Merge branch 'master' into debian
Some checks failed
continuous-integration/drone/push Build is failing
Some checks failed
continuous-integration/drone/push Build is failing
This commit is contained in:
commit
677c1da0e9
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -18,6 +18,16 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|||
|
||||
### Security
|
||||
|
||||
## [2.10.0] - 2021-06-29
|
||||
|
||||
### Added
|
||||
|
||||
* bkctld-archive: archive a jail
|
||||
* bkctld-rename: rename a jail and all its incs and configuration…
|
||||
|
||||
### Removed
|
||||
|
||||
* Do not print out date, log level and process name on stdout/stderr
|
||||
## [2.9.0] - 2021-02-22
|
||||
|
||||
### Added
|
||||
|
|
12
bkctld
12
bkctld
|
@ -101,7 +101,7 @@ case "${subcommand}" in
|
|||
"${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${option}"
|
||||
fi
|
||||
;;
|
||||
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall" | "upgrade-config")
|
||||
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall" | "upgrade-config" | "archive")
|
||||
jail_name="${2:-}"
|
||||
if [ "${jail_name}" = "all" ]; then
|
||||
for jail in $("${LIBDIR}/bkctld-list"); do
|
||||
|
@ -156,6 +156,16 @@ case "${subcommand}" in
|
|||
done
|
||||
echo "finish"
|
||||
;;
|
||||
"rename")
|
||||
jail_name="${2:-}"
|
||||
new_jail_name="${3:-}"
|
||||
if [ -z "${jail_name}" ] || [ -z "${new_jail_name}" ]; then
|
||||
show_help
|
||||
exit 1
|
||||
else
|
||||
"${LIBDIR}/bkctld-${subcommand}" "${jail_name}" "${new_jail_name}"
|
||||
fi
|
||||
;;
|
||||
*)
|
||||
show_help
|
||||
exit 1
|
||||
|
|
|
@ -14,3 +14,4 @@
|
|||
#FIREWALL_RULES=''
|
||||
#LOGLEVEL=6
|
||||
#NODE=''
|
||||
#ARCHIVESDIR='/backup/archives'
|
||||
|
|
51
lib/bkctld-archive
Executable file
51
lib/bkctld-archive
Executable file
|
@ -0,0 +1,51 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Description: Archive jail and all dated copies (incs)
|
||||
# Usage: archive <jailname>|all
|
||||
# Return codes:
|
||||
# * 101 : jail archival aborted
|
||||
#
|
||||
|
||||
# shellcheck source=./includes
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||
|
||||
jail_name="${1:?}"
|
||||
if [ -z "${jail_name}" ]; then
|
||||
show_help && exit 1
|
||||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found" 2
|
||||
|
||||
archive_jail_path=$(archive_path "${jail_name}")
|
||||
|
||||
test -d "${archive_jail_path}" && error "${jail_name}: archive already exists" 2
|
||||
|
||||
if [ "${FORCE}" != "1" ]; then
|
||||
answer=""
|
||||
while :; do
|
||||
printf "> Are you sure you want to archive jail \`%s'? [Y,n,?] " "${jail_name}"
|
||||
read -r answer
|
||||
case $answer in
|
||||
[Yy]|"" )
|
||||
break
|
||||
;;
|
||||
[Nn] )
|
||||
tty -s && echo "Abort." >&2
|
||||
exit 101
|
||||
;;
|
||||
* )
|
||||
printf "y - yes, execute actions and exit\n"
|
||||
printf "n - no, don't execute actions and exit\n"
|
||||
printf "? - print this help\n"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
fi
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
|
||||
mkdir -p "$(dirname "${archive_jail_path}")"
|
||||
mv "${jail_path}" "${archive_jail_path}"
|
||||
|
||||
notice "Archive jail \`${jail_name}' : OK"
