mirror of
https://github.com/deajan/obackup.git
synced 2024-12-25 23:13:41 +01:00
Added encryption support for SQL backups
This commit is contained in:
parent
5ca743f7da
commit
67b42842db
126
dev/n_obackup.sh
126
dev/n_obackup.sh
@ -8,7 +8,7 @@ PROGRAM="obackup"
|
|||||||
AUTHOR="(C) 2013-2016 by Orsiris de Jong"
|
AUTHOR="(C) 2013-2016 by Orsiris de Jong"
|
||||||
CONTACT="http://www.netpower.fr/obackup - ozy@netpower.fr"
|
CONTACT="http://www.netpower.fr/obackup - ozy@netpower.fr"
|
||||||
PROGRAM_VERSION=2.1-dev
|
PROGRAM_VERSION=2.1-dev
|
||||||
PROGRAM_BUILD=2016080102
|
PROGRAM_BUILD=2016080103
|
||||||
IS_STABLE=no
|
IS_STABLE=no
|
||||||
|
|
||||||
source "./ofunctions.sh"
|
source "./ofunctions.sh"
|
||||||
@ -114,10 +114,10 @@ function CheckCryptEnvironnment {
|
|||||||
CAN_BACKUP_FILES=false
|
CAN_BACKUP_FILES=false
|
||||||
else
|
else
|
||||||
Logger "gpg2 not present, falling back to gpg." "NOTICE"
|
Logger "gpg2 not present, falling back to gpg." "NOTICE"
|
||||||
ENCRYPT_TOOL=gpg
|
CRYPT_TOOL=gpg
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
ENCRYPT_TOOL=gpg2
|
CRYPT_TOOL=gpg2
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -184,11 +184,11 @@ function CheckRunningInstances {
|
|||||||
function _ListDatabasesLocal {
|
function _ListDatabasesLocal {
|
||||||
__CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local sql_cmd=
|
local sqlCmd=
|
||||||
|
|
||||||
sql_cmd="mysql -u $SQL_USER -Bse 'SELECT table_schema, round(sum( data_length + index_length ) / 1024) FROM information_schema.TABLES GROUP by table_schema;' > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
|
sqlCmd="mysql -u $SQL_USER -Bse 'SELECT table_schema, round(sum( data_length + index_length ) / 1024) FROM information_schema.TABLES GROUP by table_schema;' > $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID 2>&1"
|
||||||
Logger "cmd: $sql_cmd" "DEBUG"
|
Logger "cmd: $sqlCmd" "DEBUG"
|
||||||
eval "$sql_cmd" &
|
eval "$sqlCmd" &
|
||||||
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
Logger "Listing databases succeeded." "NOTICE"
|
Logger "Listing databases succeeded." "NOTICE"
|
||||||
@ -205,13 +205,13 @@ function _ListDatabasesLocal {
|
|||||||
function _ListDatabasesRemote {
|
function _ListDatabasesRemote {
|
||||||
__CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 0 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local sql_cmd=
|
local sqlCmd=
|
||||||
|
|
||||||
CheckConnectivity3rdPartyHosts
|
CheckConnectivity3rdPartyHosts
|
||||||
CheckConnectivityRemoteHost
|
CheckConnectivityRemoteHost
|
||||||
sql_cmd="$SSH_CMD \"mysql -u $SQL_USER -Bse 'SELECT table_schema, round(sum( data_length + index_length ) / 1024) FROM information_schema.TABLES GROUP by table_schema;'\" > \"$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID\" 2>&1"
|
sqlCmd="$SSH_CMD \"mysql -u $SQL_USER -Bse 'SELECT table_schema, round(sum( data_length + index_length ) / 1024) FROM information_schema.TABLES GROUP by table_schema;'\" > \"$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID\" 2>&1"
|
||||||
Logger "cmd: $sql_cmd" "DEBUG"
|
Logger "cmd: $sqlCmd" "DEBUG"
|
||||||
eval "$sql_cmd" &
|
eval "$sqlCmd" &
|
||||||
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
Logger "Listing databases succeeded." "NOTICE"
|
Logger "Listing databases succeeded." "NOTICE"
|
||||||
@ -754,23 +754,30 @@ function CheckDiskSpace {
|
|||||||
|
|
||||||
function _BackupDatabaseLocalToLocal {
|
function _BackupDatabaseLocalToLocal {
|
||||||
local database="${1}" # Database to backup
|
local database="${1}" # Database to backup
|
||||||
local export_options="${2}" # export options
|
local exportOptions="${2}" # export options
|
||||||
|
local encrypt="${3:-false}" # Does the file need to be encrypted ?
