├── .github ├── dependabot.yml └── workflows │ ├── build.yml │ └── test.yml ├── .gitignore ├── Dockerfile ├── LICENSE ├── Makefile ├── README.md ├── backup.sh ├── delete.sh ├── docker-compose.yaml ├── restore.sh └── run.sh /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: "/" 5 | schedule: 6 | interval: daily 7 | time: "04:00" 8 | pull-request-branch-name: 9 | separator: "-" 10 | open-pull-requests-limit: 10 11 | - package-ecosystem: docker 12 | directory: "/" 13 | schedule: 14 | interval: daily 15 | time: "04:00" 16 | target-branch: "master" 17 | pull-request-branch-name: 18 | separator: "-" 19 | open-pull-requests-limit: 10 20 | -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | 2 | name: build docker image 3 | 4 | on: 5 | push: 6 | tags: 7 | - "**" 8 | 9 | jobs: 10 | build: 11 | runs-on: ubuntu-22.04 12 | steps: 13 | - name: Checkout the code 14 | uses: actions/checkout@v4 15 | # https://github.com/docker/setup-qemu-action 16 | - name: Set up QEMU 17 | uses: docker/setup-qemu-action@v3 18 | # https://github.com/docker/setup-buildx-action 19 | - name: Set up Docker Buildx 20 | uses: docker/setup-buildx-action@v3 21 | - name: Get latest release version number 22 | id: docker-tag 23 | uses: yuya-takeyama/docker-tag-from-github-ref-action@v1 24 | - name: Login to Docker Hub 25 | uses: docker/login-action@v3 26 | with: 27 | username: fradelg 28 | password: ${{ secrets.DOCKER_PASSWORD }} 29 | - name: Build multiarch image 30 | run: | 31 | docker buildx build --push \ 32 | --tag fradelg/mysql-cron-backup:${{ steps.docker-tag.outputs.tag }} \ 33 | --platform linux/amd64,linux/arm/v7,linux/arm64 . 34 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: build docker image 2 | 3 | on: 4 | workflow_dispatch: 5 | push: 6 | branches: 7 | - "**" 8 | 9 | jobs: 10 | test: 11 | runs-on: ubuntu-22.04 12 | steps: 13 | - name: Checkout the code 14 | uses: actions/checkout@v4 15 | - name: Test Bash scripts 16 | run: sudo apt-get -qq update && sudo apt-get install -y devscripts shellcheck && make test 17 | - name: Test image 18 | env: 19 | VOLUME_PATH: /tmp/mariadb 20 | DATABASE_NAME: foo 21 | MARIADB_ROOT_PASSWORD: abcd 22 | run: | 23 | docker compose up -d mariadb 24 | docker compose run backup /backup.sh 25 | docker compose run backup /restore.sh /backup/latest.foo.sql.gz 26 | docker compose stop 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | data -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.20.4-alpine3.18 AS binary 2 | RUN apk -U add openssl git 3 | 4 | ARG DOCKERIZE_VERSION=v0.7.0 5 | WORKDIR /go/src/github.com/jwilder 6 | RUN git clone https://github.com/jwilder/dockerize.git && \ 7 | cd dockerize && \ 8 | git checkout ${DOCKERIZE_VERSION} 9 | 10 | WORKDIR /go/src/github.com/jwilder/dockerize 11 | ENV GO111MODULE=on 12 | RUN go mod tidy 13 | RUN CGO_ENABLED=0 GOOS=linux GO111MODULE=on go build -a -o /go/bin/dockerize . 