|
|
@ -16,7 +16,14 @@ fi
|
|||
jail_path=$(jail_path "${jail_name}")
|
||||
incs_path=$(incs_path "${jail_name}")
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found" 2
|
||||
if ! test -d "${jail_path}"; then
|
||||
if [ "${FORCE}" = "1" ]; then
|
||||
warning "${jail_name}: jail not found (ignore in FORCE mode)"
|
||||
exit 0
|
||||
else
|
||||
error "${jail_name}: jail not found" 2
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "${FORCE}" != "1" ]; then
|
||||
answer=""
|
||||
|
|
81
lib/bkctld-rename
Executable file
81
lib/bkctld-rename
Executable file
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Description: Rename a jail
|
||||
# Usage: rename <jailname> <new-jailname>
|
||||
# Return codes:
|
||||
# * 1: error
|
||||
#
|
||||
|
||||
# shellcheck source=./includes
|
||||
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"
|
||||
|
||||
jail_name="${1:?}"
|
||||
new_jail_name="${2:?}"
|
||||
if [ -z "${jail_name}" ] || [ -z "${new_jail_name}" ]; then
|
||||
show_help && exit 1
|
||||
fi
|
||||
jail_path=$(jail_path "${jail_name}")
|
||||
incs_path=$(incs_path "${jail_name}")
|
||||
jail_config_dir=$(jail_config_dir "${jail_name}")
|
||||
legacy_config_file="${CONFDIR}/${jail_name}"
|
||||
|
||||
test -d "${jail_path}" || error "${jail_name}: jail not found" 2
|
||||
|
||||
new_jail_path=$(jail_path "${new_jail_name}")
|
||||
new_incs_path=$(incs_path "${new_jail_name}")
|
||||
new_jail_config_dir=$(jail_config_dir "${new_jail_name}")
|
||||
new_legacy_config_file="${CONFDIR}/${new_jail_name}"
|
||||
|
||||
test -d "${new_jail_path}" && error "${new_jail_name}: jail already exists" 2
|
||||
|
||||
"${LIBDIR}/bkctld-is-on" "${jail_name}" 2>/dev/null
|
||||
case "$?" in
|
||||
0)
|
||||
jail_initial_status="on"
|
||||
;;
|
||||
100)
|
||||
jail_initial_status="off"
|
||||
;;
|
||||
*)
|
||||
unset jail_initial_status
|
||||
error "Error evaluating jail \`${jail_name}' state. bkctld-is-on exited with \`$?'"
|
||||
;;
|
||||
esac
|
||||
|
||||
test "${jail_initial_status}" = "on" && "${LIBDIR}/bkctld-stop" "${jail_name}"
|
||||
|
||||
if dry_run; then
|
||||
echo "[dry-run] rename ${jail_path} to ${new_jail_path}"
|
||||
else
|
||||
mv "${jail_path}" "${new_jail_path}"
|
||||
fi
|
||||
if dry_run; then
|
||||
if [ -d "${incs_path}" ]; then
|
||||
echo "[dry-run] rename ${incs_path} to ${new_incs_path}"
|
||||
fi
|
||||
else
|
||||
if [ -d "${incs_path}" ]; then
|
||||
mv "${incs_path}" "${new_incs_path}"
|
||||
fi
|
||||
fi
|
||||
if [ -d "${jail_config_dir}" ]; then
|
||||
if dry_run; then
|
||||
echo "[dry-run] rename ${jail_config_dir} to ${new_jail_config_dir}"
|
||||
else
|
||||
mv "${jail_config_dir}" "${new_jail_config_dir}"
|
||||
fi
|
||||
fi
|
||||
if [ -f "${legacy_config_file}" ]; then
|
||||
if dry_run; then
|
||||
mv "${legacy_config_file}" "${new_legacy_config_file}"
|
||||
else
|
||||
echo "[dry-run] rename ${legacy_config_file} to ${new_legacy_config_file}"
|
||||
fi
|
||||
fi
|
||||
# Reset firewall for new jail name
|
||||
"${LIBDIR}/bkctld-firewall" "${jail_name}"
|
||||
"${LIBDIR}/bkctld-firewall" "${new_jail_name}"
|
||||
|
||||
test "${jail_initial_status}" = "on" && "${LIBDIR}/bkctld-start" "${new_jail_name}"