|
||||||
|
|
||||||
local dry_sql_cmd
|
local encryptOptions
|
||||||
local sql_cmd
|
local drySqlCmd
|
||||||
|
local sqlCmd
|
||||||
local retval
|
local retval
|
||||||
|
|
||||||
__CheckArguments 2 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 3 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local dry_sql_cmd="mysqldump -u $SQL_USER $export_options --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS > /dev/null 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
if [ $encrypt == true ]; then
|
||||||
local sql_cmd="mysqldump -u $SQL_USER $export_options --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS > $SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
encryptOptions="| $CRYPT_TOOL --encrypt --recipient=\"$GPG_RECIPIENT\""
|
||||||
|
encryptExtension="$CRYPT_FILE_EXTENSION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
local drySqlCmd="mysqldump -u $SQL_USER $exportOptions --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS $encryptOptions > /dev/null 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
||||||
|
local sqlCmd="mysqldump -u $SQL_USER $exportOptions --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS $encryptOptions > $SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION$encryptExtension 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
||||||
|
|
||||||
if [ $_DRYRUN == false ]; then
|
if [ $_DRYRUN == false ]; then
|
||||||
Logger "cmd: $sql_cmd" "DEBUG"
|
Logger "cmd: $sqlCmd" "DEBUG"
|
||||||
eval "$sql_cmd" &
|
eval "$sqlCmd" &
|
||||||
else
|
else
|
||||||
Logger "cmd: $dry_sql_cmd" "DEBUG"
|
Logger "cmd: $drySqlCmd" "DEBUG"
|
||||||
eval "$dry_sql_cmd" &
|
eval "$drySqlCmd" &
|
||||||
fi
|
fi
|
||||||
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
||||||
retval=$?
|
retval=$?
|
||||||
@ -784,26 +791,35 @@ function _BackupDatabaseLocalToLocal {
|
|||||||
|
|
||||||
function _BackupDatabaseLocalToRemote {
|
function _BackupDatabaseLocalToRemote {
|
||||||
local database="${1}" # Database to backup
|
local database="${1}" # Database to backup
|
||||||
local export_options="${2}" # export options
|
local exportOptions="${2}" # export options
|
||||||
|
local encrypt="${3:-false}" # Does the file need to be encrypted
|
||||||
|
|
||||||
__CheckArguments 2 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 3 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local dry_sql_cmd
|
local encryptOptions
|
||||||
local sql_cmd
|
local encryptExtension
|
||||||
|
local drySqlCmd
|
||||||
|
local sqlCmd
|
||||||
local retval
|
local retval
|
||||||
|
|
||||||
CheckConnectivity3rdPartyHosts
|
CheckConnectivity3rdPartyHosts
|
||||||
CheckConnectivityRemoteHost
|
CheckConnectivityRemoteHost
|
||||||
|
|
||||||
local dry_sql_cmd="mysqldump -u $SQL_USER $export_options --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS > /dev/null 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
|
||||||
local sql_cmd="mysqldump -u $SQL_USER $export_options --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS | $SSH_CMD '$COMMAND_SUDO tee \"$SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION\" > /dev/null' 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
if [ $encrypt == true ]; then
|
||||||
|
encryptOptions="| $CRYPT_TOOL --encrypt --recipient=\"$GPG_RECIPIENT\""
|
||||||
|
encryptExtension="$CRYPT_FILE_EXTENSION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
local drySqlCmd="mysqldump -u $SQL_USER $exportOptions --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS $encryptOptions > /dev/null 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
||||||
|
local sqlCmd="mysqldump -u $SQL_USER $exportOptions --databases $database $COMPRESSION_PROGRAM $COMPRESSION_OPTIONS $encryptOptions | $SSH_CMD '$COMMAND_SUDO tee \"$SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION$encryptExtension\" > /dev/null' 2> $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID"
|
||||||
|
|
||||||
if [ $_DRYRUN == false ]; then
|
if [ $_DRYRUN == false ]; then
|
||||||
Logger "cmd: $sql_cmd" "DEBUG"
|
Logger "cmd: $sqlCmd" "DEBUG"
|
||||||
eval "$sql_cmd" &
|
eval "$sqlCmd" &
|
||||||
else
|
else
|
||||||
Logger "cmd: $dry_sql_cmd" "DEBUG"
|
Logger "cmd: $drySqlCmd" "DEBUG"
|
||||||
eval "$dry_sql_cmd" &
|
eval "$drySqlCmd" &
|
||||||
fi
|
fi
|
||||||
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
||||||
retval=$?
