# -*- coding: iso-8859-1 -*-
# vim: set ft=python ts=3 sw=3 expandtab:
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# C E D A R
# S O L U T I O N S "Software done right."
# S O F T W A R E
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Copyright (c) 2014-2015 Kenneth J. Pronovici.
# All rights reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License,
# Version 2, as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# Copies of the GNU General Public License are available from
# the Free Software Foundation website, http://www.gnu.org/.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
# Author : Kenneth J. Pronovici <pronovic@ieee.org>
# Language : Python 3 (>= 3.4)
# Project : Official Cedar Backup Extensions
# Purpose : "Store" type extension that writes data to Amazon S3.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
########################################################################
# Module documentation
########################################################################
"""
Store-type extension that writes data to Amazon S3.
This extension requires a new configuration section <amazons3> and is intended
to be run immediately after the standard stage action, replacing the standard
store action. Aside from its own configuration, it requires the options and
staging configuration sections in the standard Cedar Backup configuration file.
Since it is intended to replace the store action, it does not rely on any store
configuration.
The underlying functionality relies on the U{AWS CLI interface
<http://aws.amazon.com/documentation/cli/>}. Before you use this extension,
you need to set up your Amazon S3 account and configure the AWS CLI connection
per Amazon's documentation. The extension assumes that the backup is being
executed as root, and switches over to the configured backup user to
communicate with AWS. So, make sure you configure AWS CLI as the backup user
and not root.
You can optionally configure Cedar Backup to encrypt data before sending it
to S3. To do that, provide a complete command line using the ``${input``} and
``${output``} variables to represent the original input file and the encrypted
output file. This command will be executed as the backup user.
For instance, you can use something like this with GPG::
/usr/bin/gpg -c --no-use-agent --batch --yes --passphrase-file /home/backup/.passphrase -o ${output} ${input}
The GPG mechanism depends on a strong passphrase for security. One way to
generate a strong passphrase is using your system random number generator, i.e.::
dd if=/dev/urandom count=20 bs=1 | xxd -ps
(See U{StackExchange <http://security.stackexchange.com/questions/14867/gpg-encryption-security>}
for more details about that advice.) If you decide to use encryption, make sure
you save off the passphrase in a safe place, so you can get at your backup data
later if you need to. And obviously, make sure to set permissions on the
passphrase file so it can only be read by the backup user.
This extension was written for and tested on Linux. It will throw an exception
if run on Windows.
:author: Kenneth J. Pronovici <pronovic@ieee.org>
"""
########################################################################
# Imported modules
########################################################################
# System modules
import sys
import os
import logging
import tempfile
import datetime
import json
import shutil
from functools import total_ordering
# Cedar Backup modules
from CedarBackup3.filesystem import FilesystemList, BackupFileList
from CedarBackup3.util import resolveCommand, executeCommand, isRunningAsRoot, changeOwnership, isStartOfWeek
from CedarBackup3.util import displayBytes, UNIT_BYTES
from CedarBackup3.xmlutil import createInputDom, addContainerNode, addBooleanNode, addStringNode
from CedarBackup3.xmlutil import readFirstChild, readString, readBoolean
from CedarBackup3.actions.util import writeIndicatorFile
from CedarBackup3.actions.constants import DIR_TIME_FORMAT, STAGE_INDICATOR
from CedarBackup3.config import ByteQuantity, readByteQuantity, addByteQuantityNode
########################################################################
# Module-wide constants and variables
########################################################################
logger = logging.getLogger("CedarBackup3.log.extend.amazons3")
SU_COMMAND = [ "su" ]
AWS_COMMAND = [ "aws" ]
STORE_INDICATOR = "cback.amazons3"
########################################################################
# AmazonS3Config class definition
########################################################################
[docs]@total_ordering
class AmazonS3Config(object):
"""
Class representing Amazon S3 configuration.
Amazon S3 configuration is used for storing backup data in Amazon's S3 cloud
storage using the ``s3cmd`` tool.
The following restrictions exist on data in this class:
- The s3Bucket value must be a non-empty string
- The encryptCommand value, if set, must be a non-empty string
- The full backup size limit, if set, must be a ByteQuantity >= 0
- The incremental backup size limit, if set, must be a ByteQuantity >= 0
"""
[docs] def __init__(self, warnMidnite=None, s3Bucket=None, encryptCommand=None,
fullBackupSizeLimit=None, incrementalBackupSizeLimit=None):
"""
Constructor for the ``AmazonS3Config`` class.
