mirrors/docker-db-backup
1
0
Fork 0
mirror of https://github.com/tiredofit/docker-db-backup.git synced 2025-12-21 13:23:12 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Release 4.0.8 - See CHANGELOG.md

Browse Source
This commit is contained in:
dave@tiredofit.ca
2023-11-11 08:32:58 -08:00
parent 535e011740
commit 0b2c7836cf
3 changed files with 43 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CHANGELOG.md
View File

@@ -1,3 +1,11 @@
## 4.0.8 2023-11-11 <dave at tiredofit dot ca>
### Changed
- Tidy up file_encryption() routines
- Change environment variable _ENCRYPTION_PUBKEY to _ENCRYPTION_PUBLIC_KEY
- Add new environment variable _ENCRYPTION_PRIVATE_KEY
## 4.0.7 2023-11-11 <dave at tiredofit dot ca> ## 4.0.7 2023-11-11 <dave at tiredofit dot ca>
### Added ### Added

27
README.md
View File

@@ -214,12 +214,13 @@ If these are set and no other defaults or variables are set explicitly, they wil
Encryption occurs after compression and the encrypted filename will have a `.gpg` suffix Encryption occurs after compression and the encrypted filename will have a `.gpg` suffix
| Variable | Description | Default | | Variable | Description | Default | `_FILE` |
| ---------------------------- | ------------------------------------------- | ------- | | ----------------------------- | -------------------------------------------- | ------- | ------- |
| `DEFAULT_ENCRYPT` | Encrypt file after backing up with GPG | `FALSE` | | `DEFAULT_ENCRYPT` | Encrypt file after backing up with GPG | `FALSE` | |
| `DEFAULT_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG | | | `DEFAULT_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG | | x |
| *or* | | | | *or* | | | |
| `DEFAULT_ENCRYPT_PUBKEY` | Path of public key to encrypt file with GPG | | | `DEFAULT_ENCRYPT_PUBLIC_KEY` | Path of public key to encrypt file with GPG | | x |
| `DEFAULT_ENCRYPT_PRIVATE_KEY` | Path of private key to encrypt file with GPG | | x |
##### Scheduling Options ##### Scheduling Options
@@ -476,12 +477,14 @@ Otherwise, override them per backup job. Additional backup jobs can be scheduled
Encryption will occur after compression and the resulting filename will have a `.gpg` suffix Encryption will occur after compression and the resulting filename will have a `.gpg` suffix
| Variable | Description | Default |
| ------------------------- | ------------------------------------------- | ------- | | Variable | Description | Default | `_FILE` |
| `DB01_ENCRYPT` | Encrypt file after backing up with GPG | `FALSE` | | -------------------------- | -------------------------------------------- | ------- | ------- |
| `DB01_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG | | | `DB01_ENCRYPT` | Encrypt file after backing up with GPG | `FALSE` | |
| *or* | | | | `DB01_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG | | x |
| `DB01_ENCRYPT_PUBKEY` | Path of public key to encrypt file with GPG | | | *or* | | | |
| `DB01_ENCRYPT_PUBLIC_KEY` | Path of public key to encrypt file with GPG | | x |
| `DB01_ENCRYPT_PRIVATE_KEY` | Path of private key to encrypt file with GPG | | x |
##### Scheduling Options ##### Scheduling Options

