Release 3.7.7 - See CHANGELOG.md

Simplify pg_isready usage

.github/workflows/main.yml

@@ -1,111 +1,15 @@
-### Application Level Image CI
+name: "build_image"
-### Dave Conroy <dave at tiredofit dot ca>
-
-name: 'build'
 
 on:
   push:
     paths:
-    - '**'
+      - "**"
-    - '!README.md'
+      - "!README.md"
+
 jobs:
-  docker:
+  build:
-    runs-on: ubuntu-latest
+    uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-    steps:
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64.yml@main
-      - name: Checkout
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-        uses: actions/checkout@v3
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_arm64.yml@main
-
+    secrets: inherit
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
-          if [[ $GITHUB_REF == refs/heads/* ]]; then
-             if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
-               BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
-             else
-               BRANCH=${GITHUB_REF#refs/heads/}
-             fi
-
-            case ${BRANCH} in
-              "main" | "master" )
-                  BRANCHTAG="${DOCKER_IMAGE}:latest"
-                ;;
-              "develop" )
-                  BRANCHTAG="${DOCKER_IMAGE}:develop"
-                ;;
-              * )
-                  if [ -n "${{ secrets.LATEST }}" ] ; then
-                    if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
-                    else
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                    fi
-                  else
-                    BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                  fi
-                ;;
-            esac
-          fi
-
-
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-               GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
-          fi
-
-          if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
-            TAGS=${BRANCHTAG},${GITTAG}
-          else
-            TAGS="${BRANCHTAG}${GITTAG}"
-          fi
-
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Label
-        id: Label
-        run: |
-          if [ -f "Dockerfile" ] ; then
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
-            if [ -f "CHANGELOG.md" ] ; then
-              sed -i "/FROM .*/a LABEL tiredofit.db-backup.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
-              mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md
-            fi
-
-
-            if [[ $GITHUB_REF == refs/tags/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
-            fi
-
-            if [[ $GITHUB_REF == refs/heads/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
-            fi
-          fi
-
-      - name: Build
-        uses: docker/build-push-action@v3
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{ steps.prep.outputs.tags }}

.github/workflows/manual.yml

@@ -1,6 +1,4 @@
-# Manual Workflow (Application)
+name: "manual_build_image"
-
-name: manual
 
