Release 4.0.9 - See CHANGELOG.md

CHANGELOG.md

@@ -1,3 +1,48 @@
+## 4.0.9 2023-11-11 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Fix issue with quotes being wrapped around _PASS variables
+
+
+## 4.0.8 2023-11-11 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Tidy up file_encryption() routines
+      - Change environment variable _ENCRYPT_PUBKEY to _ENCRYPT_PUBLIC_KEY
+      - Add new environment variable _ENCRYPT_PRIVATE_KEY
+
+
+## 4.0.7 2023-11-11 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add seperate permissions for _FILESYSTEM_PATH
+
+   ### Changed
+      - More output and debugging additions
+      - SQLite3 now backs up without running into file permission/access problems
+      - Cleanup old sqlite backups from temp directory
+      - Handle multiple SQLite3 backups concurrently
+
+
+## 4.0.6 2023-11-10 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add additional DEBUG_ statements
+
+   ### Changed
+      - Fix issue with Influx DB not properly detecting the correct version
+
+
+## 4.0.5 2023-11-10 <dave at tiredofit dot ca>
+
+   ### Added
+      - Add undocumented DBBACKUP_USER|GROUP environment variables for troubleshooting permissions
+      - Add more verbosity when using DEBUG_ statements
+
+   ### Changed
+      - Change _FILESYSTEM_PERMISSION to 600 from 700
+
+
 ## 4.0.4 2023-11-09 <dave at tiredofit dot ca>
 
    ### Added

README.md

@@ -214,12 +214,13 @@ If these are set and no other defaults or variables are set explicitly, they wil
 
 Encryption occurs after compression and the encrypted filename will have a `.gpg` suffix
 
-| Variable                     | Description                                 | Default |
-| ---------------------------- | ------------------------------------------- | ------- |
-| `DEFAULT_ENCRYPT`            | Encrypt file after backing up with GPG      | `FALSE` |
-| `DEFAULT_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG         |         |
-| *or*                         |                                             |         |
-| `DEFAULT_ENCRYPT_PUBKEY`     | Path of public key to encrypt file with GPG |         |
+| Variable                      | Description                                  | Default | `_FILE` |
+| ----------------------------- | -------------------------------------------- | ------- | ------- |
+| `DEFAULT_ENCRYPT`             | Encrypt file after backing up with GPG       | `FALSE` |         |
+| `DEFAULT_ENCRYPT_PASSPHRASE`  | Passphrase to encrypt file with GPG          |         | x       |
+| *or*                          |                                              |         |         |
+| `DEFAULT_ENCRYPT_PUBLIC_KEY`  | Path of public key to encrypt file with GPG  |         | x       |
+| `DEFAULT_ENCRYPT_PRIVATE_KEY` | Path of private key to encrypt file with GPG |         | x       |
 
 ##### Scheduling Options
 
@@ -323,11 +324,12 @@ Options that are related to the value of `DEFAULT_BACKUP_LOCATION`
 If `DEFAULT_BACKUP_LOCTION` = `FILESYSTEM` then the following options are used:
 
 | Variable                             | Description                                                                                           | Default                               |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------------------------- |
+| ------------------------------------ | ----------------------------------------------------------------------------------------------------- | ------------------------------------- |
 | `DEFAULT_CREATE_LATEST_SYMLINK`      | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE`                                |
 | `DEFAULT_FILESYSTEM_PATH`            | Directory where the database dumps are kept.                                                          | `/backup`                             |
+| `DEFAULT_FILESYSTEM_PATH_PERMISSION` | Permissions to apply to backup directory                                                              | `700`                                 |
 | `DEFAULT_FILESYSTEM_ARCHIVE_PATH`    | Optional Directory where the database dumps archives are kept                                         | `${DEFAULT_FILESYSTEM_PATH}/archive/` |
-| `DEFAULT_FILESYSTEM_PERMISSION`   | Directory and File permissions to apply to files.                                                     | `700`                                 |
+| `DEFAULT_FILESYSTEM_PERMISSION`      | Permissions to apply to files.                                                                        | `600`                                 |
 
 ###### S3
 
@@ -475,12 +477,14 @@ Otherwise, override them per backup job. Additional backup jobs can be scheduled
 
 Encryption will occur after compression and the resulting filename will have a `.gpg` suffix
 
-| Variable                  | Description                                 | Default |
-| ------------------------- | ------------------------------------------- | ------- |
-| `DB01_ENCRYPT`            | Encrypt file after backing up with GPG      | `FALSE` |
-| `DB01_ENCRYPT_PASSPHRASE` | Passphrase to encrypt file with GPG         |         |
-| *or*                      |                                             |         |
-| `DB01_ENCRYPT_PUBKEY`     | Path of public key to encrypt file with GPG |         |
+
+| Variable                   | Description                                  | Default | `_FILE` |
+| -------------------------- | -------------------------------------------- | ------- | ------- |
+| `DB01_ENCRYPT`             | Encrypt file after backing up with GPG       | `FALSE` |         |
+| `DB01_ENCRYPT_PASSPHRASE`  | Passphrase to encrypt file with GPG          |         | x       |
+| *or*                       |                                              |         |         |
+| `DB01_ENCRYPT_PUBLIC_KEY`  | Path of public key to encrypt file with GPG  |         | x       |
+| `DB01_ENCRYPT_PRIVATE_KEY` | Path of private key to encrypt file with GPG |         | x       |
 
