTACK_MANILA_SECRET" -H
 validateVar "$MANILA_ACCESS_RULES" "MANILA_ACCESS_RULES"
 echo $MANILA_ACCESS_RULES
 
-CEPHFS_USERKEY=$(echo $MANILA_ACCESS_RULES | jq -r '.access.access_key')
+CEPHFS_USERKEY=$(echo "$MANILA_ACCESS_RULES" | jq -r '.access.access_key')
 validateVar "$CEPHFS_USERKEY" "CEPHFS_USERKEY"
 echo $CEPHFS_USERKEY
 
@@ -85,7 +89,7 @@ mount -t ceph "$CEPHFS_PATH_PV" -o name="$PV_NAME",noatime,secret="$CEPHFS_USERK
 mkdir -p /restore
 chmod 777 /restore
 
-restic -p /tmp/restic_password -r ${RESTIC_REPO} restore ${RESTIC_SNAPSHOT_ID} --target /restore
+restic -p /tmp/restic_password -r "$RESTIC_REPO" restore "$RESTIC_SNAPSHOT_ID" --target /restore
 
 rsync -avz /restore/ /mnt/ --delete