 on:
   workflow_dispatch:
@@ -8,104 +6,11 @@ on:
       Manual Build:
         description: 'Manual Build'
         required: false
+
 jobs:
-  docker:
+  build:
-    runs-on: ubuntu-latest
+    uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-    steps:
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64.yml@main
-      - name: Checkout
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_armv7_arm64.yml@main
-        uses: actions/checkout@v3
+    #uses: tiredofit/github_actions/.github/workflows/default_amd64_arm64.yml@main
-
+    secrets: inherit
-      - name: Prepare
-        id: prep
-        run: |
-          DOCKER_IMAGE=${GITHUB_REPOSITORY/docker-/}
-          if [[ $GITHUB_REF == refs/heads/* ]]; then
-             if [[ $GITHUB_REF == refs/heads/*/* ]] ; then
-               BRANCH="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed "s|refs/heads/||g" | sed "s|/|-|g")"
-             else
-               BRANCH=${GITHUB_REF#refs/heads/}
-             fi
-
-            case ${BRANCH} in
-              "main" | "master" )
-                  BRANCHTAG="${DOCKER_IMAGE}:latest"
-                ;;
-              "develop" )
-                  BRANCHTAG="${DOCKER_IMAGE}:develop"
-                ;;
-              * )
-                  if [ -n "${{ secrets.LATEST }}" ] ; then
-                    if [ "${BRANCHTAG}" = "${{ secrets.LATEST }}" ]; then
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest,${DOCKER_IMAGE}:latest"
-                    else
-                      BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                    fi
-                  else
-                    BRANCHTAG="${DOCKER_IMAGE}:${BRANCH},${DOCKER_IMAGE}:${BRANCH}-latest"
-                  fi
-                ;;
-            esac
-          fi
-
-
-          if [[ $GITHUB_REF == refs/tags/* ]]; then
-               GITTAG="${DOCKER_IMAGE}:$(echo $GITHUB_REF | sed 's|refs/tags/||g')"
-          fi
-
-          if [ -n "${BRANCHTAG}" ] && [ -n "${GITTAG}" ]; then
-            TAGS=${BRANCHTAG},${GITTAG}
-          else
-            TAGS="${BRANCHTAG}${GITTAG}"
-          fi
-
-          echo ::set-output name=tags::${TAGS}
-          echo ::set-output name=docker_image::${DOCKER_IMAGE}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Set up Docker Buildx
-        id: buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Login to DockerHub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Label
-        id: Label
-        run: |
-          if [ -f "Dockerfile" ] ; then
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_repository=\"https://github.com/${GITHUB_REPOSITORY}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_commit=\"${GITHUB_SHA}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image.git_committed_by=\"${GITHUB_ACTOR}\"" Dockerfile
-            sed -i "/FROM .*/a LABEL tiredofit.image_build_date=\"$(date +'%Y-%m-%d %H:%M:%S')\"" Dockerfile
-            if [ -f "CHANGELOG.md" ] ; then
-              sed -i "/FROM .*/a LABEL tiredofit.db-backup.git_changelog_version=\"$(head -n1 ./CHANGELOG.md | awk '{print $2}')\"" Dockerfile
-              mkdir -p install/assets/.changelogs ; cp CHANGELOG.md install/assets/.changelogs/${GITHUB_REPOSITORY/\//_}.md
-            fi
-
-
-            if [[ $GITHUB_REF == refs/tags/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_tag=\"${GITHUB_REF#refs/tags/v}\"" Dockerfile
-            fi
-
-            if [[ $GITHUB_REF == refs/heads/* ]]; then
-              sed -i "/FROM .*/a LABEL tiredofit.image.git_branch=\"${GITHUB_REF#refs/heads/}\"" Dockerfile
-            fi
-          fi
-
-      - name: Build
-        uses: docker/build-push-action@v3
-        with:
-          builder: ${{ steps.buildx.outputs.name }}
-          context: .
-          file: ./Dockerfile
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
-          push: true
-          tags: ${{ steps.prep.outputs.tags }}

CHANGELOG.md

@@ -1,3 +1,64 @@
+## 3.7.7 2023-03-20 <codemonium@github>
+
+   ### Changed
+      - Simplify pg_isready usage
+
+
+## 3.7.6 2023-03-14 <toshy@github>
+
+   ### Changed
+      - Remove EXTRA_OPT variable from MySQL/MariaDB check
+
+
+## 3.7.5 2023-03-02 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add support for Docker Swarm mode Secrets for BLOBXFER_STORAGE_ACCOUNT_*_FILE
+
+
+## 3.7.4 2023-02-22 <gbe0@github>
+
+   ### Changed
+      - Fix when running in MANUAL_RUN_FOREVER mode looping
+
+
+## 3.7.3 2022-12-20 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Make S3_KEY_ID and S3_KEY_SECRET optional should IAM roles be used (Credit to alwynpan@github)
+
+
+## 3.7.2 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Bugfix for 3.7.1
+
+
+## 3.7.1 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Add MYSQL_ENABLE_TLS environment variable to switch on and off
+
+   ### Reverted
+      - Set default for MYSQL_TLS_CA_FILE to accomodate for most use cases
+
+
+## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
+
+   ### Added
+      - Introduce support for connecting via TLS to MySQL / MariaDB Hosts with MYSQL_TLS_* variables - See README for more details
+
+   ### Changed
+      - Fix for cleaning up filesystems that are syncing to Azure via blobxfer
+
+
+## 3.6.1 2022-11-23 <dave at tiredofit dot ca>
+
+   ### Added
+      - Switch to Alpine 3.17 base
+      - Switch to OpenSSL instead of LibreSSL
+
+
 ## 3.6.0 2022-11-21 <dave at tiredofit dot ca>
 
