#!/usr/bin/env bash set -euo pipefail # Backup + WAL archiving setup for Patroni/PostgreSQL DB nodes. # # What this sets up: # - pgBackRest repository on a backup host # - pgBackRest client config on db1/db2/db3 # - WAL archiving from PostgreSQL to the repo # - daily full backup + frequent incremental backup via cron # # Usage: # sudo ./setup-backup.sh /path/to/backup.env # # ROLE values: # ROLE=repo -> backup repository server # ROLE=db -> database node # # Assumptions: # - Debian/Ubuntu # - db1/db2/db3/backup1 resolve via /etc/hosts or DNS # - SSH connectivity works between db nodes and repo host over WireGuard # - PostgreSQL 16 binaries live in /usr/lib/postgresql/16/bin # - Patroni data dir is /var/lib/postgresql/data # # This script: # - installs pgBackRest # - writes pgBackRest config # - creates systemd timer or cron entries for backups on repo host # - writes Patroni-compatible PostgreSQL archive settings on DB hosts # # IMPORTANT: # - After applying DB config changes, restart Patroni on each DB node one at a time. # - Run stanza-create from the repo host after all DB configs are present. ENV_FILE="${1:-}" if [[ -z "$ENV_FILE" || ! -f "$ENV_FILE" ]]; then echo "Usage: sudo $0 /path/to/backup.env" exit 1 fi set -a source "$ENV_FILE" set +a require() { local var="$1" if [[ -z "${!var:-}" ]]; then echo "Missing required variable: $var" >&2 exit 1 fi } ROLE="${ROLE:-}" if [[ "$ROLE" != "repo" && "$ROLE" != "db" ]]; then echo "ROLE must be repo or db" >&2 exit 1 fi common_vars=( STANZA REPO_HOST REPO_PATH REPO_RETENTION_FULL REPO_RETENTION_DIFF DB1_HOST DB2_HOST DB3_HOST PG_SUPERUSER PG_SUPERUSER_PASSWORD ) for v in "${common_vars[@]}"; do require "$v"; done if [[ "$ROLE" == "repo" ]]; then repo_vars=(REPO_HOSTNAME) for v in "${repo_vars[@]}"; do require "$v"; done else db_vars=(NODE_NAME PATRONI_CONFIG_PATH PGBACKREST_DB_PATH) for v in "${db_vars[@]}"; do require "$v"; done fi log() { echo "[+] $*"; } install_packages() { export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y pgbackrest cron openssh-client } setup_repo_host() { log "Setting up pgBackRest repository host" install -d -m 0750 /etc/pgbackrest install -d -m 0750 "${REPO_PATH}" chown -R postgres:postgres "${REPO_PATH}" || true cat > /etc/pgbackrest/pgbackrest.conf < /usr/local/bin/pgbackrest-full.sh < /usr/local/bin/pgbackrest-incr.sh < /usr/local/bin/pgbackrest-check.sh < /etc/cron.d/pgbackrest <<'EOF' SHELL=/bin/bash PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin # Daily full backup at 02:15 15 2 * * * root /usr/local/bin/pgbackrest-full.sh >> /var/log/pgbackrest-full.log 2>&1 # Incremental backup every 6 hours 10 */6 * * * root /usr/local/bin/pgbackrest-incr.sh >> /var/log/pgbackrest-incr.log 2>&1 # Daily check at 01:40 40 1 * * * root /usr/local/bin/pgbackrest-check.sh >> /var/log/pgbackrest-check.log 2>&1 EOF systemctl enable cron systemctl restart cron cat < /etc/pgbackrest/pgbackrest.conf < /usr/local/bin/apply-patroni-backup-settings.sh <