Args:
warnMidnite: Whether to generate warnings for crossing midnite
s3Bucket: Name of the Amazon S3 bucket in which to store the data
encryptCommand: Command used to encrypt backup data before upload to S3
fullBackupSizeLimit: Maximum size of a full backup, a ByteQuantity
incrementalBackupSizeLimit: Maximum size of an incremental backup, a ByteQuantity
Raises:
ValueError: If one of the values is invalid
"""
self._warnMidnite = None
self._s3Bucket = None
self._encryptCommand = None
self._fullBackupSizeLimit = None
self._incrementalBackupSizeLimit = None
self.warnMidnite = warnMidnite
self.s3Bucket = s3Bucket
self.encryptCommand = encryptCommand
self.fullBackupSizeLimit = fullBackupSizeLimit
self.incrementalBackupSizeLimit = incrementalBackupSizeLimit
def __repr__(self):
"""
Official string representation for class instance.
"""
return "AmazonS3Config(%s, %s, %s, %s, %s)" % (self.warnMidnite, self.s3Bucket, self.encryptCommand,
self.fullBackupSizeLimit, self.incrementalBackupSizeLimit)
def __str__(self):
"""
Informal string representation for class instance.
"""
return self.__repr__()
def __eq__(self, other):
"""Equals operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) == 0
def __lt__(self, other):
"""Less-than operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) < 0
def __gt__(self, other):
"""Greater-than operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) > 0
def __cmp__(self, other):
"""
Original Python 2 comparison operator.
Args:
other: Other object to compare to
Returns:
-1/0/1 depending on whether self is ``<``, ``=`` or ``>`` other
"""
if other is None:
return 1
if self.warnMidnite != other.warnMidnite:
if self.warnMidnite < other.warnMidnite:
return -1
else:
return 1
if self.s3Bucket != other.s3Bucket:
if str(self.s3Bucket or "") < str(other.s3Bucket or ""):
return -1
else:
return 1
if self.encryptCommand != other.encryptCommand:
if str(self.encryptCommand or "") < str(other.encryptCommand or ""):
return -1
else:
return 1
if self.fullBackupSizeLimit != other.fullBackupSizeLimit:
if (self.fullBackupSizeLimit or ByteQuantity()) < (other.fullBackupSizeLimit or ByteQuantity()):
return -1
else:
return 1
if self.incrementalBackupSizeLimit != other.incrementalBackupSizeLimit:
if (self.incrementalBackupSizeLimit or ByteQuantity()) < (other.incrementalBackupSizeLimit or ByteQuantity()):
return -1
else:
return 1
return 0
def _setWarnMidnite(self, value):
"""
Property target used to set the midnite warning flag.
No validations, but we normalize the value to ``True`` or ``False``.
"""
if value:
self._warnMidnite = True
else:
self._warnMidnite = False
def _getWarnMidnite(self):
"""
Property target used to get the midnite warning flag.
"""
return self._warnMidnite
def _setS3Bucket(self, value):
"""
Property target used to set the S3 bucket.
"""
if value is not None:
if len(value) < 1:
raise ValueError("S3 bucket must be non-empty string.")
self._s3Bucket = value
def _getS3Bucket(self):
"""
Property target used to get the S3 bucket.
"""
return self._s3Bucket
def _setEncryptCommand(self, value):
"""
Property target used to set the encrypt command.
"""
if value is not None:
if len(value) < 1:
raise ValueError("Encrypt command must be non-empty string.")
self._encryptCommand = value
def _getEncryptCommand(self):
"""
Property target used to get the encrypt command.
"""
return self._encryptCommand
def _setFullBackupSizeLimit(self, value):
"""
Property target used to set the full backup size limit.
The value must be an integer >= 0.
Raises:
ValueError: If the value is not valid
"""
if value is None:
self._fullBackupSizeLimit = None
else:
if isinstance(value, ByteQuantity):
self._fullBackupSizeLimit = value
else:
self._fullBackupSizeLimit = ByteQuantity(value, UNIT_BYTES)
def _getFullBackupSizeLimit(self):
"""
Property target used to get the full backup size limit.
"""
return self._fullBackupSizeLimit
def _setIncrementalBackupSizeLimit(self, value):
"""
Property target used to set the incremental backup size limit.