14 | 15 | FROM alpine:3.20.3 16 | LABEL maintainer "Fco. Javier Delgado del Hoyo " 17 | 18 | RUN apk add --update \ 19 | tzdata \ 20 | bash \ 21 | gzip \ 22 | openssl \ 23 | mysql-client=~10.11 \ 24 | mariadb-connector-c \ 25 | fdupes && \ 26 | rm -rf /var/cache/apk/* 27 | 28 | COPY --from=binary /go/bin/dockerize /usr/local/bin 29 | 30 | ENV CRON_TIME="0 3 * * sun" \ 31 | MYSQL_HOST="mysql" \ 32 | MYSQL_PORT="3306" \ 33 | TIMEOUT="10s" \ 34 | MYSQLDUMP_OPTS="--quick" 35 | 36 | COPY ["run.sh", "backup.sh", "restore.sh", "/delete.sh", "/"] 37 | RUN mkdir /backup && \ 38 | chmod 777 /backup && \ 39 | chmod 755 /run.sh /backup.sh /restore.sh /delete.sh && \ 40 | touch /mysql_backup.log && \ 41 | chmod 666 /mysql_backup.log 42 | 43 | VOLUME ["/backup"] 44 | 45 | HEALTHCHECK --interval=2s --retries=1800 \ 46 | CMD stat /HEALTHY.status || exit 1 47 | 48 | CMD dockerize -wait tcp://${MYSQL_HOST}:${MYSQL_PORT} -timeout ${TIMEOUT} /run.sh 49 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "{}" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright {yyyy} {name of copyright owner} 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | 203 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile 2 | 3 | all: test 4 | 5 | test: 6 | # Checking for syntax errors 7 | set -e; for SCRIPT in *.sh; \ 8 | do \ 9 | bash -n $$SCRIPT; \ 10 | done 11 | 12 | # Checking for bashisms (currently not failing, but only listing) 13 | SCRIPT="$$(which checkbashisms)"; if [ -n "$$SCRIPT" ] && [ -x "$$SCRIPT" ]; \ 14 | then \ 15 | $$SCRIPT *.sh || true; \ 16 | else \ 17 | echo "WARNING: skipping bashism test - you need to install checkbashism."; \ 18 | fi 19 | 20 | SCRIPT="$$(which shellcheck)"; if [ -n "$$SCRIPT" ] && [ -x "$$SCRIPT" ]; \ 21 | then \ 22 | $$SCRIPT *.sh || true; \ 23 | else \ 24 | echo "WARNING: skipping shellcheck test - you need to install shellcheck."; \ 25 | fi 26 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # mysql-cron-backup 2 | 3 | Run mysqldump to backup your databases periodically using the cron task manager in the container. Your backups are saved in `/backup`. You can mount any directory of your host or a docker volumes in /backup. Othwerwise, a docker volume is created in the default location. 4 | 5 | ## Usage: 6 | 7 | ```bash 8 | docker container run -d \ 9 | --env MYSQL_USER=root \ 10 | --env MYSQL_PASS=my_password \ 11 | --link mysql 12 | --volume /path/to/my/backup/folder:/backup 13 | fradelg/mysql-cron-backup 14 | ``` 15 | 16 | ### Healthcheck 17 | 18 | 19 | Healthcheck is provided as a basic init control. 20 | Container is **Healthy** after the database init phase, that is after `INIT_BACKUP` or `INIT_RESTORE_LATEST` happends without check if there is an error, **Starting** otherwise. Not other checks are actually provided. 21 | 22 | ## Variables 23 | 24 | 25 | - `MYSQL_HOST`: The host/ip of your mysql database. 26 | - `MYSQL_HOST_FILE`: The file in container where to find the host of your mysql database (cf. docker secrets). You should use either MYSQL_HOST_FILE or MYSQL_HOST (see examples below). 27 | - `MYSQL_PORT`: The port number of your mysql database. 28 | - `MYSQL_USER`: The username of your mysql database. 29 | - `MYSQL_USER_FILE`: The file in container where to find the user of your mysql database (cf. docker secrets). You should use either MYSQL_USER_FILE or MYSQL_USER (see examples below). 30 | - `MYSQL_PASS`: The password of your mysql database. 31 | - `MYSQL_PASS_FILE`: The file in container where to find the password of your mysql database (cf. docker secrets). You should use either MYSQL_PASS_FILE or MYSQL_PASS (see examples below). 