Tergum: Universal Backup Tool

Why Tergum?

Tergum is simple tool provides centralized backup solution with multiple sources (databases, files, S3, ...) and multiple backup storages (S3, filesystem, ...). Tergum has native backup monitoring and alerts you when backup fails. Tergum also support backup encryption, compression and automatic recovery testing.

Tergum is under active development, not all features are already implemented. Check current project state

Do you want to start using Tergum? Give us a call

Let's discuss Tergum in your project in 30 min call

What "Tergum" means?

Tergum means backup in latin.

Tergum Cloud: Bring Your Backups into Cloud

Tergum Cloud allow you to manage your backup using UI & Terraform and store your backups securely in our AWS.

Are you interested in our public beta? Drop us email [email protected]

Tergum Enterprise: Use Tergum Cloud in Your Private Infrastructure

Tergum Enterprise brings our cloud platform behind your filewall. For an inquiry, contact our sales [email protected]

Install

Install using Brew:

brew install sikalabs/tap/tergum

Autocomplete

See: tergum completion

Bash

source <(tergum completion bash)

CLI Usage

Generated CLI Docs on Github

See: https://github.com/sikalabs/tergum-cli-docs/blob/master/tergum.md#tergum

Generate CLI Docs

Generate Markdown CLI docs to ./cobra-docs

tergum generate-docs

Tergum Config File

Tergum supports only JSON config file, but we're working on YAML support.

Config file examples are in misc/example/config directory

Basic Config Structure

Meta:
  SchemaVersion: 3
Cloud: <Cloud>
Notification: <Notification>
Backups:
  - <Backup>
  - <Backup>
  - ...

Backup Block

ID: <UniqueBackupID>
Source:
  Mysql: <BackupSourceMysqlConfiguration>
  MysqlServer: <BackupSourceMysqlServerConfiguration>
  Postgres: <BackupSourcePostgresConfiguration>
  PostgresServer: <BackupSourcePostgresServerConfiguration>
  Mongo: <BackupSourceMongoConfiguration>
  SingleFile: <BackupSourceSingleFileConfiguration>
  Dir: <BackupSourceDirConfiguration>
  KubernetesTLSSecret: <BackupSourceKubernetesTLSSecret>
  Kubernetes: <BackupSourceKubernetes>
  Notion: <BackupSourceNotion>
  FTP: <BackupSourceFTP>
  Redis: <BackupSourceRedis>
  Vault: <BackupSourceVault>
  Dummy: <BackupSourceDummy>
  Gitlab: <BackupSourceGitlab>
  Consul: <BackupSourceConsul>
Middlewares:
  - <MiddlewareConfiguration>
  - ...
Destinations:
  - ID: <UniqueBackupDestinationID>
    Middlewares:
      - <MiddlewareConfiguration>
      - ...
    FilePath: <BackupDestinationFilePathConfiguration>
    File: <BackupDestinationFileConfiguration>
    S3: <BackupDestinationS3Configuration>
    AzureBlob: <BackupDestinationAzureBlobConfiguration>
  - ...
SleepBefore: <sleep time befor backup job in seconds>

GzipMiddlewareConfiguration

Gzip: {}
SymmetricEncryption:
  Passphrase: "passphrase"

Example BackupSourceMysqlConfiguration Block

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"

With extra args

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
Database: "default"
MysqldumpExtraArgs:
  - --column-statistics=0

Example BackupSourceMysqlServerConfiguration Block

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"

With extra args

Host: "127.0.0.1"
Port: "3306"
User: "root"
Password: "root"
MysqldumpExtraArgs:
  - --column-statistics=0

Example BackupSourcePostgresConfiguration Block

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"

With extra args

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
Database: "postgres"
PgdumpExtraArgs:
  - --ignore-version

Example BackupSourcePostgresServerConfiguration Block

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"

With extra args

Host: "127.0.0.1"
Port: "15432"
User: "postgres"
Password: "pg"
PgdumpallExtraArgs:
  - --ignore-version

Example BackupSourceMongoConfiguration Block

Dump all dbs & no auth

Host: "127.0.0.1"
Port: "27017"

Dump all dbs with auth

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"

Dump single db with auth

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
Database: "test"

Dump single db with auth and custom Authentication Database

Host: "127.0.0.1"
Port: "27017"
User: "root"
Password: "root"
AuthenticationDatabase: "test" # default is admin
Database: "test"

Example BackupSourceKubernetesTLSSecret Block

Backup all TLS secrets

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default

Backup single TLS secret

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
SecretName: tls-example-com

Example BackupSourceKubernetes Block

Backup all resources (pods)

