Merge branch 'master' into taz/fix-restore-target

Author: taz

backup.config-example

@@ -48,3 +48,10 @@ GHE_NUM_SNAPSHOTS=10
 #
 # WARNING: do not enable this, only useful for debugging/development
 #GHE_BACKUP_FSCK=no
+
+# If set to 'no', Elasticsearch audit log indices will not be backed up.
+# Note that they will still be backed up from MySQL. This will reduce
+# the time and size of the backup process but it will take longer
+# for the audit log entries to be searchable as they need to be reindexed
+# in Elasticsearch.
+#GHE_BACKUP_ES_AUDIT_LOGS=no

bin/ghe-backup

@@ -184,7 +184,7 @@ echo "Backing up Redis database ..."
 ghe-backup-redis > redis.rdb || failures="$failures redis"
 
 echo "Backing up audit log ..."
-ghe-backup-es-audit-log || failures="$failures audit-log"
+ghe-backup-audit-log || failures="$failures audit-log"
 
 echo "Backing up hookshot logs ..."
 ghe-backup-es-hookshot || failures="$failures hookshot"

bin/ghe-restore

@@ -301,8 +301,8 @@ fi
 # Restore exported audit and hookshot logs to 2.12.9 and newer single nodes and
 # all releases of cluster
 if $CLUSTER || [ "$(version $GHE_REMOTE_VERSION)" -ge "$(version 2.12.9)" ]; then
-  echo "Restoring Elasticsearch Audit logs ..."
-  ghe-restore-es-audit-log "$GHE_HOSTNAME" 1>&3
+  echo "Restoring Audit logs ..."
+  ghe-restore-audit-log "$GHE_HOSTNAME" 1>&3
 
   echo "Restoring hookshot logs ..."
   ghe-restore-es-hookshot "$GHE_HOSTNAME" 1>&3

