Merge pull request #87 from skimpax/master

Add ability to use secrets for all mysql access params
This commit is contained in:
Fco. Javier Delgado del Hoyo 2022-10-19 22:23:56 +02:00 committed by GitHub
commit 2de64e836a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 13 deletions

View file

@ -15,12 +15,16 @@ docker container run -d \
## Variables ## Variables
- `MYSQL_HOST`: The host/ip of your mysql database. - `MYSQL_HOST`: The host/ip of your mysql database.
- `MYSQL_HOST_FILE`: The file in container where to find the host of your mysql database (cf. docker secrets). You should use either MYSQL_HOST_FILE or MYSQL_HOST (see examples below).
- `MYSQL_PORT`: The port number of your mysql database. - `MYSQL_PORT`: The port number of your mysql database.
- `MYSQL_USER`: The username of your mysql database. - `MYSQL_USER`: The username of your mysql database.
- `MYSQL_USER_FILE`: The file in container where to find the user of your mysql database (cf. docker secrets). You should use either MYSQL_USER_FILE or MYSQL_USER (see examples below).
- `MYSQL_PASS`: The password of your mysql database. - `MYSQL_PASS`: The password of your mysql database.
- `MYSQL_PASS_FILE`: The file in container where to find the password of your mysql database (cf. docker secrets). You should use either MYSQL_PASS_FILE or MYSQL_PASS (see examples below). - `MYSQL_PASS_FILE`: The file in container where to find the password of your mysql database (cf. docker secrets). You should use either MYSQL_PASS_FILE or MYSQL_PASS (see examples below).
- `MYSQL_DATABASE`: The database name to dump. Default: `--all-databases`. - `MYSQL_DATABASE`: The database name to dump. Default: `--all-databases`.
- `MYSQL_DATABASE_FILE`: The file in container where to find the database name(s) in your mysql database (cf. docker secrets). In that file, there can be several database names: one per line. You should use either MYSQL_DATABASE or MYSQL_DATABASE_FILE (see examples below).
- `MYSQLDUMP_OPTS`: Command line arguments to pass to mysqldump (see [mysqldump documentation](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html)). - `MYSQLDUMP_OPTS`: Command line arguments to pass to mysqldump (see [mysqldump documentation](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html)).
- `MYSQL_SSL_OPTS`: Command line arguments to use [SSL](https://dev.mysql.com/doc/refman/5.6/en/using-encrypted-connections.html). - `MYSQL_SSL_OPTS`: Command line arguments to use [SSL](https://dev.mysql.com/doc/refman/5.6/en/using-encrypted-connections.html).
- `CRON_TIME`: The interval of cron job to run mysqldump. `0 3 * * sun` by default, which is every Sunday at 03:00. It uses UTC timezone. - `CRON_TIME`: The interval of cron job to run mysqldump. `0 3 * * sun` by default, which is every Sunday at 03:00. It uses UTC timezone.
@ -79,17 +83,23 @@ volumes:
The database root password passed to docker container by using [docker secrets](https://docs.docker.com/engine/swarm/). The database root password passed to docker container by using [docker secrets](https://docs.docker.com/engine/swarm/).
In example below, docker is in classic 'docker engine mode' (iow. not swarm mode) and secret source is a local file on host filesystem. In example below, docker is in classic 'docker engine mode' (iow. not swarm mode) and secret sources are local files on host filesystem.
Alternatively, secret can be stored in docker secrets engine (iow. not in host filesystem). Alternatively, secrets can be stored in docker secrets engine (iow. not in host filesystem).
```yaml ```yaml
version: "3.7" version: "3.7"
secrets: secrets:
mysql_root_password:
# Place your secret file somewhere on your host filesystem, with your password inside # Place your secret file somewhere on your host filesystem, with your password inside
mysql_root_password:
file: ./secrets/mysql_root_password file: ./secrets/mysql_root_password
mysql_user:
file: ./secrets/mysql_user
mysql_password:
file: ./secrets/mysql_password
mysql_database:
file: ./secrets/mysql_database
services: services:
mariadb: mariadb:
@ -101,10 +111,15 @@ services:
- data:/var/lib/mysql - data:/var/lib/mysql
- ${VOLUME_PATH}/backup:/backup - ${VOLUME_PATH}/backup:/backup
environment: environment:
- MYSQL_DATABASE=${DATABASE_NAME}
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password
- MYSQL_USER_FILE=/run/secrets/mysql_user
- MYSQL_PASSWORD_FILE=/run/secrets/mysql_password
- MYSQL_DATABASE_FILE=/run/secrets/mysql_database
secrets: secrets:
- mysql_root_password - mysql_root_password
- mysql_user
- mysql_password
- mysql_database
restart: unless-stopped restart: unless-stopped
backup: backup:
@ -116,13 +131,18 @@ services:
- ${VOLUME_PATH}/backup:/backup - ${VOLUME_PATH}/backup:/backup
environment: environment:
- MYSQL_HOST=my_mariadb - MYSQL_HOST=my_mariadb
- MYSQL_USER=root # Alternatively to MYSQL_USER_FILE, we can use MYSQL_USER=root to use root user instead
- MYSQL_PASS_FILE=/run/secrets/mysql_root_password - MYSQL_USER_FILE=/run/secrets/mysql_user
# Alternatively, we can use /run/secrets/mysql_root_password when using root user
- MYSQL_PASS_FILE=/run/secrets/mysql_password
- MYSQL_DATABASE_FILE=/run/secrets/mysql_database
- MAX_BACKUPS=10 - MAX_BACKUPS=10
- INIT_BACKUP=1 - INIT_BACKUP=1
- CRON_TIME=0 0 * * * - CRON_TIME=0 0 * * *
secrets: secrets:
- mysql_root_password - mysql_user
- mysql_password
- mysql_database
restart: unless-stopped restart: unless-stopped
volumes: volumes:

View file

@ -1,10 +1,18 @@
#!/bin/bash #!/bin/bash
# Get hostname: try read from file, else get from env
[ -z "${MYSQL_HOST_FILE}" ] || { MYSQL_HOST=$(head -1 "${MYSQL_HOST_FILE}"); }
[ -z "${MYSQL_HOST}" ] && { echo "=> MYSQL_HOST cannot be empty" && exit 1; }
# Get username: try read from file, else get from env
[ -z "${MYSQL_USER_FILE}" ] || { MYSQL_USER=$(head -1 "${MYSQL_USER_FILE}"); }
[ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; }
# If provided, take password from file # Get password: try read from file, else get from env, else get from MYSQL_PASSWORD env
[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } [ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); }
# Alternatively, take it from env var
[ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; }
# Get database name(s): try read from file, else get from env
# Note: when from file, there can be one database name per line in that file
[ -z "${MYSQL_DATABASE_FILE}" ] || { MYSQL_DATABASE=$(cat "${MYSQL_DATABASE_FILE}"); }
# Get level from env, else use 6
[ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; } [ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; }
DATE=$(date +%Y%m%d%H%M) DATE=$(date +%Y%m%d%H%M)

View file

@ -1,10 +1,14 @@
#!/bin/bash #!/bin/bash
# Get hostname: try read from file, else get from env
[ -z "${MYSQL_HOST_FILE}" ] || { MYSQL_HOST=$(head -1 "${MYSQL_HOST_FILE}"); }
[ -z "${MYSQL_HOST}" ] && { echo "=> MYSQL_HOST cannot be empty" && exit 1; }
# Get username: try read from file, else get from env
[ -z "${MYSQL_USER_FILE}" ] || { MYSQL_USER=$(head -1 "${MYSQL_USER_FILE}"); }
[ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; }
# If provided, take password from file # Get password: try read from file, else get from env, else get from MYSQL_PASSWORD env
[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } [ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); }
# Alternatively, take it from env var [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; }
[ -z "${MYSQL_PASS}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; }
if [ "$#" -ne 1 ] if [ "$#" -ne 1 ]
then then