    ### Added

Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/tiredofit/alpine:3.16
+FROM docker.io/tiredofit/alpine:3.17
 LABEL maintainer="Dave Conroy (github.com/tiredofit)"
 
 ### Set Environment Variables
@@ -10,104 +10,8 @@ ENV INFLUX2_VERSION=2.4.0 \
     IMAGE_NAME="tiredofit/db-backup" \
     IMAGE_REPO_URL="https://github.com/tiredofit/docker-db-backup/"
 
-ENV LANG=en_US.utf8 \
-    PG_MAJOR=15 \
-    PG_VERSION=15.1 \
-    PGDATA=/var/lib/postgresql/data
-
-### Create User Accounts
-RUN set -ex && \
-    addgroup -g 70 postgres && \
-    adduser -S -D -H -h /var/lib/postgresql -s /bin/sh -G postgres -u 70 postgres && \
-    mkdir -p /var/lib/postgresql && \
-    chown -R postgres:postgres /var/lib/postgresql && \
-    \
-### Install Dependencies
-   apk update && \
-   apk upgrade && \
-   apk add \
-       openssl \
-       && \
-   \
-   apk add --no-cache --virtual .postgres-build-deps \
-	   bison \
-	   build-base \
-	   coreutils \
-	   dpkg-dev \
-	   dpkg \
-	   flex \
-	   gcc \
-	   icu-dev \
-	   libc-dev \
-   	   libedit-dev \
-	   libxml2-dev \
-	   libxslt-dev \
-	   linux-headers \
-	   make \
-	   openssl-dev \
-	   perl-utils \
-	   perl-ipc-run \
-	   util-linux-dev \
-           wget \
-	   zlib-dev \
-       && \
-   \
-### Build Postgresql
-   mkdir -p /usr/src/postgresql && \
-   curl -sSL "https://ftp.postgresql.org/pub/source/v$PG_VERSION/postgresql-$PG_VERSION.tar.bz2" | tar xvfj - --strip 1 -C /usr/src/postgresql && \
-   cd /usr/src/postgresql && \
-# update "DEFAULT_PGSOCKET_DIR" to "/var/run/postgresql" (matching Debian)
-# see https://anonscm.debian.org/git/pkg-postgresql/postgresql.git/tree/debian/patches/51-default-sockets-in-var.patch?id=8b539fcb3e093a521c095e70bdfa76887217b89f
-   awk '$1 == "#define" && $2 == "DEFAULT_PGSOCKET_DIR" && $3 == "\"/tmp\"" { $3 = "\"/var/run/postgresql\""; print; next } { print }' src/include/pg_config_manual.h > src/include/pg_config_manual.h.new && \
-   grep '/var/run/postgresql' src/include/pg_config_manual.h.new && \
-   mv src/include/pg_config_manual.h.new src/include/pg_config_manual.h && \
-   gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)" && \
-# explicitly update autoconf config.guess and config.sub so they support more arches/libcs
-   wget --inet4-only -O config/config.guess 'https://git.savannah.gnu.org/cgit/config.git/plain/config.guess?id=7d3d27baf8107b630586c962c057e22149653deb' && \
-   wget --inet4-only -O config/config.sub 'https://git.savannah.gnu.org/cgit/config.git/plain/config.sub?id=7d3d27baf8107b630586c962c057e22149653deb' && \
-   ./configure \
-		--build="$gnuArch" \
-		--enable-integer-datetimes \
-		--enable-thread-safety \
-		--enable-tap-tests \
-		--disable-rpath \
-		--with-uuid=e2fs \
-		--with-gnu-ld \
-		--with-pgport=5432 \
-		--with-system-tzdata=/usr/share/zoneinfo \
-		--prefix=/usr/local \
-		--with-includes=/usr/local/include \
-		--with-libraries=/usr/local/lib \
-		--with-openssl \
-		--with-libxml \
-		--with-libxslt \
-		--with-icu \
-	&& \
-    \
-    make -j "$(nproc)" world && \
-    make install-world && \
-    make -C contrib install && \
-    runDeps="$( \
-		scanelf --needed --nobanner --format '%n#p' --recursive /usr/local \
-			| tr ',' '\n' \
-			| sort -u \
-			| awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
-	)" && \
-	apk add -t .postgres-additional-deps \
-	           $runDeps \
-	           && \
-	\
-### Cleanup
-    apk del .postgres-build-deps && \
-    cd / && \
-    rm -rf \
-	/usr/src/postgresql \
-	/usr/local/share/doc \
-	/usr/local/share/man && \
-    find /usr/local -name '*.a' -delete && \
-    rm -rf /var/cache/apk/* && \
-    \
 ### Dependencies
+RUN source /assets/functions/00-container && \
     set -ex && \
     apk update && \
     apk upgrade && \
@@ -116,7 +20,7 @@ RUN set -ex && \
                bzip2-dev \
                git \
                libarchive-dev \
-               libressl-dev \
+               openssl-dev \
                libffi-dev \
                python3-dev \
                py3-pip \
@@ -131,10 +35,10 @@ RUN set -ex && \
                mariadb-client \
                mariadb-connector-c \
                mongodb-tools \
-               libressl \
+               openssl \
                pigz \
-               #postgresql \
+               postgresql15 \
-               #postgresql-client \
+               postgresql15-client \
                pv \
                py3-cryptography \
                redis \