32 | - `MYSQL_DATABASE`: The database name to dump. Default: `--all-databases`. 33 | - `MYSQL_DATABASE_FILE`: The file in container where to find the database name(s) in your mysql database (cf. docker secrets). In that file, there can be several database names: one per line. You should use either MYSQL_DATABASE or MYSQL_DATABASE_FILE (see examples below). 34 | - `MYSQLDUMP_OPTS`: Command line arguments to pass to mysqldump (see [mysqldump documentation](https://dev.mysql.com/doc/refman/8.0/en/mysqldump.html)). 35 | - `MYSQL_SSL_OPTS`: Command line arguments to use [SSL](https://dev.mysql.com/doc/refman/5.6/en/using-encrypted-connections.html). 36 | - `CRON_TIME`: The interval of cron job to run mysqldump. `0 3 * * sun` by default, which is every Sunday at 03:00. It uses UTC timezone. 37 | - `MAX_BACKUPS`: The number of backups to keep. When reaching the limit, the old backup will be discarded. No limit by default. 38 | - `INIT_BACKUP`: If set, create a backup when the container starts. 39 | - `INIT_RESTORE_LATEST`: If set, restores latest backup. 40 | - `EXIT_BACKUP`: If set, create a backup when the container stops. 41 | - `TIMEOUT`: Wait a given number of seconds for the database to be ready and make the first backup, `10s` by default. After that time, the initial attempt for backup gives up and only the Cron job will try to make a backup. 42 | - `GZIP_LEVEL`: Specify the level of gzip compression from 1 (quickest, least compressed) to 9 (slowest, most compressed), default is 6. 43 | - `USE_PLAIN_SQL`: If set, back up and restore plain SQL files without gzip. 44 | - `TZ`: Specify TIMEZONE in Container. E.g. "Europe/Berlin". Default is UTC. 45 | - `REMOVE_DUPLICATES`: Use [fdupes](https://github.com/adrianlopezroche/fdupes) to remove duplicate database dumps 46 | 47 | If you want to make this image the perfect companion of your MySQL container, use [docker-compose](https://docs.docker.com/compose/). You can add more services that will be able to connect to the MySQL image using the name `my_mariadb`, note that you only expose the port `3306` internally to the servers and not to the host: 48 | 49 | ### Docker-compose with MYSQL_PASS env var: 50 | 51 | ```yaml 52 | version: "2" 53 | services: 54 | mariadb: 55 | image: mariadb 56 | container_name: my_mariadb 57 | expose: 58 | - 3306 59 | volumes: 60 | - data:/var/lib/mysql 61 | # If there is not scheme, restore the last created backup (if exists) 62 | - ${VOLUME_PATH}/backup/latest.${DATABASE_NAME}.sql.gz:/docker-entrypoint-initdb.d/database.sql.gz 63 | environment: 64 | - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} 65 | - MYSQL_DATABASE=${DATABASE_NAME} 66 | restart: unless-stopped 67 | 68 | mysql-cron-backup: 69 | image: fradelg/mysql-cron-backup 70 | depends_on: 71 | - mariadb 72 | volumes: 73 | - ${VOLUME_PATH}/backup:/backup 74 | environment: 75 | - MYSQL_HOST=my_mariadb 76 | - MYSQL_USER=root 77 | - MYSQL_PASS=${MARIADB_ROOT_PASSWORD} 78 | - MAX_BACKUPS=15 79 | - INIT_BACKUP=0 80 | # Every day at 03:00 81 | - CRON_TIME=0 3 * * * 82 | # Make it small 83 | - GZIP_LEVEL=9 84 | # As of MySQL 8.0.21 this is needed 85 | - MYSQLDUMP_OPTS=--no-tablespaces 86 | restart: unless-stopped 87 | 88 | volumes: 89 | data: 90 | ``` 91 | 92 | ### Docker-compose using docker secrets: 93 | 94 | The database root password passed to docker container by using [docker secrets](https://docs.docker.com/engine/swarm/). 