Merge branch 'master' into debian

CHANGELOG.md

@@ -18,6 +18,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Security
 
+## [2.10.0] - 2021-06-29
+
+### Added
+
+* bkctld-archive: archive a jail
+* bkctld-rename: rename a jail and all its incs and configuration…
+
+### Removed
+
+* Do not print out date, log level and process name on stdout/stderr
 ## [2.9.0] - 2021-02-22
 
 ### Added

bkctld

@@ -101,7 +101,7 @@ case "${subcommand}" in
             "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${option}"
         fi
     ;;
-    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall" | "upgrade-config")
+    "start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall" | "upgrade-config" | "archive")
         jail_name="${2:-}"
         if [ "${jail_name}" = "all" ]; then
             for jail in $("${LIBDIR}/bkctld-list"); do
@@ -156,6 +156,16 @@ case "${subcommand}" in
         done
         echo "finish"
     ;;
+    "rename")
+        jail_name="${2:-}"
+        new_jail_name="${3:-}"
+        if [ -z "${jail_name}" ] || [ -z "${new_jail_name}" ]; then
+            show_help
+            exit 1
+        else
+            "${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${new_jail_name}"
+        fi
+    ;;
     *)
         show_help
         exit 1

bkctld.conf

@@ -14,3 +14,4 @@
 #FIREWALL_RULES=''
 #LOGLEVEL=6
 #NODE=''
+#ARCHIVESDIR='/backup/archives'

lib/bkctld-archive

@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# Description: Archive jail and all dated copies (incs)
+# Usage: archive <jailname>|all
+# Return codes:
+# * 101 : jail archival aborted
+#
+
+# shellcheck source=./includes
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
+
+jail_name="${1:?}"
+if [ -z "${jail_name}" ]; then
+    show_help && exit 1
+fi
+jail_path=$(jail_path "${jail_name}")
+
+test -d "${jail_path}" || error "${jail_name}: jail not found" 2
+
+archive_jail_path=$(archive_path "${jail_name}")
+
+test -d "${archive_jail_path}" && error "${jail_name}: archive already exists" 2
+
+if [ "${FORCE}" != "1" ]; then
+    answer=""
+    while :; do
+        printf "> Are you sure you want to archive jail \`%s'? [Y,n,?] " "${jail_name}"
+        read -r answer
+        case $answer in
+            [Yy]|"" )
+                break
+                ;;
+            [Nn] )
+                tty -s && echo "Abort." >&2
+                exit 101
+                ;;
+            * )
+                printf "y - yes, execute actions and exit\n"
+                printf "n - no, don't execute actions and exit\n"
+                printf "? - print this help\n"
+                ;;
+        esac
+    done
+fi
+
+"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
+
+mkdir -p "$(dirname "${archive_jail_path}")"
+mv "${jail_path}" "${archive_jail_path}"
+
+notice "Archive jail \`${jail_name}' : OK"

lib/bkctld-remove

@@ -16,7 +16,14 @@ fi
 jail_path=$(jail_path "${jail_name}")
 incs_path=$(incs_path "${jail_name}")
 
-test -d "${jail_path}" || error "${jail_name}: jail not found" 2
+if ! test -d "${jail_path}"; then
+    if [ "${FORCE}" = "1" ]; then
+        warning "${jail_name}: jail not found (ignore in FORCE mode)"
+        exit 0
+    else
+        error "${jail_name}: jail not found" 2
+    fi
+fi
 
 if [ "${FORCE}" != "1" ]; then
     answer=""

