mirror of
https://github.com/xcat2/confluent.git
synced 2024-12-04 02:24:42 +00:00
0507e89da8
Backups should carefully protect keys.json, but that's only feasible interactively. However keys don't change, so have a way to combine protected keys.json with password with relatively safe non-interactive incremental backups.
94 lines
3.9 KiB
Python
Executable File
94 lines
3.9 KiB
Python
Executable File
#!/usr/bin/env python
|
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
|
|
|
# Copyright 2017 Lenovo
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
|
|
import getpass
|
|
import optparse
|
|
import sys
|
|
import os
|
|
path = os.path.dirname(os.path.realpath(__file__))
|
|
path = os.path.realpath(os.path.join(path, '..', 'lib', 'python'))
|
|
if path.startswith('/opt'):
|
|
# if installed into system path, do not muck with things
|
|
sys.path.append(path)
|
|
import confluent.config.configmanager as cfm
|
|
import confluent.config.conf as conf
|
|
import confluent.main as main
|
|
|
|
argparser = optparse.OptionParser(
|
|
usage="Usage: %prog [options] [dump|restore] [path]")
|
|
argparser.add_option('-p', '--password',
|
|
help='Password to use to protect/unlock a protected dump')
|
|
argparser.add_option('-i', '--interactivepassword', help='Prompt for password',
|
|
action='store_true')
|
|
argparser.add_option('-r', '--redact', action='store_true',
|
|
help='Redact potentially sensitive data rather than store')
|
|
argparser.add_option('-u', '--unprotected', action='store_true',
|
|
help='Specify that no password should be used to protect'
|
|
' the key information. Fields will be encrypted, '
|
|
'but keys.json will contain unencrypted decryption'
|
|
' keys that may be used to read the dump')
|
|
argparser.add_option('-s', '--skipkeys', action='store_true',
|
|
help='This specifies to dump the encrypted data without '
|
|
'dumping the keys needed to decrypt it. This is '
|
|
'suitable for an automated incremental backup, '
|
|
'where an earlier password protected dump has a '
|
|
'protected keys.json file, and only the protected '
|
|
'data is needed. keys do not change and as such '
|
|
'they do not require incremental backup')
|
|
(options, args) = argparser.parse_args()
|
|
if len(args) != 2 or args[0] not in ('dump', 'restore'):
|
|
argparser.print_help()
|
|
sys.exit(1)
|
|
dumpdir = args[1]
|
|
|
|
|
|
if args[0] == 'restore':
|
|
pid = main.is_running()
|
|
if pid is not None:
|
|
print("Confluent is running, must shut down to restore db")
|
|
sys.exit(1)
|
|
try:
|
|
cfm.restore_db_from_directory(dumpdir, options.password)
|
|
except Exception as e:
|
|
print(str(e))
|
|
sys.exit(1)
|
|
elif args[0] == 'dump':
|
|
password = options.password
|
|
if not password and options.interactivepassword:
|
|
passcfm = None
|
|
while passcfm is None or password != passcfm:
|
|
password = getpass.getpass(
|
|
'Enter password to protect the backup: ')
|
|
passcfm = getpass.getpass('Confirm password to protect the backup: ')
|
|
if password is None and not (options.unprotected or options.redact
|
|
or options.skipkeys):
|
|
print("Must indicate a password to protect or -u to opt opt of "
|
|
"secure value protection or -r to redact sensitive information, "
|
|
"or -s to do encrypted backup that requires keys.json from "
|
|
"another backup to restore.")
|
|
sys.exit(1)
|
|
os.umask(077)
|
|
main._initsecurity(conf.get_config())
|
|
if not os.path.exists(dumpdir):
|
|
os.makedirs(dumpdir)
|
|
cfm.dump_db_to_directory(dumpdir, options.password, options.redact,
|
|
options.skipkeys)
|
|
|
|
|
|
|