 ##### Scheduling Options
 
@@ -598,11 +602,12 @@ Options that are related to the value of `DB01_BACKUP_LOCATION`
 If `DB01_BACKUP_LOCTION` = `FILESYSTEM` then the following options are used:
 
 | Variable                          | Description                                                                                           | Default                           |
-| ------------------------------ | ----------------------------------------------------------------------------------------------------- | --------------------------------- |
+| --------------------------------- | ----------------------------------------------------------------------------------------------------- | --------------------------------- |
 | `DB01_CREATE_LATEST_SYMLINK`      | Create a symbolic link pointing to last backup in this format: `latest-(DB_TYPE)-(DB_NAME)-(DB_HOST)` | `TRUE`                            |
 | `DB01_FILESYSTEM_PATH`            | Directory where the database dumps are kept.                                                          | `/backup`                         |
+| `DB01_FILESYSTEM_PATH_PERMISSION` | Permissions to apply to backup directory                                                              | `700`                             |
 | `DB01_FILESYSTEM_ARCHIVE_PATH`    | Optional Directory where the database dumps archives are kept                                         | `${DB01_FILESYSTEM_PATH/archive/` |
-| `DB01_FILESYSTEM_PERMISSION`   | Directory and File permissions to apply to files.                                                     | `700`                             |
+| `DB01_FILESYSTEM_PERMISSION`      | Directory and File permissions to apply to files.                                                     | `600`                             |
 
 ###### S3
 

install/assets/dbbackup/template-dbbackup/run

@@ -8,8 +8,11 @@ source /assets/functions/10-db-backup
 source /assets/defaults/10-db-backup
 bootstrap_variables backup_init {{BACKUP_NUMBER}}
 bootstrap_variables parse_variables {{BACKUP_NUMBER}}
-PROCESS_NAME="{{BACKUP_NUMBER}}-${backup_job_db_host}__${backup_job_db_name}"
-
+if [ -z "${backup_job_db_name}" ]; then
+    PROCESS_NAME="{{BACKUP_NUMBER}}${backup_job_db_host//\//_}"
+else
+    PROCESS_NAME="{{BACKUP_NUMBER}}-${backup_job_db_host//\//_}__${backup_job_db_name}"
+fi
 
 trap ctrl_c INT
 

install/assets/defaults/10-db-backup

@@ -1,6 +1,8 @@
 #!/command/with-contenv bash
 
 BACKUP_JOB_CONCURRENCY=${BACKUP_JOB_CONCURRENCY:-"1"}
+DBBACKUP_USER=${DBBACKUP_USER:-"dbbackup"}
+DBBACKUP_GROUP=${DBBACKUP_GROUP:-"${DBBACKUP_USER}"} # Must go after DBBACKUP_USER
 DEFAULT_BACKUP_BEGIN=${DEFAULT_BACKUP_BEGIN:-+0}
 DEFAULT_BACKUP_INTERVAL=${DEFAULT_BACKUP_INTERVAL:-1440}
 DEFAULT_BACKUP_INTERVAL=${DEFAULT_BACKUP_INTERVAL:-1440}
@@ -13,7 +15,8 @@ DEFAULT_CREATE_LATEST_SYMLINK=${DEFAULT_CREATE_LATEST_SYMLINK:-"TRUE"}
 DEFAULT_ENABLE_PARALLEL_COMPRESSION=${DEFAULT_ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
 DEFAULT_ENCRYPT=${DEFAULT_ENCRYPT:-"FALSE"}
 DEFAULT_FILESYSTEM_PATH=${DEFAULT_FILESYSTEM_PATH:-"/backup"}
-DEFAULT_FILESYSTEM_PERMISSION=${DEFAULT_FILESYSTEM_PERMISSION:-"700"}
+DEFAULT_FILESYSTEM_PATH_PERMISSION=${DEFAULT_FILESYSTEM_PATH_PERMISSION:-"700"}
+DEFAULT_FILESYSTEM_PERMISSION=${DEFAULT_FILESYSTEM_PERMISSION:-"600"}
 DEFAULT_FILESYSTEM_ARCHIVE_PATH=${DEFAULT_FILESYSTEM_ARCHIVE_PATH:-"${DEFAULT_FILESYSTEM_PATH}/archive/"}
 DEFAULT_LOG_LEVEL=${DEFAULT_LOG_LEVEL:-"notice"}
 DEFAULT_MYSQL_ENABLE_TLS=${DEFAULT_MYSQL_ENABLE_TLS:-"FALSE"}

install/assets/functions/10-db-backup

@@ -5,26 +5,26 @@ bootstrap_filesystem() {
     if [ ! -d "${backup_job_filesystem_path}" ]; then
         mkdir -p "${backup_job_filesystem_path}"
     fi
-    if [ "$(stat -c %U "${backup_job_filesystem_path}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${backup_job_filesystem_path}" ; fi
-    if [ "$(stat -c %a "${backup_job_filesystem_path}")" != "${backup_job_filesystem_permission}" ] ; then chmod -R "${backup_job_filesystem_permission}" "${backup_job_filesystem_path}" ; fi
+    if [ "$(stat -c %U "${backup_job_filesystem_path}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${backup_job_filesystem_path}" ; fi
+    if [ "$(stat -c %a "${backup_job_filesystem_path}")" != "${backup_job_filesystem_path_permission}" ] ; then chmod "${backup_job_filesystem_path_permission}" "${backup_job_filesystem_path}" ; fi
 
