diff --git a/README.md b/README.md index a09bec0..e2cd2e8 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ docker container run -d \ - `MYSQL_PORT`: The port number of your mysql database. - `MYSQL_USER`: The username of your mysql database. - `MYSQL_PASS`: The password of your mysql database. +- `MYSQL_PASS_FILE`: The file in container where to find the password of your mysql database (cf. docker secrets). You should use either MYSQL_PASS_FILE or MYSQL_PASS (see examples below). - `MYSQL_DATABASE`: The database name to dump. Default: `--all-databases`. - `MYSQLDUMP_OPTS`: Command line arguments to pass to mysqldump. Example: `--single-transaction`. - `CRON_TIME`: The interval of cron job to run mysqldump. `0 3 * * sun` by default, which is every Sunday at 03:00. It uses UTC timezone. @@ -31,6 +32,8 @@ docker container run -d \ If you want to make this image the perfect companion of your MySQL container, use [docker-compose](https://docs.docker.com/compose/). You can add more services that will be able to connect to the MySQL image using the name `my_mariadb`, note that you only expose the port `3306` internally to the servers and not to the host: +### Docker-compose with MYSQL_PASS env var: + ```yaml version: "2" services: @@ -70,6 +73,61 @@ volumes: data: ``` +### Docker-compose using docker secrets: + +The database root password passed to docker container by using [docker secrets](https://docs.docker.com/engine/swarm/). + +In example below, docker is in classic 'docker engine mode' (iow. not swarm mode) and secret source is a local file on host filesystem. + +Alternatively, secret can be stored in docker secrets engine (iow. not in host filesystem). + +```yaml +version: "3.7" + +secrets: + mysql_root_password: + # Place your secret file somewhere on your host filesystem, with your password inside + file: ./secrets/mysql_root_password + +services: + mariadb: + image: mariadb:10 + container_name: my_mariadb + expose: + - 3306 + volumes: + - data:/var/lib/mysql + - ${VOLUME_PATH}/backup:/backup + environment: + - MYSQL_DATABASE=${DATABASE_NAME} + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password + secrets: + - mysql_root_password + restart: unless-stopped + + backup: + build: . + image: fradelg/mysql-cron-backup + depends_on: + - mariadb + volumes: + - ${VOLUME_PATH}/backup:/backup + environment: + - MYSQL_HOST=my_mariadb + - MYSQL_USER=root + - MYSQL_PASS_FILE=/run/secrets/mysql_root_password + - MAX_BACKUPS=10 + - INIT_BACKUP=1 + - CRON_TIME=0 0 * * * + secrets: + - mysql_root_password + restart: unless-stopped + +volumes: + data: + +``` + ## Restore from a backup ### List all available backups : diff --git a/backup.sh b/backup.sh index 615d6a1..6b75964 100755 --- a/backup.sh +++ b/backup.sh @@ -1,5 +1,9 @@ #!/bin/bash + [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } +# If provided, take password from file +[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } +# Alternatively, take it from env var [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } [ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; } @@ -8,7 +12,11 @@ echo "=> Backup started at $(date "+%Y-%m-%d %H:%M:%S")" DATABASES=${MYSQL_DATABASE:-${MYSQL_DB:-$(mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)}} for db in ${DATABASES} do - if [[ "$db" != "information_schema" ]] && [[ "$db" != "performance_schema" ]] && [[ "$db" != "mysql" ]] && [[ "$db" != _* ]] + if [[ "$db" != "information_schema" ]] \ + && [[ "$db" != "performance_schema" ]] \ + && [[ "$db" != "mysql" ]] \ + && [[ "$db" != "sys" ]] \ + && [[ "$db" != _* ]] then echo "==> Dumping database: $db" FILENAME=/backup/$DATE.$db.sql diff --git a/restore.sh b/restore.sh index 131d6a5..07ecbae 100755 --- a/restore.sh +++ b/restore.sh @@ -1,5 +1,9 @@ #!/bin/bash + [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } +# If provided, take password from file +[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } +# Alternatively, take it from env var [ -z "${MYSQL_PASS}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } if [ "$#" -ne 1 ]