Puppet Plan: complyadm::restore

Defined in:
plans/restore.pp

Summary

Restore Security Compliance Management from a backup created by complyadm::backup.

Overview

Use this plan to restore Security Compliance Management from a backup you created with complyadm::backup. To use this plan you need to install a fresh Security Compliance Management installation that matches the version of the backup. The database and docker volumes are restored from your backup ZIP archive to the fresh installation. You can see a list of the Security Compliance Management backups using complyadm::list_backups.

Parameters:

  • backup (String[1])

    The name of the backup created by complyadm::backup. For example “comply-backup-2023-04-05-01-01-01-01.zip”



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
 
# File 'plans/restore.pp', line 10

plan complyadm::restore(
  String[1] $backup,
) {
  run_plan('complyadm::check_bolt_version')

  $config = complyadm::config()
  $target = $config['roles']['backend']['targets'][0]
  $runtime = $config['runtime']

  without_default_logging() || {
    $preflight_results = run_plan(
      'complyadm::restore::preflight',
      'config' => $config,
      'backup' => $backup,
    )

    if($preflight_results != '') {
      fail_plan($preflight_results)
    }
  }

  # stop the services
  apply_prep($target, { '_run_as' => 'root' })
  $stop_apply_options = {
    '_run_as' => 'root',
    '_description' => 'Stop Comply Services',
  }

  apply($target, $stop_apply_options) {
    service { "${runtime}-comply_frontdoor":
      ensure => stopped,
    }
    service { "${runtime}-comply_gatekeeper":
      ensure => stopped,
    }
    service { "${runtime}-comply_graphql":
      ensure => stopped,
    }
    service { "${runtime}-comply_identity":
      ensure => stopped,
    }
    service { "${runtime}-comply_mtls_proxy":
      ensure => stopped,
    }
    service { "${runtime}-comply_redis":
      ensure => stopped,
    }
    service { "${runtime}-comply_scarpy":
      ensure => stopped,
    }
    service { "${runtime}-comply_ui":
      ensure => stopped,
    }
  }

  # Gather database information and run the restore task
  $db_role = $config['roles']['database']['services']['comply_postgres']
  $database_info = Complyadm::Support_bundle::Database_info.new({
      'container_name' => $db_role['container']['name'],
      'database_user'  => $db_role['admin_db_username'],
  })

  $host = $config['roles']['backend']['targets'][0]
  $restore_result = run_task(
    'complyadm::restore',
    # TODO: Currently only supports a single target
    $host,
    {
      'runtime'        => $runtime,
      'backup_dir'     => $config['backup_dir'],
      'backup_archive' => $backup,
      'database_info'  => $database_info,
      'database_image' => $config['images']['comply_postgres'],
      'assessor_image' => $config['images']['comply_scarpy_assessor_init'],
      '_run_as'        => 'root',
      '_catch_errors'  => true,
    }
  )

  if($restore_result[0].ok) {
    $restore_result[0].value['warnings'].each |$warning| {
      out::message($warning)
    }
    out::message($restore_result[0].value['message'])
  } else {
    $error_message = @("ERROR")
      Restore failed:
        ${restore_result[0].value['message']}
        ${restore_result[0].value['error']}
      Check the bolt-debug.log for additional details.
      | ERROR
    fail_plan($error_message)
  }

  # Restart the services
  apply_prep($target, { '_run_as' => 'root' })
  $start_apply_options = {
    '_run_as' => 'root',
    '_description' => 'Start Comply Services',
  }

  apply($target, $start_apply_options) {
    service { "${runtime}-comply_frontdoor":
      ensure => running,
    }
    service { "${runtime}-comply_gatekeeper":
      ensure => running,
    }
    service { "${runtime}-comply_graphql":
      ensure => running,
    }
    service { "${runtime}-comply_identity":
      ensure => running,
    }
    service { "${runtime}-comply_mtls_proxy":
      ensure => running,
    }
    service { "${runtime}-comply_postgres":
      ensure => running,
    }
    service { "${runtime}-comply_redis":
      ensure => running,
    }
    service { "${runtime}-comply_scarpy":
      ensure => running,
    }
    service { "${runtime}-comply_ui":
      ensure => running,
    }
  }

  out::message('Restore complete. Note that if the database passwords have been changed, you will need to run')
  out::message('bolt plan run complyadm::configure to update the passwords and allow the services to properly start.')
}