     if [ -d "${backup_job_filesystem_archive_path}" ]; then
-        if [ "$(stat -c %U "${backup_job_filesystem_archive_path}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${backup_job_filesystem_archive_path}" ; fi
-        if [ "$(stat -c %a "${backup_job_filesystem_archive_path}")" != "${backup_job_filesystem_permission}" ] ; then chmod -R "${backup_job_filesystem_permission}" "${backup_job_filesystem_archive_path}" ; fi
+        if [ "$(stat -c %U "${backup_job_filesystem_archive_path}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${backup_job_filesystem_archive_path}" ; fi
+        if [ "$(stat -c %a "${backup_job_filesystem_archive_path}")" != "${backup_job_filesystem_path_permission}" ] ; then chmod "${backup_job_filesystem_path_permission}" "${backup_job_filesystem_archive_path}" ; fi
     fi
 
     if [ ! -d "${LOG_PATH}" ]; then
         mkdir -p "${LOG_PATH}"
     fi
 
-    if [ "$(stat -c %U "${LOG_PATH}")" != "dbbackup" ] ; then chown dbbackup:dbbackup "${LOG_PATH}" ; fi
+    if [ "$(stat -c %U "${LOG_PATH}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${LOG_PATH}" ; fi
     if [ ! -d "${LOG_PATH}"/"$(date +'%Y%m%d')" ]; then run_as_user mkdir -p "${LOG_PATH}"/"$(date +'%Y%m%d')"; fi
     if [ "$(stat -c %a "${LOG_PATH}")" != "755" ] ; then chmod -R 755 "${LOG_PATH}" ; fi
 
     if [ ! -d "${TEMP_PATH}" ]; then
         mkdir -p "${TEMP_PATH}"
     fi
-    if [ "$(stat -c %U "${TEMP_PATH}")" != "dbbackup" ] ; then chown -R dbbackup:dbbackup "${TEMP_PATH}" ; fi
+    if [ "$(stat -c %U "${TEMP_PATH}")" != "${DBBACKUP_USER}" ] ; then chown -R "${DBBACKUP_USER}":"${DBBACKUP_GROUP}" "${TEMP_PATH}" ; fi
     if var_true "${DEBUG_BOOTSTRAP_FILESYSTEM}" ; then debug off; fi
 }
 
@@ -48,7 +48,8 @@ bootstrap_variables() {
                             DEFAULT_USER \
                             DEFAULT_PASS \
                             DEFAULT_ENCRYPT_PASSPHRASE \
-                            DEFAULT_ENCRYPT_PUBKEY \
+                            DEFAULT_ENCRYPT_PUBLIC_KEY \
+                            DEFAULT_ENCRYPT_PRIVATE_KEY \
                             DEFAULT_MONGO_CUSTOM_URI \
                             DEFAULT_MYSQL_TLS_CA_FILE \
                             DEFAULT_MYSQL_TLS_CERT_FILE \
@@ -74,7 +75,8 @@ bootstrap_variables() {
                             DB"${backup_instance_number}"_USER \
                             DB"${backup_instance_number}"_PASS \
                             DB"${backup_instance_number}"_ENCRYPT_PASSPHRASE \
-                            DB"${backup_instance_number}"_ENCRYPT_PUBKEY \
+                            DB"${backup_instance_number}"_ENCRYPT_PUBLIC_KEY \
+                            DB"${backup_instance_number}"_ENCRYPT_PRIVATE_KEY \
                             DB"${backup_instance_number}"_MONGO_CUSTOM_URI \
                             DB"${backup_instance_number}"_MYSQL_TLS_CA_FILE \
                             DB"${backup_instance_number}"_MYSQL_TLS_CERT_FILE \
@@ -151,6 +153,11 @@ bootstrap_variables() {
         fi
         ##
 
