Currently we have a basic backup command that pulls a logical backup of a postgres db using the flynn CLI, but we should have a more robust system.
Some things to think about:
:+1: Would love to see the scheduled backups feature :)
May I throw in Amazon S3 as backup storage? This would be exactly what I would love to use here. :)
I'm developing a solution for this which would just encrypt the results of $ flynn cluster backup
and throw them to s3. If the spec later sounds okay I will create PR later into flynn. This doesn't implement everything but it would be a start.
The backup process is called backy
and it will implement the same style envs as blobstore
:
$ flynn -a backy env
BACKEND_S3MAIN=backend=s3 region=eu-west-1 bucket=flynn-backup access_key_id=XXXXXX secret_access_key=YYYYYYYYY
DEFAULT_BACKEND=s3main
BACKUP_SCHEDULE='* */8 * * *'
BACKUP_ENCRYPTION=type=symmetric symmetric=ZZZZZZZZZZZ
BACKUP_SCHEDULE
will use cron time format.
BACKUP_ENCRYPTION
is one of none, symmetric, public-key
. And it needs to include either symmetric
or private_key
parameter
BACKUP_ADMINS
is the list of extra gpg public keys which can open the backup when public-key
option is used.
I would recommend us to use same permissions as in https://flynn.io/docs/production#amazon-s3 but without "s3:DeleteObject"
permission. This way the process can only read and write backups but not delete them. This helps if the cluster gets hacked so backups won't have to be compromised.
We can add versioning and expiration into the requirements so that backups will get deleted automatically eventually. User needs to set these details in the bucket.
Only s3
implements this append-only permission so I wouldn't recommend Google or Azure for now but they will get implemented too.
I will use gpg
from https://github.com/maxwellhealth/go-gpg for encryption. Symmetric key (password) will be the default option but list of sysadmin public gpg keys can be used too.
I hoping to use the storage functions from blobstore:
import (
...
"github.com/flynn/flynn/blobstore/backend"
)
Flynn is unmaintained and our infrastructure will shut down on June 1, 2021. See the README for details.
Most helpful comment
I'm developing a solution for this which would just encrypt the results of
$ flynn cluster backup
and throw them to s3. If the spec later sounds okay I will create PR later into flynn. This doesn't implement everything but it would be a start.Implementation
The backup process is called
backy
and it will implement the same style envs asblobstore
:BACKUP_SCHEDULE
will use cron time format.BACKUP_ENCRYPTION
is one ofnone, symmetric, public-key
. And it needs to include eithersymmetric
orprivate_key
parameterBACKUP_ADMINS
is the list of extra gpg public keys which can open the backup whenpublic-key
option is used.I would recommend us to use same permissions as in https://flynn.io/docs/production#amazon-s3 but without
"s3:DeleteObject"
permission. This way the process can only read and write backups but not delete them. This helps if the cluster gets hacked so backups won't have to be compromised.We can add versioning and expiration into the requirements so that backups will get deleted automatically eventually. User needs to set these details in the bucket.
Only
s3
implements this append-only permission so I wouldn't recommend Google or Azure for now but they will get implemented too.I will use
gpg
from https://github.com/maxwellhealth/go-gpg for encryption. Symmetric key (password) will be the default option but list of sysadmin public gpg keys can be used too.I hoping to use the storage functions from blobstore: