From 7b140ee3a5da0fde00bf89f4b9137ffd51861d92 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 8 Sep 2018 04:33:27 +0200 Subject: [PATCH] mysql_backup.sh: fix creation of MySQL Grants. Add user creation sql file for MySQL Versions > 5.6. --- hosts/scripts/mysql_backup.sh | 256 +++++++++++++++++++++++++++++++++- 1 file changed, 253 insertions(+), 3 deletions(-) diff --git a/hosts/scripts/mysql_backup.sh b/hosts/scripts/mysql_backup.sh index 6fd8761..e732ef1 100755 --- a/hosts/scripts/mysql_backup.sh +++ b/hosts/scripts/mysql_backup.sh @@ -18,6 +18,7 @@ ## - Show_view_priv ## - Event_priv ## - Process_priv (since MySQL 5.5) +## - Super_priv (since MySQL 5.6.?ß) ## - ## - INSERT INTO user (Host,User,Password,Select_priv,Lock_tables_priv,Show_view_priv,Event_priv) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y'); ## - @@ -25,13 +26,17 @@ ## - INSERT INTO user (Host,User,Password,Select_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y'); ## - ## - +## - Since MySQL 5.6 - you also have to add process privileges (Super_priv = 'Y') +## - INSERT INTO user (Host,User,Password,Select_priv,Super_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y','Y'); +## - +## - ## - Since MySQL 5.7.x - you also have to add process privileges (Execute_priv = 'Y') ## - Password field is now: "authentication_string" -## - INSERT INTO user (Host,User,authentication_string,Select_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv,Execute_priv,ssl_cipher,x509_issuer,x509_subject) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y','Y','','',''); +## - INSERT INTO user (Host,User,authentication_string,Select_priv,Super_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv,Execute_priv,ssl_cipher,x509_issuer,x509_subject) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y','Y','Y','','',''); ## - ## - MariaDB (10.1.x) ## - -## - INSERT INTO user (Host,User,Password,Select_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv,Execute_priv,ssl_cipher,x509_issuer,x509_subject) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y','Y','','',''); +## - INSERT INTO user (Host,User,Password,Select_priv,Super_priv,Process_priv,Lock_tables_priv,Show_view_priv,Event_priv,Execute_priv,ssl_cipher,x509_issuer,x509_subject) VALUES('localhost','backup',password('backup'),'Y','Y','Y','Y','Y','Y','Y','','',''); ## - ## - or if updating from older mysql version: ## - @@ -175,7 +180,8 @@ if $ARCHIVE ;then retval=$? fi fi - + + err_msg="Cannot save SQL Grants for users" keep_backup_on_error=false @@ -238,6 +244,250 @@ if $ARCHIVE ;then ## - End: Backup SQL Grants for users ## ---------------------------------- + + ## - Since MySQL 5.7, no user creation statement (with password) will be + ## - include in above MySQL Grant backup + ## - + ## - We provide two different version .. + ## - + if [ "$MYSQL_VERSION_NUM" -ge 050700 ]; then + + ## ----------------------------- + ## - Backup/Create User Craetion sql statements (00) + ## - + info_msg="create User creation SQL file (00)" + echononl "\t$info_msg" + + ## - begin timestamp + ## - + b_timestamp=`$date +"%s"` + + filedate=`$date +"%Y-%m-%d-%H%M"` + + if [ $srcHost != "localhost" ] || $_via_ssh_tunnel ;then + if [ -n "$mysql_credential_args" ] ; then + $( + $ssh $ssh_options ${ssh_user}@$srcHost "$mysql $mysql_credential_args -N -s -A -e\"SELECT CONCAT('SHOW CREATE USER ''',user,'''@''',host,''';') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'\" | $mysql $mysql_credential_args -N -s -A | sed 