+        if grep -qo ".*_PASS='.*'" "${backup_instance_vars}"; then
+            print_debug "[bootstrap_variables] [backup_init] Found _PASS variable with quotes"
+            sed -i "s|_PASS='\(.*\)'|_PASS=\1|g" "${backup_instance_vars}"
+        fi
+
         transform_backup_instance_variable() {
             if grep -q "^DB${1}_${2}=" "${backup_instance_vars}" && [ "$(grep "^DB${1}_${2}=" "${backup_instance_vars}" | cut -d = -f2)" != "unset" ]; then
                 export "$3"="$(grep "^DB${1}_${2}=" "${backup_instance_vars}" | cut -d = -f2)"
@@ -185,12 +192,14 @@ bootstrap_variables() {
         transform_backup_instance_variable "${backup_instance_number}" ENABLE_PARALLEL_COMPRESSION backup_job_parallel_compression
         transform_backup_instance_variable "${backup_instance_number}" ENCRYPT backup_job_encrypt
         transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PASSPHRASE backup_job_encrypt_passphrase
-        transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PUBKEY backup_job_encrypt_pubkey
+        transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PRIVATE_KEY backup_job_encrypt_private_key
+        transform_backup_instance_variable "${backup_instance_number}" ENCRYPT_PUBLIC_KEY backup_job_encrypt_public_key
         transform_backup_instance_variable "${backup_instance_number}" EXTRA_DUMP_OPTS backup_job_extra_dump_opts
         transform_backup_instance_variable "${backup_instance_number}" EXTRA_ENUMERATION_OPTS backup_job_extra_enumeration_opts
         transform_backup_instance_variable "${backup_instance_number}" EXTRA_OPTS backup_job_extra_opts
         transform_backup_instance_variable "${backup_instance_number}" FILESYSTEM_ARCHIVE_PATH backup_job_filesystem_archive_path
         transform_backup_instance_variable "${backup_instance_number}" FILESYSTEM_PATH backup_job_filesystem_path
+        transform_backup_instance_variable "${backup_instance_number}" FILESYSTEM_PATH_PERMISSION backup_job_filesystem_path_permission
         transform_backup_instance_variable "${backup_instance_number}" FILESYSTEM_PERMISSION backup_job_filesystem_permission
         transform_backup_instance_variable "${backup_instance_number}" GZ_RSYNCABLE backup_job_gz_rsyncable
         transform_backup_instance_variable "${backup_instance_number}" HOST backup_job_db_host
@@ -237,6 +246,14 @@ bootstrap_variables() {
         transform_backup_instance_variable "${backup_instance_number}" USER backup_job_db_user
 
         backup_job_backup_begin=$(echo "${backup_job_backup_begin}" | sed -e "s|'||g" -e 's|"||g')
+        if var_true "${DEBUG_BACKUP_INSTANCE_VARIABLE}" ; then cat <<EOF
+## BEGIN Variable Dump $(TZ=${TIMEZONE} date)
+
+$(cat ${backup_instance_vars})
+
+## END
+EOF
+        fi
         rm -rf "${backup_instance_vars}"
     }
 
@@ -315,7 +332,7 @@ bootstrap_variables() {
             ## Check is Variable is Defined
             ## Usage: check_var transformed_varname real_varname "Description"
             output_off
-            print_debug "Looking for existence of $2 environment variable"
+            print_debug "[parse_variables] Looking for existence of $2 environment variable"
             if [ ! -v "$1" ]; then
                 print_error "No '$3' Entered! - Set '\$$2' environment variable - Halting Backup Number ${v_instance}"
                 s6-svc -d /var/run/s6/legacy-services/dbbackup-"${v_instance}"
@@ -451,12 +468,7 @@ backup_couch() {
     prepare_dbbackup
     backup_job_filename=couch_${backup_job_db_name}_${backup_job_db_host#*//}_${now}.txt
     backup_job_filename_base=couch_${backup_job_db_name}_${backup_job_db_host#*//}
-    compression
-    pre_dbbackup ${backup_job_db_name}
-    write_log notice "Dumping CouchDB database: '${backup_job_db_name}' ${compression_string}"
-    if var_true "${DEBUG_BACKUP_COUCH}" ; then debug on; fi
-    run_as_user curl -sSL -X GET ${backup_job_db_host}:${backup_job_db_port}/${backup_job_db_name}/_all_docs?include_docs=true | ${compress_cmd} | run_as_user tee "${TEMP_PATH}"/"${backup_job_filename}" > /dev/null
-    exit_code=$?
+    compressionzyclonite
     if var_true "${DEBUG_BACKUP_COUCH}" ; then debug off; fi
     check_exit_code backup "${backup_job_filename}"
     timer backup finish
@@ -468,20 +480,25 @@ backup_couch() {
 }
 
 backup_influx() {
+     if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug on; fi
     if [ "${backup_job_db_name,,}" = "all" ] ; then
-        write_log debug "Preparing to back up everything"
+        write_log debug "[backup_influx] Preparing to back up everything"
         db_names=justbackupeverything
     else
         db_names=$(echo "${backup_job_db_name}" | tr ',' '\n')
     fi
+    if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug off; fi
 