lib/bkctld-rename

@@ -0,0 +1,81 @@
+#!/bin/sh
+#
+# Description: Rename a jail
+# Usage: rename <jailname> <new-jailname> 
+# Return codes:
+# * 1: error
+#
+
+# shellcheck source=./includes
+LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
+
+jail_name="${1:?}"
+new_jail_name="${2:?}"
+if [ -z "${jail_name}" ] || [ -z "${new_jail_name}" ]; then
+    show_help && exit 1
+fi
+jail_path=$(jail_path "${jail_name}")
+incs_path=$(incs_path "${jail_name}")
+jail_config_dir=$(jail_config_dir "${jail_name}")
+legacy_config_file="${CONFDIR}/${jail_name}"
+
+test -d "${jail_path}" || error "${jail_name}: jail not found" 2
+
+new_jail_path=$(jail_path "${new_jail_name}")
+new_incs_path=$(incs_path "${new_jail_name}")
+new_jail_config_dir=$(jail_config_dir "${new_jail_name}")
+new_legacy_config_file="${CONFDIR}/${new_jail_name}"
+
+test -d "${new_jail_path}" && error "${new_jail_name}: jail already exists" 2
+
+"${LIBDIR}/bkctld-is-on" "${jail_name}" 2>/dev/null
+case "$?" in
+    0)
+        jail_initial_status="on"
+    ;;
+    100)
+        jail_initial_status="off"
+    ;;
+    *)
+        unset jail_initial_status
+        error "Error evaluating jail \`${jail_name}' state. bkctld-is-on exited with \`$?'"
+    ;;
+esac
+
+test "${jail_initial_status}" = "on" && "${LIBDIR}/bkctld-stop" "${jail_name}"
+
+if dry_run; then
+    echo "[dry-run] rename ${jail_path} to ${new_jail_path}"
+else
+    mv "${jail_path}" "${new_jail_path}"
+fi
+if dry_run; then
+    if [ -d "${incs_path}" ]; then
+        echo "[dry-run] rename ${incs_path} to ${new_incs_path}"
+    fi
+else
+    if [ -d "${incs_path}" ]; then
+        mv "${incs_path}" "${new_incs_path}"
+    fi
+fi
+if [ -d "${jail_config_dir}" ]; then
+    if dry_run; then
+        echo "[dry-run] rename ${jail_config_dir} to ${new_jail_config_dir}"
+    else
+        mv "${jail_config_dir}" "${new_jail_config_dir}"
+    fi
+fi
+if [ -f "${legacy_config_file}" ]; then
+    if dry_run; then
+        mv "${legacy_config_file}" "${new_legacy_config_file}"
+    else
+        echo "[dry-run] rename ${legacy_config_file} to ${new_legacy_config_file}"
+    fi
+fi
+# Reset firewall for new jail name
+"${LIBDIR}/bkctld-firewall" "${jail_name}"
+"${LIBDIR}/bkctld-firewall" "${new_jail_name}"
+
+test "${jail_initial_status}" = "on" && "${LIBDIR}/bkctld-start" "${new_jail_name}"
+
+notice "Rename jail \`${jail_name}' to \`${new_jail_name}' : OK"

lib/includes

@@ -6,7 +6,7 @@
 
 [ -f /etc/default/bkctld ] && . /etc/default/bkctld
 
-VERSION="2.9.0"
+VERSION="2.10.0"
 
 LIBDIR=${LIBDIR:-/usr/lib/bkctld}
 CONFDIR="${CONFDIR:-/etc/evobackup}"
@@ -17,6 +17,7 @@ INCDIR="${INCDIR:-${BACKUP_PARTITION}/incs}"
 TPLDIR="${TPLDIR:-/usr/share/bkctld}"
 LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
 LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
+ARCHIVESDIR="${ARCHIVESDIR:-${BACKUP_PARTITION}/archives}"
 INDEX_DIR="${INDEX_DIR:-${BACKUP_PARTITION}/index}"
 IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
 SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
@@ -33,7 +34,7 @@ show_version() {
     cat <<END
 bkctld version ${VERSION}
 
-Copyright 2004-2020 Evolix <info@evolix.fr>,
+Copyright 2004-2021 Evolix <info@evolix.fr>,
                     Victor Laborie <vlaborie@evolix.fr>,
                     Jérémy Lecour <jlecour@evolix.fr>
                     and others.
@@ -70,7 +71,7 @@ process_name() {
 debug() {
     msg="${1:-$(cat /dev/stdin)}"
     if [ "${LOGLEVEL}" -ge 7 ]; then
-        echo "$(log_date) DEBUG $(process_name) ${msg}"
+        echo "${msg}"
         logger -t bkctld -p daemon.debug "$(process_name) ${msg}"
     fi
 }
@@ -78,22 +79,22 @@ debug() {
 info() {
     msg="${1:-$(cat /dev/stdin)}"
     if [ "${LOGLEVEL}" -ge 6 ]; then
-        tty -s && echo "$(log_date) INFO $(process_name) ${msg}"
+        tty -s && echo "${msg}"
         logger -t bkctld -p daemon.info "$(process_name) ${msg}"
     fi
 }
 