share/github-backup-utils/ghe-backup-audit-log

@@ -0,0 +1,132 @@
+#!/usr/bin/env bash
+#/ Usage: ghe-backup-audit-log
+#/ Take a backup of audit logs.
+#/
+#/ Note: This command typically isn't called directly. It's invoked by
+#/ ghe-backup.
+set -e
+
+base_path="$( dirname "${BASH_SOURCE[0]}" )"
+# Bring in the backup configuration
+# shellcheck source=share/github-backup-utils/ghe-backup-config
+. "${base_path}/ghe-backup-config"
+
+# Setup GHE_REMOTE_XXX variables, host and make sure work dir is created
+setup(){
+  # Perform a host-check and establish GHE_REMOTE_XXX variables.
+  ghe_remote_version_required "$host"
+
+  # Set up remote host and root elastic backup directory based on config
+  host="$GHE_HOSTNAME"
+
+  # Make sure root backup dir exists if this is the first run
+  mkdir -p "$GHE_SNAPSHOT_DIR/audit-log"
+}
+
+# Check whether the MySQL backup should be enabled
+# by checking if the audit-log-import directory exists,
+# this makes it backwards-compatible with old snapshots
+mysql_backup_enabled(){
+  ghe-ssh "$host" test -d "$GHE_REMOTE_DATA_USER_DIR/common/audit-log-import"
+}
+
+# Check whether the MySQL import is complete by checking if
+# /data/user/common/audit-log-import/complete exists
+is_import_complete(){
+  ghe-ssh "$host" test -e "$GHE_REMOTE_DATA_USER_DIR/common/audit-log-import/complete"
+}
+
+# Check whether the MySQL import is disabled by verifying if
+# /data/user/common/audit-log-import/skip exists
+is_import_disabled(){
+  ghe-ssh "$host" test -e "$GHE_REMOTE_DATA_USER_DIR/common/audit-log-import/skip"
+}
+
+# Check whether the instance ships an audit log reconciler, if it doesn't
+# we can't dump audit_entries data, only the schema
+is_reconciler_available(){
+  ghe-ssh "$GHE_HOSTNAME" -- "test -e /usr/local/share/enterprise/ghe-auditlog-repair"
+}
+
+# Check whether we only need to back up the audit_entries schema and
+# ignore the actual data.
+#
+# This is the case when:
+#   - The import to MySQL is not complete
+#   - The import is disabled
+#   - The reconciler tool is not available
+skip_mysql_entries(){
+  if ! is_import_complete; then
+    ghe_verbose "audit log import is not complete"
+    return
+  fi
+
+  if is_import_disabled; then
+    ghe_verbose "audit log import is disabled"
+    return
+  fi
+
+  if ! is_reconciler_available; then
+    ghe_verbose "audit log reconciler is not available"
+    return
+  fi
+
+  return 1
+}
+
+# If the import to MySQL is complete, add a flag in the snapshot to indicate so.
+# And also use `ghe-backup-mysql-audit-log` to dump the audit entries.
+backup_mysql(){
+  if skip_mysql_entries; then
+    ghe_verbose "only backing up audit log table schema"
+    "${base_path}/ghe-backup-mysql-audit-log" --schema-only
+    return
+  fi
+
+  "${base_path}/ghe-backup-mysql-audit-log"
+  touch "$GHE_SNAPSHOT_DIR/audit-log/mysql-import-complete"
+}
+
+# Audit log indices in Elasticsearch are backed up when:
+#
+#   - Import is not complete
+#   - Import is disabled
+#   - Reconciler is not available
+#   - GHE_BACKUP_ES_AUDIT_LOGS is not set to 'no'
+es_backup_enabled(){
+  if skip_mysql_entries; then
+    return
+  fi
+
+  [ -z "$GHE_BACKUP_ES_AUDIT_LOGS" ] || [ "$GHE_BACKUP_ES_AUDIT_LOGS" != "no" ]
+}
+
+# Use ghe-backup-es-audit-log to back up Elasticsearch indices
+backup_es(){
+  "${base_path}/ghe-backup-es-audit-log"
+}
+
+backup(){
+  if mysql_backup_enabled; then
+    ghe_verbose "MySQL audit logs backup is enabled"
+    backup_mysql
+  else
+    ghe_verbose "MySQL audit logs backup is disabled"
+  fi
+
+  if es_backup_enabled; then
+    ghe_verbose "Elasticsearch audit logs backup is enabled"
+    backup_es
+  else
+    ghe_verbose "Elasticsearch audit logs backup is disabled"
+  fi
+}
+
+main(){
+  bm_start "$(basename "$0")"
+  setup
+  backup
+  bm_end "$(basename "$0")"
+}
+
+main

share/github-backup-utils/ghe-backup-es-rsync

@@ -27,6 +27,17 @@ fi
 # Make sure root backup dir exists if this is the first run
 mkdir -p "$GHE_SNAPSHOT_DIR/elasticsearch"
 
+# Create exclude file
+exclude_file="$(mktemp)"
+echo elasticsearch.yml >"$exclude_file"
+
+# Exclude audit log indices when configuration says so and import to MySQL is complete
+# as those indices will be rebuilt from MySQL during a restore
+if [ "$GHE_BACKUP_ES_AUDIT_LOGS" = "no" ] && ghe-ssh "$host" test -e "/data/user/common/audit-log-import/complete"; then
+  ghe_verbose "* Excluding Audit Log indices"
+  ghe-ssh "$host" curl -s 'http://localhost:9201/_cat/indices/audit_log?h=uuid' >>$exclude_file 2>&3
+fi
+
 # Verify that the /data/elasticsearch directory exists.
 if ! ghe-ssh "$host" -- "[ -d '$GHE_REMOTE_DATA_USER_DIR/elasticsearch' ]"; then
   ghe_verbose "* The '$GHE_REMOTE_DATA_USER_DIR/elasticsearch' directory doesn't exist."
@@ -47,15 +58,16 @@ ghe-rsync -avz \
   -e "ghe-ssh -p $(ssh_port_part "$host")" \
   --rsync-path="sudo -u elasticsearch rsync" \
   $link_dest \
-  --exclude='elasticsearch.yml' \
+  --exclude-from="$exclude_file" \
   "$(ssh_host_part "$host"):$GHE_REMOTE_DATA_USER_DIR/elasticsearch/" \
   "$GHE_SNAPSHOT_DIR/elasticsearch" 1>&3
 