29
install/assets/functions/10-db-backup
View File

@@ -48,7 +48,8 @@ bootstrap_variables() {
DEFAULT_USER \ DEFAULT_USER \
DEFAULT_PASS \ DEFAULT_PASS \
DEFAULT_ENCRYPT_PASSPHRASE \ DEFAULT_ENCRYPT_PASSPHRASE \
DEFAULT_ENCRYPT_PUBKEY \ DEFAULT_ENCRYPT_PUBLIC_KEY \
DEFAULT_ENCRYPT_PRIVATE_KEY \
DEFAULT_MONGO_CUSTOM_URI \ DEFAULT_MONGO_CUSTOM_URI \
DEFAULT_MYSQL_TLS_CA_FILE \ DEFAULT_MYSQL_TLS_CA_FILE \
DEFAULT_MYSQL_TLS_CERT_FILE \ DEFAULT_MYSQL_TLS_CERT_FILE \
@@ -74,7 +75,8 @@ bootstrap_variables() {
DB"${backup_instance_number}"_USER \ DB"${backup_instance_number}"_USER \
DB"${backup_instance_number}"_PASS \ DB"${backup_instance_number}"_PASS \
DB"${backup_instance_number}"_ENCRYPT_PASSPHRASE \ DB"${backup_instance_number}"_ENCRYPT_PASSPHRASE \
DB"${backup_instance_number}"_ENCRYPT_PUBKEY \ DB"${backup_instance_number}"_ENCRYPT_PUBLIC_KEY \
DB"${backup_instance_number}"_ENCRYPT_PRIVATE_KEY \
DB"${backup_instance_number}"_MONGO_CUSTOM_URI \ DB"${backup_instance_number}"_MONGO_CUSTOM_URI \
DB"${backup_instance_number}"_MYSQL_TLS_CA_FILE \ DB"${backup_instance_number}"_MYSQL_TLS_CA_FILE \
DB"${backup_instance_number}"_MYSQL_TLS_CERT_FILE \ DB"${backup_instance_number}"_MYSQL_TLS_CERT_FILE \
@@ -185,7 +187,8 @@ bootstrap_variables() {
transform_backup_instance_variable "${backup_instance_number}" ENABLE_PARALLEL_COMPRESSION backup_job_parallel_compression transform_backup_instance_variable "${backup_instance_number}" ENABLE_PARALLEL_COMPRESSION backup_job_parallel_compression
transform_backup_instance_variable "${backup_instance_number}" ENCRYPT backup_job_encrypt transform_backup_instance_variable "${backup_instance_number}" ENCRYPT backup_job_encrypt
transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PASSPHRASE backup_job_encrypt_passphrase transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PASSPHRASE backup_job_encrypt_passphrase
transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PUBKEY backup_job_encrypt_pubkey transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PRIVATE_KEY backup_job_encrypt_private_key
transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PUBLIC_KEY backup_job_encrypt_public_key
transform_backup_instance_variable "${backup_instance_number}" EXTRA_DUMP_OPTS backup_job_extra_dump_opts transform_backup_instance_variable "${backup_instance_number}" EXTRA_DUMP_OPTS backup_job_extra_dump_opts
transform_backup_instance_variable "${backup_instance_number}" EXTRA_ENUMERATION_OPTS backup_job_extra_enumeration_opts transform_backup_instance_variable "${backup_instance_number}" EXTRA_ENUMERATION_OPTS backup_job_extra_enumeration_opts
transform_backup_instance_variable "${backup_instance_number}" EXTRA_OPTS backup_job_extra_opts transform_backup_instance_variable "${backup_instance_number}" EXTRA_OPTS backup_job_extra_opts
@@ -1237,21 +1240,26 @@ file_encryption() {
if [ "${exit_code}" = "0" ] ; then if [ "${exit_code}" = "0" ] ; then
print_debug "[file_encryption] Encrypting" print_debug "[file_encryption] Encrypting"
output_off output_off
if [ -n "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_pubkey}" ]; then if [ -n "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_public_key}" ]; then
print_error "Can't encrypt as both ENCRYPT_PASSPHRASE and ENCRYPT_PUBKEY exist!" print_error "Can't encrypt as both ENCRYPT_PASSPHRASE and ENCRYPT_PUBKEY exist!"
return return
elif [ -n "${backup_job_encrypt_passphrase}" ] && [ -z "${backup_job_encrypt_pubkey}" ]; then elif [ -n "${backup_job_encrypt_passphrase}" ] && [ -z "${backup_job_encrypt_public_key}" ]; then
print_notice "Encrypting with GPG Passphrase" print_notice "Encrypting with GPG Passphrase"
encrypt_routines_start_time=$(date +'%s') encrypt_routines_start_time=$(date +'%s')
encrypt_tmp_dir=$(run_as_user mktemp -d) encrypt_tmp_dir=$(run_as_user mktemp -d)
echo "${backup_job_encrypt_passphrase}" | silent run_as_user ${play_fair} gpg --batch --home ${encrypt_tmp_dir} --yes --passphrase-fd 0 -c "${TEMP_PATH}"/"${backup_job_filename}" echo "${backup_job_encrypt_passphrase}" | silent run_as_user ${play_fair} gpg --batch --home ${encrypt_tmp_dir} --yes --passphrase-fd 0 -c "${TEMP_PATH}"/"${backup_job_filename}"
rm -rf "${encrypt_tmp_dir}" rm -rf "${encrypt_tmp_dir}"
elif [ -z "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_pubkey}" ]; then elif [ -z "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_public_key}" ] && [ -n "${backup_job_encrypt_private_key}" ]; then
if [ -f "${backup_job_encrypt_pubkey}" ]; then if [ -f "${backup_job_encrypt_private_key}" ]; then
encrypt_routines_start_time=$(date +'%s') encrypt_routines_start_time=$(date +'%s')
print_notice "Encrypting with GPG Public Key" print_notice "Encrypting with GPG Private Key"
encrypt_tmp_dir=$(run_as_user mktemp -d) encrypt_tmp_dir=$(run_as_user mktemp -d)
silent run_as_user ${play_fair} gpg --batch --yes --home ${encrypt_tmp_dir} --recipient-file "${backup_job_encrypt_pubkey}" -c "${TEMP_PATH}"/"${backup_job_filename}" cat "${backup_job_encrypt_private_key}" | run_as_user tee "${encrypt_tmp_dir}"/private_key.asc > /dev/null
print_debug "[file_encryption] [key] Importing Private Key"
silent run_as_user gpg --home ${encrypt_tmp_dir} --batch --import "${encrypt_tmp_dir}"/private_key.asc
print_debug "[file_encryption] [key] Encrypting to Public Key"
cat "${backup_job_encrypt_public_key}" | run_as_user tee "${encrypt_tmp_dir}"/public_key.asc > /dev/null
silent run_as_user ${play_fair} gpg --batch --yes --home "${encrypt_tmp_dir}" --encrypt --recipient-file "${encrypt_tmp_dir}"/public_key.asc "${TEMP_PATH}"/"${backup_job_filename}"
rm -rf "${encrypt_tmp_dir}" rm -rf "${encrypt_tmp_dir}"
fi fi
fi fi
@@ -1266,6 +1274,9 @@ file_encryption() {
- dbbackup.backup.encrypt.duration.[${backup_job_db_host}.${backup_job_db_name}] ${encrypt_routines_total_time} - dbbackup.backup.encrypt.duration.[${backup_job_db_host}.${backup_job_db_name}] ${encrypt_routines_total_time}
EOF EOF
) )
else
print_error "Encryption failed! Could not detect encrypted file"
return 99
fi fi
else else
write_log error "Skipping encryption because backup did not complete successfully" write_log error "Skipping encryption because backup did not complete successfully"