This formula installs the Backblaze B2 CLI utility, backup scripts, and crontab entries.
Links to b2 documentation:
https://b2-command-line-tool.readthedocs.io/en/master/
To get this running in an existing *-infrastructure environment...
A region must be set for awscli in order for aws ssm get-parameter commands to succeed. We can set it via the awscli configuration file in ~/.aws/config using the [default] profile, or set it at runtime via the AWS_DEFAULT_REGION environment variable. During this testing period we're exporting the AWS_DEFAULT_REGION variable as part of the crontab expression.
The following must be added to the BuildKite pipeline for the plan and apply build steps:
Example:
plugins:
- seek-oss/aws-sm#v2.0.0:
env:
B2_APPLICATION_KEY_ID:
secret-id: "bk_backblaze"
json-key: .B2_APPLICATION_KEY_ID
B2_APPLICATION_KEY:
secret-id: "bk_backblaze"
json-key: .B2_APPLICATION_KEY
- docker#v3.5.0:
image: &tf-version hashicorp/terraform:0.13.3
entrypoint: /bin/sh
environment:
- "B2_APPLICATION_KEY_ID"
- "B2_APPLICATION_KEY"
- Add a
backblaze.tfto theterraformsubdirectory to create the B2 bucket and B2 application key:
Example:
resource "b2_bucket" "backups" {
bucket_name = "f1-${var.aws_account_id}-${var.client}"
bucket_type = "allPrivate"
# Server-side encryption is good for you
default_server_side_encryption {
mode = "SSE-B2"
}
}
resource "b2_application_key" "backup_key" {
# Use the same bucket name for this key
key_name = b2_bucket.backups.bucket_name
# Limit the application key to this bucket
bucket_id = b2_bucket.backups.bucket_id
# Only offer these capabilities:
capabilities = [
# Needed for the 'b2 authorize-account' command
"listBuckets",
# Needed for 'b2 sync' and 'b2 upload-file'
"listFiles",
"readFiles",
"writeFiles",
]
}
resource "aws_ssm_parameter" "b2_bucket_name" {
name = "/forumone/${var.project}/backblaze/bucket-name"
description = "The friendly name of the Backblaze B2 backup bucket"
type = "String"
value = b2_bucket.backups.bucket_name
tags = local.common_tags
}
resource "aws_ssm_parameter" "b2_key" {
name = "/forumone/${var.project}/backblaze/application-key"
description = "Application access keys for the Backblaze B2 backup bucket"
type = "SecureString"
value = jsonencode({
B2_APPLICATION_KEY_ID = b2_application_key.backup_key.application_key_id
B2_APPLICATION_KEY = b2_application_key.backup_key.application_key
})
tags = local.common_tags
}
- Edit
providers.tfand add the Backblaze B2 provider:
Example:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.0"
}
random = {
source = "hashicorp/random"
version = "~> 3.0"
}
okta = {
source = "okta/okta"
version = "~> 3.10"
}
b2 = {
source = "Backblaze/b2"
version = "0.8.0"
}
}
required_version = ">= 0.13.3"
}
provider "aws" {
region = "us-east-2"
assume_role {
role_arn = "arn:aws:iam::717166192878:role/BuildkiteTerraformRole"
}
}
provider "aws" {
alias = "infrastructure"
region = "us-east-2"
}
provider "okta" {}
provider "b2" {}
This formula supports 2 configurable values in pillar data that modify arguments passed to the b2 sync commands:
-
keep_days: Specifying--keepDayswill delete any older versions more than the given number of days old, based on the modification time of the file. This option is not available when the destination is a local folder. Not specifying a value in the pillar will make it default to1. -
threads: The number of threads for syncing, downloading, and uploading. Not specifying a value in the pillar will make it default to4.
Example Pillar Configuration:
b2:
keep_days: 90
threads: 10