fix : changelog plus readme a jour
This commit is contained in:
@@ -47,14 +47,13 @@ Les scripts fonctionnent indépendamment mais utilisent le même principe :
|
||||
|
||||
Environnement Linux recommandé.
|
||||
|
||||
Packages nécessaires :
|
||||
Packages nécessaires sur Ubuntu Server :
|
||||
|
||||
```
|
||||
postgresql-client
|
||||
curl
|
||||
jq
|
||||
ssh
|
||||
scp
|
||||
openssh-client
|
||||
```
|
||||
|
||||
Commandes PostgreSQL requises :
|
||||
@@ -116,11 +115,18 @@ ssh-copy-id -i ~/.ssh/id_backup_postgres.pub backup@192.168.1.50
|
||||
Tester la connexion sans mot de passe :
|
||||
|
||||
```bash
|
||||
ssh -i ~/.ssh/id_backup_postgres backup@192.168.1.50
|
||||
ssh -i ~/.ssh/id_backup_postgres -o StrictHostKeyChecking=yes backup@192.168.1.50
|
||||
```
|
||||
|
||||
La connexion doit fonctionner **sans demander de mot de passe**.
|
||||
|
||||
Provisionner aussi `known_hosts` avant le premier run :
|
||||
|
||||
```bash
|
||||
ssh-keyscan -H 192.168.1.50 >> ~/.ssh/known_hosts
|
||||
chmod 600 ~/.ssh/known_hosts
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
### Sécuriser les permissions
|
||||
@@ -153,13 +159,18 @@ cp backup.env.exemple .env
|
||||
|
||||
Puis modifier les variables.
|
||||
|
||||
Variables SSH supplémentaires désormais supportées :
|
||||
|
||||
```
|
||||
BACKUP_REMOTE_SSH_PORT
|
||||
BACKUP_KNOWN_HOSTS_STRICT
|
||||
BACKUP_KNOWN_HOSTS_FILE
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
# 5. Script : backup-bdd-recette.sh
|
||||
|
||||
Script :
|
||||
|
||||
|
||||
## Objectif
|
||||
|
||||
Sauvegarder plusieurs bases PostgreSQL et transférer les dumps vers un serveur distant.
|
||||
@@ -205,6 +216,8 @@ Suppression des sauvegardes plus anciennes que :
|
||||
10 jours
|
||||
```
|
||||
|
||||
Le script utilise maintenant des options SSH strictes et refuse les clés privées symboliques.
|
||||
|
||||
---
|
||||
|
||||
## Exécution
|
||||
@@ -217,9 +230,6 @@ Suppression des sauvegardes plus anciennes que :
|
||||
|
||||
# 6. Script : check-statut-recette.sh
|
||||
|
||||
Script :
|
||||
|
||||
|
||||
## Objectif
|
||||
|
||||
Vérifier la disponibilité des applications web.
|
||||
@@ -306,6 +316,8 @@ Le script :
|
||||
9. restaure la base via `pg_restore`
|
||||
10. envoie une notification Discord
|
||||
|
||||
Le script supporte désormais le port SSH distant, un fichier `known_hosts` dédié et l’exclusion configurable des rôles via `EXCLUDED_RESTORE_ROLES`.
