🇬🇧 Backup for Trellis
Trellis itself doesn’t have backup functionality embedded. This needs to be added to the project. Luckily there is an Ansible role which makes this process tremendously easier 🤓.
Documentation
Configuring the trellis-backup-role
Adding the role
- Open
/trellis/requirements.yml - Add the following code:
- name: trellis-backup src: guilro.trellis-backup version: 2.1.4
- name: lafranceinsoumise.backup version: 3.9.0- Install new roles with:
ansible-galaxy install -r requirements.yml- Add the role to the
server.yml
roles: ... - { role: trellis-backup, tags: [backup] }Prepare Amazon S3 bucket
The backup files will be uploaded to Amazon S3 bucket.
Create bucket in Amazon S3
- Go to Amazon AWS Web Console: https://console.aws.amazon.com/console/home
- Login
- Go to Amazon S3: https://s3.console.aws.amazon.com/s3/home
- Create a new bucket
5 Use these details:
- Bucket name: lemone-backups-domain.com
- Region: Frankfurt
- Defaults for other steps (hit Next)
- Go to Amazon IAM: https://console.aws.amazon.com/iam/home
- Go to Users → Add user
- Use these details:
- User name: lemone-domain
- Access type: Programmatic access
- Attach existing policies directly → Create policy (opens new window)
- Create policy with:
- JSON:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:ListBucketMultipartUploads", "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": "arn:aws:s3:::lemone-backups-domain.com" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::lemone-backups-domain.com/*" } ]}- Review policy:
- Name: domain-backup-bucket
- Save with: Create policy
- Go back to previous ‘Add user’ window
- Attach existing policies directly
- Click the ‘refresh’ icon
- Search for backup-bucket
- Select the newly created policy
- Next
- Create user
- Download .csv file or copy the Access key ID and Secret access key directly into a new 1Password entry
- Done!
Test your connection
Using Transmit (or another S3 app) connect to the bucket and verify read and write access. Make sure to enter the ‘remote path’ as well, since listing all buckets is not allowed.
Add credentials to group_vars/production/vault.yml
domainname.com: env: backup_target_user: 'user' backup_target_pass: 'pass'Use the ‘Access key ID’ and the ‘Secret access key’ as user/pass combo.
Configuring the role
- Add configuration to
group_vars/production/wordpress_sites.yml
... backup: enabled: true auto: true target: s3://s3-eu-central-1.amazonaws.com/lemone-backups-domainname.com # any location supported by duplicity schedule: '0 4 * * *' # cron time of backups (change this value) purge: false # switch to true to enable automatic purging of old backups params: - 'export S3_USE_SIGV4="True"'Installing backup on remote server
Two of the roles need to be applied to the production server.
- The wordpress_sites need to be updated
- The backup role needs to be installed
From the /trellis folder run this command:
ansible-playbook server.yml -e env=production --tags=wordpress,backupTroubleshooting
Duply: “source mismatch”
When using the backup role to migrate data back and forth between different servers, the backup script will return a ‘Source mismatch’ error. This is a security measure in duply which prevents accidental overwriting of backups from different servers. This can be fixed by adding another parameter to the configuration in wordpress_sites.yml:
params: - 'DUPL_PARAMS="$DUPL_PARAMS --allow-source-mismatch "' # Allow backup and restore between different servers