95 | 96 | In example below, docker is in classic 'docker engine mode' (iow. not swarm mode) and secret sources are local files on host filesystem. 97 | 98 | Alternatively, secrets can be stored in docker secrets engine (iow. not in host filesystem). 99 | 100 | ```yaml 101 | version: "3.7" 102 | 103 | secrets: 104 | # Place your secret file somewhere on your host filesystem, with your password inside 105 | mysql_root_password: 106 | file: ./secrets/mysql_root_password 107 | mysql_user: 108 | file: ./secrets/mysql_user 109 | mysql_password: 110 | file: ./secrets/mysql_password 111 | mysql_database: 112 | file: ./secrets/mysql_database 113 | 114 | services: 115 | mariadb: 116 | image: mariadb:10 117 | container_name: my_mariadb 118 | expose: 119 | - 3306 120 | volumes: 121 | - data:/var/lib/mysql 122 | - ${VOLUME_PATH}/backup:/backup 123 | environment: 124 | - MYSQL_ROOT_PASSWORD_FILE=/run/secrets/mysql_root_password 125 | - MYSQL_USER_FILE=/run/secrets/mysql_user 126 | - MYSQL_PASSWORD_FILE=/run/secrets/mysql_password 127 | - MYSQL_DATABASE_FILE=/run/secrets/mysql_database 128 | secrets: 129 | - mysql_root_password 130 | - mysql_user 131 | - mysql_password 132 | - mysql_database 133 | restart: unless-stopped 134 | 135 | backup: 136 | build: . 137 | image: fradelg/mysql-cron-backup 138 | depends_on: 139 | - mariadb 140 | volumes: 141 | - ${VOLUME_PATH}/backup:/backup 142 | environment: 143 | - MYSQL_HOST=my_mariadb 144 | # Alternatively to MYSQL_USER_FILE, we can use MYSQL_USER=root to use root user instead 145 | - MYSQL_USER_FILE=/run/secrets/mysql_user 146 | # Alternatively, we can use /run/secrets/mysql_root_password when using root user 147 | - MYSQL_PASS_FILE=/run/secrets/mysql_password 148 | - MYSQL_DATABASE_FILE=/run/secrets/mysql_database 149 | - MAX_BACKUPS=10 150 | - INIT_BACKUP=1 151 | - CRON_TIME=0 0 * * * 152 | secrets: 153 | - mysql_user 154 | - mysql_password 155 | - mysql_database 156 | restart: unless-stopped 157 | 158 | volumes: 159 | data: 160 | 161 | ``` 162 | 163 | ## Restore from a backup 164 | 165 | ### List all available backups : 166 | 167 | See the list of backups in your running docker container, just write in your favorite terminal: 168 | 169 | ```bash 170 | docker container exec ls /backup 171 | ``` 172 | 173 | ### Restore using a compose file 174 | 175 | To restore a database from a certain backup you may have to specify the database name in the variable MYSQL_DATABASE: 176 | 177 | ```YAML 178 | mysql-cron-backup: 179 | image: fradelg/mysql-cron-backup 180 | command: "/restore.sh /backup/201708060500.${DATABASE_NAME}.sql.gz" 181 | depends_on: 182 | - mariadb 183 | volumes: 184 | - ${VOLUME_PATH}/backup:/backup 185 | environment: 186 | - MYSQL_HOST=my_mariadb 187 | - MYSQL_USER=root 188 | - MYSQL_PASS=${MARIADB_ROOT_PASSWORD} 189 | - MYSQL_DATABASE=${DATABASE_NAME} 190 | ``` 191 | ### Restore using a docker command 192 | 193 | ```bash 194 | docker container exec /restore.sh /backup/ 195 | ``` 196 | 197 | if no database name is specified, `restore.sh` will try to find the database name from the backup file. 198 | 199 | ### Automatic backup and restore on container starts and stops 200 | 201 | Set `INIT_RESTORE_LATEST` to automatic restore the last backup on startup. 