From adfa6891bb5bec936aea3afc25c6d17a0ca16e94 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 17 Oct 2016 20:48:24 +0100 Subject: [PATCH] Avoid passing mysqldump passwords on the command line --- cookbooks/blog/templates/default/backup.cron.erb | 5 ++++- cookbooks/civicrm/templates/default/backup.cron.erb | 5 ++++- cookbooks/donate/templates/default/backup.cron.erb | 5 ++++- .../mediawiki/templates/default/mediawiki-backup.cron.erb | 5 ++++- cookbooks/stateofthemap/templates/default/backup.cron.erb | 5 ++++- cookbooks/switch2osm/templates/default/backup.cron.erb | 5 ++++- 6 files changed, 24 insertions(+), 6 deletions(-) diff --git a/cookbooks/blog/templates/default/backup.cron.erb b/cookbooks/blog/templates/default/backup.cron.erb index d6fc5a790..9e791abd9 100644 --- a/cookbooks/blog/templates/default/backup.cron.erb +++ b/cookbooks/blog/templates/default/backup.cron.erb @@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d) B=osm-blog-$D.tar.gz mkdir $T/osm-blog-$D -mysqldump --user=osm-blog-user --password=<%= @passwords["osm-blog-user"] %> --opt osm-blog > $T/osm-blog-$D/osm-blog.sql +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=osm-blog-user' >> $T/mysqldump.opts +echo 'password=<%= @passwords["osm-blog-user"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt osm-blog > $T/osm-blog-$D/osm-blog.sql ln -s /srv/blog.openstreetmap.org $T/osm-blog-$D/www export GZIP="--rsyncable -9" diff --git a/cookbooks/civicrm/templates/default/backup.cron.erb b/cookbooks/civicrm/templates/default/backup.cron.erb index 202469c87..8ee0c5257 100644 --- a/cookbooks/civicrm/templates/default/backup.cron.erb +++ b/cookbooks/civicrm/templates/default/backup.cron.erb @@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d) B=osmf-crm-$D.tar.gz mkdir $T/osmf-crm-$D -mysqldump --user=civicrm --password=<%= @passwords["database"] %> --opt --skip-lock-tables civicrm > $T/osmf-crm-$D/civicrm.sql +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=civicrm' >> $T/mysqldump.opts +echo 'password=<%= @passwords["database"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt --skip-lock-tables civicrm > $T/osmf-crm-$D/civicrm.sql ln -s /srv/join.osmfoundation.org $T/osmf-crm-$D/www export GZIP="--rsyncable -9" diff --git a/cookbooks/donate/templates/default/backup.cron.erb b/cookbooks/donate/templates/default/backup.cron.erb index 139c1a3fe..7ff3ee08a 100644 --- a/cookbooks/donate/templates/default/backup.cron.erb +++ b/cookbooks/donate/templates/default/backup.cron.erb @@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d) B=osm-donate-$D.tar.gz mkdir $T/osm-donate-$D -mysqldump --user=donate --password="<%= @passwords['database'] %>" --opt donate > $T/osm-donate-$D/osm-donate.sql +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=donate' >> $T/mysqldump.opts +echo 'password=<%= @passwords["database"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt donate > $T/osm-donate-$D/osm-donate.sql ln -s /srv/donate.openstreetmap.org $T/osm-donate-$D/www export GZIP="--rsyncable -9" diff --git a/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb b/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb index 5ef01bcef..37c3b02f6 100755 --- a/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb +++ b/cookbooks/mediawiki/templates/default/mediawiki-backup.cron.erb @@ -4,7 +4,10 @@ D=`date +%Y-%m-%d` B=wiki-<%= @name %>-$D.tar.gz mkdir $T/wiki-<%= @name %>-$D -mysqldump --user="<%= @database_params[:username] %>" --password="<%= @database_params[:password] %>" --opt --skip-lock-tables --single-transaction "<%= @database_params[:name] %>" | lz4 -9 > $T/wiki-<%= @name %>-$D/wiki.sql.lz4 +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=<%= @database_params[:username] %>' >> $T/mysqldump.opts +echo 'password=<%= @database_params[:password] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts -opt --skip-lock-tables --single-transaction "<%= @database_params[:name] %>" | lz4 -9 > $T/wiki-<%= @name %>-$D/wiki.sql.lz4 ln -s <%= @directory %> $T/wiki-<%= @name %>-$D/www export GZIP="--rsyncable -9" #make backup rsyncable nice tar --create --gzip --dereference --directory=$T --exclude=wiki-<%= @name %>-$D/www/w/images/thumb --exclude=wiki-<%= @name %>-$D/www/w/.git --exclude=wiki-<%= @name %>-$D/www/w/extensions/*/.git --file=$T/$B wiki-<%= @name %>-$D diff --git a/cookbooks/stateofthemap/templates/default/backup.cron.erb b/cookbooks/stateofthemap/templates/default/backup.cron.erb index a8e1da21c..3f2fe9776 100644 --- a/cookbooks/stateofthemap/templates/default/backup.cron.erb +++ b/cookbooks/stateofthemap/templates/default/backup.cron.erb @@ -9,7 +9,10 @@ B=sotm-$D.tar.gz mkdir $T/sotm-$D <% %w(2007 2008 2009 2010 2011 2012 2016).each do |year| -%> -mysqldump --user=sotm<%= year %> --password=<%= @passwords["sotm#{year}"] %> --opt sotm<%= year %> > $T/sotm-$D/sotm<%= year %>.sql +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=sotm<%= year %>' >> $T/mysqldump.opts +echo 'password=<%= @passwords["sotm#{year}"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt sotm<%= year %> > $T/sotm-$D/sotm<%= year %>.sql <% end -%> ln -s /srv/2007.stateofthemap.org $T/sotm-$D/www2007 diff --git a/cookbooks/switch2osm/templates/default/backup.cron.erb b/cookbooks/switch2osm/templates/default/backup.cron.erb index 4a472e5aa..5f913f3d5 100644 --- a/cookbooks/switch2osm/templates/default/backup.cron.erb +++ b/cookbooks/switch2osm/templates/default/backup.cron.erb @@ -7,7 +7,10 @@ D=$(date +%Y-%m-%d) B=switch2osm-$D.tar.gz mkdir $T/switch2osm-$D -mysqldump --user=switch2osm-user --password=<%= @passwords["switch2osm-user"] %> --opt switch2osm-blog > $T/switch2osm-$D/switch2osm-blog.sql +echo '[mysqldump]' > $T/mysqldump.opts +echo 'user=switch2osm-user' >> $T/mysqldump.opts +echo 'password=<%= @passwords["switch2osm-user"] %>' >> $T/mysqldump.opts +mysqldump --defaults-file=$T/mysqldump.opts --opt switch2osm-blog > $T/switch2osm-$D/switch2osm-blog.sql ln -s /srv/switch2osm.org $T/switch2osm-$D/www export GZIP="--rsyncable -9" -- 2.39.5