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod

Backup single resource (hello-world pod)

Server: https://kubernetes-api.example.com
Token: foo-bar-baz
Namespace: default
Resource: pod
Name: hello-world

Example BackupSourceSingleFileConfiguration Block

Path: /data/export/dump.sql

Example BackupSourceDirConfiguration Block

Path: /data

Example BackupSourceNotion Block

Token: <Notion token_v2>
SpaceID: <Notion Space UID>
Format: <Fotmat of export ("html" or "markdown")>

Example BackupSourceFTP Block

Host: <FTP host>
User: <FTP user>
Password: <FTP password>

Example BackupSourceRedis Block

Host: <host>
Port: <port>

Example BackupSourceVault Block

Addr: <vault address>
Token: <vault token>

Example BackupSourceDummy Block

Content: <backup content>

Example BackupSourceGitlab Block

NamePrefix: <prefix Gitlab backup file in /var/opt/gitlab/backups>
Skip: <skip (for example registry)>

• Gitlab Docs about SKIP - https://docs.gitlab.com/ee/administration/backup_restore/backup_gitlab.html?tab=Linux+package+%28Omnibus%29#excluding-specific-data-from-the-backup

Example BackupSourceConsul Block

Addr: <host>
Token: <token>

Example without ACL

Addr: http://127.0.0.1:8500

Example with ACL requires token

Addr: http://127.0.0.1:8500
Token: 51047cd1-c243-a969-2bf1-a845405e4da9

Example BackupDestinationFilePathConfiguration Block

Path: "/backup/mysql-default.sql"

Example BackupDestinationFileConfiguration Block

Dir: "/backup/"
Prefix: "mysql-default"
Suffix: "sql"

Example BackupDestinationS3Configuration Block

AWS:

AccessKey: "admin"
SecretKey: "asdfasdf"
Endpoint: "https://minio.example.com"
BucketName: "tergum-backups"
Prefix: "mysql-default"
Suffix: "sql"

Minio:

accessKey: "aws_access_key_id"
secretKey: "aws_secret_access_key"
region: "eu-central-1"
bucketName: "tergum-backups"
prefix: "mysql-default"
suffix: "sql"

Example BackupDestinationAzureBlobConfiguration Block

AccountName: account_name
AccountKey: account_key
ContainerName: container_name
Prefix: "mysql-default"
Suffix: "sql"

Notification Block

Backends: {
  Email:  <NotificationBackendEmail>
Target:
  - <NotificationTarget>
  - <NotificationTarget>
  - ...

Example NotificationBackendEmail Block

SmtpHost: "mail.example.com"
SmtpPort: "25"
Usename: "aaa"
Password: "aaa/bbb"
From: "[email protected]"

NotificationTarget Block

Email: <NotificationEmailTarget>
SlackWebhook: <NotificationSlackWebhookTarget>

Example NotificationEmailTarget Block

Emails:
  - [email protected]
  - [email protected]
SendOK: false

• SendOK=true will send email notification for all tergum runs (failed & OK runs)

Example NotificationSlackWebhookTarget Block

URLs:
  - https://hooks.slack.com/services/xxx/yyy/zzz
SendOK: false

• SendOK=true will send email notification for all tergum runs (failed & OK runs)

Cloud Block

Email: <email of tergum cloud account>

Current Project State

Backup Sources

• [x] SingleFile
• [x] Files (Dir)
• [x] Postgres
• [x] PostgresServer
• [x] MySQL
• [x] MySQLServer
• [ ] Oracle (Enterprise)
• [ ] S3
• [ ] Ceph RBD
• [ ] CephFS
• [x] MongoDB
• [x] Gitlab
• [ ] Proxmox
• [x] Kubernetes Resource
  • [x] Kubernetes TLS Secret
• [ ] Container Image
• [x] Redis
• [x] Notion
• [x] FTP Server (for old school hostings)
• [x] Hashicorp Vault
• [x] Hashicorp Consul
• [x] Dummy (for testing)

Passwords Sources

• [x] YAML
• [x] Environment Variables
• [ ] Hashicorp Vault
• [ ] AWS Secrets Manager
• [ ] Azure Key Vault

Backup Processors

• [x] GZIP Compression
• [x] Symmetric Encryption
• [ ] AsymmetricEncryption
• [ ] GPG Encryption
• [ ] GPG Signatures

Backup Storage

• [x] Files
• [x] S3
• [ ] Tergum Cloud
• [x] Azure Blob
• [ ] GCS (Google Cloud Storage)
• [ ] Container Registry

Notification

• [x] Email
• [x] Slack
• [ ] Microsoft Teams
• [ ] Pagerduty