202 | Set `EXIT_BACKUP` to automatic create a last backup on shutdown. 203 | 204 | ```yaml 205 | mysql-cron-backup: 206 | image: fradelg/mysql-cron-backup 207 | depends_on: 208 | - mariadb 209 | volumes: 210 | - ${VOLUME_PATH}/backup:/backup 211 | environment: 212 | - MYSQL_HOST=my_mariadb 213 | - MYSQL_USER=${MYSQL_USER} 214 | - MYSQL_PASS=${MYSQL_PASSWORD} 215 | - MAX_BACKUPS=15 216 | - INIT_RESTORE_LATEST=1 217 | - EXIT_BACKUP=1 218 | # Every day at 03:00 219 | - CRON_TIME=0 3 * * * 220 | # Make it small 221 | - GZIP_LEVEL=9 222 | restart: unless-stopped 223 | 224 | volumes: 225 | data: 226 | ``` 227 | 228 | Docker database image could expose a directory you could add files as init sql script. 229 | 230 | ```yaml 231 | mysql: 232 | image: mysql 233 | expose: 234 | - 3306 235 | volumes: 236 | - data:/var/lib/mysql 237 | # If there is not scheme, restore using the init script (if exists) 238 | - ./init-script.sql:/docker-entrypoint-initdb.d/database.sql.gz 239 | environment: 240 | - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} 241 | - MYSQL_DATABASE=${DATABASE_NAME} 242 | restart: unless-stopped 243 | ``` 244 | 245 | ```yaml 246 | mariadb: 247 | image: mariadb 248 | expose: 249 | - 3306 250 | volumes: 251 | - data:/var/lib/mysql 252 | # If there is not scheme, restore using the init script (if exists) 253 | - ./init-script.sql:/docker-entrypoint-initdb.d/database.sql.gz 254 | environment: 255 | - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} 256 | - MYSQL_DATABASE=${DATABASE_NAME} 257 | restart: unless-stopped 258 | ``` -------------------------------------------------------------------------------- /backup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Get hostname: try read from file, else get from env 4 | [ -z "${MYSQL_HOST_FILE}" ] || { MYSQL_HOST=$(head -1 "${MYSQL_HOST_FILE}"); } 5 | [ -z "${MYSQL_HOST}" ] && { echo "=> MYSQL_HOST cannot be empty" && exit 1; } 6 | # Get username: try read from file, else get from env 7 | [ -z "${MYSQL_USER_FILE}" ] || { MYSQL_USER=$(head -1 "${MYSQL_USER_FILE}"); } 8 | [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } 9 | # Get password: try read from file, else get from env, else get from MYSQL_PASSWORD env 10 | [ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } 11 | [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } 12 | # Get database name(s): try read from file, else get from env 13 | # Note: when from file, there can be one database name per line in that file 14 | [ -z "${MYSQL_DATABASE_FILE}" ] || { MYSQL_DATABASE=$(cat "${MYSQL_DATABASE_FILE}"); } 15 | # Get level from env, else use 6 16 | [ -z "${GZIP_LEVEL}" ] && { GZIP_LEVEL=6; } 17 | 18 | DATE=$(date +%Y%m%d%H%M) 19 | echo "=> Backup started at $(date "+%Y-%m-%d %H:%M:%S")" 20 | DATABASES=${MYSQL_DATABASE:-${MYSQL_DB:-$(mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" $MYSQL_SSL_OPTS -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)}} 21 | for db in ${DATABASES} 22 | do 23 | if [[ "$db" != "information_schema" ]] \ 24 | && [[ "$db" != "performance_schema" ]] \ 25 | && [[ "$db" != "mysql" ]] \ 26 | && [[ "$db" != "sys" ]] \ 27 | && [[ "$db" != _* ]] 28 | then 29 | echo "==> Dumping database: $db" 30 | FILENAME=/backup/$DATE.