 notice() {
     msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "$(log_date) NOTICE $(process_name) ${msg}"
+    tty -s && echo "${msg}"
     [ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "$(process_name) ${msg}"
 }
 
 warning() {
     msg="${1:-$(cat /dev/stdin)}"
-    tty -s && echo "$(log_date) WARNING $(process_name) ${msg}" >&2
+    tty -s && echo "${msg}" >&2
     if [ "${LOGLEVEL}" -ge 4 ]; then
-        tty -s || echo "$(log_date) WARNING $(process_name) ${msg}" >&2
+        tty -s || echo "${msg}" >&2
         logger -t bkctld -p daemon.warning "$(process_name) ${msg}"
     fi
 }
@@ -104,9 +105,9 @@ warning() {
 error() {
     msg="${1:-$(cat /dev/stdin)}"
     rc="${2:-1}"
-    tty -s && echo "$(log_date) ERROR $(process_name) ${msg}" >&2
+    tty -s && echo "${msg}" >&2
     if [ "${LOGLEVEL}" -ge 5 ]; then
-        tty -s || echo "$(log_date) ERROR $(process_name) ${msg}" >&2
+        tty -s || echo "${msg}" >&2
         logger -t bkctld -p daemon.error "$(process_name) ${msg}"
     fi
     exit ${rc}
@@ -157,6 +158,12 @@ jail_incs_policy_file() {
 
     echo "${jail_config_dir}/incs_policy"
 }
+# Returns the complete path of an archived jail
+archive_path() {
+    jail_name=${1:?}
+
+    echo "${ARCHIVESDIR}/${jail_name}"
+}
 # Returns the path of incs for a jail
 incs_path() {
     jail_name=${1:?}

test/main.bats

@@ -61,6 +61,40 @@ load test_helper
     refute_equal "${pid_before}" "${pid_after}"
 }
 
+@test "A jail should be able to be renamed" {
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    new_name="${JAILNAME}-new"
+    # A started jail should report to be ON
+    run /usr/lib/bkctld/bkctld-rename "${JAILNAME}" "${new_name}"
+    assert_success
+
+    run /usr/lib/bkctld/bkctld-is-on "${new_name}"
+    assert_success
+
+    # change variable to new name,for teardown
+    JAILNAME="${new_name}"
+}
+
+@test "A jail should be able to be archived" {
+    /usr/lib/bkctld/bkctld-start "${JAILNAME}"
+    # A started jail should report to be ON
+    run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
+    assert_success
+
+    run /usr/lib/bkctld/bkctld-archive "${JAILNAME}"
+    assert_success
+
+    # A started jail should report to be OFF
+    run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
+    assert_failure
+
+    run test -d "${JAILPATH}"
+    assert_failure
+
+    run test -d "/backup/archives/${JAILNAME}"
+    assert_success
+}
+
 @test "Status should return information" {
     run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
     assert_success
@@ -76,4 +110,4 @@ load test_helper
     # A stopped jail should not report to be ON
     run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
     assert_failure
-}
+}

zzz_evobackup

@@ -152,6 +152,12 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
 
     ## MySQL
 
+    ## Purge previous dumps
+    # rm -f  ${LOCAL_BACKUP_DIR}/mysql.*.gz
+    # rm -rf ${LOCAL_BACKUP_DIR}/mysql
+    # rm -rf ${LOCAL_BACKUP_DIR}/mysqlhotcopy
+    # rm -rf /home/mysqldump
+
     ## example with global and compressed mysqldump
     # mysqldump --defaults-extra-file=/etc/mysql/debian.cnf -P 3306 \
     #  --opt --all-databases --force --events --hex-blob | gzip --best > ${LOCAL_BACKUP_DIR}/mysql.bak.gz
@@ -189,7 +195,7 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
 
     ## example with mysqlhotcopy
     # mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysqlhotcopy/
-    # mysqlhotcopy BASE ${LOCAL_BACKUP_DIR}/mysql/mysqlhotcopy/
+    # mysqlhotcopy MYBASE ${LOCAL_BACKUP_DIR}/mysqlhotcopy/
 