README.md

@@ -1,7 +1,7 @@
 # github.com/tiredofit/docker-db-backup
 
 [![GitHub release](https://img.shields.io/github/v/tag/tiredofit/docker-db-backup?style=flat-square)](https://github.com/tiredofit/docker-db-backup/releases/latest)
-[![Build Status](https://img.shields.io/github/workflow/status/tiredofit/docker-db-backup/build?style=flat-square)](https://github.com/tiredofit/docker-db-backup/actions?query=workflow%3Abuild)
+[![Build Status](https://img.shields.io/github/actions/workflow/status/tiredofit/docker-db-backup/main.yml?branch=main&style=flat-square)](https://github.com/tiredofit/docker-db-backup/actions)
 [![Docker Stars](https://img.shields.io/docker/stars/tiredofit/db-backup.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/db-backup/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/tiredofit/db-backup.svg?style=flat-square&logo=docker)](https://hub.docker.com/r/tiredofit/db-backup/)
 [![Become a sponsor](https://img.shields.io/badge/sponsor-tiredofit-181717.svg?logo=github&style=flat-square)](https://github.com/sponsors/tiredofit)
@@ -53,6 +53,7 @@ Currently backs up CouchDB, InfluxDB, MySQL, MongoDB, Postgres, Redis servers.
   - [Scheduling Options](#scheduling-options)
   - [Backup Options](#backup-options)
     - [Backing Up to S3 Compatible Services](#backing-up-to-s3-compatible-services)
+    - [Upload to a Azure storage account by `blobxfer`](#upload-to-a-azure-storage-account-by-blobxfer)
 - [Maintenance](#maintenance)
   - [Shell Access](#shell-access)
   - [Manual Backups](#manual-backups)
@@ -79,7 +80,13 @@ Currently backs up CouchDB, InfluxDB, MySQL, MongoDB, Postgres, Redis servers.
 Clone this repository and build the image with `docker build <arguments> (imagename) .`
 
 ### Prebuilt Images
-Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/db-backup) and is the recommended method of installation.
+Builds of the image are available on [Docker Hub](https://hub.docker.com/r/tiredofit/db-backup)
+
+Builds of the image are also available on the [Github Container Registry](https://github.com/tiredofit/docker-db-backup/pkgs/container/docker-db-backup) 
+ 
+```
+docker pull ghcr.io/tiredofit/docker-db-backup:(imagetag)
+``` 
 
 The following image tags are available along with their tagged release based on what's written in the [Changelog](CHANGELOG.md):
 
