mirror of
https://github.com/xcat2/confluent.git
synced 2025-01-23 16:13:47 +00:00
db5c31030d
If python2 db format detected, use python2 to dump to text, then python3 to restore to get the python3 native version
109 lines
4.5 KiB
Python
Executable File
109 lines
4.5 KiB
Python
Executable File
#!/usr/bin/python2
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2017 Lenovo
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
import getpass
|
|
import optparse
|
|
import sys
|
|
import os
|
|
path = os.path.dirname(os.path.realpath(__file__))
|
|
path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
|
|
if path.startswith('/opt'):
|
|
# if installed into system path, do not muck with things
|
|
sys.path.append(path)
|
|
import confluent.config.configmanager as cfm
|
|
import confluent.config.conf as conf
|
|
import confluent.main as main
|
|
|
|
argparser = optparse.OptionParser(
|
|
usage="Usage: %prog [options] [dump|restore] [path]")
|
|
argparser.add_option('-p', '--password',
|
|
help='Password to use to protect/unlock a protected dump')
|
|
argparser.add_option('-i', '--interactivepassword', help='Prompt for password',
|
|
action='store_true')
|
|
argparser.add_option('-r', '--redact', action='store_true',
|
|
help='Redact potentially sensitive data rather than store')
|
|
argparser.add_option('-u', '--unprotected', action='store_true',
|
|
help='Specify that no password should be used to protect'
|
|
' the key information. Fields will be encrypted, '
|
|
'but keys.json will contain unencrypted decryption'
|
|
' keys that may be used to read the dump')
|
|
argparser.add_option('-s', '--skipkeys', action='store_true',
|
|
help='This specifies to dump the encrypted data without '
|
|
'dumping the keys needed to decrypt it. This is '
|
|
'suitable for an automated incremental backup, '
|
|
'where an earlier password protected dump has a '
|
|
'protected keys.json file, and only the protected '
|
|
'data is needed. keys do not change and as such '
|
|
'they do not require incremental backup')
|
|
(options, args) = argparser.parse_args()
|
|
if len(args) != 2 or args[0] not in ('dump', 'restore'):
|
|
argparser.print_help()
|
|
sys.exit(1)
|
|
dumpdir = args[1]
|
|
|
|
|
|
if args[0] == 'restore':
|
|
pid = main.is_running()
|
|
if pid is not None:
|
|
print("Confluent is running, must shut down to restore db")
|
|
sys.exit(1)
|
|
stinf = os.stat('/etc/confluent')
|
|
owner = stinf.st_uid
|
|
group = stinf.st_gid
|
|
password = options.password
|
|
if options.interactivepassword:
|
|
password = getpass.getpass('Enter password to restore backup: ')
|
|
try:
|
|
cfm.init(True)
|
|
cfm.statelessmode = True
|
|
cfm.restore_db_from_directory(dumpdir, password)
|
|
cfm.statelessmode = False
|
|
cfm.ConfigManager.wait_for_sync(True)
|
|
if owner != 0:
|
|
for targdir in os.walk('/etc/confluent'):
|
|
os.chown(targdir[0], owner, group)
|
|
for f in targdir[2]:
|
|
os.chown(os.path.join(targdir[0], f), owner, group)
|
|
except Exception as e:
|
|
print(str(e))
|
|
sys.exit(1)
|
|
elif args[0] == 'dump':
|
|
password = options.password
|
|
if not password and options.interactivepassword:
|
|
passcfm = None
|
|
while passcfm is None or password != passcfm:
|
|
password = getpass.getpass(
|
|
'Enter password to protect the backup: ')
|
|
passcfm = getpass.getpass('Confirm password to protect the backup: ')
|
|
if password is None and not (options.unprotected or options.redact
|
|
or options.skipkeys):
|
|
print("Must indicate a password to protect or -u to opt opt of "
|
|
"secure value protection or -r to redact sensitive information, "
|
|
"or -s to do encrypted backup that requires keys.json from "
|
|
"another backup to restore.")
|
|
sys.exit(1)
|
|
os.umask(0o77)
|
|
main._initsecurity(conf.get_config())
|
|
if not os.path.exists(dumpdir):
|
|
os.makedirs(dumpdir)
|
|
cfm.dump_db_to_directory(dumpdir, password, options.redact,
|
|
options.skipkeys)
|
|
|
|
|
|
|