-    case "${backup_job_db_influx_version,,}" in
+    case "${backup_job_influx_version,,}" in
         1 )
+            print_debug "[backup_influx] Influx DB Version 1 selected"
             for db in ${db_names}; do
                 prepare_dbbackup
+                 if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug on; fi
                 if [ "${db}" != "justbackupeverything" ] ; then bucket="-db ${db}" ; else db=all ; fi
                 backup_job_filename=influx_${db}_${backup_job_db_host#*//}_${now}
                 backup_job_filename_base=influx_${db}_${backup_job_db_host#*//}
+                 if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug off; fi
                 compression
                 pre_dbbackup "${db}"
                 write_log notice "Dumping Influx database: '${db}'"
@@ -503,9 +520,12 @@ backup_influx() {
             done
         ;;
         2 )
+            print_debug "[backup_influx] Influx DB Version 2 selected"
             for db in ${db_names}; do
                 prepare_dbbackup
+                if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug on; fi
                 if [ "${db}" != "justbackupeverything" ] ; then bucket="--bucket $db" ; else db=all ; fi
+                 if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug off; fi
                 backup_job_filename=influx2_${db}_${backup_job_db_host#*//}_${now}
                 backup_job_filename_base=influx2_${db}_${backup_job_db_host#*//}
                 compression
@@ -515,10 +535,10 @@ backup_influx() {
                 run_as_user influx backup --org ${backup_job_db_user} ${bucket} --host ${backup_job_db_host}:${backup_job_db_port} --token ${backup_job_db_pass} ${backup_job_extra_opts} ${backup_job_extra_dump_opts} --compression none "${TEMP_PATH}"/"${backup_job_filename_dir}"
                 exit_code=$?
                 check_exit_code backup "${backup_job_filename_dir}"
+                if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug off; fi
                 create_archive
                 backup_job_filename=influx2_${db}_${backup_job_db_host#*//}_${now}.tar${extension}
                 backup_job_filename_base=influx2_${db}_${backup_job_db_host#*//}
-                if var_true "${DEBUG_BACKUP_INFLUX}" ; then debug off; fi
                 timer backup finish
                 file_encryption
                 generate_checksum
@@ -532,6 +552,7 @@ backup_influx() {
 
 backup_mongo() {
     prepare_dbbackup
+    if var_true "${DEBUG_BACKUP_MONGO}" ; then debug on; fi
     if [ "${backup_job_compression,,}" = "none" ] ; then
         backup_job_filename=${dbtype}_${backup_job_db_name,,}_${backup_job_db_host,,}_${now}.archive
         backup_job_filename_base=${dbtype}_${backup_job_db_name,,}_${backup_job_db_host,,}
@@ -546,6 +567,7 @@ backup_mongo() {
     else
         mongo_backup_parameter="--host ${backup_job_db_host} --port ${backup_job_db_port} ${MONGO_USER_STR}${MONGO_PASS_STR}${MONGO_AUTH_STR}${MONGO_DB_STR} ${backup_job_extra_opts} ${backup_job_extra_dump_opts}"
     fi
+    if var_true "${DEBUG_BACKUP_MONGO}" ; then debug off; fi
     pre_dbbackup "${backup_job_db_name}"
     write_log notice "Dumping MongoDB database: '${DB_NAME}' ${compression_string}"
     if var_true "${DEBUG_BACKUP_MONGO}" ; then debug on; fi
@@ -577,8 +599,10 @@ backup_mssql() {
             backup_job_filename_original=${backup_job_filename}
             compression
             pre_dbbackup all
+            if var_true "${DEBUG_BACKUP_MSSQL}" ; then debug on; fi
             run_as_user ${compress_cmd} "${TEMP_PATH}/${backup_job_filename_original}"
             check_exit_code backup "${backup_job_filename}"
+            if var_true "${DEBUG_BACKUP_MSSQL}" ; then debug off; fi
             timer backup finish
             file_encryption
             generate_checksum
@@ -612,7 +636,7 @@ backup_mssql() {
 }
 
 backup_mysql() {
-
+    if var_true "${DEBUG_BACKUP_MYSQL}" ; then debug on; fi
     if var_true "${backup_job_mysql_events}" ; then
         events="--events"
     fi
@@ -636,7 +660,7 @@ backup_mysql() {
     else
         db_names=$(echo "${backup_job_db_name}" | tr ',' '\n')
     fi
-
+    if var_true "${DEBUG_BACKUP_MYSQL}" ; then debug off; fi
     write_log debug "Databases Found: $(echo ${db_names} | xargs | tr ' ' ',')"
 
     if var_true "${backup_job_split_db}" ; then
@@ -701,6 +725,7 @@ backup_pgsql() {
         post_dbbackup "globals"
     }
 
+    if var_true "${DEBUG_BACKUP_PGSQL}" ; then debug on; fi
     export PGPASSWORD=${backup_job_db_pass}
     if [ -n "${backup_job_db_auth}" ] ; then
         authdb=${backup_job_db_auth}
@@ -724,7 +749,7 @@ backup_pgsql() {
     fi
 
     if var_false "${_postgres_backup_globals}" && var_true "${backup_job_backup_pgsql_globals}" ; then _postgres_backup_globals=true; fi
-
+    if var_true "${DEBUG_BACKUP_PGSQL}" ; then debug off; fi
     write_log debug "Databases Found: $(echo ${db_names} | xargs | tr ' ' ',')"
 
