From 7781542816c4d5fbd38b1cbea4f45810388d834d Mon Sep 17 00:00:00 2001 From: Dave Conroy Date: Mon, 24 Apr 2023 14:54:47 -0700 Subject: [PATCH] Expand on amount of variables that can use --- README.md | 106 +++++++++++++------------- install/assets/functions/10-db-backup | 67 ++++++++-------- 2 files changed, 87 insertions(+), 86 deletions(-) diff --git a/README.md b/README.md index b9fbf88..775aad0 100644 --- a/README.md +++ b/README.md @@ -140,25 +140,24 @@ Be sure to view the following repositories to understand all the customizable op | `MANUAL_RUN_FOREVER` | `TRUE` or `FALSE` if you wish to try to make the container exit after the backup | `TRUE` | | `TEMP_LOCATION` | Perform Backups and Compression in this temporary directory | `/tmp/backups/` | | `DEBUG_MODE` | If set to `true`, print copious shell script messages to the container log. Otherwise only basic messages are printed. | `FALSE` | -| `CREATE_LATEST_SYMLINK` | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE` | +| `CREATE_LATEST_SYMLINK` | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE` | | `PRE_SCRIPT` | Fill this variable in with a command to execute pre backing up | | | `POST_SCRIPT` | Fill this variable in with a command to execute post backing up | | | `SPLIT_DB` | For each backup, create a new archive. `TRUE` or `FALSE` (MySQL and Postgresql Only) | `TRUE` | ### Database Specific Options -| Parameter | Description | Default | -| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | -| `DB_AUTH` | (Mongo Only - Optional) Authentication Database | | -| `DB_TYPE` | Type of DB Server to backup `couch` `influx` `mysql` `pgsql` `mongo` `redis` `sqlite3` | | -| `DB_HOST` | Server Hostname e.g. `mariadb`. For `sqlite3`, full path to DB file e.g. `/backup/db.sqlite3` | | -| `DB_NAME` | Schema Name e.g. `database` or `ALL` to backup all databases the user has access to. Backup multiple by seperating with commas eg `db1,db2` | | -| `DB_NAME_EXCLUDE` | If using `ALL` - use this as to exclude databases seperated via commas from being backed up | | -| `DB_USER` | username for the database(s) - Can use `root` for MySQL | | -| `DB_PASS` | (optional if DB doesn't require it) password for the database | | -| `DB_PORT` | (optional) Set port to connect to DB_HOST. Defaults are provided | varies | -| `INFLUX_VERSION` | What Version of Influx are you backing up from `1`.x or `2` series - AMD64 and ARM64 only for `2` | | -| `MONGO_CUSTOM_URI` | If you wish to override the MongoDB Connection string enter it here e.g. `mongodb+srv://username:password@cluster.id.mongodb.net` | | -| | This environment variable will be parsed and populate the `DB_NAME` and `DB_HOST` variables to properly build your backup filenames. You can overrde them by making your own entries | +| Parameter | Description | Default | `_NAME | +| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- | ------ | +| `DB_AUTH` | (Mongo Only - Optional) Authentication Database | | | `DB_TYPE` | Type of DB Server to backup `couch` `influx` `mysql` `pgsql` `mongo` `redis` `sqlite3` | | | +| `DB_HOST` | Server Hostname e.g. `mariadb`. For `sqlite3`, full path to DB file e.g. `/backup/db.sqlite3` | | x | +| `DB_NAME` | Schema Name e.g. `database` or `ALL` to backup all databases the user has access to. Backup multiple by seperating with commas eg `db1,db2` | | x | +| `DB_NAME_EXCLUDE` | If using `ALL` - use this as to exclude databases seperated via commas from being backed up | | x | +| `DB_USER` | username for the database(s) - Can use `root` for MySQL | | x | +| `DB_PASS` | (optional if DB doesn't require it) password for the database | | x | +| `DB_PORT` | (optional) Set port to connect to DB_HOST. Defaults are provided | varies | x | +| `INFLUX_VERSION` | What Version of Influx are you backing up from `1`.x or `2` series - AMD64 and ARM64 only for `2` | | | +| `MONGO_CUSTOM_URI` | If you wish to override the MongoDB Connection string enter it here e.g. `mongodb+srv://username:password@cluster.id.mongodb.net` | | x | +| | This environment variable will be parsed and populate the `DB_NAME` and `DB_HOST` variables to properly build your backup filenames. You can overrde them by making your own entries | | | #### For Influx DB2: Your Organization will be mapped to `DB_USER` and your root token will need to be mapped to `DB_PASS`. You may use `DB_NAME=ALL` to backup the entire