|
retval=$?
|
||||||
@ -817,26 +833,35 @@ function _BackupDatabaseLocalToRemote {
|
|||||||
|
|
||||||
function _BackupDatabaseRemoteToLocal {
|
function _BackupDatabaseRemoteToLocal {
|
||||||
local database="${1}" # Database to backup
|
local database="${1}" # Database to backup
|
||||||
local export_options="${2}" # export options
|
local exportOptions="${2}" # export options
|
||||||
|
local encrypt="${3:-false}" # Does the file need to be encrypted ?
|
||||||
|
|
||||||
__CheckArguments 2 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 2 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local dry_sql_cmd
|
local encryptOptions
|
||||||
local sql_cmd
|
local encryptExtension
|
||||||
|
local drySqlCmd
|
||||||
|
local sqlCmd
|
||||||
local retval
|
local retval
|
||||||
|
|
||||||
CheckConnectivity3rdPartyHosts
|
CheckConnectivity3rdPartyHosts
|
||||||
CheckConnectivityRemoteHost
|
CheckConnectivityRemoteHost
|
||||||
|
|
||||||
local dry_sql_cmd=$SSH_CMD' "mysqldump -u '$SQL_USER' '$export_options' --databases '$database' '$COMPRESSION_PROGRAM' '$COMPRESSION_OPTIONS'" > /dev/null 2> "'$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID'"'
|
|
||||||
local sql_cmd=$SSH_CMD' "mysqldump -u '$SQL_USER' '$export_options' --databases '$database' '$COMPRESSION_PROGRAM' '$COMPRESSION_OPTIONS'" > "'$SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION'" 2> "'$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID'"'
|
if [ $encrypt == true ]; then
|
||||||
|
encryptOptions="| $CRYPT_TOOL --encrypt --recipient=\"$GPG_RECIPIENT\""
|
||||||
|
encryptExtension="$CRYPT_FILE_EXTENSION"
|
||||||
|
fi
|
||||||
|
|
||||||
|
local drySqlCmd=$SSH_CMD' "mysqldump -u '$SQL_USER' '$exportOptions' --databases '$database' '$COMPRESSION_PROGRAM' '$COMPRESSION_OPTIONS' '$encryptOptions'" > /dev/null 2> "'$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID'"'
|
||||||
|
local sqlCmd=$SSH_CMD' "mysqldump -u '$SQL_USER' '$exportOptions' --databases '$database' '$COMPRESSION_PROGRAM' '$COMPRESSION_OPTIONS' '$encryptOptions'" > "'$SQL_STORAGE/$database.sql$COMPRESSION_EXTENSION$encryptExtension'" 2> "'$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.error.$SCRIPT_PID'"'
|
||||||
|
|
||||||
if [ $_DRYRUN == false ]; then
|
if [ $_DRYRUN == false ]; then
|
||||||
Logger "cmd: $sql_cmd" "DEBUG"
|
Logger "cmd: $sqlCmd" "DEBUG"
|
||||||
eval "$sql_cmd" &
|
eval "$sqlCmd" &
|
||||||
else
|
else
|
||||||
Logger "cmd: $dry_sql_cmd" "DEBUG"
|
Logger "cmd: $drySqlCmd" "DEBUG"
|
||||||
eval "$dry_sql_cmd" &
|
eval "$drySqlCmd" &
|
||||||
fi
|
fi
|
||||||
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
WaitForTaskCompletion $! $SOFT_MAX_EXEC_TIME_DB_TASK $HARD_MAX_EXEC_TIME_DB_TASK ${FUNCNAME[0]} true $KEEP_LOGGING
|
||||||
retval=$?
|
retval=$?