     if var_true "${backup_job_split_db}" ; then
@@ -756,6 +781,7 @@ backup_pgsql() {
         compression
         pre_dbbackup all
         write_log notice "Dumping all PostgreSQL databases: '$(echo ${db_names} | xargs | tr ' ' ',')' ${compression_string}"
+        if var_true "${DEBUG_BACKUP_PGSQL}" ; then debug on; fi
         tmp_db_names=$(run_as_user psql -h ${backup_job_db_host} -p ${backup_job_db_port} -U ${backup_job_db_user} -d ${authdb} -c 'COPY (SELECT datname FROM pg_database WHERE datistemplate = false) TO STDOUT;' )
         for r_db_name in $(echo $db_names | xargs); do
             tmp_db_names=$(echo "$tmp_db_names" | xargs | sed "s|${r_db_name}||g"  )
@@ -764,7 +790,6 @@ backup_pgsql() {
         for x_db_name in ${tmp_db_names} ; do
             pgexclude_arg=$(echo ${pgexclude_arg} --exclude-database=${x_db_name})
         done
-        if var_true "${DEBUG_BACKUP_PGSQL}" ; then debug on; fi
         run_as_user ${play_fair} pg_dumpall -h ${backup_job_db_host} -p ${backup_job_db_port} -U ${backup_job_db_user} ${pgexclude_arg} ${backup_job_extra_opts} ${backup_job_extra_dump_opts} | ${compress_cmd} | run_as_user tee "${TEMP_PATH}"/"${backup_job_filename}" > /dev/null
         exit_code=$?
         if var_true "${DEBUG_BACKUP_PGSQL}" ; then debug off; fi
@@ -801,11 +826,13 @@ backup_redis() {
         sleep 5
     done
     backup_job_filename_original=${backup_job_filename}
+    if var_true "${DEBUG_BACKUP_REDIS}" ; then debug off; fi
     compression
     pre_dbbackup all
-    run_as_user ${compress_cmd} "${TEMP_PATH}/${backup_job_filename_original}"
-    timer backup finish
     if var_true "${DEBUG_BACKUP_REDIS}" ; then debug on; fi
+    run_as_user ${compress_cmd} "${TEMP_PATH}/${backup_job_filename_original}"
+    if var_true "${DEBUG_BACKUP_REDIS}" ; then debug off; fi
+    timer backup finish
     check_exit_code backup "${backup_job_filename}"
     file_encryption
     generate_checksum
@@ -820,16 +847,21 @@ backup_sqlite3() {
     db="${db%.*}"
     backup_job_filename=sqlite3_${db}_${now}.sqlite3
     backup_job_filename_base=sqlite3_${db}.sqlite3
-    compression
     pre_dbbackup "${db}"
     write_log notice "Dumping sqlite3 database: '${backup_job_db_host}' ${compression_string}"
     if var_true "${DEBUG_BACKUP_SQLITE3}" ; then debug on; fi
-    silent run_as_user ${play_fair} sqlite3 "${backup_job_db_host}" ".backup '${TEMP_PATH}/backup.sqlite3'"
+    silent ${play_fair} sqlite3 "${backup_job_db_host}" ".backup '${TEMP_PATH}/backup_${now}.sqlite3'"
     exit_code=$?
     check_exit_code backup "${backup_job_filename}"
-    run_as_user ${play_fair} cat "${TEMP_PATH}"/backup.sqlite3 | ${dir_compress_cmd} | run_as_user tee "${TEMP_PATH}/${backup_job_filename}" > /dev/null
-    timer backup finish
+    if [ ! -f "${TEMP_PATH}"/backup_${now}.sqlite3 ] ; then
+        print_error "SQLite3 backup failed! Exitting"
+        return 1
+    fi
+    compression
+    run_as_user ${play_fair} cat "${TEMP_PATH}"/backup_${now}.sqlite3 | ${dir_compress_cmd} | run_as_user tee "${TEMP_PATH}/${backup_job_filename}" > /dev/null
+    rm -rf "${TEMP_PATH}"/backup_${now}.sqlite3
     if var_true "${DEBUG_BACKUP_SQLITE3}" ; then debug off; fi
+    timer backup finish
     file_encryption
     generate_checksum
     move_dbbackup
@@ -1036,6 +1068,7 @@ compression() {
 
     case "${backup_job_compression,,}" in
         bz* )
+            print_debug "[compression] Selected BZIP"
             compress_cmd="${play_fair} pbzip2 -q -${backup_job_compression_level} -p${backup_job_parallel_compression_threads} "
             compression_type="bzip2"
             dir_compress_cmd=${compress_cmd}
@@ -1044,6 +1077,7 @@ compression() {
             backup_job_filename=${backup_job_filename}.bz2
         ;;
         gz* )
+            print_debug "[compression] Selected GZIP"
             compress_cmd="${play_fair} pigz -q -${backup_job_compression_level} -p ${backup_job_parallel_compression_threads} ${gz_rsyncable}"
             compression_type="gzip"
             extension=".gz"
@@ -1052,6 +1086,7 @@ compression() {
             backup_job_filename=${backup_job_filename}.gz
         ;;
         xz* )
+            print_debug "[compression] Selected XZIP"
             compress_cmd="${play_fair} pixz -${backup_job_compression_level} -p ${backup_job_parallel_compression_threads} "
             compression_type="xzip"
             dir_compress_cmd=${compress_cmd}
@@ -1060,6 +1095,7 @@ compression() {
             backup_job_filename=${backup_job_filename}.xz
         ;;
         zst* )
+            print_debug "[compression] Selected ZSTD"
             compress_cmd="${play_fair} zstd -q -q --rm -${backup_job_compression_level} -T${backup_job_parallel_compression_threads} ${gz_rsyncable}"
             compression_type="zstd"
             dir_compress_cmd=${compress_cmd}
@@ -1108,9 +1144,10 @@ create_schedulers() {
     backup() {
         bootstrap_variables upgrade BACKUP
         local backup_instances=$(printenv | sort | grep -c "^DB[0-9]._HOST")
+        print_debug "[create_schedulers] Found '${backup_instances}' DB_HOST instances"
         if [ -n "${DB_HOST}" ] && [ "${backup_instances}" ]; then
           backup_instances=1;
-          print_debug "Detected using old DB_ variables"
+          print_debug "[create_schedulers] Detected using old DB_ variables"
         fi
 
