#!/usr/bin/env bash
#  vim:ts=4:sts=4:sw=4:et
#
#  Author: Hari Sekhon
#  Date: 2020-08-27 10:35:08 +0100 (Thu, 27 Aug 2020)
#
#  https://github.com/HariSekhon/DevOps-Bash-tools
#
#  License: see accompanying Hari Sekhon LICENSE file
#
#  If you're using my code you're welcome to connect with me on LinkedIn and optionally send me feedback to help steer this or other code I publish
#
#  https://www.linkedin.com/in/HariSekhon
#

set -euo pipefail
[ -n "${DEBUG:-}" ] && set -x
srcdir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"

# shellcheck disable=SC1090
. "$srcdir/lib/utils.sh"

# shellcheck disable=SC2034,SC2154
usage_description="
Backs up Kubernetes Etcd database on a kubeadm cluster to etcd-kubernetes-backup-DATETIMESTAMP.tar.gz, containing the Etcd database snapshot and PKI certs

Requires 'etcdctl' to be in \$PATH

When restoring, you must restore all nodes because the restore will override the cluster id and member id so the nodes won't communicate on partial nodes restore. Restores of lost nodes require new node has the same IP address

Tested on Etcd v3
"

# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args=""

help_usage "$@"

#min_args 1 "$@"

backup_timestamp="$(date '+%F_%H%M')"

backup_dir="etcd-snapshot-$backup_timestamp.db"
backup_tar="etcd-kubernetes-backup-$backup_timestamp.tar.gz"

export ETCDCTL_API=3

timestamp "backing up Etcd database to directory $backup_dir"
# should be root
etcdctl snapshot save "$backup_dir" \
                      --cacert /etc/kubernetes/pki/etcd/server.crt \
                      --cert   /etc/kubernetes/pki/etcd/ca.crt \
                      --key    /etc/kubernetes/pki/etcd/ca.key
echo >&2
timestamp "checking Etcd backup"
etcdctl --write-out table snapshot status "$backup_dir"

echo >&2
timestamp "tar'ing Etcd backup and /etc/kubernetes/pki/etc certs"
tar cvzf "$backup_tar" "$backup_dir" /etc/kubernetes/pki/etc