$db.sql 31 | LATEST=/backup/latest.$db.sql 32 | BASIC_OPTS="--single-transaction" 33 | if [ -n "$REMOVE_DUPLICATES" ] 34 | then 35 | BASIC_OPTS="$BASIC_OPTS --skip-dump-date" 36 | fi 37 | if mysqldump $BASIC_OPTS $MYSQLDUMP_OPTS -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" $MYSQL_SSL_OPTS "$db" > "$FILENAME" 38 | then 39 | EXT= 40 | if [ -z "${USE_PLAIN_SQL}" ] 41 | then 42 | echo "==> Compressing $db with LEVEL $GZIP_LEVEL" 43 | gzip "-$GZIP_LEVEL" -n -f "$FILENAME" 44 | EXT=.gz 45 | FILENAME=$FILENAME$EXT 46 | LATEST=$LATEST$EXT 47 | fi 48 | BASENAME=$(basename "$FILENAME") 49 | echo "==> Creating symlink to latest backup: $BASENAME" 50 | rm "$LATEST" 2> /dev/null 51 | cd /backup || exit && ln -s "$BASENAME" "$(basename "$LATEST")" 52 | if [ -n "$REMOVE_DUPLICATES" ] 53 | then 54 | echo "==> Removing duplicate database dumps" 55 | fdupes -idN /backup/ 56 | fi 57 | if [ -n "$MAX_BACKUPS" ] 58 | then 59 | # Execute the delete script, delete older backup or other custom delete script 60 | /delete.sh "$db" $EXT 61 | fi 62 | else 63 | rm -rf "$FILENAME" 64 | fi 65 | fi 66 | done 67 | echo "=> Backup process finished at $(date "+%Y-%m-%d %H:%M:%S")" 68 | -------------------------------------------------------------------------------- /delete.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | db=$1 4 | EXT=$2 5 | 6 | # This file could be customized to create custom delete strategy 7 | 8 | while [ "$(find /backup -maxdepth 1 -name "*.$db.sql$EXT" -type f | wc -l)" -gt "$MAX_BACKUPS" ] 9 | do 10 | TARGET=$(find /backup -maxdepth 1 -name "*.$db.sql$EXT" -type f | sort | head -n 1) 11 | echo "==> Max number of ($MAX_BACKUPS) backups reached. Deleting ${TARGET} ..." 12 | rm -rf "${TARGET}" 13 | echo "==> Backup ${TARGET} deleted" 14 | done -------------------------------------------------------------------------------- /docker-compose.yaml: -------------------------------------------------------------------------------- 1 | services: 2 | mariadb: 3 | image: mariadb:10.11 4 | container_name: my_mariadb 5 | security_opt: 6 | - seccomp:unconfined 7 | expose: 8 | - 3306 9 | volumes: 10 | - data:/var/lib/mysql 11 | - ${VOLUME_PATH}/backup:/backup 12 | environment: 13 | - MYSQL_DATABASE=${DATABASE_NAME} 14 | - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASSWORD} 15 | - MYSQL_ALLOW_EMPTY_ROOT_PASSWORD=yes 16 | restart: unless-stopped 17 | healthcheck: 18 | test: [ "CMD", "healthcheck.sh", "--su-mysql", "--connect" ] 19 | timeout: 5s 20 | retries: 10 21 | 22 | backup: 23 | build: . 