|
||||||
@ -852,21 +877,26 @@ function BackupDatabase {
|
|||||||
local database="${1}"
|
local database="${1}"
|
||||||
__CheckArguments 1 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
__CheckArguments 1 $# ${FUNCNAME[0]} "$@" #__WITH_PARANOIA_DEBUG
|
||||||
|
|
||||||
local mysql_options
|
local mysqlOptions
|
||||||
|
local encrypt=false
|
||||||
|
|
||||||
# Hack to prevent warning on table mysql.events, some mysql versions don't support --skip-events, prefer using --ignore-table
|
# Hack to prevent warning on table mysql.events, some mysql versions don't support --skip-events, prefer using --ignore-table
|
||||||
if [ "$database" == "mysql" ]; then
|
if [ "$database" == "mysql" ]; then
|
||||||
mysql_options="$MYSQLDUMP_OPTIONS --ignore-table=mysql.event"
|
mysqlOptions="$MYSQLDUMP_OPTIONS --ignore-table=mysql.event"
|
||||||
else
|
else
|
||||||
mysql_options="$MYSQLDUMP_OPTIONS"
|
mysqlOptions="$MYSQLDUMP_OPTIONS"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$ENCRYPTION" == "yes" ]; then
|
||||||
|
encrypt=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$BACKUP_TYPE" == "local" ]; then
|
if [ "$BACKUP_TYPE" == "local" ]; then
|
||||||
_BackupDatabaseLocalToLocal "$database" "$mysql_options"
|
_BackupDatabaseLocalToLocal "$database" "$mysqlOptions" $encrypt
|
||||||
elif [ "$BACKUP_TYPE" == "pull" ]; then
|
elif [ "$BACKUP_TYPE" == "pull" ]; then
|
||||||
_BackupDatabaseRemoteToLocal "$database" "$mysql_options"
|
_BackupDatabaseRemoteToLocal "$database" "$mysqlOptions" $encrypt
|
||||||
elif [ "$BACKUP_TYPE" == "push" ]; then
|
elif [ "$BACKUP_TYPE" == "push" ]; then
|
||||||
_BackupDatabaseLocalToRemote "$database" "$mysql_options"
|
_BackupDatabaseLocalToRemote "$database" "$mysqlOptions" $encrypt
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
@ -938,7 +968,7 @@ function EncryptFiles {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
Logger "Encrypting file [$sourceFile] to [$path$/file$cryptFileExtension]." "VERBOSE"
|
Logger "Encrypting file [$sourceFile] to [$path$/file$cryptFileExtension]." "VERBOSE"
|
||||||
$ENCRYPT_TOOL --batch --yes --out "$path/$file$cryptFileExtension" --recipient="$recipient" --encrypt "$sourceFile" > "$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID" 2>&1
|
$CRYPT_TOOL --batch --yes --out "$path/$file$cryptFileExtension" --recipient="$recipient" --encrypt "$sourceFile" > "$RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID" 2>&1
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
Logger "Cannot encrypt [$sourceFile]." "ERROR"
|
Logger "Cannot encrypt [$sourceFile]." "ERROR"
|
||||||
Logger "Command output:\n$(cat $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID)" "VERBOSE"
|
Logger "Command output:\n$(cat $RUN_DIR/$PROGRAM.${FUNCNAME[0]}.$SCRIPT_PID)" "VERBOSE"
|
||||||
@ -980,7 +1010,7 @@ function DecryptFiles {
|
|||||||
|
|
||||||
while IFS= read -r -d $'\0' encryptedFile; do
|
while IFS= read -r -d $'\0' encryptedFile; do
|
||||||
Logger "Decrypting [$encryptedFile]." "VERBOSE"
|
Logger "Decrypting [$encryptedFile]." "VERBOSE"
|
||||||
$ENCRYPT_TOOL --out "${encryptedFile%%$cryptFileExtension*}" --batch --yes $secret --decrypt "$encryptedFile" > "$RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID" 2>&1
|
$CRYPT_TOOL --out "${encryptedFile%%$cryptFileExtension*}" --batch --yes $secret --decrypt "$encryptedFile" > "$RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID" 2>&1
|
||||||
if [ $? != 0 ]; then
|
if [ $? != 0 ]; then
|
||||||
Logger "Cannot decrypt [$encryptedFile]." "ERROR"
|
Logger "Cannot decrypt [$encryptedFile]." "ERROR"
|
||||||
Logger "Command output\n$(cat $RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID)" "DEBUG"
|
Logger "Command output\n$(cat $RUN_DIR/$PROGRAM.$FUNCNAME.$SCRIPT_PID)" "DEBUG"
|
||||||
|
Loading…
Reference in New Issue
Block a user