mirror of
https://github.com/tiredofit/docker-db-backup.git
synced 2025-12-22 13:44:08 +01:00
Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
a90e52091d | ||
|
|
ac58b5cdf6 | ||
|
|
fcbe771793 | ||
|
|
168982ab53 | ||
|
|
e377fcb6ae | ||
|
|
50f27233a9 | ||
|
|
7ccbf23af6 |
21
CHANGELOG.md
21
CHANGELOG.md
@@ -1,3 +1,24 @@
|
|||||||
|
## 3.7.3 2022-12-20 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Make S3_KEY_ID and S3_KEY_SECRET optional should IAM roles be used (Credit to alwynpan@github)
|
||||||
|
|
||||||
|
|
||||||
|
## 3.7.2 2022-12-19 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Bugfix for 3.7.1
|
||||||
|
|
||||||
|
|
||||||
|
## 3.7.1 2022-12-19 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Add MYSQL_ENABLE_TLS environment variable to switch on and off
|
||||||
|
|
||||||
|
### Reverted
|
||||||
|
- Set default for MYSQL_TLS_CA_FILE to accomodate for most use cases
|
||||||
|
|
||||||
|
|
||||||
## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
|
## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|||||||
@@ -183,9 +183,10 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
|
|||||||
| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` |
|
| `MYSQL_MAX_ALLOWED_PACKET` | Max allowed packet if backing up MySQL / MariaDB | `512M` |
|
||||||
| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` |
|
| `MYSQL_SINGLE_TRANSACTION` | Backup in a single transaction with MySQL / MariaDB | `TRUE` |
|
||||||
| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` |
|
| `MYSQL_STORED_PROCEDURES` | Backup stored procedures with MySQL / MariaDB | `TRUE` |
|
||||||
|
| `MYSQL_ENABLE_TLS` | Enable TLS functionality for MySQL client | `FALSE` |
|
||||||
| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` |
|
| `MYSQL_TLS_VERIFY` | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host | `FALSE` |
|
||||||
| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` |
|
| `MYSQL_TLS_VERSION` | What TLS `v1.1` `v1.2` `v1.3` version to utilize | `TLSv1.1,TLSv1.2,TLSv1.3` |
|
||||||
| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS e.g. `/etc/ssl/cert.pem` should suffice for most non self signed setups | |
|
| `MYSQL_TLS_CA_FILE` | Filename to load custom CA certificate for connecting via TLS | `/etc/ssl/cert.pem` |
|
||||||
| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | |
|
| `MYSQL_TLS_CERT_FILE` | Filename to load client certificate for connecting via TLS | |
|
||||||
| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | |
|
| `MYSQL_TLS_KEY_FILE` | Filename to load client key for connecting via TLS | |
|
||||||
|
|
||||||
@@ -198,8 +199,8 @@ If `BACKUP_LOCATION` = `S3` then the following options are used.
|
|||||||
| Parameter | Description | Default |
|
| Parameter | Description | Default |
|
||||||
| --------------------- | ----------------------------------------------------------------------------------------- | ------- |
|
| --------------------- | ----------------------------------------------------------------------------------------- | ------- |
|
||||||
| `S3_BUCKET` | S3 Bucket name e.g. `mybucket` | |
|
| `S3_BUCKET` | S3 Bucket name e.g. `mybucket` | |
|
||||||
| `S3_KEY_ID` | S3 Key ID | |
|
| `S3_KEY_ID` | S3 Key ID (Optional) | |
|
||||||
| `S3_KEY_SECRET` | S3 Key Secret | |
|
| `S3_KEY_SECRET` | S3 Key Secret (Optional) | |
|
||||||
| `S3_PATH` | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`') | |
|
| `S3_PATH` | S3 Pathname to save to (must NOT end in a trailing slash e.g. '`backup`') | |
|
||||||
| `S3_REGION` | Define region in which bucket is defined. Example: `ap-northeast-2` | |
|
| `S3_REGION` | Define region in which bucket is defined. Example: `ap-northeast-2` | |
|
||||||
| `S3_HOST` | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS. | |
|
| `S3_HOST` | Hostname (and port) of S3-compatible service, e.g. `minio:8080`. Defaults to AWS. | |
|
||||||
@@ -209,6 +210,8 @@ If `BACKUP_LOCATION` = `S3` then the following options are used.
|
|||||||
| _*OR*_ | | |
|
| _*OR*_ | | |
|
||||||
| `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting | `TRUE` |
|
| `S3_CERT_SKIP_VERIFY` | Skip verifying self signed certificates when connecting | `TRUE` |
|
||||||
|
|
||||||
|
- When `S3_KEY_ID` and/or `S3_KEY_SECRET` is not set, will try to use IAM role assigned (if any) for uploading the backup files to S3 bucket.
|
||||||
|
|
||||||
#### Upload to a Azure storage account by `blobxfer`
|
#### Upload to a Azure storage account by `blobxfer`
|
||||||
|
|
||||||
Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer) to the Azure fileshare storage.
|
Support to upload backup files with [blobxfer](https://github.com/Azure/blobxfer) to the Azure fileshare storage.