@@ -88,7 +95,7 @@ The following image tags are available along with their tagged release based on
 | latest      | `:latest` |
 
 ```bash
-docker pull tiredofit/db-backup:(imagetag)
+docker pull docker.io/tiredofdit/db-backup:(imagetag)
 ```
 #### Multi Architecture
 Images are built primarily for `amd64` architecture, and may also include builds for `arm/v7`, `arm64` and others. These variants are all unsupported. Consider [sponsoring](https://github.com/sponsors/tiredofit) my work so that I can work with various hardware. To see if this image supports multiple architecures, type `docker manifest (image):(tag)`
@@ -116,7 +123,7 @@ The following directories are used for configuration and can be mapped for persi
 
 #### Base Images used
 
-This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`, `nano`,`vim`.
+This image relies on an [Alpine Linux](https://hub.docker.com/r/tiredofit/alpine) or [Debian Linux](https://hub.docker.com/r/tiredofit/debian) base image that relies on an [init system](https://github.com/just-containers/s6-overlay) for added capabilities. Outgoing SMTP capabilities are handlded via `msmtp`. Individual container performance monitoring is performed by [zabbix-agent](https://zabbix.org). Additional tools include: `bash`,`curl`,`less`,`logrotate`, `nano`.
 
 Be sure to view the following repositories to understand all the customizable options:
 
@@ -139,7 +146,7 @@ Be sure to view the following repositories to understand all the customizable op
 
 ### Database Specific Options
 | Parameter          | Description                                                                                                                                                                          | Default |
-| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- |
+| ------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------- |
 | `DB_AUTH`          | (Mongo Only - Optional) Authentication Database                                                                                                                                      |         |
 | `DB_TYPE`          | Type of DB Server to backup `couch` `influx` `mysql` `pgsql` `mongo` `redis` `sqlite3`                                                                                               |         |
 | `DB_HOST`          | Server Hostname e.g. `mariadb`. For `sqlite3`, full path to DB file e.g. `/backup/db.sqlite3`                                                                                        |         |
@@ -170,7 +177,7 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 
 ### Backup Options
 | Parameter                      | Description                                                                                                                           | Default                   |
-| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------- | -------------- |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
 | `COMPRESSION`                  | Use either Gzip `GZ`, Bzip2 `BZ`, XZip `XZ`, ZSTD `ZSTD` or none `NONE`                                                               | `ZSTD`                    |
 | `COMPRESSION_LEVEL`            | Numberical value of what level of compression to use, most allow `1` to `9` except for `ZSTD` which allows for `1` to `19` -          | `3`                       |
 | `ENABLE_PARALLEL_COMPRESSION`  | Use multiple cores when compressing backups `TRUE` or `FALSE`                                                                         | `TRUE`                    |
@@ -182,6 +189,12 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 | `MYSQL_MAX_ALLOWED_PACKET`     | Max allowed packet if backing up MySQL / MariaDB                                                                                      | `512M`                    |
 | `MYSQL_SINGLE_TRANSACTION`     | Backup in a single transaction with MySQL / MariaDB                                                                                   | `TRUE`                    |
 | `MYSQL_STORED_PROCEDURES`      | Backup stored procedures with MySQL / MariaDB                                                                                         | `TRUE`                    |
+| `MYSQL_ENABLE_TLS`             | Enable TLS functionality for MySQL client                                                                                             | `FALSE`                   |
+| `MYSQL_TLS_VERIFY`             | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host                                                        | `FALSE`                   |
+| `MYSQL_TLS_VERSION`            | What TLS `v1.1` `v1.2` `v1.3` version to utilize                                                                                      | `TLSv1.1,TLSv1.2,TLSv1.3` |
+| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS  | `/etc/ssl/cert.pem`                          |
+| `MYSQL_TLS_CERT_FILE`          | Filename to load client certificate for connecting via TLS                                                                            |                           |
+| `MYSQL_TLS_KEY_FILE`           | Filename to load client key for connecting via TLS                                                                                    |                           |
 
 - When using compression with MongoDB, only `GZ` compression is possible.
 