|
||||
|
||||
notice "Rename jail \`${jail_name}' to \`${new_jail_name}' : OK"
|
25
lib/includes
25
lib/includes
|
@ -6,7 +6,7 @@
|
|||
|
||||
[ -f /etc/default/bkctld ] && . /etc/default/bkctld
|
||||
|
||||
VERSION="2.9.0"
|
||||
VERSION="2.10.0"
|
||||
|
||||
LIBDIR=${LIBDIR:-/usr/lib/bkctld}
|
||||
CONFDIR="${CONFDIR:-/etc/evobackup}"
|
||||
|
@ -17,6 +17,7 @@ INCDIR="${INCDIR:-${BACKUP_PARTITION}/incs}"
|
|||
TPLDIR="${TPLDIR:-/usr/share/bkctld}"
|
||||
LOCALTPLDIR="${LOCALTPLDIR:-/usr/local/share/bkctld}"
|
||||
LOCKDIR="${LOCKDIR:-/run/lock/bkctld}"
|
||||
ARCHIVESDIR="${ARCHIVESDIR:-${BACKUP_PARTITION}/archives}"
|
||||
INDEX_DIR="${INDEX_DIR:-${BACKUP_PARTITION}/index}"
|
||||
IDX_FILE="${IDX_FILE:-${INDEX_DIR}/bkctld-jails.idx}"
|
||||
SSHD_PID="${SSHD_PID:-/run/sshd.pid}"
|
||||
|
@ -33,7 +34,7 @@ show_version() {
|
|||
cat <<END
|
||||
bkctld version ${VERSION}
|
||||
|
||||
Copyright 2004-2020 Evolix <info@evolix.fr>,
|
||||
Copyright 2004-2021 Evolix <info@evolix.fr>,
|
||||
Victor Laborie <vlaborie@evolix.fr>,
|
||||
Jérémy Lecour <jlecour@evolix.fr>
|
||||
and others.
|
||||
|
@ -70,7 +71,7 @@ process_name() {
|
|||
debug() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
if [ "${LOGLEVEL}" -ge 7 ]; then
|
||||
echo "$(log_date) DEBUG $(process_name) ${msg}"
|
||||
echo "${msg}"
|
||||
logger -t bkctld -p daemon.debug "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
@ -78,22 +79,22 @@ debug() {
|
|||
info() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
if [ "${LOGLEVEL}" -ge 6 ]; then
|
||||
tty -s && echo "$(log_date) INFO $(process_name) ${msg}"
|
||||
tty -s && echo "${msg}"
|
||||
logger -t bkctld -p daemon.info "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
||||
notice() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
tty -s && echo "$(log_date) NOTICE $(process_name) ${msg}"
|
||||
tty -s && echo "${msg}"
|
||||
[ "${LOGLEVEL}" -ge 5 ] && logger -t bkctld -p daemon.notice "$(process_name) ${msg}"
|
||||
}
|
||||
|
||||
warning() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
tty -s && echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||
tty -s && echo "${msg}" >&2
|
||||
if [ "${LOGLEVEL}" -ge 4 ]; then
|
||||
tty -s || echo "$(log_date) WARNING $(process_name) ${msg}" >&2
|
||||
tty -s || echo "${msg}" >&2
|
||||
logger -t bkctld -p daemon.warning "$(process_name) ${msg}"
|
||||
fi
|
||||
}
|
||||
|
@ -104,9 +105,9 @@ warning() {
|
|||
error() {
|
||||
msg="${1:-$(cat /dev/stdin)}"
|
||||
rc="${2:-1}"
|
||||
tty -s && echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||
tty -s && echo "${msg}" >&2
|
||||
if [ "${LOGLEVEL}" -ge 5 ]; then
|
||||
tty -s || echo "$(log_date) ERROR $(process_name) ${msg}" >&2
|
||||
tty -s || echo "${msg}" >&2
|
||||
logger -t bkctld -p daemon.error "$(process_name) ${msg}"
|
||||
fi
|
||||
exit ${rc}
|
||||
|
@ -157,6 +158,12 @@ jail_incs_policy_file() {
|
|||
|
||||
echo "${jail_config_dir}/incs_policy"
|
||||
}
|
||||
# Returns the complete path of an archived jail
|
||||
archive_path() {
|
||||
jail_name=${1:?}
|
||||
|
||||
echo "${ARCHIVESDIR}/${jail_name}"
|
||||
}
|
||||
# Returns the path of incs for a jail
|
