feat: Better recovery logic and doc tweaks

Author: Alan Christie

README.md

@@ -87,11 +87,21 @@ Or copy a backup file from it...
 When you're done, use kubectl to delete the Pod.
 
 ## Recovery (of a database)
+You can run the `site-recovery.yaml` playbook to recover data. What you need to do
+depends on your specific situation but typically you'll need to set suitable
+kubernetes and AWS/S3 variables: -
 
     export K8S_AUTH_HOST=https://????
     export K8S_AUTH_API_KEY=????
     export K8S_AUTH_VERIFY_SSL=false
 
+    export AWS_ACCESS_KEY_ID=????
+    export AWS_SECRET_ACCESS_KEY=????
+
+And then run the playbook with your chosen parameters: -
+
+    ansible-playbook -e @parameters.yaml site-recovery.yaml
+
 ## Testing
 To test this repository (Normally done via GitHib Actions)
 we essentially employ yaml and ansible lint code. From a suitable

roles/recovery/defaults/main.yaml

@@ -41,11 +41,8 @@ recovery_do_not_stop_on_error: no
 recovery_wait_minutes: 60
 
 # Database (admin) credentials are in a secret in the namespace.
-# The admin user and password are expected in the secret's: -
-# - database_admin_user
-# - database_admin_user_password
 # We just need to supply the name of the Secret.
-recovery_secret: postgres
+recovery_database_secret: database
 
 # Is the recovery volume expected to be an S3 mount?
 recovery_volume_is_s3: no

roles/recovery/tasks/deploy.yaml

@@ -9,8 +9,8 @@
     - recovery_namespace|string|length > 0
     - recovery_sa|string != 'SetMe'
     - recovery_sa|string|length > 0
-    - recovery_secret|string != 'SetMe'
-    - recovery_secret|string|length > 0
+    - recovery_database_secret|string != 'SetMe'
+    - recovery_database_secret|string|length > 0
     - recovery_database_expected_count|int >= 0
     - recovery_latest_backup_maximum_age_h|int >= 0
 
@@ -57,7 +57,7 @@
   k8s_info:
     kind: Secret
     namespace: "{{ recovery_namespace }}"
-    name: "{{ recovery_secret }}"
+    name: "{{ recovery_database_secret }}"
   register: secret_result
 
 - name: Assert secret

roles/recovery/templates/job.yaml.j2

@@ -33,15 +33,12 @@ spec:
         - name: PGHOST
           value: '{{ recovery_host }}'
         - name: PGUSER
-          valueFrom:
-            secretKeyRef:
-              name: {{ recovery_secret }}
-              key: database_admin_user
+          value: '{{ recovery_database_admin_user }}'
         - name: PGADMINPASS
           valueFrom:
             secretKeyRef:
-              name: {{ recovery_secret }}
-              key: database_admin_user_password
+              name: {{ recovery_database_secret }}
+              key: {{ recovery_database_secret_admin_user_password_key }}
 {% if recovery_do_not_stop_on_error %}
         - name: DO_NOT_STOP_ON_ERROR
           value: '1'

roles/recovery/vars/main.yaml

@@ -22,3 +22,7 @@ wait_timeout: 600
 wait_for_bind: no
 # Volume binding timeout (seconds)
 bind_timeout: 60
+
+# Names of kesy in the database Secret
+recovery_database_admin_user: postgres
+recovery_database_secret_admin_user_password_key: root_password