The value must be an integer >= 0.
Raises:
ValueError: If the value is not valid
"""
if value is None:
self._incrementalBackupSizeLimit = None
else:
if isinstance(value, ByteQuantity):
self._incrementalBackupSizeLimit = value
else:
self._incrementalBackupSizeLimit = ByteQuantity(value, UNIT_BYTES)
def _getIncrementalBackupSizeLimit(self):
"""
Property target used to get the incremental backup size limit.
"""
return self._incrementalBackupSizeLimit
warnMidnite = property(_getWarnMidnite, _setWarnMidnite, None, "Whether to generate warnings for crossing midnite.")
s3Bucket = property(_getS3Bucket, _setS3Bucket, None, doc="Amazon S3 Bucket in which to store data")
encryptCommand = property(_getEncryptCommand, _setEncryptCommand, None, doc="Command used to encrypt data before upload to S3")
fullBackupSizeLimit = property(_getFullBackupSizeLimit, _setFullBackupSizeLimit, None,
doc="Maximum size of a full backup, as a ByteQuantity")
incrementalBackupSizeLimit = property(_getIncrementalBackupSizeLimit, _setIncrementalBackupSizeLimit, None,
doc="Maximum size of an incremental backup, as a ByteQuantity")
########################################################################
# LocalConfig class definition
########################################################################
[docs]@total_ordering
class LocalConfig(object):
"""
Class representing this extension's configuration document.
This is not a general-purpose configuration object like the main Cedar
Backup configuration object. Instead, it just knows how to parse and emit
amazons3-specific configuration values. Third parties who need to read and
write configuration related to this extension should access it through the
constructor, ``validate`` and ``addConfig`` methods.
*Note:* Lists within this class are "unordered" for equality comparisons.
"""
[docs] def __init__(self, xmlData=None, xmlPath=None, validate=True):
"""
Initializes a configuration object.
If you initialize the object without passing either ``xmlData`` or
``xmlPath`` then configuration will be empty and will be invalid until it
is filled in properly.
No reference to the original XML data or original path is saved off by
this class. Once the data has been parsed (successfully or not) this
original information is discarded.
Unless the ``validate`` argument is ``False``, the :any:`LocalConfig.validate`
method will be called (with its default arguments) against configuration
after successfully parsing any passed-in XML. Keep in mind that even if
``validate`` is ``False``, it might not be possible to parse the passed-in
XML document if lower-level validations fail.
*Note:* It is strongly suggested that the ``validate`` option always be set
to ``True`` (the default) unless there is a specific need to read in
invalid configuration from disk.
Args:
xmlData (String data): XML data representing configuration
xmlPath (Absolute path to a file on disk): Path to an XML file on disk
validate (Boolean true/false): Validate the document after parsing it
Raises:
ValueError: If both ``xmlData`` and ``xmlPath`` are passed-in
ValueError: If the XML data in ``xmlData`` or ``xmlPath`` cannot be parsed
ValueError: If the parsed configuration document is not valid
"""
self._amazons3 = None
self.amazons3 = None
if xmlData is not None and xmlPath is not None:
raise ValueError("Use either xmlData or xmlPath, but not both.")
if xmlData is not None:
self._parseXmlData(xmlData)
if validate:
self.validate()
elif xmlPath is not None:
with open(xmlPath) as f:
xmlData = f.read()
self._parseXmlData(xmlData)
if validate:
self.validate()
def __repr__(self):
"""
Official string representation for class instance.
"""
return "LocalConfig(%s)" % (self.amazons3)
def __str__(self):
"""
Informal string representation for class instance.
"""
return self.__repr__()
def __eq__(self, other):
"""Equals operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) == 0
def __lt__(self, other):
"""Less-than operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) < 0
def __gt__(self, other):
"""Greater-than operator, iplemented in terms of original Python 2 compare operator."""
return self.__cmp__(other) > 0
def __cmp__(self, other):
"""
Original Python 2 comparison operator.
Lists within this class are "unordered" for equality comparisons.
Args:
other: Other object to compare to
Returns:
-1/0/1 depending on whether self is ``<``, ``=`` or ``>`` other
"""
if other is None:
return 1
if self.amazons3 != other.amazons3:
if self.amazons3 < other.amazons3:
return -1
else:
return 1
return 0
def _setAmazonS3(self, value):
"""
Property target used to set the amazons3 configuration value.
