Skip to content

Commit 65aefcf

Browse files
rgloverrglover
committed
fix automated backup script passing incorrect variables
and flags to mongodb cli commands
1 parent 04d17a5 commit 65aefcf

File tree

1 file changed

+30
-10
lines changed

1 file changed

+30
-10
lines changed

bootstrap.sh

Lines changed: 30 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -201,11 +201,24 @@ log() {
201201
202202
log "Starting MongoDB backup process"
203203
204+
# Load configuration values from config.json
205+
CONFIG_FILE="./config.json"
206+
if [ ! -f "\$CONFIG_FILE" ]; then
207+
log "❌ ERROR: Missing config.json! Exiting."
208+
exit 1
209+
fi
210+
211+
DB_USERNAME=\$(jq -r '.db_username' "\$CONFIG_FILE")
212+
DB_PASSWORD=\$(jq -r '.db_password' "\$CONFIG_FILE")
213+
AWS_BUCKET=\$(jq -r '.aws_bucket' "\$CONFIG_FILE")
214+
AWS_REGION=\$(jq -r '.aws_region' "\$CONFIG_FILE")
215+
MONGO_PORT=\$(jq -r '.mongo_port' "\$CONFIG_FILE")
216+
204217
TIMESTAMP=\$(date +%F-%H-%M)
205218
BACKUP_PATH="/tmp/mongo-backup-\$TIMESTAMP.gz"
206219
207220
# Get domain name from config.json if available
208-
DOMAIN_CONFIG=\$(jq -r '.domain_name' "$CONFIG_FILE")
221+
DOMAIN_CONFIG=\$(jq -r '.domain_name' "\$CONFIG_FILE")
209222
if [ -n "\$DOMAIN_CONFIG" ] && [ "\$DOMAIN_CONFIG" != "null" ] && [ "\$DOMAIN_CONFIG" != "your.domain.com" ]; then
210223
HOSTNAME="\$DOMAIN_CONFIG"
211224
log "Using domain name from config.json: \$HOSTNAME"
@@ -225,28 +238,35 @@ CERT_FILE="/etc/ssl/mongodb/certificate.pem"
225238
CA_FILE="/etc/ssl/mongodb/certificate_authority.pem"
226239
TLS_ENABLED=false
227240
TLS_ARG=""
241+
MONGOSH_TLS_ARG=""
228242
229-
if [ -f "$CERT_FILE" ] && grep -q "tls:" /etc/mongod.conf && grep -q "mode: requireTLS" /etc/mongod.conf; then
243+
if [ -f "\$CERT_FILE" ] && grep -q "tls:" /etc/mongod.conf && grep -q "mode: requireTLS" /etc/mongod.conf; then
230244
log "MongoDB TLS is enabled with private CA certificates. Using TLS connection for backup..."
231245
TLS_ENABLED=true
232-
TLS_ARG="--ssl"
246+
# For mongodump, use --ssl flags
247+
TLS_ARG="--ssl --sslCAFile \$CA_FILE --sslPEMKeyFile /etc/ssl/mongodb/client.pem"
248+
# For mongosh, use --tls flags
249+
MONGOSH_TLS_ARG="--tls --tlsCAFile \$CA_FILE --tlsCertificateKeyFile /etc/ssl/mongodb/client.pem"
250+
log "NOTE: Client certificates are required for connections."
251+
log " Ensure the client certificate exists at /etc/ssl/mongodb/client.pem"
233252
elif grep -q "ssl:" /etc/mongod.conf && grep -q "mode: requireSSL" /etc/mongod.conf; then
234253
log "MongoDB SSL is enabled (legacy configuration). Using SSL connection for backup..."
235254
TLS_ENABLED=true
236255
TLS_ARG="--ssl"
256+
MONGOSH_TLS_ARG="--tls"
237257
else
238258
log "MongoDB TLS is not enabled. Using standard connection for backup..."
239259
fi
240260
241-
# Check if MongoDB is responsive
242-
if ! mongosh --host \$HOSTNAME --port $MONGO_PORT \$TLS_ARG -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" &>/dev/null; then
261+
# Check if MongoDB is responsive - use mongosh with --tls flags
262+
if ! mongosh --host \$HOSTNAME --port \$MONGO_PORT \$MONGOSH_TLS_ARG -u \$DB_USERNAME -p \$DB_PASSWORD --authenticationDatabase admin --eval "db.adminCommand('ping')" &>/dev/null; then
243263
log "❌ ERROR: MongoDB is not responsive. Backup aborted."
244264
exit 1
245265
fi
246266
247-
# Create backup
267+
# Create backup - use mongodump with --ssl flags
248268
log "Creating backup at \$BACKUP_PATH"
249-
if mongodump --host \$HOSTNAME --port $MONGO_PORT \$TLS_ARG -u $DB_USERNAME -p $DB_PASSWORD --authenticationDatabase admin --archive=\$BACKUP_PATH --gzip; then
269+
if mongodump --host \$HOSTNAME --port \$MONGO_PORT \$TLS_ARG -u \$DB_USERNAME -p \$DB_PASSWORD --authenticationDatabase admin --archive=\$BACKUP_PATH --gzip; then
250270
log "✅ Backup created successfully"
251271
252272
# Check if backup file exists and has a size greater than 0
@@ -255,7 +275,7 @@ if mongodump --host \$HOSTNAME --port $MONGO_PORT \$TLS_ARG -u $DB_USERNAME -p $
255275
256276
# Upload to S3
257277
log "Uploading backup to S3..."
258-
if aws s3 cp \$BACKUP_PATH s3://$AWS_BUCKET/\$HOSTNAME/\$TIMESTAMP.gz --region $AWS_REGION; then
278+
if aws s3 cp \$BACKUP_PATH s3://\$AWS_BUCKET/\$HOSTNAME/\$TIMESTAMP.gz --region \$AWS_REGION; then
259279
log "✅ Backup uploaded to S3 successfully"
260280
261281
# Clean up local backup
@@ -264,7 +284,7 @@ if mongodump --host \$HOSTNAME --port $MONGO_PORT \$TLS_ARG -u $DB_USERNAME -p $
264284
265285
# Manage retention (keep only the 10 most recent backups)
266286
log "Managing backup retention..."
267-
BACKUPS=\$(aws s3 ls s3://$AWS_BUCKET/\$HOSTNAME/ --region $AWS_REGION | awk '{print \$4}' | sort)
287+
BACKUPS=\$(aws s3 ls s3://\$AWS_BUCKET/\$HOSTNAME/ --region \$AWS_REGION | awk '{print \$4}' | sort)
268288
BACKUP_COUNT=\$(echo "\$BACKUPS" | wc -l)
269289
270290
if [ \$BACKUP_COUNT -gt 10 ]; then
@@ -273,7 +293,7 @@ if mongodump --host \$HOSTNAME --port $MONGO_PORT \$TLS_ARG -u $DB_USERNAME -p $
273293
274294
log "Keeping 10 most recent backups, deleting \$DELETE_COUNT older backups"
275295
for FILE in \$OLD_BACKUPS; do
276-
if aws s3 rm s3://$AWS_BUCKET/\$HOSTNAME/\$FILE --region $AWS_REGION; then
296+
if aws s3 rm s3://\$AWS_BUCKET/\$HOSTNAME/\$FILE --region \$AWS_REGION; then
277297
log "Deleted old backup: \$FILE"
278298
else
279299
log "Failed to delete old backup: \$FILE"

0 commit comments

Comments
 (0)