@@ -190,10 +203,10 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 If `BACKUP_LOCATION` = `S3` then the following options are used.
 
 | Parameter             | Description                                                                               | Default |
-|-----------------------|------------------------------------------------------------------------------------------|---------|
+| --------------------- | ----------------------------------------------------------------------------------------- | ------- |
 | `S3_BUCKET`           | S3 Bucket name e.g. `mybucket`                                                            |         |
-| `S3_KEY_ID`           | S3 Key ID                                                                                |         |
+| `S3_KEY_ID`           | S3 Key ID (Optional)                                                                      |         |
-| `S3_KEY_SECRET`       | S3 Key Secret                                                                            |         |
+| `S3_KEY_SECRET`       | S3 Key Secret (Optional)                                                                  |         |
 | `S3_PATH`             | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`')                 |         |
 | `S3_REGION`           | Define region in which bucket is defined. Example: `ap-northeast-2`                       |         |
 | `S3_HOST`             | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS.         |         |
@@ -203,6 +216,8 @@ If `BACKUP_LOCATION` = `S3` then the following options are used.
 | _*OR*_                |                                                                                           |         |
 | `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting                                   | `TRUE`  |
 
+- When `S3_KEY_ID` and/or `S3_KEY_SECRET` is not set, will try to use IAM role assigned (if any) for uploading the backup files to S3 bucket.
+
 #### Upload to a Azure storage account by `blobxfer`
 
 Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer) to the Azure fileshare storage.
@@ -211,7 +226,7 @@ Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer
 If `BACKUP_LOCATION` = `blobxfer` then the following options are used.
 
 | Parameter                      | Description                                 | Default             |
-| ------------------------------- | ------------------------------------------------------------------------ | -------------------- |
+| ------------------------------ | ------------------------------------------- | ------------------- |
 | `BLOBXFER_STORAGE_ACCOUNT`     | Microsoft Azure Cloud storage account name. |                     |
 | `BLOBXFER_STORAGE_ACCOUNT_KEY` | Microsoft Azure Cloud storage account key.  |                     |
 | `BLOBXFER_REMOTE_PATH`         | Remote Azure path                           | `/docker-db-backup` |
@@ -231,7 +246,7 @@ docker exec -it (whatever your container name is) bash
 ### Manual Backups
 Manual Backups can be performed by entering the container and typing `backup-now`
 
-- Recently there was a request to have the container work with Kukbernetes cron scheduling. This can theoretically be accomplished by setting the container `MODE=MANUAL` and then setting `MANUAL_RUN_FOREVER=FALSE` - You would also want to disable a few features from the upstream base images specifically `CONTAINER_ENABLE_SCHEDULING` and `CONTAINER_ENABLE_MONITORING`. This should allow the container to start, execute a backup by executing and then exit cleanly. An alternative way to running the script is to execute `/etc/services.available/10-db-backup/run`.
+- Recently there was a request to have the container work with Kubernetes cron scheduling. This can theoretically be accomplished by setting the container `MODE=MANUAL` and then setting `MANUAL_RUN_FOREVER=FALSE` - You would also want to disable a few features from the upstream base images specifically `CONTAINER_ENABLE_SCHEDULING` and `CONTAINER_ENABLE_MONITORING`. This should allow the container to start, execute a backup by executing and then exit cleanly. An alternative way to running the script is to execute `/etc/services.available/10-db-backup/run`.
 
 ### Restoring Databases
 Entering in the container and executing `restore` will execute a menu based script to restore your backups - MariaDB, Postgres, and Mongo supported.
@@ -329,7 +344,7 @@ If for some reason your filesystem or host is not detecting it right, use the en
 These images were built to serve a specific need in a production environment and gradually have had more functionality added based on requests from the community.
 ### Usage
 - The [Discussions board](../../discussions) is a great place for working with the community on tips and tricks of using this image.
-- Consider [sponsoring me](https://github.com/sponsors/tiredofit) personalized support.
+- Consider [sponsoring me](https://github.com/sponsors/tiredofit) for personalized support
 ### Bugfixes
 - Please, submit a [Bug Report](issues/new) if something isn't working as expected. I'll do my best to issue a fix in short order.
 

