Scheduled Backups

Automate rabbitmq-backup to run on a schedule so backups happen without manual intervention.

Option 1: Cron (Linux / macOS)

Basic Cron Job

# Edit crontab
crontab -e

Add a line for daily backups at 02:00:

0 2 * * * /usr/local/bin/rabbitmq-backup backup --config /etc/rabbitmq-backup/backup.yaml >> /var/log/rabbitmq-backup.log 2>&1

With Environment Variables

Credentials should not be stored in the config file. Pass them through the cron job:

0 2 * * * RABBITMQ_PASSWORD=changeme AWS_ACCESS_KEY_ID=AKIAEXAMPLE AWS_SECRET_ACCESS_KEY=secretkey /usr/local/bin/rabbitmq-backup backup --config /etc/rabbitmq-backup/backup.yaml >> /var/log/rabbitmq-backup.log 2>&1

With a Wrapper Script

For complex setups, use a wrapper script:

/usr/local/bin/rabbitmq-backup-cron.sh

#!/bin/bash
set -euo pipefail

# Load credentials from a secure source
export RABBITMQ_PASSWORD=$(cat /etc/rabbitmq-backup/secrets/rabbitmq-password)
export AWS_ACCESS_KEY_ID=$(cat /etc/rabbitmq-backup/secrets/aws-access-key)
export AWS_SECRET_ACCESS_KEY=$(cat /etc/rabbitmq-backup/secrets/aws-secret-key)

# Generate a unique backup ID with date
export BACKUP_DATE=$(date +%Y%m%d-%H%M%S)

# Run backup
/usr/local/bin/rabbitmq-backup backup \
  --config /etc/rabbitmq-backup/backup.yaml \
  2>&1 | tee -a /var/log/rabbitmq-backup.log

# Optional: run validation after backup
/usr/local/bin/rabbitmq-backup validate \
  --path s3://rabbitmq-backups \
  --backup-id daily-backup \
  --deep \
  2>&1 | tee -a /var/log/rabbitmq-backup-validate.log

# Optional: send notification
if [ $? -eq 0 ]; then
  echo "RabbitMQ backup completed successfully at $(date)" | \
    mail -s "RabbitMQ Backup OK" ops@example.com
else
  echo "RabbitMQ backup FAILED at $(date)" | \
    mail -s "ALERT: RabbitMQ Backup Failed" ops@example.com
fi

chmod +x /usr/local/bin/rabbitmq-backup-cron.sh

Crontab entry:

0 2 * * * /usr/local/bin/rabbitmq-backup-cron.sh

Schedule Examples

Schedule	Cron Expression	Description
Daily at 02:00	0 2 * * *	Standard daily backup
Every 6 hours	0 */6 * * *	4x daily
Hourly	0 * * * *	High-frequency backup
Weekdays at 23:00	0 23 * * 1-5	Business hours coverage
Sunday at 03:00	0 3 * * 0	Weekly backup

Log Rotation

Add a logrotate config to manage log files:

/etc/logrotate.d/rabbitmq-backup

/var/log/rabbitmq-backup*.log {
    daily
    rotate 14
    compress
    delaycompress
    missingok
    notifempty
}

Option 2: Systemd Timer

Systemd timers are a modern alternative to cron on Linux systems.

Service Unit

/etc/systemd/system/rabbitmq-backup.service

[Unit]
Description=RabbitMQ Backup
After=network-online.target

[Service]
Type=oneshot
User=rabbitmq-backup
ExecStart=/usr/local/bin/rabbitmq-backup backup --config /etc/rabbitmq-backup/backup.yaml
EnvironmentFile=/etc/rabbitmq-backup/env
StandardOutput=journal
StandardError=journal
NoNewPrivileges=true
ProtectSystem=strict
ReadWritePaths=/var/lib/rabbitmq-backup

Environment File

/etc/rabbitmq-backup/env

RABBITMQ_PASSWORD=changeme
AWS_ACCESS_KEY_ID=AKIAEXAMPLE
AWS_SECRET_ACCESS_KEY=secretkey

chmod 600 /etc/rabbitmq-backup/env

Timer Unit

/etc/systemd/system/rabbitmq-backup.timer

[Unit]
Description=Daily RabbitMQ Backup

[Timer]
OnCalendar=*-*-* 02:00:00
Persistent=true
RandomizedDelaySec=300

[Install]
WantedBy=timers.target

Enable

sudo systemctl daemon-reload
sudo systemctl enable --now rabbitmq-backup.timer

# Check status
sudo systemctl list-timers rabbitmq-backup.timer

# View logs
sudo journalctl -u rabbitmq-backup.service

Option 3: Kubernetes CronJob

Config and Credentials

# Create namespace
kubectl create namespace rabbitmq-backup

# Create Secret
kubectl create secret generic rabbitmq-backup-credentials \
  --namespace rabbitmq-backup \
  --from-literal=RABBITMQ_PASSWORD=changeme \
  --from-literal=AWS_ACCESS_KEY_ID=AKIAEXAMPLE \
  --from-literal=AWS_SECRET_ACCESS_KEY=secretkey

ConfigMap

configmap.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: rabbitmq-backup-config
  namespace: rabbitmq-backup
data:
  backup.yaml: |
    mode: backup
    backup_id: "k8s-scheduled-backup"

    source:
      amqp_url: "amqp://backup_user:${RABBITMQ_PASSWORD}@rabbitmq.default.svc:5672/%2f"
      management_url: "http://rabbitmq.default.svc:15672"
      management_username: backup_user
      management_password: "${RABBITMQ_PASSWORD}"
      queues:
        include:
          - "*"
        exclude:
          - "*-dead-letter"

    storage:
      backend: s3
      bucket: rabbitmq-backups
      region: us-east-1
      prefix: k8s-cluster/

    backup:
      compression: zstd
      compression_level: 3
      prefetch_count: 100
      max_concurrent_queues: 4
      include_definitions: true
      stop_at_current_depth: true

CronJob

cronjob.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: rabbitmq-backup
  namespace: rabbitmq-backup
spec:
  schedule: "0 2 * * *"
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 5
  failedJobsHistoryLimit: 3
  startingDeadlineSeconds: 600
  jobTemplate:
    spec:
      backoffLimit: 2
      activeDeadlineSeconds: 3600
      template:
        metadata:
          labels:
            app: rabbitmq-backup
        spec:
          restartPolicy: OnFailure
          containers:
            - name: backup
              image: ghcr.io/osodevops/rabbitmq-backup:latest
              args: ["backup", "--config", "/config/backup.yaml"]
              envFrom:
                - secretRef:
                    name: rabbitmq-backup-credentials
              volumeMounts:
                - name: config
                  mountPath: /config
                  readOnly: true
              resources:
                requests:
                  cpu: 250m
                  memory: 256Mi
                limits:
                  cpu: "1"
                  memory: 512Mi
          volumes:
            - name: config
              configMap:
                name: rabbitmq-backup-config

Deploy

kubectl apply -f configmap.yaml
kubectl apply -f cronjob.yaml

Verify

# Check the schedule
kubectl get cronjobs -n rabbitmq-backup

# Trigger a manual run
kubectl create job --from=cronjob/rabbitmq-backup test-run -n rabbitmq-backup

# Watch the job
kubectl get jobs -n rabbitmq-backup -w

# View logs
kubectl logs -n rabbitmq-backup job/test-run -f

Add Validation CronJob

Run a separate validation job after each backup window:

validate-cronjob.yaml

apiVersion: batch/v1
kind: CronJob
metadata:
  name: rabbitmq-backup-validate
  namespace: rabbitmq-backup
spec:
  schedule: "0 3 * * *"  # 1 hour after backup
  concurrencyPolicy: Forbid
  jobTemplate:
    spec:
      backoffLimit: 1
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: validate
              image: ghcr.io/osodevops/rabbitmq-backup:latest
              args:
                - validate
                - --path
                - s3://rabbitmq-backups
                - --backup-id
                - k8s-scheduled-backup
                - --deep
              envFrom:
                - secretRef:
                    name: rabbitmq-backup-credentials
              resources:
                requests:
                  cpu: 100m
                  memory: 128Mi
          volumes:
            - name: config
              configMap:
                name: rabbitmq-backup-config

Monitoring Scheduled Backups

Prometheus Alert for Missed Backups

If using the Prometheus metrics endpoint, alert when no backup has run recently:

- alert: RabbitMQBackupMissed
  expr: time() - rabbitmq_backup_last_success_timestamp > 90000  # 25 hours
  for: 5m
  labels:
    severity: critical
  annotations:
    summary: "Scheduled RabbitMQ backup has not run in over 25 hours"

Kubernetes Job Failure Alert

Use the kube-state-metrics kube_job_failed metric:

- alert: RabbitMQBackupJobFailed
  expr: kube_job_status_failed{namespace="rabbitmq-backup", job_name=~"rabbitmq-backup.*"} > 0
  for: 1m
  labels:
    severity: critical
  annotations:
    summary: "RabbitMQ backup Kubernetes Job failed"