From 2e1f739c4a8962ed323f878653851909632460dc Mon Sep 17 00:00:00 2001
From: Ian Tangney <ian.tangney@kasmweb.com>
Date: Thu, 16 Sep 2021 15:47:18 -0400
Subject: [PATCH] KASM-1921 Create playbook for backing up the kasm database

---
 .gitignore                      |  1 +
 README.md                       | 20 ++++++++++++++++
 backup_db.yml                   |  5 ++++
 roles/backup_db/files/backup.sh | 42 +++++++++++++++++++++++++++++++++
 roles/backup_db/tasks/main.yml  | 21 +++++++++++++++++
 roles/backup_db/vars/main.yml   |  8 +++++++
 6 files changed, 97 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 backup_db.yml
 create mode 100644 roles/backup_db/files/backup.sh
 create mode 100644 roles/backup_db/tasks/main.yml
 create mode 100644 roles/backup_db/vars/main.yml

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..047d7bb
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+backup/
diff --git a/README.md b/README.md
index 6ce832f..6ad37d3 100644
--- a/README.md
+++ b/README.md
@@ -106,3 +106,23 @@ In the examples `restart_kasm.yml` can be substituted for `start_kasm.yml` or `s
     If you only want to run it against hosts in the 'db' group for example you can run the following:
 
     `ansible-playbook -u [username] -l db -i inventory restart_kasm.yml`
+
+## Kasm Database Backup playbook
+
+This playbook can be used to backup the Kasm Workspaces database to a location on the Database server specified by `remote_backup_dir` and optionally to a location on the ansible server specified by `local_backup_dir`. Backups older than `retention_days` are automatically cleaned up.
+
+### Ansible Configuration
+
+1. Open `roles/backup_db/vars/main.yml` and update variables if desired.
+
+2. Open `inventory` file and fill in the hostnames / ips for the servers that will be fulfilling the agent, webapp and db roles. 
+
+3. Run the playbook.
+
+    `ansible-playbook -Kk -u [username] -i inventory backup_db.yml`
+
+    Ansible will prompt you for the ssh password and sudo password (will almost always be the same password).
+
+    Or, if you have ssh keys copied over to your servers and have NOPASSWD in sudoers you can just run.
+
+    `ansible-playbook -u [username] -i inventory backup_db.yml`
diff --git a/backup_db.yml b/backup_db.yml
new file mode 100644
index 0000000..1745ba5
--- /dev/null
+++ b/backup_db.yml
@@ -0,0 +1,5 @@
+- hosts:
+    - db
+  roles:
+    - backup_db
+ 
\ No newline at end of file
diff --git a/roles/backup_db/files/backup.sh b/roles/backup_db/files/backup.sh
new file mode 100644
index 0000000..54975a7
--- /dev/null
+++ b/roles/backup_db/files/backup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# $1 is the backup directory
+# $2 is the retention period in days
+
+set -ex
+
+
+
+if [ -z "$1" ] ; then
+    echo "FATAL: Missing output dir argument"
+    exit 1
+else
+    OUTPUT_DIR=$1
+fi
+
+if [ ! -d $OUTPUT_DIR ]; then
+    echo "FATAL: Cannot find dir $OUTPUT_DIR"
+    exit 1
+fi
+
+if [ -z "$2" ] ; then
+    echo "FATAL: Missing retention period argument"
+    exit 1
+else
+    RETENTION_DAYS=$2
+fi
+
+mkdir -p $OUTPUT_DIR/$HOSTNAME
+
+docker exec kasm_db /bin/bash -c "pg_dump -U kasmapp -w -Ft --exclude-table-data=logs kasm | gzip > /tmp/db_backup.tar.gz"
+
+DATE=`date "+%Y%m%d_%H.%M.%S"`
+OUTPUT_FILE=$OUTPUT_DIR/$HOSTNAME/kasm_db_backup_${HOSTNAME}_${DATE}.tar.gz
+
+# Copy the backup locally
+docker cp kasm_db:/tmp/db_backup.tar.gz $OUTPUT_FILE
+
+# Delete files older than 10 days
+find $OUTPUT_DIR/$HOSTNAME -name *.tar.gz -mtime +"$RETENTION_DAYS" -type f -delete
+
+echo "Database backed up to:"
+echo "$OUTPUT_FILE"
diff --git a/roles/backup_db/tasks/main.yml b/roles/backup_db/tasks/main.yml
new file mode 100644
index 0000000..70186f1
--- /dev/null
+++ b/roles/backup_db/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Ensure backup directory exists
+  file:
+    path: "{{ remote_backup_dir }}"
+    state: directory
+  become: true
+
+- name: Backup database
+  script: "files/backup.sh {{ remote_backup_dir }} {{ retention_days }}"
+  register: backup_output
+  become: true
+
+# Pull the remote backup file from stdout of the backup script
+- set_fact:
+    remote_backup: "{{ backup_output.stdout_lines[-1:][0] }}"
+
+- name: Copy database backup to ansible host
+  fetch:
+    src: "{{ remote_backup }}"
+    dest: "{{ local_backup_dir }}"
+    flat: true
+  when: local_backup_dir is defined
diff --git a/roles/backup_db/vars/main.yml b/roles/backup_db/vars/main.yml
new file mode 100644
index 0000000..5a301dc
--- /dev/null
+++ b/roles/backup_db/vars/main.yml
@@ -0,0 +1,8 @@
+# Directory where backups are placed on db server
+remote_backup_dir: /srv/backup/kasm/
+
+# Number of days that logs backups are retained on db host
+retention_days: 10
+
+# If this is uncommented, backups will be copied from remote server to the local ansible host
+#local_backup_dir: backup/