From feca89a19fddbdb9b0ab5c0fa82727d0a6ec7763 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sun, 25 Feb 2018 17:28:57 +0000 Subject: [PATCH] Tidying database utils --- src/freedombone-utils-database | 258 +++++++++++++++++---------------- 1 file changed, 130 insertions(+), 128 deletions(-) diff --git a/src/freedombone-utils-database b/src/freedombone-utils-database index e3fcf0d4..6242c2e7 100755 --- a/src/freedombone-utils-database +++ b/src/freedombone-utils-database @@ -37,14 +37,14 @@ BACKUP_INCLUDES_DATABASES="no" function store_original_mariadb_password { if [ ! -f /root/.mariadboriginal ]; then echo $'Storing original mariadb password' - ORIGINAL_MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) + ORIGINAL_MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) # We can store this in plaintext because it will soon be of historical interest only echo -n "$ORIGINAL_MARIADB_PASSWORD" > /root/.mariadboriginal fi } function keep_database_running { - if [ ! $(daemon_is_running mariadb) ]; then + if [ ! "$(daemon_is_running mariadb)" ]; then systemctl start mariadb fi } @@ -65,65 +65,65 @@ function backup_database_local { backup_databases_script=/usr/bin/backupdatabases if ! grep -q "# Check database daemon" /usr/bin/backupdatabases; then - echo '' >> /usr/bin/backupdatabases - echo '# Check database daemon is running' >> /usr/bin/backupdatabases - echo 'if [ ! $(systemctl is-active mariadb >/dev/null 2>&1 && echo Running) ]; then' >> /usr/bin/backupdatabases - echo ' systemctl start mariadb' >> /usr/bin/backupdatabases - echo 'fi' >> /usr/bin/backupdatabases - echo '' >> /usr/bin/backupdatabases + { echo ''; + echo '# Check database daemon is running'; + echo "if [ ! \$(systemctl is-active mariadb >/dev/null 2>&1 && echo Running) ]; then"; + echo ' systemctl start mariadb'; + echo 'fi'; + echo ''; } >> /usr/bin/backupdatabases fi if ! grep -q "# Backup the ${database_name} database" $backup_databases_script; then - echo "# Backup the ${database_name} database" >> $backup_databases_script - echo "TEMPFILE=/root/${database_name}.sql" >> $backup_databases_script - echo "DAILYFILE=/var/backups/${database_name}_daily.sql" >> $backup_databases_script - echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE" >> $backup_databases_script - echo 'FILESIZE=$(stat -c%s $TEMPFILE)' >> $backup_databases_script - echo 'if [ "$FILESIZE" -eq "0" ]; then' >> $backup_databases_script - echo ' if [ -f $DAILYFILE ]; then' >> $backup_databases_script - echo ' cp $DAILYFILE $TEMPFILE' >> $backup_databases_script - echo '' >> $backup_databases_script - echo ' # try to restore yesterdays database' >> $backup_databases_script - echo " mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE" >> $backup_databases_script - echo '' >> $backup_databases_script - echo ' # Send a warning email' >> $backup_databases_script - echo " echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script - echo ' else' >> $backup_databases_script - echo ' # Send a warning email' >> $backup_databases_script - echo " echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL" >> $backup_databases_script - echo ' fi' >> $backup_databases_script - echo 'else' >> $backup_databases_script - echo ' chmod 600 $TEMPFILE' >> $backup_databases_script - echo ' mv $TEMPFILE $DAILYFILE' >> $backup_databases_script - echo '' >> $backup_databases_script - echo ' # Make the backup readable only by root' >> $backup_databases_script - echo ' chmod 600 $DAILYFILE' >> $backup_databases_script - echo 'fi' >> $backup_databases_script - echo "# End of ${database_name} database backup" >> $backup_databases_script + { echo "# Backup the ${database_name} database"; + echo "TEMPFILE=/root/${database_name}.sql"; + echo "DAILYFILE=/var/backups/${database_name}_daily.sql"; + echo "mysqldump --password=\"\$MYSQL_PASSWORD\" ${database_name} > \$TEMPFILE"; + echo "FILESIZE=\$(stat -c%s \$TEMPFILE)"; + echo "if [ \"\$FILESIZE\" -eq \"0\" ]; then"; + echo " if [ -f \$DAILYFILE ]; then"; + echo " cp \$DAILYFILE \$TEMPFILE"; + echo ''; + echo ' # try to restore yesterdays database'; + echo " mysql -u root --password=\"\$MYSQL_PASSWORD\" ${database_name} -o < \$DAILYFILE"; + echo ''; + echo ' # Send a warning email'; + echo " echo \"Unable to create a backup of the ${database_name} database. Attempted to restore from yesterdays backup\" | mail -s \"${database_name} backup\" \$EMAIL"; + echo ' else'; + echo ' # Send a warning email'; + echo " echo \"Unable to create a backup of the ${database_name} database.\" | mail -s \"${database_name} backup\" \$EMAIL"; + echo ' fi'; + echo 'else'; + echo " chmod 600 \$TEMPFILE"; + echo " mv \$TEMPFILE \$DAILYFILE"; + echo ''; + echo ' # Make the backup readable only by root'; + echo " chmod 600 \$DAILYFILE"; + echo 'fi'; + echo "# End of ${database_name} database backup"; } >> $backup_databases_script fi weekly_backup_script=/etc/cron.weekly/backupdatabasesweekly if ! grep -q "Backup ${database_name}" ${weekly_backup_script}; then - echo "# Backup ${database_name}" >> ${weekly_backup_script} - echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${weekly_backup_script} - echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql" >> ${weekly_backup_script} - echo 'fi' >> ${weekly_backup_script} - echo "if [ -f /var/backups/${database_name}_daily.sql ]; then" >> ${weekly_backup_script} - echo " cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql" >> ${weekly_backup_script} - echo 'fi' >> ${weekly_backup_script} - echo "# End of backup for ${database_name}" >> ${weekly_backup_script} + { echo "# Backup ${database_name}"; + echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then"; + echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_2weekly.sql"; + echo 'fi'; + echo "if [ -f /var/backups/${database_name}_daily.sql ]; then"; + echo " cp -f /var/backups/${database_name}_daily.sql /var/backups/${database_name}_weekly.sql"; + echo 'fi'; + echo "# End of backup for ${database_name}"; } >> ${weekly_backup_script} fi monthly_backup_script=/etc/cron.monthly/backupdatabasesmonthly if ! grep -q "Backup ${database_name}" ${monthly_backup_script}; then - echo "# Backup ${database_name}" >> ${monthly_backup_script} - echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then" >> ${monthly_backup_script} - echo " cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql" >> ${monthly_backup_script} - echo 'fi' >> ${monthly_backup_script} - echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then" >> ${monthly_backup_script} - echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql" >> ${monthly_backup_script} - echo 'fi' >> ${monthly_backup_script} - echo "# End of backup for ${database_name}" >> ${monthly_backup_script} + { echo "# Backup ${database_name}"; + echo "if [ -f /var/backups/${database_name}_monthly.sql ]; then"; + echo " cp -f /var/backups/${database_name}_monthly.sql /var/backups/${database_name}_2monthly.sql"; + echo 'fi'; + echo "if [ -f /var/backups/${database_name}_weekly.sql ]; then"; + echo " cp -f /var/backups/${database_name}_weekly.sql /var/backups/${database_name}_monthly.sql"; + echo 'fi'; + echo "# End of backup for ${database_name}"; } >> ${monthly_backup_script} fi if ! grep -q "${database_name}" /etc/cron.hourly/repair; then @@ -138,15 +138,15 @@ function get_mariadb_password { DATABASE_PASSWORD_FILE=/root/dbpass if [ -f $DATABASE_PASSWORD_FILE ]; then MARIADB_PASSWORD=$(cat $DATABASE_PASSWORD_FILE) - ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD" - stored_password=$(${PROJECT_NAME}-pass -u root -a mariadb) + "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD" + stored_password=$("${PROJECT_NAME}-pass" -u root -a mariadb) if [[ "$stored_password" == "$MARIADB_PASSWORD" ]]; then shred -zu $DATABASE_PASSWORD_FILE echo $'MariaDB password moved into password store' return fi fi - MARIADB_PASSWORD=$(${PROJECT_NAME}-pass -u root -a mariadb) + MARIADB_PASSWORD=$("${PROJECT_NAME}-pass" -u root -a mariadb) if [[ "$MARIADB_PASSWORD" == *'failed'* ]]; then echo $'Could not obtain mariadb password' exit 835225 @@ -155,12 +155,12 @@ function get_mariadb_password { function mariadb_kill_stone_dead { systemctl stop mariadb - kill_pid=$(ps aux | grep mysqld_safe | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid - kill_pid=$(ps aux | grep mysqld | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid - kill_pid=$(ps aux | grep mysqld | awk -F ' ' '{print $2}' | head -n 1) - kill -9 $kill_pid + kill_pid=$(pgrep mysqld_safe | head -n 1) + kill -9 "$kill_pid" + kill_pid=$(pgrep mysqld | head -n 1) + kill -9 "$kill_pid" + kill_pid=$(pgrep mysqld | head -n 1) + kill -9 "$kill_pid" } function mariadb_fix_authentication { @@ -201,14 +201,15 @@ function install_mariadb { function_check get_mariadb_password get_mariadb_password - if [ ! $MARIADB_PASSWORD ]; then - if [ -f $IMAGE_PASSWORD_FILE ]; then - MARIADB_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + if [ ! "$MARIADB_PASSWORD" ]; then + if [ -f "$IMAGE_PASSWORD_FILE" ]; then + passfile="$(cat "$IMAGE_PASSWORD_FILE")" + MARIADB_PASSWORD="$(printf "%s" "$passfile")" else - MARIADB_PASSWORD="$(openssl rand -base64 32 | cut -c1-${MINIMUM_PASSWORD_LENGTH})" + MARIADB_PASSWORD=$(create_password "${MINIMUM_PASSWORD_LENGTH}") fi fi - ${PROJECT_NAME}-pass -u root -a mariadb -p "$MARIADB_PASSWORD" + "${PROJECT_NAME}-pass" -u root -a mariadb -p "$MARIADB_PASSWORD" debconf-set-selections <<< "mariadb-server mariadb-server/root_password password $MARIADB_PASSWORD" debconf-set-selections <<< "mariadb-server mariadb-server/root_password_again password $MARIADB_PASSWORD" @@ -243,37 +244,37 @@ function install_mariadb { function backup_databases_script_header { if [ ! -f /usr/bin/backupdatabases ]; then # daily - echo '#!/bin/sh' > /usr/bin/backupdatabases - echo '' >> /usr/bin/backupdatabases - echo "EMAIL='$MY_EMAIL_ADDRESS'" >> /usr/bin/backupdatabases - echo '' >> /usr/bin/backupdatabases - echo "MYSQL_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)" >> /usr/bin/backupdatabases - echo 'umask 0077' >> /usr/bin/backupdatabases - echo '' >> /usr/bin/backupdatabases - echo '# exit if we are backing up to friends servers' >> /usr/bin/backupdatabases - echo "if [ -f $FRIENDS_SERVERS_LIST ]; then" >> /usr/bin/backupdatabases - echo ' exit 1' >> /usr/bin/backupdatabases - echo 'fi' >> /usr/bin/backupdatabases + { echo '#!/bin/sh'; + echo ''; + echo "EMAIL='$MY_EMAIL_ADDRESS'"; + echo ''; + echo "MYSQL_PASSWORD=\$(${PROJECT_NAME}-pass -u root -a mariadb)"; + echo 'umask 0077'; + echo ''; + echo '# exit if we are backing up to friends servers'; + echo "if [ -f $FRIENDS_SERVERS_LIST ]; then"; + echo ' exit 1'; + echo 'fi'; } > /usr/bin/backupdatabases chmod 600 /usr/bin/backupdatabases chmod +x /usr/bin/backupdatabases - echo '#!