install/assets/defaults/10-db-backup

@@ -12,9 +12,13 @@ ENABLE_CHECKSUM=${ENABLE_CHECKSUM:-"TRUE"}
 ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
 MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
 MODE=${MODE:-"AUTO"}
+MYSQL_ENABLE_TLS=${MYSQL_ENABLE_TLS:-"FALSE"}
 MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
 MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
 MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
+MYSQL_TLS_CA_FILE=${MYSQL_TLS_CA_FILE:-"/etc/ssl/cert.pem"}
+MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
+MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
 PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}
 S3_CERT_SKIP_VERIFY=${S3_CERT_SKIP_VERIFY:-"TRUE"}
 S3_PROTOCOL=${S3_PROTOCOL:-"https"}

install/assets/functions/10-db-backup

@@ -46,9 +46,28 @@ bootstrap_variables() {
         "mysql" | "mariadb" )
             dbtype=mysql
             DB_PORT=${DB_PORT:-3306}
+            sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
             [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
             [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
-            sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
+            if var_true "${MYSQL_ENABLE_TLS}" ; then
+                if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
+                    mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
+                fi
+
+                if var_true "${TLS_VERIFY}" ; then
+                    mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
+                fi
+
+                if [ -n "${MYSQL_TLS_VERSION}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+                fi
+            fi
         ;;
         "mssql" | "microsoftsql" )
             apkArch="$(apk --print-arch)"; \
@@ -81,10 +100,15 @@ bootstrap_variables() {
         ;;
     esac
 
-    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
+    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
         file_env 'S3_KEY_ID'
         file_env 'S3_KEY_SECRET'
     fi
+
+    if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_FILE}" ] && [ -n "${BLOBXFER_STORAGE_ACCOUNT_KEY_FILE}" ]; then
+        file_env 'BLOBXFER_STORAGE_ACCOUNT_FILE'
+        file_env 'BLOBXFER_STORAGE_ACCOUNT_KEY_FILE'
+    fi
 }
 
