====== Runbook: Config-Backup ======

<WRAP round info>
**Trajanje:** ~5 minut \\
**Vloga:** Sistemski administrator \\
**Pogostost:** Po vsaki spremembi, tedensko
</WRAP>

Varnostna kopija konfiguracije Gateway in certifikatov.

----

===== Potek dela =====

<mermaid>
flowchart TD
    A[Začetek] --> B[Identificiraj datoteke]
    B --> C[Ustvari arhiv]
    C --> D[Kopiraj na varnostno shrambo]
    D --> E[Preveri celovitost]
    E --> F{V redu?}
    F -->|Da| G[Dokumentiraj]
    F -->|Ne| H[Ponovno shrani]

    style G fill:#e8f5e9
    style H fill:#ffebee
</mermaid>

----

===== 1. Datoteke za varnostno kopijo =====

| Datoteka/Mapa | Opis | Kritično |
|--------------|--------------|----------|
| ''appsettings.json'' | Glavna konfiguracija | V |
| ''appsettings.Production.json'' | Produkcijska povozitev | V |
| ''certs/'' | TLS certifikati | V |
| ''data/*.db'' | SQLite podatkovne baze | V |
| ''.env'' | Okoljske spremenljivke (če obstajajo) | V |

----

===== 2. Ročna varnostna kopija =====

**Linux:**

<code bash>
#!/bin/bash
# backup-gateway.sh

GATEWAY_DIR="/opt/data-gateway"
BACKUP_DIR="/backup/gateway"
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="gateway-config-${DATE}.tar.gz"

# Ustvari arhiv
tar -czvf "${BACKUP_DIR}/${BACKUP_FILE}" \
    -C "${GATEWAY_DIR}" \
    appsettings.json \
    appsettings.Production.json \
    certs/ \
    data/

# Ustvari kontrolno vsoto
sha256sum "${BACKUP_DIR}/${BACKUP_FILE}" > "${BACKUP_DIR}/${BACKUP_FILE}.sha256"

# Izbriši stare varnostne kopije (starejše od 30 dni)
find "${BACKUP_DIR}" -name "gateway-config-*.tar.gz" -mtime +30 -delete

echo "Varnostna kopija ustvarjena: ${BACKUP_FILE}"
</code>

**Windows (PowerShell):**

<code powershell>
# backup-gateway.ps1

$GatewayDir = "%GATEWAY_ROOT%"
$BackupDir = "D:\Backup\Gateway"
$Date = Get-Date -Format "yyyyMMdd_HHmmss"
$BackupFile = "gateway-config-$Date.zip"

# Ustvari arhiv
Compress-Archive -Path @(
    "$GatewayDir\appsettings.json",
    "$GatewayDir\appsettings.Production.json",
    "$GatewayDir\certs",
    "$GatewayDir\data"
) -DestinationPath "$BackupDir\$BackupFile"

# Kontrolna vsota
Get-FileHash "$BackupDir\$BackupFile" -Algorithm SHA256 |
    Select-Object Hash |
    Out-File "$BackupDir\$BackupFile.sha256"

# Izbriši stare varnostne kopije (starejše od 30 dni)
Get-ChildItem "$BackupDir\gateway-config-*.zip" |
    Where-Object { $_.LastWriteTime -lt (Get-Date).AddDays(-30) } |
    Remove-Item

Write-Host "Varnostna kopija ustvarjena: $BackupFile"
</code>

----

===== 3. Avtomatizirana varnostna kopija =====

**Linux (Cron):**

<code bash>
# /etc/cron.d/gateway-backup
0 2 * * * root /opt/scripts/backup-gateway.sh >> /var/log/gateway-backup.log 2>&1
</code>

**Windows (Task Scheduler):**

<code powershell>
# Ustvari nalogo
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" `
    -Argument "-File %SCRIPTS_PATH%\backup-gateway.ps1"
$Trigger = New-ScheduledTaskTrigger -Daily -At 2:00AM
$Principal = New-ScheduledTaskPrincipal -UserId "SYSTEM" -RunLevel Highest

Register-ScheduledTask -TaskName "Gateway Backup" `
    -Action $Action -Trigger $Trigger -Principal $Principal
</code>

----

===== 4. Varnostna kopija na oddaljeno shrambo =====

**Rsync (Linux -> NAS):**

<code bash>
rsync -avz --delete \
    /backup/gateway/ \
    user@nas.example.com:/volume1/backups/gateway/
</code>

**AWS S3:**

<code bash>
aws s3 cp /backup/gateway/gateway-config-*.tar.gz \
    s3://my-backups/gateway/ \
    --storage-class STANDARD_IA
</code>

**Azure Blob:**

<code bash>
az storage blob upload \
    --account-name mybackups \
    --container-name gateway \
    --file /backup/gateway/gateway-config-*.tar.gz \
    --name gateway-config-$(date +%Y%m%d).tar.gz
</code>

----

===== 5. Obnovitev =====

<code bash>
# Linux
cd /opt/data-gateway
tar -xzvf /backup/gateway/gateway-config-20241215.tar.gz

# Obnovi dovoljenja
chown -R datagateway:datagateway /opt/data-gateway
chmod 600 /opt/data-gateway/certs/*

# Ponovno zaženi Gateway
sudo systemctl restart data-gateway
</code>

<code powershell>
# Windows
Expand-Archive -Path "D:\Backup\Gateway\gateway-config-20241215.zip" `
    -DestinationPath "%GATEWAY_ROOT%" -Force

Restart-Service -Name "DataGateway"
</code>

----

===== 6. Kontrolni seznam =====

| # | Točka preverjanja | V |
|---|-----------|---|
| 1 | appsettings.json shranjen | |
| 2 | Certifikati shranjeni | |
| 3 | SQLite baze shranjene | |
| 4 | Kontrolna vsota ustvarjena | |
| 5 | Kopirano na oddaljeno shrambo | |
| 6 | Obnovitev testirana | |

----

===== Odpravljanje težav =====

| Težava | Vzrok | Rešitev |
|---------|---------|--------|
| ''Permission denied'' | Manjkajoče pravice | Izvedi kot root/Admin |
| ''No space left'' | Shramba polna | Izbriši stare varnostne kopije |
| ''Checksum mismatch'' | Pokvarjen arhiv | Ponovno shrani |
| Obnovitev neuspešna | Napačna dovoljenja | Izvedi chown/chmod |

----

===== Najboljše prakse =====

<WRAP round important>
**Pravilo 3-2-1 za varnostne kopije:**
  * **3** kopije podatkov
  * **2** različna medija (lokalno + oblak)
  * **1** kopija izven lokacije
</WRAP>

----

===== Povezani Runbooks =====

  * [[.:dsn-export|DSN-Export]] - Varnostna kopija DSN definicij
  * [[..:sicherheit:zertifikat-erneuern|Obnova certifikata]] - Shrani pred obnovo
  * [[..:tagesgeschaeft:server-starten|Zagon strežnika]] - Po obnovitvi

----

<< [[.:start|<- Varnostne kopije]] | [[.:dsn-export|-> DSN-Export]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//

{{tag>operator runbook backup restore config}}