/bin/sh' > /etc/cron.daily/backupdatabasesdaily - echo '/usr/bin/backupdatabases' >> /etc/cron.daily/backupdatabasesdaily + { echo '#!/bin/sh'; + echo '/usr/bin/backupdatabases'; } > /etc/cron.daily/backupdatabasesdaily chmod 600 /etc/cron.daily/backupdatabasesdaily chmod +x /etc/cron.daily/backupdatabasesdaily # weekly - echo '#!/bin/sh' > /etc/cron.weekly/backupdatabasesweekly - echo '' >> /etc/cron.weekly/backupdatabasesweekly - echo 'umask 0077' >> /etc/cron.weekly/backupdatabasesweekly + { echo '#!/bin/sh'; + echo ''; + echo 'umask 0077'; } > /etc/cron.weekly/backupdatabasesweekly chmod 600 /etc/cron.weekly/backupdatabasesweekly chmod +x /etc/cron.weekly/backupdatabasesweekly # monthly - echo '#!/bin/sh' > /etc/cron.monthly/backupdatabasesmonthly - echo '' >> /etc/cron.monthly/backupdatabasesmonthly - echo 'umask 0077' >> /etc/cron.monthly/backupdatabasesmonthly + { echo '#!/bin/sh'; + echo ''; + echo 'umask 0077'; } > /etc/cron.monthly/backupdatabasesmonthly chmod 600 /etc/cron.monthly/backupdatabasesmonthly chmod +x /etc/cron.monthly/backupdatabasesmonthly @@ -289,7 +290,7 @@ function repair_databases_script { return fi - db_pass=$(${PROJECT_NAME}-pass -u root -p mariadb) + db_pass=$("${PROJECT_NAME}-pass" -u root -p mariadb) if [[ "$db_pass" == 'Error:'* ]]; then return fi @@ -304,22 +305,23 @@ function repair_databases_script { function remove_database { app_name="$1" - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir "$INSTALL_DIR" fi echo "drop database ${app_name}; -quit" > $INSTALL_DIR/batch.sql - chmod 600 $INSTALL_DIR/batch.sql +quit" > "$INSTALL_DIR/batch.sql" + chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running - mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql - shred -zu $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" + shred -zu "$INSTALL_DIR/batch.sql" } function initialise_database { database_name=$1 database_file=$2 keep_database_running - mysql -u root --password="$MARIADB_PASSWORD" -D $database_name < $database_file + mysql -u root --password="$MARIADB_PASSWORD" -D "$database_name" < "$database_file" + # shellcheck disable=SC2181 if [ ! "$?" = "0" ]; then exit 62952 fi @@ -329,25 +331,25 @@ function run_query { database_name=$1 database_query=$2 keep_database_running - mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" $database_name + mysql -u root --password="$MARIADB_PASSWORD" -e "$database_query" "$database_name" } function run_query_root { database_name=$1 database_query=$2 keep_database_running - mysql -e "$database_query" $database_name + mysql -e "$database_query" "$database_name" } function create_database { app_name="$1" app_admin_password="$2" app_admin_username=$3 - if [ ! -d $INSTALL_DIR ]; then - mkdir $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir "$INSTALL_DIR" fi - if [ ! $app_admin_username ]; then - app_admin_username=${app_name}admin + if [ ! "$app_admin_username" ]; then + app_admin_username="${app_name}admin" fi echo "create database ${app_name}; @@ -355,11 +357,11 @@ CREATE USER '$app_admin_username@localhost' IDENTIFIED BY '${app_admin_password} update mysql.user set plugin = '' where User='$app_admin_username@localhost'; GRANT ALL PRIVILEGES ON ${app_name}.