From f4d04e6805124410122b30382849e11ec96b475c Mon Sep 17 00:00:00 2001 From: Olivier Pichon Date: Sat, 1 May 2021 16:24:48 +0700 Subject: [PATCH 1/3] feat(mysql-backup-s3): add support for Docker secrets Mysql password can be supplied via `MYSQL_PASSWORD_FILE` which points to a file containing the Mysql password. This would typically be `/run/secrets/mysql-password`, where `mysql-passwrd` is a Docker secret containing the password. S3 secret access key can be supplied via `S3_SECRET_ACCESS_KEY_FILE`, which points to a file containing the secret access key. This would typically be `/run/secrets/s3-secret-access-key`, where `s3-secret-access-key` is a Docker secret containing the secret access key. --- mysql-backup-s3/README.md | 2 ++ mysql-backup-s3/backup.sh | 8 ++++++++ 2 files changed, 10 insertions(+) diff --git a/mysql-backup-s3/README.md b/mysql-backup-s3/README.md index bb0d3f7..2ca67c4 100644 --- a/mysql-backup-s3/README.md +++ b/mysql-backup-s3/README.md @@ -16,8 +16,10 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET - `MYSQL_PORT` the mysql port (default: 3306) - `MYSQL_USER` the mysql user *required* - `MYSQL_PASSWORD` the mysql password *required* +- `MYSQL_PASSWORD_FILE` path to file containing the mysql password; alternative to `MYSQL_PASSWORD` - `S3_ACCESS_KEY_ID` your AWS access key *required* - `S3_SECRET_ACCESS_KEY` your AWS secret key *required* +- `S3_SECRET_ACCESS_KEY_FILE` path to file containing your AWS secret key; alternative to `S3_SECRET_ACCESS_KEYs` - `S3_BUCKET` your AWS S3 bucket path *required* - `S3_PREFIX` path prefix in your bucket (default: 'backup') - `S3_FILENAME` a consistent filename to overwrite with your backup. If not set will use a timestamp. diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh index eb604e4..75b0cb3 100644 --- a/mysql-backup-s3/backup.sh +++ b/mysql-backup-s3/backup.sh @@ -2,6 +2,14 @@ set -e +if [ -n "${MYSQL_PASSWORD_FILE}" ]; then + export MYSQL_PASSWORD=$(cat $MYSQL_PASSWORD_FILE) +fi + +if [ -n "${S3_SECRET_ACCESS_KEY_FILE}" ]; then + export S3_SECRET_ACCESS_KEY=$(cat $S3_SECRET_ACCESS_KEY_FILE) +fi + if [ "${S3_ACCESS_KEY_ID}" == "**None**" ]; then echo "Warning: You did not set the S3_ACCESS_KEY_ID environment variable." fi From bd59ea05bec35d98ac97c548ed33f71a05daee17 Mon Sep 17 00:00:00 2001 From: Olivier Pichon Date: Sun, 2 May 2021 13:23:27 +0700 Subject: [PATCH 2/3] feat(mysql-backup-s3): install glibc and aws cli v2 --- mysql-backup-s3/Dockerfile | 36 +++++++++++++++++++++++++++++++++--- mysql-backup-s3/README.md | 5 ++++- mysql-backup-s3/backup.sh | 15 ++++++++++++--- mysql-backup-s3/install.sh | 25 ------------------------- 4 files changed, 49 insertions(+), 32 deletions(-) delete mode 100644 mysql-backup-s3/install.sh diff --git a/mysql-backup-s3/Dockerfile b/mysql-backup-s3/Dockerfile index 415abaf..dad1fcd 100644 --- a/mysql-backup-s3/Dockerfile +++ b/mysql-backup-s3/Dockerfile @@ -1,8 +1,38 @@ -FROM alpine:latest +FROM alpine:3.13 LABEL maintainer="Johannes Schickling " -ADD install.sh install.sh -RUN sh install.sh && rm install.sh +ENV GLIBC_VER=2.33-r0 + +# install glibc compatibility for alpine +RUN apk --no-cache add \ + binutils \ + curl \ + && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \ + && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-i18n-${GLIBC_VER}.apk \ + && apk add --no-cache \ + glibc-${GLIBC_VER}.apk \ + glibc-bin-${GLIBC_VER}.apk \ + glibc-i18n-${GLIBC_VER}.apk \ + mysql-client \ + && /usr/glibc-compat/bin/localedef -i en_US -f UTF-8 en_US.UTF-8 \ + && curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip \ + && unzip awscliv2.zip \ + && aws/install \ + && rm -rf \ + awscliv2.zip \ + aws \ + /usr/local/aws-cli/v2/*/dist/aws_completer \ + /usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \ + /usr/local/aws-cli/v2/*/dist/awscli/examples \ + glibc-*.apk \ + && curl -L --insecure