jkaninda/pg-bkup
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

fix: fix database migration

Browse Source
This commit is contained in:
Jonas Kaninda
2024-10-08 20:06:21 +02:00
parent 35c4a5475e
commit d997ce84ab
3 changed files with 47 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/how-tos/encrypt-backup.md
View File

@@ -6,14 +6,20 @@ nav_order: 8
--- ---
# Encrypt backup # Encrypt backup
The image supports encrypting backups using one of two available methods: GPG with passphrase or GPG with a public key
## Using GPG passphrase
The image supports encrypting backups using GPG out of the box. In case a `GPG_PASSPHRASE` environment variable is set, the backup archive will be encrypted using the given key and saved as a sql.gpg file instead or sql.gz.gpg. The image supports encrypting backups using GPG out of the box. In case a `GPG_PASSPHRASE` environment variable is set, the backup archive will be encrypted using the given key and saved as a sql.gpg file instead or sql.gz.gpg.
{: .warning } {: .warning }
To restore an encrypted backup, you need to provide the same GPG passphrase used during backup process. To restore an encrypted backup, you need to provide the same GPG passphrase used during backup process.
Or
- GPG home directory `/config/gnupg` - GPG home directory `/config/gnupg`
- Cipher algorithm `aes256` - Cipher algorithm `aes256`
-
To decrypt manually, you need to install `gnupg` To decrypt manually, you need to install `gnupg`
```shell ```shell
@@ -50,3 +56,4 @@ services:
networks: networks:
web: web:
``` ```
## Using GPG public key