         for (( instance = 01; instance <= backup_instances; )) ; do
@@ -1151,7 +1188,7 @@ EOF
 }
 
 ctrl_c() {
-    sed -i "/^{{BACKUP_NUMBER}}/d" /tmp/.container/db-backup-backups
+    sed -i "/^${backup_instance_number}/d" /tmp/.container/db-backup-backups
     symlink_log
     print_warn "User aborted"
     exit
@@ -1166,7 +1203,11 @@ db_backup_container_init() {
 debug() {
     case "${1}" in
         off)
+            backup_job_log_level=$_original_job_log_level}
+            CONTAINER_LOG_LEVEL=${_original_container_log_level}
             DEBUG_MODE=${_original_debug_mode}
+            SHOW_OUTPUT=${_original_show_output}
+
             if var_true "${DEBUG_MODE}" ; then
                 set -x
             else
@@ -1174,9 +1215,25 @@ debug() {
             fi
         ;;
         on)
+            if [ -z "${_original_container_log_level}" ]; then
+                _original_container_log_level="${CONTAINER_LOG_LEVEL}"
+            fi
+            if [ -z "${_original_job_log_level}" ]; then
+                _original_job_log_level="${backup_job_log_level}"
+            fi
+
             if [ -z "${_original_debug_mode}" ]; then
                 _original_debug_mode="${DEBUG_MODE}"
             fi
+            if [ -z "${_original_show_output}" ]; then
+                _original_show_output="${SHOW_OUTPUT}"
+                if ! [[ "${_original_show_output,,}" =~ true|false ]]; then
+                    __original_show_output="FALSE"
+                fi
+            fi
+            backup_job_log_level=DEBUG
+            CONTAINER_LOG_LEVEL=DEBUG
+            SHOW_OUTPUT=TRUE
             set -x
         ;;
     esac
@@ -1186,27 +1243,33 @@ file_encryption() {
     if var_true "${DEBUG_FILE_ENCRYPTION}" ; then debug on; fi
     if var_true "${backup_job_encrypt}" ; then
         if [ "${exit_code}" = "0" ] ; then
-            print_debug "Encrypting"
+            print_debug "[file_encryption] Encrypting"
             output_off
-            if [ -n "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_pubkey}" ]; then
+            if [ -n "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_public_key}" ]; then
                 print_error "Can't encrypt as both ENCRYPT_PASSPHRASE and ENCRYPT_PUBKEY exist!"
                 return
-            elif [ -n "${backup_job_encrypt_passphrase}" ] && [ -z "${backup_job_encrypt_pubkey}" ]; then
+            elif [ -n "${backup_job_encrypt_passphrase}" ] && [ -z "${backup_job_encrypt_public_key}" ]; then
                 print_notice "Encrypting with GPG Passphrase"
                 encrypt_routines_start_time=$(date +'%s')
                 encrypt_tmp_dir=$(run_as_user mktemp -d)
                 echo "${backup_job_encrypt_passphrase}" | silent run_as_user ${play_fair} gpg --batch --home ${encrypt_tmp_dir} --yes --passphrase-fd 0 -c "${TEMP_PATH}"/"${backup_job_filename}"
                 rm -rf "${encrypt_tmp_dir}"
-            elif [ -z "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_pubkey}" ]; then
-                if [ -f "${backup_job_encrypt_pubkey}" ]; then
+            elif [ -z "${backup_job_encrypt_passphrase}" ] && [ -n "${backup_job_encrypt_public_key}" ] && [ -n "${backup_job_encrypt_private_key}" ]; then
+                if [ -f "${backup_job_encrypt_private_key}" ]; then
                     encrypt_routines_start_time=$(date +'%s')
-                    print_notice "Encrypting with GPG Public Key"
+                    print_notice "Encrypting with GPG Private Key"
                     encrypt_tmp_dir=$(run_as_user mktemp -d)
-                    silent run_as_user ${play_fair} gpg --batch --yes --home "${encrypt_tmp_dir}" --recipient-file "${backup_job_encrypt_pubkey}" -c "${TEMP_PATH}"/"${backup_job_filename}"
+                    cat "${backup_job_encrypt_private_key}" | run_as_user tee "${encrypt_tmp_dir}"/private_key.asc > /dev/null
+                    print_debug "[file_encryption] [key] Importing Private Key"
+                    silent run_as_user gpg --home ${encrypt_tmp_dir} --batch --import "${encrypt_tmp_dir}"/private_key.asc
+                    print_debug "[file_encryption] [key] Encrypting to Public Key"
+                    cat "${backup_job_encrypt_public_key}" | run_as_user tee "${encrypt_tmp_dir}"/public_key.asc > /dev/null
+                    silent run_as_user ${play_fair} gpg --batch --yes --home "${encrypt_tmp_dir}" --encrypt --recipient-file "${encrypt_tmp_dir}"/public_key.asc "${TEMP_PATH}"/"${backup_job_filename}"
                     rm -rf "${encrypt_tmp_dir}"
                 fi
             fi
             if [ -f "${TEMP_PATH}"/"${backup_job_filename}".gpg ]; then
+                print_debug "[file_encryption] Deleting original file"
                 rm -rf "${TEMP_PATH:?}"/"${backup_job_filename:?}"
                 backup_job_filename="${backup_job_filename}.gpg"
 