 backup_couch() {
@@ -198,7 +222,7 @@ backup_mysql() {
 
     if [ "${DB_NAME,,}" = "all" ] ; then
         print_debug "Preparing to back up everything except for information_schema and _* prefixes"
-        db_names=$(mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema )
+        db_names=$(mysql -h ${DB_HOST} -P $DB_PORT -u$DB_USER ${mysql_tls_args} ${EXTRA_OPTS} --batch -e "SHOW DATABASES;" | grep -v Database | grep -v schema )
         if [ -n "${DB_NAME_EXCLUDE}" ] ; then
             db_names_exclusions=$(echo "${DB_NAME_EXCLUDE}" | tr ',' '\n')
             for db_exclude in ${db_names_exclusions} ; do
@@ -219,7 +243,7 @@ backup_mysql() {
                 compression
                 pre_dbbackup $db
                 print_notice "Dumping MySQL/MariaDB database: '${db}' ${compression_string}"
-                mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${EXTRA_OPTS} --databases $db | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
+                mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} --databases $db | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
                 exit_code=$?
                 check_exit_code $target
                 generate_checksum
@@ -233,7 +257,7 @@ backup_mysql() {
         compression
         pre_dbbackup all
         print_notice "Dumping all MySQL / MariaDB databases: '$(echo ${db_names} | xargs | tr ' ' ',')' ${compression_string}"
-        mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${EXTRA_OPTS} --databases $(echo ${db_names} | xargs) | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
+        mysqldump --max-allowed-packet=${MYSQL_MAX_ALLOWED_PACKET} -h ${DB_HOST} -P ${DB_PORT} -u${DB_USER} ${single_transaction} ${stored_procedures} ${mysql_tls_args} ${EXTRA_OPTS} --databases $(echo ${db_names} | xargs) | $compress_cmd > "${TEMP_LOCATION}"/"${target}"
         exit_code=$?
         check_exit_code $target
         generate_checksum
@@ -397,7 +421,7 @@ check_availability() {
             "mysql" )
                 counter=0
                 export MYSQL_PWD=${DB_PASS}
-                while ! (mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" status > /dev/null 2>&1) ; do
+                while ! (mysqladmin -u"${DB_USER}" -P"${DB_PORT}" -h"${DB_HOST}" ${mysql_tls_args} status > /dev/null 2>&1) ; do
                     sleep 5
                     (( counter+=5 ))
                     print_warn "MySQL/MariaDB Server '${DB_HOST}' is not accessible, retrying.. (${counter} seconds so far)"
@@ -413,8 +437,7 @@ check_availability() {
             ;;
             "pgsql" )
                 counter=0
-                export PGPASSWORD=${DB_PASS}
+                until pg_isready --host=${DB_HOST} --port=${DB_PORT} -q
-                until pg_isready --dbname=${DB_NAME} --host=${DB_HOST} --port=${DB_PORT} --username=${DB_USER} -q
                 do
                     sleep 5
                     (( counter+=5 ))
@@ -465,14 +488,17 @@ cleanup_old_data() {
     if [ -n "${DB_CLEANUP_TIME}" ]; then
         if [ "${master_exit_code}" != 1 ]; then
             case "${BACKUP_LOCATION,,}" in
+                "blobxfer" )
+                    print_info "Cleaning up old backups on filesystem"
+                    mkdir -p "${DB_DUMP_TARGET}"
+                    find "${DB_DUMP_TARGET}"/  -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \;
+                    print_info "Syncing changes via blobxfer"
+                    silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only
+                ;;
                 "file" | "filesystem" )
                     print_info "Cleaning up old backups on filesystem"
                     mkdir -p "${DB_DUMP_TARGET}"
                     find "${DB_DUMP_TARGET}"/  -mmin +"${DB_CLEANUP_TIME}" -iname "*" -exec rm {} \;
-                    if [ "${BACKUP_LOCATION,,}" = "blobxfer" ] ; then
-                        print_info "Syncing changes via blobxfer"
-                        silent blobxfer upload --mode file --remote-path ${BLOBXFER_REMOTE_PATH} --local-path ${DB_DUMP_TARGET} --delete --delete-only
-                    fi
                 ;;
                 "s3" | "minio" )
                     print_info "Cleaning up old backups on S3 storage"
@@ -484,7 +510,7 @@ cleanup_old_data() {
                             s3_filename=$(echo $s3_file | awk {'print $4'})
                             if [ "$s3_filename" != "" ] ; then
                                 print_debug "Deleting $s3_filename"
-                                silent aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}/${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS}
+                                aws ${PARAM_AWS_ENDPOINT_URL} s3 rm s3://${S3_BUCKET}/${S3_PATH}/${s3_filename} ${s3_ssl} ${s3_ca_cert} ${S3_EXTRA_OPTS}
                             fi
                         fi
 
@@ -497,6 +523,7 @@ cleanup_old_data() {
     fi
 }
 
+
 compression() {
    if var_false "${ENABLE_PARALLEL_COMPRESSION}" ; then
        PARALLEL_COMPRESSION_THREADS=1
@@ -564,7 +591,7 @@ compression() {
 
 create_archive() {
     if [ "${exit_code}" = "0" ] ; then
-        print_notice "Creating archive file of '${target_dir}' with tar ${compresion_string}"
+        print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}"
         tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}"
     else
         print_error "Skipping creating archive file because backup did not complete successfully"
@@ -629,8 +656,12 @@ move_dbbackup() {
             ;;
             "s3" | "minio" )
                 print_debug "Moving backup to S3 Bucket"
+                if [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
                     export AWS_ACCESS_KEY_ID=${S3_KEY_ID}
                     export AWS_SECRET_ACCESS_KEY=${S3_KEY_SECRET}
+                else
+                    print_debug "Variable S3_KEY_ID or S3_KEY_SECRET is not set. Please ensure sufficiant IAM role is assigned."
+                fi
                 export AWS_DEFAULT_REGION=${S3_REGION}
                 if [ -f "${S3_CERT_CA_FILE}" ] ; then
                     print_debug "Using Custom CA for S3 Backups"
@@ -786,7 +817,7 @@ sanity_test() {
         ;;
     esac
 
-    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
+    if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
         sanity_var S3_BUCKET "S3 Bucket"
         sanity_var S3_PATH "S3 Path"
         sanity_var S3_REGION "S3 Region"