If not ``None``, the value must be a ``AmazonS3Config`` object.
Raises:
ValueError: If the value is not a ``AmazonS3Config``
"""
if value is None:
self._amazons3 = None
else:
if not isinstance(value, AmazonS3Config):
raise ValueError("Value must be a ``AmazonS3Config`` object.")
self._amazons3 = value
def _getAmazonS3(self):
"""
Property target used to get the amazons3 configuration value.
"""
return self._amazons3
amazons3 = property(_getAmazonS3, _setAmazonS3, None, "AmazonS3 configuration in terms of a ``AmazonS3Config`` object.")
[docs] def validate(self):
"""
Validates configuration represented by the object.
AmazonS3 configuration must be filled in. Within that, the s3Bucket target must be filled in
Raises:
ValueError: If one of the validations fails
"""
if self.amazons3 is None:
raise ValueError("AmazonS3 section is required.")
if self.amazons3.s3Bucket is None:
raise ValueError("AmazonS3 s3Bucket must be set.")
[docs] def addConfig(self, xmlDom, parentNode):
"""
Adds an <amazons3> configuration section as the next child of a parent.
Third parties should use this function to write configuration related to
this extension.
We add the following fields to the document::
warnMidnite //cb_config/amazons3/warn_midnite
s3Bucket //cb_config/amazons3/s3_bucket
encryptCommand //cb_config/amazons3/encrypt
fullBackupSizeLimit //cb_config/amazons3/full_size_limit
incrementalBackupSizeLimit //cb_config/amazons3/incr_size_limit
Args:
xmlDom: DOM tree as from ``impl.createDocument()``
parentNode: Parent that the section should be appended to
"""
if self.amazons3 is not None:
sectionNode = addContainerNode(xmlDom, parentNode, "amazons3")
addBooleanNode(xmlDom, sectionNode, "warn_midnite", self.amazons3.warnMidnite)
addStringNode(xmlDom, sectionNode, "s3_bucket", self.amazons3.s3Bucket)
addStringNode(xmlDom, sectionNode, "encrypt", self.amazons3.encryptCommand)
addByteQuantityNode(xmlDom, sectionNode, "full_size_limit", self.amazons3.fullBackupSizeLimit)
addByteQuantityNode(xmlDom, sectionNode, "incr_size_limit", self.amazons3.incrementalBackupSizeLimit)
def _parseXmlData(self, xmlData):
"""
Internal method to parse an XML string into the object.
This method parses the XML document into a DOM tree (``xmlDom``) and then
calls a static method to parse the amazons3 configuration section.
Args:
xmlData (String data): XML data to be parsed
Raises:
ValueError: If the XML cannot be successfully parsed
"""
(xmlDom, parentNode) = createInputDom(xmlData)
self._amazons3 = LocalConfig._parseAmazonS3(parentNode)
@staticmethod
def _parseAmazonS3(parent):
"""
Parses an amazons3 configuration section.
We read the following individual fields::
warnMidnite //cb_config/amazons3/warn_midnite
s3Bucket //cb_config/amazons3/s3_bucket
encryptCommand //cb_config/amazons3/encrypt
fullBackupSizeLimit //cb_config/amazons3/full_size_limit
incrementalBackupSizeLimit //cb_config/amazons3/incr_size_limit
Args:
parent: Parent node to search beneath
Returns:
``AmazonS3Config`` object or ``None`` if the section does not exist
Raises:
ValueError: If some filled-in value is invalid
"""
amazons3 = None
section = readFirstChild(parent, "amazons3")
if section is not None:
amazons3 = AmazonS3Config()
amazons3.warnMidnite = readBoolean(section, "warn_midnite")
amazons3.s3Bucket = readString(section, "s3_bucket")
amazons3.encryptCommand = readString(section, "encrypt")
amazons3.fullBackupSizeLimit = readByteQuantity(section, "full_size_limit")
amazons3.incrementalBackupSizeLimit = readByteQuantity(section, "incr_size_limit")
return amazons3
########################################################################
# Public functions
########################################################################
###########################
# executeAction() function
###########################
[docs]def executeAction(configPath, options, config):
"""
Executes the amazons3 backup action.