set of databases. For `DB_HOST` use syntax of `http(s)://db-name` @@ -171,32 +170,32 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b | | Absolute HHMM, e.g. `2330` or `0415` | | | | Relative +MM, i.e. how many minutes after starting the container, e.g. `+0` (immediate), `+10` (in 10 minutes), or `+90` in an hour and a half | | | `DB_DUMP_TARGET` | Directory where the database dumps are kept. | `${DB_DUMP_TARGET}/archive/` | -| `DB_DUMP_TARGET_ARCHIVE` | Optional Directory where the database dumps archives are kept. | +| `DB_DUMP_TARGET_ARCHIVE` | Optional Directory where the database dumps archives are kept. | | `DB_CLEANUP_TIME` | Value in minutes to delete old backups (only fired when dump freqency fires). 1440 would delete anything above 1 day old. You don't need to set this variable if you want to hold onto everything. | `FALSE` | -| `DB_ARCHIVE_TIME` | Value in minutes to move all files files older than (x) from `DB_DUMP_TARGET` to `DB_DUMP_TARGET_ARCHIVE` - which is useful when pairing against an external backup system. | +| `DB_ARCHIVE_TIME` | Value in minutes to move all files files older than (x) from `DB_DUMP_TARGET` to `DB_DUMP_TARGET_ARCHIVE` - which is useful when pairing against an external backup system. | - You may need to wrap your `DB_DUMP_BEGIN` value in quotes for it to properly parse. There have been reports of backups that start with a `0` get converted into a different format which will not allow the timer to start at the correct time. ### Backup Options -| Parameter | Description | Default | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `COMPRESSION` | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE` | `ZSTD` | -| `COMPRESSION_LEVEL` | Numberical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` - | `3` | -| `ENABLE_PARALLEL_COMPRESSION` | Use multiple cores when compressing backups `TRUE` or `FALSE` | `TRUE` | -| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8` | `autodetected` | -| `GZ_RSYNCABLE` | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE` | `FALSE` | -| `ENABLE_CHECKSUM` | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE` | `TRUE` | -| `CHECKSUM` | Either `MD5` or `SHA1` | `MD5` | -| `EXTRA_OPTS` | If you need to pass extra arguments to the backup command, add them here e.g. `--extra-command` | | -| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` | -| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` | -| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` | -| `MYSQL_ENABLE_TLS` | Enable TLS functionality for MySQL client | `FALSE` | -| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` | -| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` | -| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS | `/etc/ssl/cert.pem` | -| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | | -| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | | +| Parameter | Description | Default | `_NAME` | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------- | ------- | +| `COMPRESSION` | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE` | `ZSTD` | | +| `COMPRESSION_LEVEL` | Numberical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` - | `3` | | +| `ENABLE_PARALLEL_COMPRESSION` | Use multiple cores when compressing backups `TRUE` or `FALSE` | `TRUE` | | +| `PARALLEL_COMPRESSION_THREADS` | Maximum amount of threads to use when compressing - Integer value e.g. `8` | `autodetected` | | +| `GZ_RSYNCABLE` | Use `--rsyncable` (gzip only) for faster rsync transfers and incremental backup deduplication. e.g. `TRUE` | `FALSE` | | +| `ENABLE_CHECKSUM` | Generate either a MD5 or SHA1 in Directory, `TRUE` or `FALSE` | `TRUE` | | +| `CHECKSUM` | Either `MD5` or `SHA1` | `MD5` | | +| `EXTRA_OPTS` | If you need to pass extra arguments to the backup command, add them here e.g. `--extra-command` | | | +| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` | | +| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` | | +| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` | | +| `MYSQL_ENABLE_TLS` | Enable TLS functionality for MySQL client | `FALSE` | | +| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` | | +| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` | | +| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS | `/etc/ssl/cert.pem` | x | +| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | | x | +| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | | x | - When using compression with MongoDB, only `GZ` compression is possible. @@ -204,19 +203,19 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b If `BACKUP_LOCATION` = `S3` then the following options are used. -| Parameter | Description | Default | -| --------------------- | ----------------------------------------------------------------------------------------- | ------- | -| `S3_BUCKET` | S3 Bucket name e.g. `mybucket` | | -| `S3_KEY_ID` | S3 Key ID (Optional) | | -| `S3_KEY_SECRET` | S3 Key Secret (Optional) | | -| `S3_PATH` | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`') | | -| `S3_REGION` | Define region in which bucket is defined. Example: `ap-northeast-2` | | -| `S3_HOST` | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS. | | -| `S3_PROTOCOL` | Protocol to connect to `S3_HOST`. Either `http` or `https`. Defaults to `https`. | `https` | -| `S3_EXTRA_OPTS` | Add any extra options to the end of the `aws-cli` process execution | | -| `S3_CERT_CA_FILE` | Map a volume and point to your custom CA Bundle for verification e.g. `/certs/bundle.pem` | | -| _*OR*_ | | | -| `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting | `TRUE` | +| Parameter | Description | Default | `_NAME` | +| --------------------- | ----------------------------------------------------------------------------------------- | ------- | ------- | +| `S3_BUCKET` | S3 Bucket name e.g. `mybucket` | | x | +| `S3_KEY_ID` | S3 Key ID (Optional) | | x | +| `S3_KEY_SECRET` | S3 Key Secret (Optional) | | x | +| `S3_PATH` | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`') | | x | +| `S3_REGION` | Define region in which bucket is defined. Example: `ap-northeast-2` | | x | +| `S3_HOST` | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS. | | x | +| `S3_PROTOCOL` | Protocol to connect to `S3_HOST`. Either `http` or `https`. Defaults to `https`. | `https` | x | +| `S3_EXTRA_OPTS` | Add any extra options to the end of the `aws-cli` process execution | | x | +| `S3_CERT_CA_FILE` | Map a volume and point to your custom CA Bundle for verification e.g. `/certs/bundle.pem` | | x | +| _*OR*_ | | | | +| `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting | `TRUE` | | - When `S3_KEY_ID` and/or `S3_KEY_SECRET` is not set, will try to use IAM role assigned (if any) for uploading the backup files to S3 bucket. @@ -224,14 +223,13 @@ If `BACKUP_LOCATION` = `S3` then the following options are used. Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer) to the Azure fileshare storage. - If `BACKUP_LOCATION` = `blobxfer` then the following options are used. -| Parameter | Description | Default | -| ------------------------------ | ------------------------------------------- | ------------------- | -| `BLOBXFER_STORAGE_ACCOUNT` | Microsoft Azure Cloud storage account name. | | -| `BLOBXFER_STORAGE_ACCOUNT_KEY` | Microsoft Azure Cloud storage account key. | | -| `BLOBXFER_REMOTE_PATH` | Remote Azure path | `/docker-db-backup` | +| Parameter | Description | Default | `_NAME` | +| ------------------------------ | ------------------------------------------- | ------------------- | ------- | +| `BLOBXFER_STORAGE_ACCOUNT` | Microsoft Azure Cloud storage account name. | | x | +| `BLOBXFER_STORAGE_ACCOUNT_KEY` | Microsoft Azure Cloud storage account key. | | x | +| `BLOBXFER_REMOTE_PATH` | Remote Azure path | `/docker-db-backup` | x | > This service uploads files from backup targed directory `DB_DUMP_TARGET`. > If the a cleanup configuration in `DB_CLEANUP_TIME` is defined, the remote directory on Azure storage will also be cleaned automatically. diff --git a/install/assets/functions/10-db-backup b/install/assets/functions/10-db-backup index 7d7d4d1..30447da 100644 --- a/install/assets/functions/10-db-backup +++ b/install/assets/functions/10-db-backup @@ -2,12 +2,17 @@ bootstrap_variables() { sanity_var DB_TYPE "Set appropriate DB_TYPE" + transform_var \ + DB_HOST \ + DB_PORT \ + DB_USER \ + DB_PASS case "${DB_TYPE,,}" in couch* ) dbtype=couch DB_PORT=${DB_PORT:-5984} - file_env 'DB_USER' - file_env 'DB_PASS' + sanity_var DB_USER + sanity_var DB_PASS ;; influx* ) dbtype=influx @@ -15,31 +20,31 @@ bootstrap_variables() { 1) DB_PORT=${DB_PORT:-8088} ;; 2) DB_PORT=${DB_PORT:-8086} ;; esac - file_env 'DB_USER' - file_env 'DB_PASS' + sanity_var DB_USER + sanity_var DB_PASS sanity_var INFLUX_VERSION "What InfluxDB version you are backing up from '1' or '2'" ;; mongo* ) dbtype=mongo + transform_var MONGO_CUSTOM_URI if [ -n "${MONGO_CUSTOM_URI}" ] ; then - mongo_uri_proto=$(echo ${MONGO_CUSTOM_URI} | grep :// | sed -e's,^\(.