     ## example for multiples MySQL instances
     # mysqladminpasswd=$(grep -m1 'password = .*' /root/.my.cnf|cut -d" " -f3)
@@ -197,12 +203,16 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
     #     instance=$(echo "$instance"|awk '{ print $3 }')
     #     if [ "$instance" != "3306" ]
     #     then
-    #         mysqldump -P $instance --opt --all-databases --hex-blob -u mysqladmin -p$mysqladminpasswd > ${LOCAL_BACKUP_DIR}/mysql.$instance.bak
+    #         mysqldump -P $instance --opt --all-databases --hex-blob -u mysqladmin -p$mysqladminpasswd | gzip --best > ${LOCAL_BACKUP_DIR}/mysql.$instance.bak.gz
     #     fi
     # done
 
     ## PostgreSQL
 
+    ## Purge previous dumps
+    # rm ${LOCAL_BACKUP_DIR}/pg.*.gz
+    # rm ${LOCAL_BACKUP_DIR}/pg-backup.tar
+    # rm ${LOCAL_BACKUP_DIR}/postgresql/*
     ## example with pg_dumpall (warning: you need space in ~postgres)
     # su - postgres -c "pg_dumpall > ~/pg.dump.bak"
     # mv ~postgres/pg.dump.bak ${LOCAL_BACKUP_DIR}/
@@ -217,12 +227,20 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
     ## example with only TABLE1 and TABLE2 from MYBASE
     # pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f ${LOCAL_BACKUP_DIR}/pg-backup.tar -T 'TABLE1' -T 'TABLE2' MYBASE
 
+    ## example with compressed PostgreSQL dump for each databases
+    # mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/postgresql
+    # chown postgres:postgres ${LOCAL_BACKUP_DIR}/postgresql
+    # dbs=$(sudo -u postgres psql -U postgres -lt | awk -F\| '{print $1}' |grep -v template*)
+    # 
+    # for databases in $dbs ; do sudo -u postgres /usr/bin/pg_dump --create -s -U postgres -d $databases | gzip --best -c > ${LOCAL_BACKUP_DIR}/postgresql/$databases.sql.gz ; done
+
     ## MongoDB
 
     ## don't forget to create use with read-only access
     ## > use admin
     ## > db.createUser( { user: "mongobackup", pwd: "PASS", roles: [ "backup", ] } )
-    # test -d ${LOCAL_BACKUP_DIR}/mongodump/ && rm -rf ${LOCAL_BACKUP_DIR}/mongodump/
+    ## Purge previous dumps
+    # rm -rf ${LOCAL_BACKUP_DIR}/mongodump/
     # mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mongodump/
     # mongodump --quiet -u mongobackup -pPASS -o ${LOCAL_BACKUP_DIR}/mongodump/
     # if [ $? -ne 0 ]; then
@@ -231,9 +249,13 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
 
     ## Redis
 
+    ## Purge previous dumps
+    # rm -rf ${LOCAL_BACKUP_DIR}/redis/
+    # rm -rf ${LOCAL_BACKUP_DIR}/redis-*
     ## example with copy .rdb file
     ## for the default instance :
-    # cp /var/lib/redis/dump.rdb ${LOCAL_BACKUP_DIR}/
+    # mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/redis/
+    # cp /var/lib/redis/dump.rdb ${LOCAL_BACKUP_DIR}/redis/
     ## for multiple instances :
     # for instance in $(ls -d /var/lib/redis-*); do
     #     name=$(basename $instance)
@@ -313,8 +335,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
             ${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt
         fi
     else
-        ## Dump network connections with netstat
-        netstat -finet -atn > ${LOCAL_BACKUP_DIR}/netstat.out
+        ## Dump network connections with fstat
+        fstat | head -1 > ${LOCAL_BACKUP_DIR}/netstat.out
+        fstat | grep internet >> ${LOCAL_BACKUP_DIR}/netstat.out
 
         ## List OpenBSD packages
         pkg_info -m > ${LOCAL_BACKUP_DIR}/packages
@@ -416,6 +439,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then
         --exclude "lxc/*/rootfs/var/apt"                   \
         --exclude "lxc/*/rootfs/var/cache"                 \
         --exclude "lxc/*/rootfs/var/lib/php5"              \
+        --exclude "lxc/*/rootfs/var/lib/php/sessions"      \
         --exclude "lxc/*/rootfs/var/lock"                  \
         --exclude "lxc/*/rootfs/var/log"                   \
         --exclude "lxc/*/rootfs/var/run"                   \