-# Set up a trap to re-enable flushing on exit
+# Set up a trap to re-enable flushing on exit and remove temp file
 cleanup () {
   ghe_verbose "* Enabling ES index flushing ..."
   echo '{"index":{"translog.disable_flush":false}}' |
   ghe-ssh "$host" -- curl -s -XPUT "localhost:9200/_settings" -d @- >/dev/null
+  ghe-ssh "$host" rm -rf "$exclude_file"
 }
 trap 'cleanup' EXIT
 trap 'exit $?' INT # ^C always terminate
@@ -72,7 +84,7 @@ ghe-rsync -avz \
   -e "ghe-ssh -p $(ssh_port_part "$host")" \
   --rsync-path="sudo -u elasticsearch rsync" \
   $link_dest \
-  --exclude='elasticsearch.yml' \
+  --exclude-from="$exclude_file" \
   "$(ssh_host_part "$host"):$GHE_REMOTE_DATA_USER_DIR/elasticsearch/" \
   "$GHE_SNAPSHOT_DIR/elasticsearch" 1>&3
 

share/github-backup-utils/ghe-backup-mysql-audit-log

@@ -0,0 +1,175 @@
+#!/usr/bin/env bash
+#/ Usage: ghe-backup-mysql-audit-log
+#/ Take a backup of audit logs in MySQL.
+#/
+#/ Args:
+#/    --only-schema (optional: only dump the table schema)
+#/
+#/ Note: This command typically isn't called directly. It's invoked by
+#/ ghe-backup-audit-log.
+set -e
+
+# Bring in the backup configuration
+# shellcheck source=share/github-backup-utils/ghe-backup-config
+. "$( dirname "${BASH_SOURCE[0]}" )/ghe-backup-config"
+
+# Whether we just need to dump the table schema and no data
+only_schema="$1"
+
+# Setup GHE_REMOTE_XXX variables and other global variables
+setup(){
+  # Perform a host-check and establish GHE_REMOTE_XXX variables.
+  ghe_remote_version_required "$host"
+
+  # Set up remote host and root elastic backup directory based on config
+  host="$GHE_HOSTNAME"
+
+  # Where the new MySQL dumps go
+  snapshot_dir="$GHE_SNAPSHOT_DIR/audit-log-mysql"
+
+  # Where the current MySQL dumps live
+  current_dir="$GHE_DATA_DIR/current/audit-log-mysql"
+
+  # Wheter we need a full backup and not incremental
+  force_full_backup=false
+
+  # Make sure root backup dir exists if this is the first run
+  mkdir -p "$snapshot_dir"
+}
+
+# Use ghe-export-audit-logs to fetch the current metadata for all stored
+# months in MySQL. For each month: number of entries, minum ID, maximum ID
+fetch_current_meta(){
+  local meta
+  if ! meta=$(ghe-ssh "$host" "sudo ghe-export-audit-logs months" | grep -v NULL 2>&3); then
+    ghe_verbose "Error: failed to retrieve audit log metadata"
+    exit 1
+  fi
+
+  [ -z "$meta" ] && return 1
+
+  echo "$meta"
+}
+
+# Check if a month data exists in the current snapshot. Use its
+# size, minimum ID and maximum ID to assume it's the same if
+# they all match.
+is_month_synced(){
+  local meta="$1"
+  local name=$2
+
+  test -f "${current_dir}/${name}.gz" || return 1
+  test -f "${current_dir}/${name}.meta" || return 1
+
+  [ "$(cat "${current_dir}/${name}.meta")" = "$meta" ] 
+}
+
+# To compare two schemas, we filter out comments,
+# the AUTO_INCREMENT=XXXX value and blank lines
+# to only leave SQL statements.