|
||||
|
||||
---
|
||||
|
||||
## Sélection de la base
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
umask 077
|
||||
|
||||
###############################################################################
|
||||
# backup-bdd-recette.sh
|
||||
@@ -67,15 +68,82 @@ set +a
|
||||
|
||||
read -r -a DBS_ARRAY <<< "$DBS"
|
||||
|
||||
validate_db_name() {
|
||||
local db_name="$1"
|
||||
|
||||
[[ -n "$db_name" ]] || {
|
||||
echo "ERROR: nom de base vide dans DBS" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ "$db_name" =~ ^[a-zA-Z0-9_]+$ ]] || {
|
||||
echo "ERROR: nom de base invalide dans DBS : $db_name" >&2
|
||||
exit 1
|
||||
}
|
||||
}
|
||||
|
||||
for DB in "${DBS_ARRAY[@]}"; do
|
||||
validate_db_name "$DB"
|
||||
done
|
||||
|
||||
IA_SSH="${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_HOST}"
|
||||
IA_BASE_DIR="${BACKUP_REMOTE_DIR}"
|
||||
RETENTION_DAYS=10
|
||||
BACKUP_REMOTE_SSH_PORT="${BACKUP_REMOTE_SSH_PORT:-22}"
|
||||
BACKUP_KNOWN_HOSTS_STRICT="${BACKUP_KNOWN_HOSTS_STRICT:-yes}"
|
||||
BACKUP_KNOWN_HOSTS_FILE="${BACKUP_KNOWN_HOSTS_FILE:-${HOME}/.ssh/known_hosts}"
|
||||
|
||||
[[ "$BACKUP_REMOTE_SSH_PORT" =~ ^[0-9]+$ ]] || {
|
||||
echo "ERROR: BACKUP_REMOTE_SSH_PORT invalide" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ "$PGPORT" =~ ^[0-9]+$ ]] || {
|
||||
echo "ERROR: PGPORT invalide" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ "$SSH_TIMEOUT" =~ ^[0-9]+$ ]] || {
|
||||
echo "ERROR: SSH_TIMEOUT invalide" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ "$PGUSER" =~ ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$ ]] || {
|
||||
echo "ERROR: PGUSER invalide" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
case "${BACKUP_KNOWN_HOSTS_STRICT,,}" in
|
||||
yes|y|oui|o|true|1) BACKUP_KNOWN_HOSTS_STRICT="yes" ;;
|
||||
no|n|non|false|0) BACKUP_KNOWN_HOSTS_STRICT="no" ;;
|
||||
*)
|
||||
echo "ERROR: BACKUP_KNOWN_HOSTS_STRICT invalide" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
mkdir -p "$(dirname "$BACKUP_KNOWN_HOSTS_FILE")"
|
||||
chmod 700 "$(dirname "$BACKUP_KNOWN_HOSTS_FILE")" || true
|
||||
touch "$BACKUP_KNOWN_HOSTS_FILE"
|
||||
chmod 600 "$BACKUP_KNOWN_HOSTS_FILE" || true
|
||||
|
||||
SSH_OPTS=(
|
||||
-i "$SSH_KEY"
|
||||
-p "$BACKUP_REMOTE_SSH_PORT"
|
||||
-o IdentitiesOnly=yes
|
||||
-o BatchMode=yes
|
||||
-o ConnectTimeout="${SSH_TIMEOUT}"
|
||||
-o StrictHostKeyChecking="${BACKUP_KNOWN_HOSTS_STRICT}"
|
||||
-o UserKnownHostsFile="${BACKUP_KNOWN_HOSTS_FILE}"
|
||||
)
|
||||
|
||||
SCP_OPTS=(
|
||||
-i "$SSH_KEY"
|
||||
-P "$BACKUP_REMOTE_SSH_PORT"
|
||||
-o IdentitiesOnly=yes
|
||||
-o BatchMode=yes
|
||||
-o ConnectTimeout="${SSH_TIMEOUT}"
|
||||
-o StrictHostKeyChecking="${BACKUP_KNOWN_HOSTS_STRICT}"
|
||||
-o UserKnownHostsFile="${BACKUP_KNOWN_HOSTS_FILE}"
|
||||
)
|
||||
|
||||
LOG_DIR="${BACKUP_LOG_DIR}"
|
||||
@@ -85,8 +153,10 @@ TS="$(date +'%Y-%m-%d_%H-%M-%S')"
|
||||
BACKUP_DIR_NAME="backup_${TS}"
|
||||
LOG_FILE="${LOG_DIR}/${BACKUP_DIR_NAME}.log"
|
||||
|
||||
TMP_DIR="/tmp/pg_dump_${BACKUP_DIR_NAME}"
|
||||
mkdir -p "$TMP_DIR"
|
||||
TMP_DIR="$(mktemp -d /tmp/pg_dump_XXXXXX)" || {
|
||||
echo "ERROR: impossible de créer le dossier temporaire" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
exec > >(tee -a "$LOG_FILE") 2>&1
|
||||
|
||||
@@ -96,19 +166,46 @@ require_cmd() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
safe_remove_dir() {
|
||||
local dir="${1:-}"
|
||||
[[ -n "$dir" ]] || return 0
|
||||
