csmt - Server Management Tool

Creode Server Management Tool

Catchy name, right?

This was a tool I created during my time as Head of Development at Creode. As a professional outfit we took regular backups of our clients sites, but we had no way to monitor this and no simple way of triggering new backups off-schedule.

The core of the tool is built with symfony console, something I first used when building cdev. It's a fantastic bit of kit, you will have seen it if you use composer, drush or magerun.

Here's the code, https://github.com/creode/csmt, it's open source, so feel free to get your contributions in.

How does it work?

The tool sits in the root of the website it's connecting to, a configuration file sits in the same directory (see the repo for an example). On the command line the user can trigger a backup of the database, or of the directories (generally media upload directories) listed in the config file.

The key selling point of csmt is it's ability to make GDPR compliant database backups available to developers. It does this by taking the database backups in 4 parts, the table structure, the clean data, the data containing PII and the tables needed for that PII data.

Backups are taken and stored in the location specified in the config file, this is generally in AWS S3 buckets but ssh details can be used to drop them onto a server if required. The non-PII and PII files can be placed into separate buckets, meaning that PII can (and should be) be locked down to prevent most users (including developers) accessing it.

A separate obfuscation tool runs (off-server) that restores the PII structure and PII data to a temporary database, scrambles the PII fields and puts the now cleansed data into the same place as the clean data from the original dump. Developers (and testing environments) now have access to all parts of the database, but none of the PII data.

Access to the data is dependant on credentials for the storage location, we used IAM users for each developer and granted access to project buckets as needed. This was linked up with the cdev backup configuration, meaning a developer just needed to run `cdev backup:pull` and a fresh, clean database was downloaded.

Monitoring backups

In addition to the tool itself a dashboard was built, the code for that can be found here - https://github.com/creode/csmt-dashboard

It's a simple laravel application, users login, they see a dashboard of active projects and the status of the backups on each. Backups are scheduled to be taken weekly, so anything older than a week is flagged as a warning, and any zero-sized files are also highlighted.

It's a simple enough system, and great to use - one look and you know that all is well.

The CSMT Dashboard overview screen with client names redacted

The CSMT Dashboard overview screen. Client names redacted

Want to use CSMT?

The code is all available in the repositories above, feel free to have a go at setting things up yourself.

If you need some assistance then drop me a message and I'll get back to you with some guidance.

If you're an agency and would like me to setup CSMT for your systems, please get in touch. I can also providing training should your team need it.