Args:
configPath (String representing a path on disk): Path to configuration file on disk
options (Options object): Program command-line options
config (Config object): Program configuration
Raises:
ValueError: Under many generic error conditions
IOError: If there are I/O problems reading or writing files
"""
logger.debug("Executing amazons3 extended action.")
if not isRunningAsRoot():
logger.error("Error: the amazons3 extended action must be run as root.")
raise ValueError("The amazons3 extended action must be run as root.")
if sys.platform == "win32":
logger.error("Error: the amazons3 extended action is not supported on Windows.")
raise ValueError("The amazons3 extended action is not supported on Windows.")
if config.options is None or config.stage is None:
raise ValueError("Cedar Backup configuration is not properly filled in.")
local = LocalConfig(xmlPath=configPath)
stagingDirs = _findCorrectDailyDir(options, config, local)
_applySizeLimits(options, config, local, stagingDirs)
_writeToAmazonS3(config, local, stagingDirs)
_writeStoreIndicator(config, stagingDirs)
logger.info("Executed the amazons3 extended action successfully.")
########################################################################
# Private utility functions
########################################################################
#########################
# _findCorrectDailyDir()
#########################
def _findCorrectDailyDir(options, config, local):
"""
Finds the correct daily staging directory to be written to Amazon S3.
This is substantially similar to the same function in store.py. The
main difference is that it doesn't rely on store configuration at all.
Args:
options: Options object
config: Config object
local: Local config object
Returns:
Correct staging dir, as a dict mapping directory to date suffix
Raises:
IOError: If the staging directory cannot be found
"""
oneDay = datetime.timedelta(days=1)
today = datetime.date.today()
yesterday = today - oneDay
tomorrow = today + oneDay
todayDate = today.strftime(DIR_TIME_FORMAT)
yesterdayDate = yesterday.strftime(DIR_TIME_FORMAT)
tomorrowDate = tomorrow.strftime(DIR_TIME_FORMAT)
todayPath = os.path.join(config.stage.targetDir, todayDate)
yesterdayPath = os.path.join(config.stage.targetDir, yesterdayDate)
tomorrowPath = os.path.join(config.stage.targetDir, tomorrowDate)
todayStageInd = os.path.join(todayPath, STAGE_INDICATOR)
yesterdayStageInd = os.path.join(yesterdayPath, STAGE_INDICATOR)
tomorrowStageInd = os.path.join(tomorrowPath, STAGE_INDICATOR)
todayStoreInd = os.path.join(todayPath, STORE_INDICATOR)
yesterdayStoreInd = os.path.join(yesterdayPath, STORE_INDICATOR)
tomorrowStoreInd = os.path.join(tomorrowPath, STORE_INDICATOR)
if options.full:
if os.path.isdir(todayPath) and os.path.exists(todayStageInd):
logger.info("Amazon S3 process will use current day's staging directory [%s]", todayPath)
return { todayPath:todayDate }
raise IOError("Unable to find staging directory to process (only tried today due to full option).")
else:
if os.path.isdir(todayPath) and os.path.exists(todayStageInd) and not os.path.exists(todayStoreInd):
logger.info("Amazon S3 process will use current day's staging directory [%s]", todayPath)
return { todayPath:todayDate }
elif os.path.isdir(yesterdayPath) and os.path.exists(yesterdayStageInd) and not os.path.exists(yesterdayStoreInd):
logger.info("Amazon S3 process will use previous day's staging directory [%s]", yesterdayPath)
if local.amazons3.warnMidnite:
logger.warning("Warning: Amazon S3 process crossed midnite boundary to find data.")
return { yesterdayPath:yesterdayDate }
elif os.path.isdir(tomorrowPath) and os.path.exists(tomorrowStageInd) and not os.path.exists(tomorrowStoreInd):
logger.info("Amazon S3 process will use next day's staging directory [%s]", tomorrowPath)
if local.amazons3.warnMidnite:
logger.warning("Warning: Amazon S3 process crossed midnite boundary to find data.")
return { tomorrowPath:tomorrowDate }
raise IOError("Unable to find unused staging directory to process (tried today, yesterday, tomorrow).")
##############################
# _applySizeLimits() function
##############################
def _applySizeLimits(options, config, local, stagingDirs):
"""
Apply size limits, throwing an exception if any limits are exceeded.
Size limits are optional. If a limit is set to None, it does not apply.
The full size limit applies if the full option is set or if today is the
start of the week. The incremental size limit applies otherwise. Limits
are applied to the total size of all the relevant staging directories.