71
docs/reference/index.md
View File

@@ -34,41 +34,42 @@ Backup, restore and migrate targets, schedule and retention are configured using
## Environment variables ## Environment variables
| Name | Requirement | Description | | Name | Requirement | Description |
|------------------------|---------------------------------------------------------------|------------------------------------------------------| |------------------------|---------------------------------------------------------------|-----------------------------------------------------------------|
| DB_PORT | Optional, default 5432 | Database port number | | DB_PORT | Optional, default 5432 | Database port number |
| DB_HOST | Required | Database host | | DB_HOST | Required | Database host |
| DB_NAME | Optional if it was provided from the -d flag | Database name | | DB_NAME | Optional if it was provided from the -d flag | Database name |
| DB_USERNAME | Required | Database user name | | DB_USERNAME | Required | Database user name |
| DB_PASSWORD | Required | Database password | | DB_PASSWORD | Required | Database password |
| AWS_ACCESS_KEY | Optional, required for S3 storage | AWS S3 Access Key | | AWS_ACCESS_KEY | Optional, required for S3 storage | AWS S3 Access Key |
| AWS_SECRET_KEY | Optional, required for S3 storage | AWS S3 Secret Key | | AWS_SECRET_KEY | Optional, required for S3 storage | AWS S3 Secret Key |
| AWS_BUCKET_NAME | Optional, required for S3 storage | AWS S3 Bucket Name | | AWS_BUCKET_NAME | Optional, required for S3 storage | AWS S3 Bucket Name |
| AWS_BUCKET_NAME | Optional, required for S3 storage | AWS S3 Bucket Name | | AWS_BUCKET_NAME | Optional, required for S3 storage | AWS S3 Bucket Name |
| AWS_REGION | Optional, required for S3 storage | AWS Region | | AWS_REGION | Optional, required for S3 storage | AWS Region |
| AWS_DISABLE_SSL | Optional, required for S3 storage | Disable SSL | | AWS_DISABLE_SSL | Optional, required for S3 storage | Disable SSL |
| AWS_FORCE_PATH_STYLE | Optional, required for S3 storage | Force path style | | AWS_FORCE_PATH_STYLE | Optional, required for S3 storage | Force path style |
| FILE_NAME | Optional if it was provided from the --file flag | Database file to restore (extensions: .sql, .sql.gz) | | FILE_NAME | Optional if it was provided from the --file flag | Database file to restore (extensions: .sql, .sql.gz) |
| GPG_PASSPHRASE | Optional, required to encrypt and restore backup | GPG passphrase | | GPG_PASSPHRASE | Optional, required to encrypt and restore backup | GPG passphrase |
| BACKUP_CRON_EXPRESSION | Optional if it was provided from the `--cron-expression` flag | Backup cron expression for docker in scheduled mode | | GPG_PUBLIC_KEY | Optional, required to encrypt backup | GPG public key, used to encrypt backup (/config/public_key.asc) |
| SSH_HOST | Optional, required for SSH storage | ssh remote hostname or ip | | BACKUP_CRON_EXPRESSION | Optional if it was provided from the `--cron-expression` flag | Backup cron expression for docker in scheduled mode |
| SSH_USER | Optional, required for SSH storage | ssh remote user | | SSH_HOST | Optional, required for SSH storage | ssh remote hostname or ip |
| SSH_PASSWORD | Optional, required for SSH storage | ssh remote user's password | | SSH_USER | Optional, required for SSH storage | ssh remote user |
| SSH_IDENTIFY_FILE | Optional, required for SSH storage | ssh remote user's private key | | SSH_PASSWORD | Optional, required for SSH storage | ssh remote user's password |
| SSH_PORT | Optional, required for SSH storage | ssh remote server port | | SSH_IDENTIFY_FILE | Optional, required for SSH storage | ssh remote user's private key |
| REMOTE_PATH | Optional, required for SSH or FTP storage | remote path (/home/toto/backup) | | SSH_PORT | Optional, required for SSH storage | ssh remote server port |
| FTP_HOST | Optional, required for FTP storage | FTP host name | | REMOTE_PATH | Optional, required for SSH or FTP storage | remote path (/home/toto/backup) |
| FTP_PORT | Optional, required for FTP storage | FTP server port number | | FTP_HOST | Optional, required for FTP storage | FTP host name |
| FTP_USER | Optional, required for FTP storage | FTP user | | FTP_PORT | Optional, required for FTP storage | FTP server port number |
| FTP_PASSWORD | Optional, required for FTP storage | FTP user password | | FTP_USER | Optional, required for FTP storage | FTP user |
| TARGET_DB_HOST | Optional, required for database migration | Target database host | | FTP_PASSWORD | Optional, required for FTP storage | FTP user password |
| TARGET_DB_PORT | Optional, required for database migration | Target database port | | TARGET_DB_HOST | Optional, required for database migration | Target database host |
| TARGET_DB_NAME | Optional, required for database migration | Target database name | | TARGET_DB_PORT | Optional, required for database migration | Target database port |
| TARGET_DB_USERNAME | Optional, required for database migration | Target database username | | TARGET_DB_NAME | Optional, required for database migration | Target database name |
| TARGET_DB_PASSWORD | Optional, required for database migration | Target database password | | TARGET_DB_USERNAME | Optional, required for database migration | Target database username |
| TG_TOKEN | Optional, required for Telegram notification | Telegram token (`BOT-ID:BOT-TOKEN`) | | TARGET_DB_PASSWORD | Optional, required for database migration | Target database password |
| TG_CHAT_ID | Optional, required for Telegram notification | Telegram Chat ID | | TG_TOKEN | Optional, required for Telegram notification | Telegram token (`BOT-ID:BOT-TOKEN`) |
| TZ | Optional | Time Zone | | TG_CHAT_ID | Optional, required for Telegram notification | Telegram Chat ID |
| TZ | Optional | Time Zone |
--- ---
## Run in Scheduled mode ## Run in Scheduled mode

3
pkg/restore.go
View File

@@ -71,6 +71,7 @@ func RestoreDatabase(db *dbConfig, conf *RestoreConfig) {
if extension == ".gpg" { if extension == ".gpg" {
if conf.usingKey { if conf.usingKey {
utils.Warn("Backup decryption using a private key is not fully supported")
err := decrypt(filepath.Join(tmpPath, conf.file), conf.privateKey, conf.passphrase) err := decrypt(filepath.Join(tmpPath, conf.file), conf.privateKey, conf.passphrase)
if err != nil { if err != nil {
utils.Fatal("Error during decrypting backup %v", err) utils.Fatal("Error during decrypting backup %v", err)
@@ -116,7 +117,7 @@ func RestoreDatabase(db *dbConfig, conf *RestoreConfig) {
} else if extension == ".sql" { } else if extension == ".sql" {
//Restore from sql file //Restore from sql file
str := "cat " + filepath.Join(tmpPath, file) + " | psql -h " + db.dbHost + " -p " + db.dbPort + " -U " + db.dbUserName + " -v -d " + db.dbName str := "cat " + filepath.Join(tmpPath, conf.file) + " | psql -h " + db.dbHost + " -p " + db.dbPort + " -U " + db.dbUserName + " -v -d " + db.dbName
_, err := exec.Command("sh", "-c", str).Output() _, err := exec.Command("sh", "-c", str).Output()
if err != nil { if err != nil {
utils.Fatal("Error in restoring the database %v", err) utils.Fatal("Error in restoring the database %v", err)