diff --git a/src/apps.js b/src/apps.js index 12a4ec6cd..2fa880bba 100644 --- a/src/apps.js +++ b/src/apps.js @@ -1,5 +1,3 @@ -/* jslint node:true */ - 'use strict'; exports = module.exports = { @@ -885,7 +883,7 @@ function createNewBackup(app, addonsToBackup, callback) { async.series([ ignoreError(shell.sudo.bind(null, 'mountSwap', [ BACKUP_SWAP_CMD, '--on' ])), addons.backupAddons.bind(null, app, addonsToBackup), - shell.sudo.bind(null, 'backupApp', [ BACKUP_APP_CMD, app.id, result.url, result.configUrl, result.backupKey ]), + shell.sudo.bind(null, 'backupApp', [ BACKUP_APP_CMD, result.s3ConfigUrl, result.s3DataUrl, result.accessKeyId, result.secretAccessKey, result.sessionToken, result.region, result.backupKey ]), ignoreError(shell.sudo.bind(null, 'unmountSwap', [ BACKUP_SWAP_CMD, '--off' ])), ], function (error) { if (error) return callback(new AppsError(AppsError.INTERNAL_ERROR, error)); diff --git a/src/backups.js b/src/backups.js index 3ab2c5bf0..813f6854f 100644 --- a/src/backups.js +++ b/src/backups.js @@ -135,26 +135,20 @@ function getAppBackupUrl(app, callback) { settings.getBackupConfig(function (error, backupConfig) { if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error)); - api(backupConfig.provider).getBackupUrl(backupConfig, configFilename, function (error, configResult) { + api(backupConfig.provider).getBackupUrl(backupConfig, configFilename, function (error, result) { if (error) return callback(error); - api(backupConfig.provider).getBackupUrl(backupConfig, dataFilename, function (error, dataResult) { - if (error) return callback(error); + result.id = dataFilename; + result.s3ConfigUrl = 's3://' + backupConfig.bucket + '/' + backupConfig.prefix + '/' + configFilename; + result.s3DataUrl = 's3://' + backupConfig.bucket + '/' + backupConfig.prefix + '/' + dataFilename; + result.backupKey = backupConfig.key; - var obj = { - id: dataResult.id, - url: dataResult.url, - configUrl: configResult.url, - backupKey: backupConfig.key // only data is encrypted - }; + debug('getAppBackupUrl: %j', result); - debug('getAppBackupUrl: %j', obj); + backupdb.add({ id: result.id, version: app.manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ] }, function (error) { + if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error)); - backupdb.add({ id: obj.id, version: app.manifest.version, type: backupdb.BACKUP_TYPE_APP, dependsOn: [ ] }, function (error) { - if (error) return callback(new BackupsError(BackupsError.INTERNAL_ERROR, error)); - - callback(null, obj); - }); + callback(null, result); }); }); }); diff --git a/src/scripts/backupapp.sh b/src/scripts/backupapp.sh index 5f0700a45..5b9076f16 100755 --- a/src/scripts/backupapp.sh +++ b/src/scripts/backupapp.sh @@ -12,17 +12,22 @@ if [[ $# == 1 && "$1" == "--check" ]]; then exit 0 fi -if [ $# -lt 4 ]; then - echo "Usage: backupapp.sh " +if [ $# -lt 7 ]; then + echo "Usage: backupapp.sh " exit 1 fi readonly DATA_DIR="${HOME}/data" -app_id="$1" -backup_url="$2" -backup_config_url="$3" -backup_key="$4" +# env vars used by the awscli +s3_config_url="$1" +s3_data_url="$2" +export AWS_ACCESS_KEY_ID="$3" +export AWS_SECRET_ACCESS_KEY="$4" +export AWS_SESSION_TOKEN="$5" +export AWS_DEFAULT_REGION="$6" +password="$7" + readonly now=$(date "+%Y-%m-%dT%H:%M:%S") readonly app_data_dir="${DATA_DIR}/${app_id}" readonly app_data_snapshot="${DATA_DIR}/snapshots/${app_id}-${now}" @@ -31,13 +36,13 @@ btrfs subvolume snapshot -r "${app_data_dir}" "${app_data_snapshot}" # Upload config.json first because uploading tarball might take a lot of time, leading to token expiry for try in `seq 1 5`; do - echo "Uploading config.json to ${backup_config_url} (try ${try})" + echo "Uploading config.json to ${s3_config_url} (try ${try})" error_log=$(mktemp) - headers=("-H" "Content-Type:") - + # use aws instead of curl because curl will always read entire stream memory to set Content-Length + # aws will do multipart upload if cat "${app_data_snapshot}/config.json" \ - | curl --fail -X PUT ${headers[@]} --data-binary @- "${backup_config_url}" 2>"${error_log}"; then + | aws s3 cp - "${s3_config_url}" 2>"${error_log}"; then break fi cat "${error_log}" && rm "${error_log}" @@ -50,14 +55,12 @@ if [[ ${try} -eq 5 ]]; then fi for try in `seq 1 5`; do - echo "Uploading backup to ${backup_url} (try ${try})" + echo "Uploading backup to ${s3_data_url} (try ${try})" error_log=$(mktemp) - headers=("-H" "Content-Type:") - if tar -cvzf - -C "${app_data_snapshot}" . \ | openssl aes-256-cbc -e -pass "pass:${backup_key}" \ - | curl --fail -X PUT ${headers[@]} --data-binary @- "${backup_url}" 2>"${error_log}"; then + | aws s3 cp - "${s3_data_url}" 2>"${error_log}"; then break fi cat "${error_log}" && rm "${error_log}"