[[ "$dir" == /tmp/pg_dump_* ]] || {
|
||||
log "WARNING: suppression refusée pour le chemin inattendu : $dir"
|
||||
return 1
|
||||
}
|
||||
rm -rf -- "$dir"
|
||||
}
|
||||
|
||||
export PGPASSWORD
|
||||
|
||||
#######################################
|
||||
# Vérification dépendances minimales
|
||||
#######################################
|
||||
|
||||
for cmd in ssh scp curl jq pg_dump pg_dumpall; do
|
||||
for cmd in ssh scp curl jq pg_dump pg_dumpall mktemp; do
|
||||
require_cmd "$cmd" || {
|
||||
echo "ERROR: commande manquante : $cmd" >&2
|
||||
exit 1
|
||||
}
|
||||
done
|
||||
|
||||
[[ -f "$SSH_KEY" ]] || {
|
||||
echo "ERROR: clé SSH introuvable : $SSH_KEY" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ -r "$SSH_KEY" ]] || {
|
||||
echo "ERROR: clé SSH non lisible : $SSH_KEY" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[[ ! -L "$SSH_KEY" ]] || {
|
||||
echo "ERROR: la clé SSH ne doit pas être un lien symbolique : $SSH_KEY" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
chmod 600 "$SSH_KEY" || true
|
||||
|
||||
#######################################
|
||||
# Configuration Discord
|
||||
#######################################
|
||||
@@ -271,19 +368,21 @@ if ! mkdir "$LOCK_DIR" 2>/dev/null; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
trap 'rm -rf "$LOCK_DIR" "$TMP_DIR"' EXIT
|
||||
cleanup() {
|
||||
rm -rf -- "$LOCK_DIR"
|
||||
safe_remove_dir "$TMP_DIR" || true
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
#######################################
|
||||
# Préparation du dossier distant
|
||||
#######################################
|
||||
|
||||
REMOTE_DIR="${IA_BASE_DIR}"
|
||||
|
||||
log "Creating remote directories"
|
||||
|
||||
MKDIR_CMD="mkdir -p '${REMOTE_DIR}/user'"
|
||||
MKDIR_CMD="mkdir -p '${BACKUP_REMOTE_DIR}/user'"
|
||||
for DB in "${DBS_ARRAY[@]}"; do
|
||||
MKDIR_CMD+=" '${REMOTE_DIR}/${DB}'"
|
||||
MKDIR_CMD+=" '${BACKUP_REMOTE_DIR}/${DB}'"
|
||||
done
|
||||
|
||||
if ! ssh "${SSH_OPTS[@]}" "$IA_SSH" "$MKDIR_CMD"; then
|
||||
@@ -320,7 +419,7 @@ else
|
||||
fi
|
||||
|
||||
if [[ -n "${USERS_EXPORT_OK:-}" ]]; then
|
||||
scp "${SSH_OPTS[@]}" "$ROLES_FILE" "$IA_SSH:${REMOTE_DIR}/user/"
|
||||
scp "${SCP_OPTS[@]}" "$ROLES_FILE" "$IA_SSH:${BACKUP_REMOTE_DIR}/user/"
|
||||
RET=$?
|
||||
|
||||
if [[ $RET -ne 0 ]]; then
|
||||
@@ -364,7 +463,7 @@ for DB in "${DBS_ARRAY[@]}"; do
|
||||
continue
|
||||
fi
|
||||
|
||||
scp "${SSH_OPTS[@]}" "$FILE" "$IA_SSH:${REMOTE_DIR}/${DB}/"
|
||||
scp "${SCP_OPTS[@]}" "$FILE" "$IA_SSH:${BACKUP_REMOTE_DIR}/${DB}/"
|
||||
RET=$?
|
||||
|
||||
if [[ $RET -ne 0 ]]; then
|
||||
@@ -384,7 +483,7 @@ log "Starting remote rotation: delete backups older than ${RETENTION_DAYS} days"
|
||||
|
||||
set +e
|
||||
|
||||
ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${REMOTE_DIR}/user' -type f -name 'user_*.sql' -mtime +${RETENTION_DAYS} -delete"
|
||||
ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${BACKUP_REMOTE_DIR}/user' -type f -name 'user_*.sql' -mtime +${RETENTION_DAYS} -delete"
|
||||
RET=$?
|
||||
|
||||
if [[ $RET -ne 0 ]]; then
|
||||
@@ -394,7 +493,7 @@ else
|
||||
fi
|
||||
|
||||
for DB in "${DBS_ARRAY[@]}"; do
|
||||
ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${REMOTE_DIR}/${DB}' -type f -name '${DB}_*.dump' -mtime +${RETENTION_DAYS} -delete"
|
||||
ssh "${SSH_OPTS[@]}" "$IA_SSH" "find '${BACKUP_REMOTE_DIR}/${DB}' -type f -name '${DB}_*.dump' -mtime +${RETENTION_DAYS} -delete"
|
||||
RET=$?