*://\).*,\1,g') + mongo_uri_proto=$(echo "${MONGO_CUSTOM_URI}" | grep :// | sed -e's,^\(.*://\).*,\1,g') mongo_uri_scratch="${MONGO_CUSTOM_URI/${mongo_uri_proto}/}" - mongo_uri_username_password=$(echo ${mongo_uri_scratch} | grep @ | rev | cut -d@ -f2- | rev) - if [ -n "${mongo_uri_username_password}" ]; then mongo_uri_scratch=$(echo ${mongo_uri_scratch} | rev | cut -d@ -f1 | rev) ; fi - mongo_uri_port=$(echo ${mongo_uri_scratch} | grep : | rev | cut -d: -f2- | rev) - if [ -n "${mongo_uri_port}" ]; then mongo_uri_port=$(echo ${mongo_uri_scratch} | rev | cut -d: -f1 | cut -d/ -f2 | rev) ; fi - mongo_uri_hostname=$(echo ${mongo_uri_scratch} | cut -d/ -f1 | cut -d: -f1 ) - mongo_uri_database=$(echo ${mongo_uri_scratch} | cut -d/ -f2 | cut -d? -f1 ) - mongo_uri_options=$(echo ${mongo_uri_scratch} | cut -d/ -f2 | cut -d? -f2 ) + mongo_uri_username_password="$(echo "${mongo_uri_scratch}" | grep @ | rev | cut -d@ -f2- | rev)" + if [ -n "${mongo_uri_username_password}" ]; then mongo_uri_scratch="$(echo "${mongo_uri_scratch}" | rev | cut -d@ -f1 | rev)" ; fi + mongo_uri_port="$(echo "${mongo_uri_scratch}" | grep : | rev | cut -d: -f2- | rev)" + if [ -n "${mongo_uri_port}" ]; then mongo_uri_port="$(echo "${mongo_uri_scratch}" | rev | cut -d: -f1 | cut -d/ -f2 | rev)" ; fi + mongo_uri_hostname="$(echo "${mongo_uri_scratch}" | cut -d/ -f1 | cut -d: -f1 )" + mongo_uri_database="$(echo "${mongo_uri_scratch}" | cut -d/ -f2 | cut -d? -f1 )" + mongo_uri_options="$(echo "${mongo_uri_scratch}" | cut -d/ -f2 | cut -d? -f2 )" DB_NAME=${DB_NAME:-"${mongo_uri_database,,}"} DB_HOST=${DB_HOST:-"${mongo_uri_hostname,,}"} else DB_PORT=${DB_PORT:-27017} - [[ ( -n "${DB_USER}" ) || ( -n "${DB_USER_FILE}" ) ]] && file_env 'DB_USER' - [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS' [[ ( -n "${DB_USER}" ) ]] && MONGO_USER_STR=" --username ${DB_USER}" [[ ( -n "${DB_PASS}" ) ]] && MONGO_PASS_STR=" --password ${DB_PASS}" [[ ( -n "${DB_NAME}" ) ]] && MONGO_DB_STR=" --db ${DB_NAME}" + transform_var DB_AUTH [[ ( -n "${DB_AUTH}" ) ]] && MONGO_AUTH_STR=" --authenticationDatabase ${DB_AUTH}" fi ;; @@ -47,8 +52,7 @@ bootstrap_variables() { dbtype=mysql DB_PORT=${DB_PORT:-3306} sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas" - [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS' - [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS} + [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS} if var_true "${MYSQL_ENABLE_TLS}" ; then if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}" @@ -81,14 +85,12 @@ bootstrap_variables() { postgres* | "pgsql" ) dbtype=pgsql DB_PORT=${DB_PORT:-5432} - [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS' [[ ( -n "${DB_PASS}" ) ]] && POSTGRES_PASS_STR="PGPASSWORD=${DB_PASS}" sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas" ;; "redis" ) dbtype=redis DB_PORT=${DB_PORT:-6379} - [[ ( -n "${DB_PASS}" || ( -n "${DB_PASS_FILE}" ) ) ]] && file_env 'DB_PASS' [[ ( -n "${DB_PASS}" ) ]] && REDIS_PASS_STR=" -a ${DB_PASS}" ;; sqlite* ) @@ -100,14 +102,23 @@ bootstrap_variables() { ;; esac - if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then - file_env 'S3_KEY_ID' - file_env 'S3_KEY_SECRET' + if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then + transform_var \ + S3_BUCKET \ + S3_KEY_ID \ + S3_KEY_SECRET \ + S3_PATH \ + S3_REGION \ + S3_HOST \ + S3_PROTOCOL \ + S3_EXTRA_OPTS \ + S3_CERT_CA_FILE fi - if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_FILE}" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_KEY_FILE}" ]; then - file_env 'BLOBXFER_STORAGE_ACCOUNT_FILE' - file_env 'BLOBXFER_STORAGE_ACCOUNT_KEY_FILE' + if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] ; then + transform_var \ + BLOBXFER_STORAGE_ACCOUNT \ + BLOBXFER_STORAGE_KEY fi } @@ -838,14 +849,6 @@ sanity_test() { sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas" ;; esac - - if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then - sanity_var S3_BUCKET "S3 Bucket" - sanity_var S3_PATH "S3 Path" - sanity_var S3_REGION "S3 Region" - file_env 'S3_KEY_ID' - file_env 'S3_KEY_SECRET' - fi } setup_mode() {