Args:
options: Options object
config: Config object
local: Local config object
stagingDirs: Dictionary mapping directory path to date suffix
Raises:
ValueError: Under many generic error conditions
ValueError: If a size limit has been exceeded
"""
if options.full or isStartOfWeek(config.options.startingDay):
logger.debug("Using Amazon S3 size limit for full backups.")
limit = local.amazons3.fullBackupSizeLimit
else:
logger.debug("Using Amazon S3 size limit for incremental backups.")
limit = local.amazons3.incrementalBackupSizeLimit
if limit is None:
logger.debug("No Amazon S3 size limit will be applied.")
else:
logger.debug("Amazon S3 size limit is: %s", limit)
contents = BackupFileList()
for stagingDir in stagingDirs:
contents.addDirContents(stagingDir)
total = contents.totalSize()
logger.debug("Amazon S3 backup size is: %s", displayBytes(total))
if total > limit:
logger.error("Amazon S3 size limit exceeded: %s > %s", displayBytes(total), limit)
raise ValueError("Amazon S3 size limit exceeded: %s > %s" % (displayBytes(total), limit))
else:
logger.info("Total size does not exceed Amazon S3 size limit, so backup can continue.")
##############################
# _writeToAmazonS3() function
##############################
def _writeToAmazonS3(config, local, stagingDirs):
"""
Writes the indicated staging directories to an Amazon S3 bucket.
Each of the staging directories listed in ``stagingDirs`` will be written to
the configured Amazon S3 bucket from local configuration. The directories
will be placed into the image at the root by date, so staging directory
``/opt/stage/2005/02/10`` will be placed into the S3 bucket at ``/2005/02/10``.
If an encrypt commmand is provided, the files will be encrypted first.
Args:
config: Config object
local: Local config object
stagingDirs: Dictionary mapping directory path to date suffix
Raises:
ValueError: Under many generic error conditions
IOError: If there is a problem writing to Amazon S3
"""
for stagingDir in list(stagingDirs.keys()):
logger.debug("Storing stage directory to Amazon S3 [%s].", stagingDir)
dateSuffix = stagingDirs[stagingDir]
s3BucketUrl = "s3://%s/%s" % (local.amazons3.s3Bucket, dateSuffix)
logger.debug("S3 bucket URL is [%s]", s3BucketUrl)
_clearExistingBackup(config, s3BucketUrl)
if local.amazons3.encryptCommand is None:
logger.debug("Encryption is disabled; files will be uploaded in cleartext.")
_uploadStagingDir(config, stagingDir, s3BucketUrl)
_verifyUpload(config, stagingDir, s3BucketUrl)
else:
logger.debug("Encryption is enabled; files will be uploaded after being encrypted.")
encryptedDir = tempfile.mkdtemp(dir=config.options.workingDir)
changeOwnership(encryptedDir, config.options.backupUser, config.options.backupGroup)
try:
_encryptStagingDir(config, local, stagingDir, encryptedDir)
_uploadStagingDir(config, encryptedDir, s3BucketUrl)
_verifyUpload(config, encryptedDir, s3BucketUrl)
finally:
if os.path.exists(encryptedDir):
shutil.rmtree(encryptedDir)
##################################
# _writeStoreIndicator() function
##################################
def _writeStoreIndicator(config, stagingDirs):
"""
Writes a store indicator file into staging directories.
Args:
config: Config object
stagingDirs: Dictionary mapping directory path to date suffix
"""
for stagingDir in list(stagingDirs.keys()):
writeIndicatorFile(stagingDir, STORE_INDICATOR,
config.options.backupUser,
config.options.backupGroup)
##################################
# _clearExistingBackup() function
##################################
def _clearExistingBackup(config, s3BucketUrl):
"""
Clear any existing backup files for an S3 bucket URL.
Args:
config: Config object
s3BucketUrl: S3 bucket URL associated with the staging directory
"""
suCommand = resolveCommand(SU_COMMAND)
awsCommand = resolveCommand(AWS_COMMAND)
actualCommand = "%s s3 rm --recursive %s/" % (awsCommand[0], s3BucketUrl)
result = executeCommand(suCommand, [config.options.backupUser, "-c", actualCommand])[0]
if result != 0:
raise IOError("Error [%d] calling AWS CLI to clear existing backup for [%s]." % (result, s3BucketUrl))
logger.debug("Completed clearing any existing backup in S3 for [%s]", s3BucketUrl)
###############################
# _uploadStagingDir() function
###############################
def _uploadStagingDir(config, stagingDir, s3BucketUrl):
"""
Upload the contents of a staging directory out to the Amazon S3 cloud.