||||
incs_path() {
|
||||
jail_name=${1:?}
|
||||
|
|
|
@ -61,6 +61,40 @@ load test_helper
|
|||
refute_equal "${pid_before}" "${pid_after}"
|
||||
}
|
||||
|
||||
@test "A jail should be able to be renamed" {
|
||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||
new_name="${JAILNAME}-new"
|
||||
# A started jail should report to be ON
|
||||
run /usr/lib/bkctld/bkctld-rename "${JAILNAME}" "${new_name}"
|
||||
assert_success
|
||||
|
||||
run /usr/lib/bkctld/bkctld-is-on "${new_name}"
|
||||
assert_success
|
||||
|
||||
# change variable to new name,for teardown
|
||||
JAILNAME="${new_name}"
|
||||
}
|
||||
|
||||
@test "A jail should be able to be archived" {
|
||||
/usr/lib/bkctld/bkctld-start "${JAILNAME}"
|
||||
# A started jail should report to be ON
|
||||
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
|
||||
assert_success
|
||||
|
||||
run /usr/lib/bkctld/bkctld-archive "${JAILNAME}"
|
||||
assert_success
|
||||
|
||||
# A started jail should report to be OFF
|
||||
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
|
||||
assert_failure
|
||||
|
||||
run test -d "${JAILPATH}"
|
||||
assert_failure
|
||||
|
||||
run test -d "/backup/archives/${JAILNAME}"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "Status should return information" {
|
||||
run /usr/lib/bkctld/bkctld-status "${JAILNAME}"
|
||||
assert_success
|
||||
|
@ -76,4 +110,4 @@ load test_helper
|
|||
# A stopped jail should not report to be ON
|
||||
run /usr/lib/bkctld/bkctld-is-on "${JAILNAME}"
|
||||
assert_failure
|
||||
}
|
||||
}
|
|
@ -152,6 +152,12 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
|
||||
## MySQL
|
||||
|
||||
## Purge previous dumps
|
||||
# rm -f ${LOCAL_BACKUP_DIR}/mysql.*.gz
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/mysql
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/mysqlhotcopy
|
||||
# rm -rf /home/mysqldump
|
||||
|
||||
## example with global and compressed mysqldump
|
||||
# mysqldump --defaults-extra-file=/etc/mysql/debian.cnf -P 3306 \
|
||||
# --opt --all-databases --force --events --hex-blob | gzip --best > ${LOCAL_BACKUP_DIR}/mysql.bak.gz
|
||||
|
@ -189,7 +195,7 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
|
||||
## example with mysqlhotcopy
|
||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mysqlhotcopy/
|
||||
# mysqlhotcopy BASE ${LOCAL_BACKUP_DIR}/mysql/mysqlhotcopy/
|
||||
# mysqlhotcopy MYBASE ${LOCAL_BACKUP_DIR}/mysqlhotcopy/
|
||||
|
||||
## example for multiples MySQL instances
|
||||
# mysqladminpasswd=$(grep -m1 'password = .*' /root/.my.cnf|cut -d" " -f3)
|
||||
|
@ -197,12 +203,16 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
# instance=$(echo "$instance"|awk '{ print $3 }')
|
||||
# if [ "$instance" != "3306" ]
|
||||
# then
|
||||
# mysqldump -P $instance --opt --all-databases --hex-blob -u mysqladmin -p$mysqladminpasswd > ${LOCAL_BACKUP_DIR}/mysql.$instance.bak
|
||||
# mysqldump -P $instance --opt --all-databases --hex-blob -u mysqladmin -p$mysqladminpasswd | gzip --best > ${LOCAL_BACKUP_DIR}/mysql.$instance.bak.gz
|
||||
# fi
|
||||
# done
|
||||
|
||||
## PostgreSQL
|
||||
|
||||
## Purge previous dumps
|
||||
