add error if periodic backup sync is enabled without passphrase

opencrvs · Feb 9, 2024 · 887e506 · 887e506
1 parent 30292b2
commit 887e506
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/infrastructure/server-setup/tasks/backups/crontab.yml b/infrastructure/server-setup/tasks/backups/crontab.yml
@@ -7,14 +7,20 @@
  job: 'cd / && bash /opt/opencrvs/infrastructure/backups/backup.sh --passphrase={{ backup_encryption_passphrase }} --ssh_user={{ external_backup_server_user }} --ssh_host={{ external_backup_server_ip }} --ssh_port={{ external_backup_server_ssh_port }} --production_ip={{ manager_production_server_ip }} --remote_dir={{ external_backup_server_remote_directory }} --replicas=1 >> /var/log/opencrvs-backup.log 2>&1'
  state: "{{ 'present' if (external_backup_server_ip is defined and backup_encryption_passphrase and enable_backups) else 'absent' }}"
 
+##
+# For machines that periodically restore from backup (staging)
+##
+
 - name: Set default value for periodic_restore_from_backup
  set_fact:
  periodic_restore_from_backup: false
  when: periodic_restore_from_backup is not defined
 
-##
-# For machines that periodically restore from backup (staging)
-##
+- name: Throw an error if periodic_restore_from_backup is true but restore_backup_encryption_passphrase is not defined
+ fail:
+ msg: 'Error: restore_backup_encryption_passphrase is not defined. It usually means you haven't set RESTORE_BACKUP_ENCRYPTION_PASSPHRASE in your staging environments secrets'
+ when: periodic_restore_from_backup and restore_backup_encryption_passphrase is not defined
+
 - name: 'Setup crontab to download a backup periodically the opencrvs data'
  cron:
  user: '{{ crontab_user }}'