+filter_schema(){
+  local schema="$1"
+
+  echo "$schema" | \
+    grep -v "^--" |
+    grep -v "^/\\*" | \
+    grep . | \
+    sed 's/ AUTO_INCREMENT=[0-9]*\b//'
+}
+
+# Dump table schema and check whether it has changed when
+# compared with the schema stored in the current snapshot.
+# If it has changed, we can't do an incremental backup
+# and all data needs to be dumped in the new snapshot.
+dump_schema(){
+  ghe_verbose "dumping table schema..."
+
+  local current
+  current=$(ghe-ssh "$host" "ghe-export-audit-logs dump --schema-only" 2>&3)
+
+  echo "$current" | gzip >"${snapshot_dir}/schema.gz"
+
+  if ! test -e "${current_dir}/schema.gz"; then
+    return
+  fi
+    
+  local previous
+  previous=$(gunzip -c "${current_dir}/schema.gz")
+
+  if ! diff -Naur <(filter_schema "$current") <(filter_schema "$previous") 1>&3 2>&3; then
+    ghe_verbose "Current and previous schema don't match, forcing full backup"
+    force_full_backup=true
+    return
+  fi
+
+  ghe_verbose "Current and previous schemas match"
+}
+
+# Dump a month of audit entries from MySQL and store it
+# in $name.gz. 
+# Create $name.meta with number of entries, minimum ID and maximum ID.
+dump_month(){
+  local meta="$1"
+  local name=$2
+
+  ghe_verbose "dumping ${meta}..."
+
+  ghe-ssh "$host" "ghe-export-audit-logs dump --use-gzip=true $name" >"${snapshot_dir}/${name}.gz" 2>&3
+  echo "$meta" > "${snapshot_dir}/${name}.meta"
+}
+
+# Check if the export tool is available in this version
+export_tool_available(){
+  ghe-ssh "$host" "test -e /usr/local/bin/ghe-export-audit-logs"
+}
+
+# Backup audit log entries:
+#
+# 1. Fetch metadata about the existing audit log entries in MySQL per month
+#    (month, number of entries, minumim ID, maximum ID)
+# 2. If any month is uptodate in the current snapshot, hardlink it
+# 3. Otherwise, dump those month entries from MySQL
+backup(){
+  if ! export_tool_available; then
+    ghe_verbose "ghe-export-audit-logs is not available"
+    return
+  fi
+
+  dump_schema
+
+  if [ -n "$only_schema" ]; then
+    ghe_verbose "only table schema was dumped"
+    return
+  fi
+
+  local meta
+  if ! meta=$(fetch_current_meta); then
+    ghe_verbose "there are no current audit log entries"
+    return
+  fi
+
+  IFS=$'\n'
+  for month in $meta; do
+    local month_name
+    month_name=$(echo "$month" | awk '{print $1}')
+
+    if ! $force_full_backup && is_month_synced "$month" "$month_name"; then
+      # Month is in-sync with current data, create hardlink to it
+      ghe_verbose "$month_name is in sync, hardlinking to it.."
+      ln "${current_dir}/${month_name}.gz" "${snapshot_dir}/${month_name}.gz"
+      ln "${current_dir}/${month_name}.meta" "${snapshot_dir}/${month_name}.meta"
+      continue
+    fi
+
+    dump_month "$month" "$month_name"
+  done
+}
+
+main(){
+  bm_start "$(basename "$0")"
+  setup
+  backup
+  bm_end "$(basename "$0")"
+}
+
+main