# rm ${LOCAL_BACKUP_DIR}/pg.*.gz
|
||||
# rm ${LOCAL_BACKUP_DIR}/pg-backup.tar
|
||||
# rm ${LOCAL_BACKUP_DIR}/postgresql/*
|
||||
## example with pg_dumpall (warning: you need space in ~postgres)
|
||||
# su - postgres -c "pg_dumpall > ~/pg.dump.bak"
|
||||
# mv ~postgres/pg.dump.bak ${LOCAL_BACKUP_DIR}/
|
||||
|
@ -217,12 +227,20 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
## example with only TABLE1 and TABLE2 from MYBASE
|
||||
# pg_dump -p 5432 -h 127.0.0.1 -U USER --clean -F t --inserts -f ${LOCAL_BACKUP_DIR}/pg-backup.tar -T 'TABLE1' -T 'TABLE2' MYBASE
|
||||
|
||||
## example with compressed PostgreSQL dump for each databases
|
||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/postgresql
|
||||
# chown postgres:postgres ${LOCAL_BACKUP_DIR}/postgresql
|
||||
# dbs=$(sudo -u postgres psql -U postgres -lt | awk -F\| '{print $1}' |grep -v template*)
|
||||
#
|
||||
# for databases in $dbs ; do sudo -u postgres /usr/bin/pg_dump --create -s -U postgres -d $databases | gzip --best -c > ${LOCAL_BACKUP_DIR}/postgresql/$databases.sql.gz ; done
|
||||
|
||||
## MongoDB
|
||||
|
||||
## don't forget to create use with read-only access
|
||||
## > use admin
|
||||
## > db.createUser( { user: "mongobackup", pwd: "PASS", roles: [ "backup", ] } )
|
||||
# test -d ${LOCAL_BACKUP_DIR}/mongodump/ && rm -rf ${LOCAL_BACKUP_DIR}/mongodump/
|
||||
## Purge previous dumps
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/mongodump/
|
||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/mongodump/
|
||||
# mongodump --quiet -u mongobackup -pPASS -o ${LOCAL_BACKUP_DIR}/mongodump/
|
||||
# if [ $? -ne 0 ]; then
|
||||
|
@ -231,9 +249,13 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
|
||||
## Redis
|
||||
|
||||
## Purge previous dumps
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/redis/
|
||||
# rm -rf ${LOCAL_BACKUP_DIR}/redis-*
|
||||
## example with copy .rdb file
|
||||
## for the default instance :
|
||||
# cp /var/lib/redis/dump.rdb ${LOCAL_BACKUP_DIR}/
|
||||
# mkdir -p -m 700 ${LOCAL_BACKUP_DIR}/redis/
|
||||
# cp /var/lib/redis/dump.rdb ${LOCAL_BACKUP_DIR}/redis/
|
||||
## for multiple instances :
|
||||
# for instance in $(ls -d /var/lib/redis-*); do
|
||||
# name=$(basename $instance)
|
||||
|
@ -313,8 +335,9 @@ if [ "${LOCAL_TASKS}" = "1" ]; then
|
|||
${FINDMNT_BIN} > ${LOCAL_BACKUP_DIR}/findmnt.txt
|
||||
fi
|
||||
else
|
||||
## Dump network connections with netstat
|
||||
netstat -finet -atn > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
## Dump network connections with fstat
|
||||
fstat | head -1 > ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
fstat | grep internet >> ${LOCAL_BACKUP_DIR}/netstat.out
|
||||
|
||||
## List OpenBSD packages
|
||||
pkg_info -m > ${LOCAL_BACKUP_DIR}/packages
|
||||
|
@ -416,6 +439,7 @@ if [ "${SYNC_TASKS}" = "1" ]; then
|
|||
--exclude "lxc/*/rootfs/var/apt" \
|
||||
--exclude "lxc/*/rootfs/var/cache" \
|
||||
--exclude "lxc/*/rootfs/var/lib/php5" \
|
||||
--exclude "lxc/*/rootfs/var/lib/php/sessions" \
|
||||
--exclude "lxc/*/rootfs/var/lock" \
|
||||
--exclude "lxc/*/rootfs/var/log" \
|
||||
--exclude "lxc/*/rootfs/var/run" \
|
||||
|
|
Loading…
Reference in a new issue