From 9c7c4d74e3bf54e57f3248edc47abd30c1d02ace Mon Sep 17 00:00:00 2001 From: skimpax <3287732+skimpax@users.noreply.github.com> Date: Thu, 30 Dec 2021 18:37:52 +0100 Subject: [PATCH 1/5] Specify password in a file via MYSQL_PASS_FILE --- backup.sh | 4 ++++ restore.sh | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/backup.sh b/backup.sh index 615d6a1..ebb4cb7 100755 --- a/backup.sh +++ b/backup.sh @@ -1,5 +1,9 @@ #!/bin/bash + [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } +# If provided, take password from file +[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } +# Alternatively, take it from env var [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } [ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; } diff --git a/restore.sh b/restore.sh index 131d6a5..07ecbae 100755 --- a/restore.sh +++ b/restore.sh @@ -1,5 +1,9 @@ #!/bin/bash + [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } +# If provided, take password from file +[ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } +# Alternatively, take it from env var [ -z "${MYSQL_PASS}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } if [ "$#" -ne 1 ] From 9f81b63bcd3df0e27aab5a93dc6651840acafb47 Mon Sep 17 00:00:00 2001 From: skimpax <3287732+skimpax@users.noreply.github.com> Date: Thu, 30 Dec 2021 18:38:06 +0100 Subject: [PATCH 2/5] Ignore 'sys' table when backuping --- backup.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backup.sh b/backup.sh index ebb4cb7..6b75964 100755 --- a/backup.sh +++ b/backup.sh @@ -12,7 +12,11 @@ echo "=> Backup started at $(date "+%Y-%m-%d %H:%M:%S")" DATABASES=${MYSQL_DATABASE:-${MYSQL_DB:-$(mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)}} for db in ${DATABASES} do - if [[ "$db" != "information_schema" ]] && [[ "$db" != "performance_schema" ]] && [[ "$db" != "mysql" ]] && [[ "$db" != _* ]] + if [[ "$db" != "information_schema" ]] \ + && [[ "$db" != "performance_schema" ]] \ + && [[ "$db" != "mysql" ]] \ + && [[ "$db" != "sys" ]] \ + && [[ "$db" != _* ]] then echo "==> Dumping database: $db" FILENAME=/backup/$DATE.$db.sql From a365376ebe7d6c83e21cc5852b65979ec239dcd0 Mon Sep 17 00:00:00 2001 From: skimpax <3287732+skimpax@users.noreply.github.com> Date: Thu, 30 Dec 2021 18:38:31 +0100 Subject: [PATCH 3/5] Add double quotes --- backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backup.sh b/backup.sh index 6b75964..71ba385 100755 --- a/backup.sh +++ b/backup.sh @@ -21,7 +21,7 @@ do echo "==> Dumping database: $db" FILENAME=/backup/$DATE.$db.sql LATEST=/backup/latest.$db.sql.gz - if mysqldump --single-transaction -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" "$db" $MYSQLDUMP_OPTS > "$FILENAME" + if mysqldump --single-transaction -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" "$db" "$MYSQLDUMP_OPTS" > "$FILENAME" then gzip "-$GZIP_LEVEL" -f "$FILENAME" echo "==> Creating symlink to latest backup: $(basename "$FILENAME".gz)" From 203280de70cc3a539800f0775cd9a89c1bdbba5b Mon Sep 17 00:00:00 2001 From: skimpax <3287732+skimpax@users.noreply.github.com> Date: Thu, 30 Dec 2021 18:39:02 +0100 Subject: [PATCH 4/5] Update readme for docker secrets example --- README.md | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/README.md b/README.md index a09bec0..e2cd2e8 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ docker container run -d \ - `MYSQL_PORT`: The port number of your mysql database. - `MYSQL_USER`: The username of your mysql database. - `MYSQL_PASS`: The password of your mysql database. +- `MYSQL_PASS_FILE`: The file in container where to find the password of your mysql database (cf. docker secrets). You should use either MYSQL_PASS_FILE or MYSQL_PASS (see examples below). - `MYSQL_DATABASE`: The database name to dump. Default: `--all-databases`. - `MYSQLDUMP_OPTS`: Command line arguments to pass to mysqldump. Example: `--single-transaction`. - `CRON_TIME`: The interval of cron job to run mysqldump. `0 3 * * sun` by default, which is every Sunday at 03:00. It uses UTC timezone. @@ -31,6 +32,8 @@ docker container run -d \ If you want to make this image the perfect companion of your MySQL container, use [docker-compose](https://docs.docker.com/compose/). You can add more services that will be able to connect to the MySQL image using the name `my_mariadb`, note that you only expose the port `3306` internally to the servers and not to the host: +### Docker-compose with MYSQL_PASS env var: + ```yaml version: "2" services: @@ -70,6 +73,61 @@ volumes: data: ``` +### Docker-compose using docker secrets: + +The database root password passed to docker container by using [docker secrets](https://docs.docker.com/engine/swarm/). + +In example below, docker is in classic 'docker engine mode' (iow. not swarm mode) and secret source is a local file on host filesystem. + +Alternatively, secret can be stored in docker secrets engine (iow. not in host filesystem). + +```yaml +version: "3.7" + +secrets: + mysql_root_password: + # Place your secret file somewhere on your host filesystem, with your password inside + file: ./secrets/mysql_root_password + +services: + mariadb: + image: mariadb:10 + container_name: my_mariadb + expose: + - 3306 + volumes: + - data:/var/lib/mysql + - ${VOLUME_PATH}/backup:/backup + environment: + - MYSQL_DATABASE=${DATABASE_NAME} + - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password + secrets: + - mysql_root_password + restart: unless-stopped + + backup: + build: . + image: fradelg/mysql-cron-backup + depends_on: + - mariadb + volumes: + - ${VOLUME_PATH}/backup:/backup + environment: + - MYSQL_HOST=my_mariadb + - MYSQL_USER=root + - MYSQL_PASS_FILE=/run/secrets/mysql_root_password + - MAX_BACKUPS=10 + - INIT_BACKUP=1 + - CRON_TIME=0 0 * * * + secrets: + - mysql_root_password + restart: unless-stopped + +volumes: + data: + +``` + ## Restore from a backup ### List all available backups : From 74ad0295737c48c8f032971aa1d4ff51c5e7cebb Mon Sep 17 00:00:00 2001 From: skimpax <3287732+skimpax@users.noreply.github.com> Date: Sat, 15 Jan 2022 13:54:58 +0100 Subject: [PATCH 5/5] Remove double quotes around MYSQLDUMP_OPTS --- backup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backup.sh b/backup.sh index 71ba385..6b75964 100755 --- a/backup.sh +++ b/backup.sh @@ -21,7 +21,7 @@ do echo "==> Dumping database: $db" FILENAME=/backup/$DATE.$db.sql LATEST=/backup/latest.$db.sql.gz - if mysqldump --single-transaction -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" "$db" "$MYSQLDUMP_OPTS" > "$FILENAME" + if mysqldump --single-transaction -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" "$db" $MYSQLDUMP_OPTS > "$FILENAME" then gzip "-$GZIP_LEVEL" -f "$FILENAME" echo "==> Creating symlink to latest backup: $(basename "$FILENAME".gz)"