Semaphore Backup Guide
Introduction
The Semaphore backup process provides regular secure backups. In summary the playbook:
- Manages retention based on your preferences, e.g. deletes backups older than 14 days old
- Backs up and encrypts the
/netos/directory, which contains many important things, such as:- Certificates (for NGINX)
- Past NetBox plugin ZIP file downloads
- Working directories for other applications and tools
- Backups (which are excluded from the backup)
- Backs up the
/etc/nginx/directory, which contains all the site configurations for different services deployed by Semaphore, such as Semaphore itself, NetBox, Airflow, etc. - Backs up and encrypts the
semaphoreMySQL database - Optionally SFTP's the backup files to a secure remote SFTP server
The Semaphore process and MySQL database is NOT stopped during the backup.
Semaphore uses MySQL and not PostgreSQL to ensure isolation from other applications running on the server. For example, NetBox and Airflow both use PostgreSQL, and if/when those databases are restarted, we don't want to impact the management wrapper, i.e. Semaphore.
Cron Scheduling
The cron scheduler in Semaphore can be configured to backup the database at regular intervals, for example, at 02:30 every day. You can check the Dashboard page in the menu, or the task history to check the outcomes.
Note that there is a bug in Ansible Semaphore UI that causes the same task to run many times. The solution is to toggle the "Show cron format' button and use UNIX formatting like here.
Backup File Rotation
You can set the retention period for backup files stored in /netos/backups/semaphore in the Environment / variables.
Ensure you use the exact values of days or weeks, i.e. no capitals.
Remote SFTP
To enable remote SFTP, change the No value in the SFTP_ENABLED variable to Yes, and set the SFTP_HOST/USER/PASS values accordingly.
An example of the encrypted backup folder contents is as follows:
