Rollback Procedures and Recovery Planning

2 min read Web Security Fundamentals

Rollback Procedures and Recovery Planning

Implement rollback capabilities for failed updates:

#!/bin/bash
# /usr/local/bin/update-rollback.sh

# Configuration
BACKUP_DIR="/backup/system-snapshots"
LOG_FILE="/var/log/update-rollback.log"

# Create system snapshot before updates
create_snapshot() {
    local snapshot_name="pre-update-$(date +%Y%m%d-%H%M%S)"
    
    echo "Creating system snapshot: $snapshot_name"
    
    # For LVM systems
    if command -v lvcreate &> /dev/null; then
        lvcreate -L10G -s -n "$snapshot_name" /dev/vg0/root
    fi
    
    # For ZFS systems
    if command -v zfs &> /dev/null; then
        zfs snapshot rpool/ROOT/ubuntu@"$snapshot_name"
    fi
    
    # For Btrfs systems
    if command -v btrfs &> /dev/null; then
        btrfs subvolume snapshot / "/snapshot/$snapshot_name"
    fi
    
    # Backup package states
    dpkg --get-selections > "$BACKUP_DIR/package-selections-$snapshot_name.txt"
    apt-mark showmanual > "$BACKUP_DIR/manual-packages-$snapshot_name.txt"
    
    echo "$snapshot_name" > /tmp/last-snapshot
}

# Rollback to previous state
rollback_updates() {
    local snapshot_name=$(cat /tmp/last-snapshot 2>/dev/null)
    
    if [ -z "$snapshot_name" ]; then
        echo "No snapshot found for rollback"
        return 1
    fi
    
    echo "Rolling back to snapshot: $snapshot_name"
    
    # Stop services
    systemctl stop apache2 nginx
    
    # Restore package states
    if [ -f "$BACKUP_DIR/package-selections-$snapshot_name.txt" ]; then
        dpkg --set-selections < "$BACKUP_DIR/package-selections-$snapshot_name.txt"
        apt-get dselect-upgrade -y
    fi
    
    # Restore configurations
    if [ -d "$BACKUP_DIR/configs-$snapshot_name" ]; then
        cp -a "$BACKUP_DIR/configs-$snapshot_name"/etc/apache2/* /etc/apache2/
        cp -a "$BACKUP_DIR/configs-$snapshot_name"/etc/nginx/* /etc/nginx/
    fi
    
    # Start services
    systemctl start apache2 nginx
    
    echo "Rollback completed"
}

# Test rollback procedure
test_rollback() {
    echo "Testing rollback procedure..."
    
    # Create test snapshot
    create_snapshot
    
    # Make harmless change
    touch /tmp/rollback-test-file
    
    # Perform rollback
    rollback_updates
    
    # Verify rollback
    if [ ! -f /tmp/rollback-test-file ]; then
        echo "Rollback test successful"
        return 0
    else
        echo "Rollback test failed"
        return 1
    fi
}