@@ -1216,6 +1279,9 @@ file_encryption() {
 - dbbackup.backup.encrypt.duration.[${backup_job_db_host}.${backup_job_db_name}] ${encrypt_routines_total_time}
 EOF
                 )
+            else
+                print_error "Encryption failed! Could not detect encrypted file"
+                return 99
             fi
         else
             write_log error "Skipping encryption because backup did not complete successfully"
@@ -1382,23 +1448,23 @@ EOF
         for notification_type in $notification_types ; do
             case "${notification_type,,}" in
                 "custom" )
-                    print_debug "Sending Notification via custom"
+                    print_debug "[notify] Sending Notification via custom"
                     notification_custom "${1}" "${2}" "${3}" "${4}" "${5}"
                 ;;
                 "email" | "mail" )
-                    print_debug "Sending Notification via email"
+                    print_debug "[notify] Sending Notification via email"
                     notification_email "${1}" "${2}" "${3}" "${4}" "${5}"
                 ;;
                 "matrix" )
-                    print_debug "Sending Notification via Matrix"
+                    print_debug "[notify] Sending Notification via Matrix"
                     notification_matrix "${1}" "${2}" "${3}" "${4}" "${5}"
                 ;;
                 "mattermost" )
-                    print_debug "Sending Notification via Mattermost"
+                    print_debug "[notify] Sending Notification via Mattermost"
                     notification_mattermost "${1}" "${2}" "${3}" "${4}" "${5}"
                 ;;
                 "rocketchat" )
-                    print_debug "Sending Notification via Rocketchat"
+                    print_debug "[notify] Sending Notification via Rocketchat"
                     notification_rocketchat "${1}" "${2}" "${3}" "${4}" "${5}"
                 ;;
                 * )
@@ -1441,8 +1507,37 @@ move_dbbackup() {
                 write_log debug "Moving backup to filesystem"
                 run_as_user mkdir -p "${backup_job_filesystem_path}"
                 if [ "${backup_job_checksum,,}" != "none" ] ; then run_as_user mv "${TEMP_PATH}"/*."${checksum_extension}" "${backup_job_filesystem_path}"/ ; fi
+                if var_true "${DEBUG_MOVE_DBBACKUP}"; then
+                cat <<EOF
+## BEGIN Before Moving file from TEMP_PATH $(TZ=${TIMEZONE} date)
+##
+
+$(ls -l "${TEMP_PATH}"/*)
+
+## END
+EOF
+                fi
                 run_as_user mv "${TEMP_PATH}"/"${backup_job_filename}" "${backup_job_filesystem_path}"/"${backup_job_filename}"
                 move_exit_code=$?
+                if var_true "${DEBUG_MOVE_DBBACKUP}"; then
+                cat <<EOF
+## BEGIN After Moving file from TEMP_PATH $(TZ=${TIMEZONE} date)
+##
+
+$(ls -l "${TEMP_PATH}"/*)
+
+## END
+
+## BEGIN After Moving file to _FILESYSTEM_PATH $(TZ=${TIMEZONE} date)
+##
+
+$(ls -l "${backup_job_filesystem_path}"/*)
+
+## END
+
+EOF
+                fi
+
                 if var_true "${backup_job_create_latest_symlink}" ; then
                     run_as_user ln -sfr "${backup_job_filesystem_path}"/"${backup_job_filename}" "${backup_job_filesystem_path}"/latest-"${backup_job_filename_base}"
                 fi
@@ -1648,7 +1743,7 @@ process_limiter() {
 }
 
 run_as_user() {
-    s6-setuidgid dbbackup $@
+    sudo -Eu "${DBBACKUP_USER}" $@
 }
 
 setup_mode() {
@@ -1881,18 +1976,18 @@ timer() {
         ;;
         datetime)
             time_begin=$(date -d "${backup_job_backup_begin}" +%s)
-            print_debug "BACKUP_BEGIN time = ${time_begin}"
+            print_debug "[timer] [datetime] BACKUP_BEGIN time = ${time_begin}"
             time_wait=$(( time_begin - time_current ))
-            print_debug "Difference in seconds: ${time_wait}"
+            print_debug "[timer] [datetime] Difference in seconds: ${time_wait}"
 
             if (( ${time_wait} < 0 )); then
                 time_wait=$(( (${time_wait} + (${backup_job_backup_interval} - 1)) / (${backup_job_backup_interval} * 60) ))
                 time_wait=$(( ${time_wait} * -1 ))
-                print_debug "Difference in seconds (rounded) time_wait is in the past : ${time_wait}"
+                print_debug "[timer] [datetime] Difference in seconds (rounded) time_wait is in the past : ${time_wait}"
             fi
 
             time_future=$(( time_current + time_wait ))
-            print_debug "Future execution time = ${time_future}"
+            print_debug "[timer] [datetime] Future execution time = ${time_future}"
         ;;
         job)
             case "${2}" in