backup-and-integration.mdβ’6.5 kB
# Phase 3 Enhancement: Config Backup & Infrastructure Integration
## π Configuration Backup System
### Features
1. **Automatic Backups**
- Create backup before any write operation
- Timestamp-based backup naming
- Configurable retention policy
- Compressed storage
2. **Backup Operations**
```typescript
interface BackupManager {
createBackup(): Promise<BackupInfo>;
listBackups(): Promise<BackupInfo[]>;
restoreBackup(backupId: string): Promise<boolean>;
downloadBackup(backupId: string): Promise<Buffer>;
deleteOldBackups(retentionDays: number): Promise<void>;
}
```
3. **Implementation Plan**
- Use OPNsense's `/api/core/backup/*` endpoints
- Store backups locally and/or in TrueNAS
- Track backup metadata in local database
## π³ Docker/Database Integration
### Architecture
```
βββββββββββββββββββββββ ββββββββββββββββββββ
β Claude Desktop ββββββΆβ MCP Server β
β (Your Workstation) β β (Node.js) β
βββββββββββββββββββββββ βββββββββββ¬βββββββββ
β
βββββββββββΌβββββββββ
β Redis/PostgreSQL β
β (Docker on LAN) β
β 10.0.0.2:6379 β
βββββββββββ¬βββββββββ
β
βββββββββββββββββββΌββββββββββββββββββ
β β β
βββββββββΌβββββββββ ββββββΌβββββββ ββββββββΌβββββββ
β OPNsense β β TrueNAS β β Docker β
β 10.0.0.1 β β 10.0.0.3 β β 10.0.0.2 β
ββββββββββββββββββ βββββββββββββ βββββββββββββββ
```
### Components
1. **Redis Cache Layer**
- Fast in-memory storage
- API response caching
- Command queuing
- Real-time updates
2. **PostgreSQL Persistence**
- Configuration history
- Audit logs
- MCP conversation history
- Change tracking
3. **Docker Compose Setup**
```yaml
version: '3.8'
services:
redis:
image: redis:7-alpine
ports:
- "10.0.0.2:6379:6379"
volumes:
- redis-data:/data
postgres:
image: postgres:15-alpine
environment:
POSTGRES_DB: opnsense_mcp
POSTGRES_USER: mcp_user
POSTGRES_PASSWORD: ${DB_PASSWORD}
ports:
- "10.0.0.2:5432:5432"
volumes:
- postgres-data:/var/lib/postgresql/data
volumes:
redis-data:
postgres-data:
```
## π Integration Flow
### 1. **Before Any Modification**
```typescript
async function safeModification(operation: () => Promise<any>) {
// 1. Create backup
const backup = await backupManager.createBackup();
// 2. Log to database
await db.logOperation({
timestamp: new Date(),
backupId: backup.id,
operation: operation.toString()
});
try {
// 3. Execute operation
const result = await operation();
// 4. Cache result
await redis.set(`result:${backup.id}`, result);
return result;
} catch (error) {
// 5. Offer rollback
console.error('Operation failed, backup available:', backup.id);
throw error;
}
}
```
### 2. **Fast Local Communication**
```typescript
class MCPCache {
private redis: RedisClient;
private db: PostgresClient;
async getFirewallRules() {
// Check cache first
const cached = await redis.get('firewall:rules');
if (cached) return JSON.parse(cached);
// Fetch from OPNsense
const rules = await opnsense.getFirewallRules();
// Cache for 5 minutes
await redis.setex('firewall:rules', 300, JSON.stringify(rules));
return rules;
}
}
```
## π Implementation Steps
1. **Add Backup Tools to MCP**
- `create_backup` - Manual backup creation
- `list_backups` - Show available backups
- `restore_backup` - Restore from backup
- `auto_backup` - Enable/disable auto-backup
2. **Add Database Connection**
- Redis client for caching
- PostgreSQL for persistence
- Connection pooling
- Retry logic
3. **Create Docker Stack**
- Docker Compose file
- Environment configuration
- Network setup for LAN access
- Volume management
4. **Add Safety Features**
- Pre-operation validation
- Dry-run mode
- Change preview
- Rollback capability
## π Example Usage
### In Claude Desktop:
```
User: "Create a firewall rule to block port 22"
Claude: I'll create that firewall rule with automatic backup:
1. Creating configuration backup... β
2. Backup ID: backup-2025-01-10-1234
3. Creating firewall rule...
4. Rule created successfully!
5. Changes cached locally for fast access
If you need to rollback, use: restore_backup backup-2025-01-10-1234
```
### From Hypervisor (10.0.0.2):
```bash
# Query MCP cache directly
redis-cli -h localhost get firewall:rules
# View operation history
psql -h localhost -U mcp_user -d opnsense_mcp \
-c "SELECT * FROM operations ORDER BY timestamp DESC LIMIT 10"
```
## π§ Configuration
### `.env` additions:
```env
# Backup Settings
BACKUP_ENABLED=true
BACKUP_RETENTION_DAYS=30
BACKUP_PATH=/mnt/truenas/opnsense-backups
# Database Settings
REDIS_HOST=10.0.0.2
REDIS_PORT=6379
POSTGRES_HOST=10.0.0.2
POSTGRES_PORT=5432
POSTGRES_DB=opnsense_mcp
POSTGRES_USER=mcp_user
POSTGRES_PASSWORD=secure_password
# Cache Settings
CACHE_TTL=300
ENABLE_CACHE=true
```
## π― Benefits
1. **Safety**
- Never lose configuration
- Easy rollback
- Audit trail
2. **Performance**
- Fast cached responses
- Reduced API load
- Local data access
3. **Integration**
- Hypervisor can query MCP data
- Other services can integrate
- Centralized configuration management
4. **Reliability**
- Persistent storage
- Backup redundancy
- Disaster recovery
Ready to implement this enhanced Phase 3?