's/\$/;/g'" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + else + $( + $ssh $ssh_options ${ssh_user}@$srcHost "$mysql -u$mysql_user -p$mysql_password -N -s -A -e\"SELECT CONCAT('SHOW CREATE USER ''',user,'''@''',host,''';') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'\" | $mysql $mysql_credential_args -N -s -A | sed 's/\$/;/g'" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + fi + else + if [ -n "$mysql_credential_args" ] ; then + $( + $mysql $mysql_credential_args -N -s -A -e"SELECT CONCAT('SHOW CREATE USER ''',user,'''@''',host,''';') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'" | $mysql $mysql_credential_args -N -s -A | sed 's/\$/;/g' \ + > ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + else + $( + $mysql $mysql_credential_args -N -s -A -e"SELECT CONCAT('SHOW CREATE USER ''',user,'''@''',host,''';') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'" | $mysql $mysql_credential_args -N -s -A | sed 's/\$/;/g' \ + > ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + fi + fi + + + err_msg="Cannot create User Creation SQL file (00)" + keep_backup_on_error=false + + if [ "$retval" = 0 ];then + [ -z $mysql_gzip ] && mysql_gzip=false + if $mysql_gzip ; then + $gzip ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql 2> $err_Log + retval=$? + err_msg="Cannot gzip \"MySQLCreateUser-00.sql-${filedate}.sql\"" + keep_backup_on_error=true + fi + fi + + ## - end timestamp + ## - + e_timestamp=`$date +"%s"` + + ## - determin duration + ## - + _time=`expr $e_timestamp - $b_timestamp` + t_h=`expr $_time / 60 / 60` + t_rest_h=`expr $_time - $t_h \\* 60 \\* 60` + t_m=`expr $t_rest_h / 60` + t_s=`expr $t_rest_h - $t_m \\* 60` + duration="" + if [ $t_h -gt 0 ]; then + duration="$t_h h : $t_m min : $t_s sec" + elif [ $t_m -gt 0 ];then + duration="$t_m min : $t_s sec" + else + duration="$t_s sec" + fi + + ## - look about errors.. + ## - + if [ "$retval" != "0" ]; then + echolog "" + echolog "\t[ERROR] ${err_msg} [ $duration ]\n\t`$cat $err_Log`\n" + if ! $keep_backup_on_error ; then + rm -f ${_backupDestArchiveDir}/MySQLCreateUser-00.sql-${filedate}.sql + fi + else + + ## - print durations right-aligned + ## - + [ -z $right_tabstop ] && right_tabstop=65 + _tmp_string="${info_msg}${duration}" + _strlen=${#_tmp_string} + _count_blank=`expr $right_tabstop - $_strlen` + _str_blanks="" + while [ $_count_blank -gt 1 ]; do + _str_blanks="$_str_blanks " + _count_blank=`expr $_count_blank - 1` + done + echononl "$_str_blanks" + + echolog " [ $duration ]" + fi + + ## - End: Backup/Create User Craetion sql statements (00) + ## ---------------------------------- + + + ## ----------------------------- + ## - Backup/Create User Craetion sql statements (01) + ## - + info_msg="create User creation SQL file (01)" + echononl "\t$info_msg" + + ## - begin timestamp + ## - + b_timestamp=`$date +"%s"` + + filedate=`$date +"%Y-%m-%d-%H%M"` + + if [ $srcHost != "localhost" ] || $_via_ssh_tunnel ;then + if [ -n "$mysql_credential_args" ] ; then + $( + $ssh $ssh_options ${ssh_user}@$srcHost "$mysql $mysql_credential_args -N -s -A -e\"SELECT DISTINCT CONCAT('CREATE USER ''',user,'''@''localhost'' IDENTIFIED WITH mysql_native_password ; UPDATE user SET authentication_string = ''',authentication_string,''' WHERE user = ''',user,'''; FLUSH PRIVILEGES;') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'\"" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + else + $( + $ssh $ssh_options ${ssh_user}@$srcHost "$mysql -u$mysql_user -p$mysql_password -N -s -A -e\"SELECT DISTINCT CONCAT('CREATE USER IF NOT EXISTS ''',user,'''@''localhost'' IDENTIFIED WITH mysql_native_password ; UPDATE user SET authentication_string = ''',authentication_string,''' WHERE user = ''',user,'''; FLUSH PRIVILEGES;') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'\"" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + fi + else + if [ -n "$mysql_credential_args" ] ; then + $( + $mysql $mysql_credential_args -N -s -A -e"SELECT DISTINCT CONCAT('CREATE USER ''',user,'''@''localhost'' IDENTIFIED WITH mysql_native_password ; UPDATE user SET authentication_string = ''',authentication_string,''' WHERE user = ''',user,'''; FLUSH PRIVILEGES;') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + else + $( + $mysql -u$mysql_user -p$mysql_password -N -s -A -e"SELECT DISTINCT CONCAT('CREATE USER ''',user,'''@''localhost'' IDENTIFIED WITH mysql_native_password ; UPDATE user SET authentication_string = ''',authentication_string,''' WHERE user = ''',user,'''; FLUSH PRIVILEGES;') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + fi + fi + + + err_msg="Cannot create User Creation SQL file (01)" + keep_backup_on_error=false + + if [ "$retval" = 0 ];then + [ -z $mysql_gzip ] && mysql_gzip=false + if $mysql_gzip ; then + $gzip ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql 2> $err_Log + retval=$? + err_msg="Cannot gzip \"MySQLCreateUser-01.sql-${filedate}.sql\"" + keep_backup_on_error=true + fi + fi + + ## - end timestamp + ## - + e_timestamp=`$date +"%s"` + + ## - determin duration + ## - + _time=`expr $e_timestamp - $b_timestamp` + t_h=`expr $_time / 60 / 60` + t_rest_h=`expr $_time - $t_h \\* 60 \\* 60` + t_m=`expr $t_rest_h / 60` + t_s=`expr $t_rest_h - $t_m \\* 60` + duration="" + if [ $t_h -gt 0 ]; then + duration="$t_h h : $t_m min : $t_s sec" + elif [ $t_m -gt 0 ];then + duration="$t_m min : $t_s sec" + else + duration="$t_s sec" + fi + + ## - look about errors.. + ## - + if [ "$retval" != "0" ]; then + echolog "" + echolog "\t[ERROR] ${err_msg} [ $duration ]\n\t`$cat $err_Log`\n" + if ! $keep_backup_on_error ; then + rm -f ${_backupDestArchiveDir}/MySQLCreateUser-01.sql-${filedate}.sql + fi + else + + ## - print durations right-aligned + ## - + [ -z $right_tabstop ] && right_tabstop=65 + _tmp_string="${info_msg}${duration}" + _strlen=${#_tmp_string} + _count_blank=`expr $right_tabstop - $_strlen` + _str_blanks="" + while [ $_count_blank -gt 1 ]; do + _str_blanks="$_str_blanks " + _count_blank=`expr $_count_blank - 1` + done + echononl "$_str_blanks" + + echolog " [ $duration ]" + fi + + ## - End: Backup/Create User Craetion sql statements (01) + ## ---------------------------------- + + elif [ $MYSQL_VERSION_NUM -ge 050600 ]; then + + if [ $srcHost != "localhost" ] || $_via_ssh_tunnel ;then + if [ -n "$mysql_credential_args" ] ; then + $( + $ssh $ssh_options ${ssh_user}@$srcHost "$mysql $mysql_credential_args -N -s -A -e\"SELECT DISTINCT CONCAT('CREATE USER ''',user,'''@''localhost'' IDENTIFIED WITH mysql_native_password BY ''',password,'''; ') FROM mysql.user WHERE user<>'' AND user <> 'root' AND user <> 'sys-maint' AND user <> 'debian-sys-maint' AND user <> 'backup' AND user <> 'mysql.sys' AND user <> 'mysql.session'\"" \ + > ${_backupDestArchiveDir}/MySQLCreateUser-for-MySQL-5.7.sql-${filedate}.sql 2> $err_Log + exit $? + ) + retval=$? + fi + fi + + fi # End: if [ "$MYSQL_VERSION_NUM" -ge 050700 ]; then + + + ## ----------------------------- ## - Backup/Create Database Craetion sql statements ## -