* TO '$app_admin_username@localhost'; flush privileges; -quit" > $INSTALL_DIR/batch.sql - chmod 600 $INSTALL_DIR/batch.sql +quit" > "$INSTALL_DIR/batch.sql" + chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running - mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql - shred -zu $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" + shred -zu "$INSTALL_DIR/batch.sql" } function run_query_with_output { @@ -381,11 +383,11 @@ function drop_database { echo "drop database ${app_name}; flush privileges; -quit" > $INSTALL_DIR/batch.sql - chmod 600 $INSTALL_DIR/batch.sql +quit" > "$INSTALL_DIR/batch.sql" + chmod 600 "$INSTALL_DIR/batch.sql" keep_database_running - mysql -u root --password="$MARIADB_PASSWORD" < $INSTALL_DIR/batch.sql - shred -zu $INSTALL_DIR/batch.sql + mysql -u root --password="$MARIADB_PASSWORD" < "$INSTALL_DIR/batch.sql" + shred -zu "$INSTALL_DIR/batch.sql" } @@ -393,7 +395,7 @@ function database_reinstall { apt-get -yq purge mariadb* rm -rf /var/lib/mysql rm -rf /etc/mysql - sed -i '/mariadb/d' ~/${PROJECT_NAME}-completed.txt + sed -i '/mariadb/d' "${HOME}/${PROJECT_NAME}-completed.txt" install_mariadb } @@ -404,11 +406,11 @@ function install_rethinkdb { exit 723723452 fi - if [ ! -d $INSTALL_DIR ]; then - mkdir -p $INSTALL_DIR + if [ ! -d "$INSTALL_DIR" ]; then + mkdir -p "$INSTALL_DIR" fi - cd $INSTALL_DIR + cd "$INSTALL_DIR" || exit 6384684 echo "deb http://download.rethinkdb.com/apt $DEBIAN_VERSION main" | tee /etc/apt/sources.list.d/rethinkdb.list @@ -416,25 +418,25 @@ function install_rethinkdb { apt-get update apt-get -yq install rethinkdb - echo 'runuser=rethinkdb' > /etc/rethinkdb/instances.d/default.conf - echo 'rungroup=rethinkdb' >> /etc/rethinkdb/instances.d/default.conf - echo '# pid-file=/var/run/rethinkdb/rethinkdb.pid' >> /etc/rethinkdb/instances.d/default.conf - echo '# directory=/var/lib/rethinkdb/default' >> /etc/rethinkdb/instances.d/default.conf - echo '# log-file=/var/log/rethinkdb' >> /etc/rethinkdb/instances.d/default.conf - echo 'bind=127.0.0.1' >> /etc/rethinkdb/instances.d/default.conf - echo '# canonical-address=' >> /etc/rethinkdb/instances.d/default.conf - echo '# driver-port=28015' >> /etc/rethinkdb/instances.d/default.conf - echo '# cluster-port=29015' >> /etc/rethinkdb/instances.d/default.conf - echo '# join=example.com:29015' >> /etc/rethinkdb/instances.d/default.conf - echo '# port-offset=0' >> /etc/rethinkdb/instances.d/default.conf - echo '# reql-http-proxy=socks5://example.com:1080' >> /etc/rethinkdb/instances.d/default.conf - echo '# http-port=8091' >> /etc/rethinkdb/instances.d/default.conf - echo '# no-http-admin' >> /etc/rethinkdb/instances.d/default.conf - echo '# cores=2' >> /etc/rethinkdb/instances.d/default.conf - echo '# cache-size=1024' >> /etc/rethinkdb/instances.d/default.conf - echo '# io-threads=64' >> /etc/rethinkdb/instances.d/default.conf - echo '# direct-io' >> /etc/rethinkdb/instances.d/default.conf - echo '# server-name=server1' >> /etc/rethinkdb/instances.d/default.conf + { echo 'runuser=rethinkdb'; + echo 'rungroup=rethinkdb'; + echo '# pid-file=/var/run/rethinkdb/rethinkdb.pid'; + echo '# directory=/var/lib/rethinkdb/default'; + echo '# log-file=/var/log/rethinkdb'; + echo 'bind=127.0.0.1'; + echo '# canonical-address='; + echo '# driver-port=28015'; + echo '# cluster-port=29015'; + echo '# join=example.com:29015'; + echo '# port-offset=0'; + echo '# reql-http-proxy=socks5://example.com:1080'; + echo '# http-port=8091'; + echo '# no-http-admin'; + echo '# cores=2'; + echo '# cache-size=1024'; + echo '# io-threads=64'; + echo '# direct-io'; + echo '# server-name=server1'; } > /etc/rethinkdb/instances.d/default.conf systemctl restart rethinkdb }