24 | image: fradelg/mysql-cron-backup 25 | depends_on: 26 | mariadb: 27 | condition: service_healthy 28 | volumes: 29 | - ${VOLUME_PATH}/backup:/backup 30 | environment: 31 | - MYSQL_HOST=my_mariadb 32 | - MYSQL_USER=root 33 | - MYSQL_PASS=${MARIADB_ROOT_PASSWORD} 34 | - MAX_BACKUPS=1 35 | - INIT_BACKUP=1 36 | - CRON_TIME=0 0 * * * 37 | restart: unless-stopped 38 | 39 | volumes: 40 | data: 41 | -------------------------------------------------------------------------------- /restore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Get hostname: try read from file, else get from env 4 | [ -z "${MYSQL_HOST_FILE}" ] || { MYSQL_HOST=$(head -1 "${MYSQL_HOST_FILE}"); } 5 | [ -z "${MYSQL_HOST}" ] && { echo "=> MYSQL_HOST cannot be empty" && exit 1; } 6 | # Get username: try read from file, else get from env 7 | [ -z "${MYSQL_USER_FILE}" ] || { MYSQL_USER=$(head -1 "${MYSQL_USER_FILE}"); } 8 | [ -z "${MYSQL_USER}" ] && { echo "=> MYSQL_USER cannot be empty" && exit 1; } 9 | # Get password: try read from file, else get from env, else get from MYSQL_PASSWORD env 10 | [ -z "${MYSQL_PASS_FILE}" ] || { MYSQL_PASS=$(head -1 "${MYSQL_PASS_FILE}"); } 11 | [ -z "${MYSQL_PASS:=$MYSQL_PASSWORD}" ] && { echo "=> MYSQL_PASS cannot be empty" && exit 1; } 12 | 13 | if [ "$#" -ne 1 ] 14 | then 15 | echo "You must pass the path of the backup file to restore" 16 | exit 1 17 | fi 18 | 19 | set -o pipefail 20 | 21 | if [ -z "${USE_PLAIN_SQL}" ] 22 | then 23 | SQL=$(gunzip -c "$1") 24 | else 25 | SQL=$(cat "$1") 26 | fi 27 | 28 | DB_NAME=${MYSQL_DATABASE:-${MYSQL_DB}} 29 | if [ -z "${DB_NAME}" ] 30 | then 31 | echo "=> Searching database name in $1" 32 | DB_NAME=$(echo "$SQL" | grep -oE '(Database: (.+))' | cut -d ' ' -f 2) 33 | fi 34 | [ -z "${DB_NAME}" ] && { echo "=> Database name not found" && exit 1; } 35 | 36 | echo "=> Restore database $DB_NAME from $1" 37 | 38 | if echo "$SQL" | mysql -h "$MYSQL_HOST" -P "$MYSQL_PORT" -u "$MYSQL_USER" -p"$MYSQL_PASS" $MYSQL_SSL_OPTS "$DB_NAME" 39 | then 40 | echo "=> Restore succeeded" 41 | else 42 | echo "=> Restore failed" 43 | fi 44 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | tail -F /mysql_backup.log & 3 | 4 | if [ "${INIT_BACKUP:-0}" -gt "0" ]; then 5 | echo "=> Create a backup on the startup" 6 | /backup.sh 7 | elif [ -n "${INIT_RESTORE_LATEST}" ]; then 8 | echo "=> Restore latest backup" 9 | until nc -z "$MYSQL_HOST" "$MYSQL_PORT" 10 | do 11 | echo "waiting database container..." 12 | sleep 1 13 | done 14 | # Needed to exclude the 'latest..sql.gz' file, consider only filenames starting with number 15 | # Only data-tagged backups, eg. '202212250457.database.sql.gz', must be trapped by the regex 16 | find /backup -maxdepth 1 -name '[0-9]*.*.sql.gz' | sort | tail -1 | xargs /restore.sh 17 | fi 18 | 19 | function final_backup { 20 | echo "=> Captured trap for final backup" 21 | echo "=> Requested last backup at $(date "+%Y-%m-%d %H:%M:%S")" 22 | exec /backup.sh 23 | exit 0 24 | } 25 | 26 | if [ -n "${EXIT_BACKUP}" ]; then 27 | echo "=> Listening on container shutdown gracefully to make last backup before close" 28 | trap final_backup SIGHUP SIGINT SIGTERM 29 | fi 30 | 31 | touch /HEALTHY.status 32 | 33 | echo "${CRON_TIME} /backup.sh >> /mysql_backup.log 2>&1" > /tmp/crontab.conf 34 | crontab /tmp/crontab.conf 35 | echo "=> Running cron task manager in foreground" 36 | crond -f -l 8 -L /mysql_backup.log & 37 | 38 | echo "Listening on crond, and wait..." 39 | 40 | tail -f /dev/null & wait $! 41 | 42 | echo "Script is shutted down." --------------------------------------------------------------------------------