Args:
config: Config object
stagingDir: Staging directory to upload
s3BucketUrl: S3 bucket URL associated with the staging directory
"""
# The version of awscli in Debian stretch (1.11.13-1) has a problem
# uploading empty files, due to running with Python 3 rather than Python 2
# as the upstream maintainers intended. To work around this, I'm explicitly
# excluding files like cback.stage, cback.collect, etc. which should be the
# only empty files we ever try to copy. See: https://github.com/aws/aws-cli/issues/2403
suCommand = resolveCommand(SU_COMMAND)
awsCommand = resolveCommand(AWS_COMMAND)
actualCommand = "%s s3 cp --recursive --exclude \"*cback.*\" %s/ %s/" % (awsCommand[0], stagingDir, s3BucketUrl)
result = executeCommand(suCommand, [config.options.backupUser, "-c", actualCommand])[0]
if result != 0:
raise IOError("Error [%d] calling AWS CLI to upload staging directory to [%s]." % (result, s3BucketUrl))
logger.debug("Completed uploading staging dir [%s] to [%s]", stagingDir, s3BucketUrl)
###########################
# _verifyUpload() function
###########################
def _verifyUpload(config, stagingDir, s3BucketUrl):
"""
Verify that a staging directory was properly uploaded to the Amazon S3 cloud.
Args:
config: Config object
stagingDir: Staging directory to verify
s3BucketUrl: S3 bucket URL associated with the staging directory
"""
(bucket, prefix) = s3BucketUrl.replace("s3://", "").split("/", 1)
suCommand = resolveCommand(SU_COMMAND)
awsCommand = resolveCommand(AWS_COMMAND)
query = "Contents[].{Key: Key, Size: Size}"
actualCommand = "%s s3api list-objects --bucket %s --prefix %s --query '%s'" % (awsCommand[0], bucket, prefix, query)
(result, data) = executeCommand(suCommand, [config.options.backupUser, "-c", actualCommand], returnOutput=True)
if result != 0:
raise IOError("Error [%d] calling AWS CLI verify upload to [%s]." % (result, s3BucketUrl))
contents = { }
for entry in json.loads("".join(data)):
key = entry["Key"].replace(prefix, "")
size = int(entry["Size"])
contents[key] = size
files = FilesystemList()
files.excludeBasenamePatterns = [ r"cback\..*", ] # because these are excluded from the upload
files.addDirContents(stagingDir)
for entry in files:
if os.path.isfile(entry):
key = entry.replace(stagingDir, "")
size = int(os.stat(entry).st_size)
if not key in contents:
raise IOError("File was apparently not uploaded: [%s]" % entry)
else:
if size != contents[key]:
raise IOError("File size differs [%s], expected %s bytes but got %s bytes" % (entry, size, contents[key]))
logger.debug("Completed verifying upload from [%s] to [%s].", stagingDir, s3BucketUrl)
################################
# _encryptStagingDir() function
################################
def _encryptStagingDir(config, local, stagingDir, encryptedDir):
"""
Encrypt a staging directory, creating a new directory in the process.
Args:
config: Config object
stagingDir: Staging directory to use as source
encryptedDir: Target directory into which encrypted files should be written
"""
suCommand = resolveCommand(SU_COMMAND)
files = FilesystemList()
files.addDirContents(stagingDir)
for cleartext in files:
if os.path.isfile(cleartext):
encrypted = "%s%s" % (encryptedDir, cleartext.replace(stagingDir, ""))
if int(os.stat(cleartext).st_size) == 0:
with open(encrypted, 'a') as f:
f.close() # don't bother encrypting empty files
else:
actualCommand = local.amazons3.encryptCommand.replace("${input}", cleartext).replace("${output}", encrypted)
subdir = os.path.dirname(encrypted)
if not os.path.isdir(subdir):
os.makedirs(subdir)
changeOwnership(subdir, config.options.backupUser, config.options.backupGroup)
result = executeCommand(suCommand, [config.options.backupUser, "-c", actualCommand])[0]
if result != 0:
raise IOError("Error [%d] encrypting [%s]." % (result, cleartext))
logger.debug("Completed encrypting staging directory [%s] into [%s]", stagingDir, encryptedDir)