https://github.com/odise/go-cron/releases/download/v0.0.6/go-cron-linux.gz | zcat > /usr/local/bin/go-cron \ + && chmod u+x /usr/local/bin/go-cron \ + && apk --no-cache del \ + binutils \ + curl \ + && rm -rf /var/cache/apk/* ENV MYSQLDUMP_OPTIONS --quote-names --quick --add-drop-table --add-locks --allow-keywords --disable-keys --extended-insert --single-transaction --create-options --comments --net_buffer_length=16384 ENV MYSQLDUMP_DATABASE --all-databases diff --git a/mysql-backup-s3/README.md b/mysql-backup-s3/README.md index 2ca67c4..27a68a0 100644 --- a/mysql-backup-s3/README.md +++ b/mysql-backup-s3/README.md @@ -1,6 +1,8 @@ # mysql-backup-s3 -Backup MySQL to S3 (supports periodic backups & mutli files) +Backup MySQL to S3 (supports periodic backups & mutli files) using AWS CLI v2. + +Forked from https://github.com/schickling/dockerfiles. ## Basic usage @@ -18,6 +20,7 @@ $ docker run -e S3_ACCESS_KEY_ID=key -e S3_SECRET_ACCESS_KEY=secret -e S3_BUCKET - `MYSQL_PASSWORD` the mysql password *required* - `MYSQL_PASSWORD_FILE` path to file containing the mysql password; alternative to `MYSQL_PASSWORD` - `S3_ACCESS_KEY_ID` your AWS access key *required* +- `S3_ACCESS_KEY_ID_FILE` path to file containing your AWS access key; alternative to `S3_ACCESS_KEY_ID` - `S3_SECRET_ACCESS_KEY` your AWS secret key *required* - `S3_SECRET_ACCESS_KEY_FILE` path to file containing your AWS secret key; alternative to `S3_SECRET_ACCESS_KEYs` - `S3_BUCKET` your AWS S3 bucket path *required* diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh index 75b0cb3..b85ae89 100644 --- a/mysql-backup-s3/backup.sh +++ b/mysql-backup-s3/backup.sh @@ -3,11 +3,18 @@ set -e if [ -n "${MYSQL_PASSWORD_FILE}" ]; then - export MYSQL_PASSWORD=$(cat $MYSQL_PASSWORD_FILE) + MYSQL_PASSWORD=$(cat "$MYSQL_PASSWORD_FILE") + export MYSQL_PASSWORD +fi + +if [ -n "${S3_ACCESS_KEY_ID_FILE}" ]; then + S3_ACCESS_KEY_ID=$(cat "$S3_ACCESS_KEY_ID_FILE") + export S3_ACCESS_KEY_ID fi if [ -n "${S3_SECRET_ACCESS_KEY_FILE}" ]; then - export S3_SECRET_ACCESS_KEY=$(cat $S3_SECRET_ACCESS_KEY_FILE) + S3_SECRET_ACCESS_KEY=$(cat "$S3_SECRET_ACCESS_KEY_FILE") + export S3_SECRET_ACCESS_KEY fi if [ "${S3_ACCESS_KEY_ID}" == "**None**" ]; then @@ -58,7 +65,8 @@ copy_s3 () { AWS_ARGS="--endpoint-url ${S3_ENDPOINT}" fi - echo "Uploading ${DEST_FILE} on S3..." + echo "$AWS_ARGS" + echo "Uploading ${DEST_FILE} to S3..." cat $SRC_FILE | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/$DEST_FILE @@ -68,6 +76,7 @@ copy_s3 () { rm $SRC_FILE } + # Multi file: yes if [ ! -z "$(echo $MULTI_FILES | grep -i -E "(yes|true|1)")" ]; then if [ "${MYSQLDUMP_DATABASE}" == "--all-databases" ]; then diff --git a/mysql-backup-s3/install.sh b/mysql-backup-s3/install.sh deleted file mode 100644 index eda916a..0000000 --- a/mysql-backup-s3/install.sh +++ /dev/null @@ -1,25 +0,0 @@ -#! /bin/sh - -# exit if a command fails -set -e - - -apk update - -# install mysqldump -apk add mysql-client - -# install s3 tools -apk add python py-pip -pip install awscli -apk del py-pip - -# install go-cron -apk add curl -curl -L --insecure https://github.com/odise/go-cron/releases/download/v0.0.6/go-cron-linux.gz | zcat > /usr/local/bin/go-cron -chmod u+x /usr/local/bin/go-cron -apk del curl - - -# cleanup -rm -rf /var/cache/apk/* From 5e06e747d6c6d666657a86c771b149e5ec40e701 Mon Sep 17 00:00:00 2001 From: Olivier Pichon Date: Sun, 2 May 2021 13:28:57 +0700 Subject: [PATCH 3/3] fix(mysq-backup-s3): remove unnecessary echo statement --- mysql-backup-s3/backup.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/mysql-backup-s3/backup.sh b/mysql-backup-s3/backup.sh index b85ae89..fdaf393 100644 --- a/mysql-backup-s3/backup.sh +++ b/mysql-backup-s3/backup.sh @@ -65,7 +65,6 @@ copy_s3 () { AWS_ARGS="--endpoint-url ${S3_ENDPOINT}" fi - echo "$AWS_ARGS" echo "Uploading ${DEST_FILE} to S3..." cat $SRC_FILE | aws $AWS_ARGS s3 cp - s3://$S3_BUCKET/$S3_PREFIX/$DEST_FILE