|
||||||
|
|||||||
@@ -12,9 +12,11 @@ ENABLE_CHECKSUM=${ENABLE_CHECKSUM:-"TRUE"}
|
|||||||
ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
|
ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
|
||||||
MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
|
MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
|
||||||
MODE=${MODE:-"AUTO"}
|
MODE=${MODE:-"AUTO"}
|
||||||
|
MYSQL_ENABLE_TLS=${MYSQL_ENABLE_TLS:-"FALSE"}
|
||||||
MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
|
MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
|
||||||
MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
|
MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
|
||||||
MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
|
MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
|
||||||
|
MYSQL_TLS_CA_FILE=${MYSQL_TLS_CA_FILE:-"/etc/ssl/cert.pem"}
|
||||||
MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
|
MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
|
||||||
MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
|
MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
|
||||||
PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}
|
PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}
|
||||||
|
|||||||
@@ -49,25 +49,25 @@ bootstrap_variables() {
|
|||||||
sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
|
sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
|
||||||
[[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
|
[[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
|
||||||
[[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
|
[[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
|
||||||
|
if var_true "${MYSQL_ENABLE_TLS}" ; then
|
||||||
if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
|
if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
|
||||||
mysql_tls=TRUE
|
|
||||||
mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
|
mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
|
||||||
fi
|
fi
|
||||||
if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
|
if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
|
||||||
mysql_tls=TRUE
|
|
||||||
mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
|
mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
|
||||||
fi
|
fi
|
||||||
if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
|
if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
|
||||||
mysql_tls=TRUE
|
|
||||||
mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
|
mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if var_true "${TLS_VERIFY}" ; then
|
if var_true "${TLS_VERIFY}" ; then
|
||||||
mysql_tls=TRUE
|
|
||||||
mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
|
mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
|
||||||
fi
|
fi
|
||||||
if var_true "${mysql_tls}" ; then
|
|
||||||
|
if [ -n "${MYSQL_TLS_VERSION}" ] ; then
|
||||||
mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
|
mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
|
||||||
fi
|
fi
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
"mssql" | "microsoftsql" )
|
"mssql" | "microsoftsql" )
|
||||||
apkArch="$(apk --print-arch)"; \
|
apkArch="$(apk --print-arch)"; \
|
||||||
@@ -100,7 +100,7 @@ bootstrap_variables() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
|
if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
|
||||||
file_env 'S3_KEY_ID'
|
file_env 'S3_KEY_ID'
|
||||||
file_env 'S3_KEY_SECRET'
|
file_env 'S3_KEY_SECRET'
|
||||||
fi
|
fi
|
||||||
@@ -587,7 +587,7 @@ compression() {
|
|||||||
|
|
||||||
create_archive() {
|
create_archive() {
|
||||||
if [ "${exit_code}" = "0" ] ; then
|
if [ "${exit_code}" = "0" ] ; then
|
||||||
print_notice "Creating archive file of '${target_dir}' with tar ${compresion_string}"
|
print_notice "Creating archive file of '${target_dir}' with tar ${compression_string}"
|
||||||
tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}"
|
tar cf - "${TEMP_LOCATION}"/"${target_dir}" | $dir_compress_cmd > "${TEMP_LOCATION}"/"${target_dir}".tar"${extension}"
|
||||||
else
|
else
|
||||||
print_error "Skipping creating archive file because backup did not complete successfully"
|
print_error "Skipping creating archive file because backup did not complete successfully"
|
||||||
@@ -652,8 +652,12 @@ move_dbbackup() {
|
|||||||
;;
|
;;
|
||||||
"s3" | "minio" )
|
"s3" | "minio" )
|
||||||
print_debug "Moving backup to S3 Bucket"
|
print_debug "Moving backup to S3 Bucket"
|
||||||
|
if [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
|
||||||
export AWS_ACCESS_KEY_ID=${S3_KEY_ID}
|
export AWS_ACCESS_KEY_ID=${S3_KEY_ID}
|
||||||
export AWS_SECRET_ACCESS_KEY=${S3_KEY_SECRET}
|
export AWS_SECRET_ACCESS_KEY=${S3_KEY_SECRET}
|
||||||
|
else
|
||||||
|
print_debug "Variable S3_KEY_ID or S3_KEY_SECRET is not set. Please ensure sufficiant IAM role is assigned."
|
||||||
|
fi
|
||||||
export AWS_DEFAULT_REGION=${S3_REGION}
|
export AWS_DEFAULT_REGION=${S3_REGION}
|
||||||
if [ -f "${S3_CERT_CA_FILE}" ] ; then
|
if [ -f "${S3_CERT_CA_FILE}" ] ; then
|
||||||
print_debug "Using Custom CA for S3 Backups"
|
print_debug "Using Custom CA for S3 Backups"
|
||||||
@@ -809,7 +813,7 @@ sanity_test() {
|
|||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] ; then
|
if [ "${BACKUP_LOCATION,,}" = "s3" ] || [ "${BACKUP_LOCATION,,}" = "minio" ] && [ -n "${S3_KEY_ID}" ] && [ -n "${S3_KEY_SECRET}" ]; then
|
||||||
sanity_var S3_BUCKET "S3 Bucket"
|
sanity_var S3_BUCKET "S3 Bucket"
|
||||||
sanity_var S3_PATH "S3 Path"
|
sanity_var S3_PATH "S3 Path"
|
||||||
sanity_var S3_REGION "S3 Region"
|
sanity_var S3_REGION "S3 Region"
|
||||||
@@ -827,6 +831,7 @@ setup_mode() {
|
|||||||
if var_true "${MANUAL_RUN_FOREVER}" ; then
|
if var_true "${MANUAL_RUN_FOREVER}" ; then
|
||||||
mkdir -p /etc/services.d/99-run_forever
|
mkdir -p /etc/services.d/99-run_forever
|
||||||
cat <<EOF > /etc/services.d/99-run_forever/run
|
cat <<EOF > /etc/services.d/99-run_forever/run
|
||||||
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
while true
|
while true
|
||||||
do
|
do
|
||||||
|
|||||||
Reference in New Issue
Block a user