|
||||
|
||||
if [[ $RET -ne 0 ]]; then
|
||||
@@ -412,7 +511,7 @@ log "Remote rotation finished"
|
||||
# Nettoyage local
|
||||
#######################################
|
||||
|
||||
rm -rf "$TMP_DIR"
|
||||
safe_remove_dir "$TMP_DIR" || true
|
||||
|
||||
#######################################
|
||||
# Bilan final Discord
|
||||
@@ -442,4 +541,4 @@ for DB in "${DBS_ARRAY[@]}"; do
|
||||
fi
|
||||
done
|
||||
|
||||
exit 2
|
||||
exit 2
|
||||
|
||||
@@ -44,9 +44,18 @@ BACKUP_REMOTE_DIR=/home/.../backups/bdd-recette
|
||||
# Clé SSH utilisée pour se connecter au serveur distant
|
||||
SSH_KEY=/home/.../.ssh/id_ed25519_backup
|
||||
|
||||
# Port SSH du serveur de backup
|
||||
BACKUP_REMOTE_SSH_PORT=22
|
||||
|
||||
# Timeout de connexion SSH (secondes)
|
||||
SSH_TIMEOUT=10
|
||||
|
||||
# Validation stricte des clés hôtes SSH (yes/no)
|
||||
BACKUP_KNOWN_HOSTS_STRICT=yes
|
||||
|
||||
# Fichier known_hosts utilisé par ssh/scp
|
||||
BACKUP_KNOWN_HOSTS_FILE=/home/.../.ssh/known_hosts
|
||||
|
||||
###############################################################################
|
||||
# LOGS
|
||||
###############################################################################
|
||||
@@ -62,4 +71,4 @@ BACKUP_LOG_DIR=/var/log/script/
|
||||
DISCORD_WEBHOOK_URL=
|
||||
|
||||
# Mention envoyée en cas d'erreur
|
||||
DISCORD_PING=@here
|
||||
DISCORD_PING=@here
|
||||
|
||||
@@ -201,8 +201,6 @@ check_site() {
|
||||
#######################################
|
||||
|
||||
main() {
|
||||
trap '[[ -n "$STDERR_TMP" ]] && rm -f "$STDERR_TMP"' EXIT
|
||||
|
||||
local failures=0
|
||||
|
||||
for site in "${SITES[@]}"; do
|
||||
@@ -221,4 +219,4 @@ main() {
|
||||
exit 0
|
||||
}
|
||||
|
||||
main "$@"
|
||||
main "$@"
|
||||
|
||||
@@ -65,8 +65,10 @@ set +a
|
||||
###############################################################################
|
||||
LOCAL_RESTORE_DIR="${LOCAL_RESTORE_DIR:-${SCRIPT_DIR}/restore_tmp}"
|
||||
REMOTE_ROLES_DIR_NAME="${REMOTE_ROLES_DIR_NAME:-user}"
|
||||
BACKUP_REMOTE_SSH_PORT="${BACKUP_REMOTE_SSH_PORT:-22}"
|
||||
SSH_CONNECT_TIMEOUT="${SSH_CONNECT_TIMEOUT:-8}"
|
||||
DISCORD_WEBHOOK_URL="${DISCORD_WEBHOOK_URL:-}"
|
||||
EXCLUDED_RESTORE_ROLES="${EXCLUDED_RESTORE_ROLES:-postgres}"
|
||||
|
||||
###############################################################################
|
||||
# Préparation des dossiers locaux
|
||||
@@ -115,6 +117,35 @@ require_cmd() {
|
||||
command -v "$1" >/dev/null 2>&1
|
||||
}
|
||||
|
||||
sql_escape_literal() {
|
||||
local s="${1:-}"
|
||||
s="${s//\'/\'\'}"
|
||||
printf "%s" "$s"
|
||||
}
|
||||
|
||||
validate_db_name() {
|
||||
local db_name="$1"
|
||||
|
||||
[[ -n "$db_name" ]] || fail "nom de base vide"
|
||||
[[ "$db_name" =~ ^[A-Za-z0-9_]+$ ]] || \
|
||||
fail "nom de base invalide : seuls les lettres, chiffres et underscores sont autorisés"
|
||||
}
|
||||
|
||||
build_excluded_roles_regex() {
|
||||
local role regex=""
|
||||
|
||||
for role in $EXCLUDED_RESTORE_ROLES; do
|
||||
[[ -z "$role" ]] && continue
|
||||
[[ "$role" =~ ^[a-zA-Z_][a-zA-Z0-9_-]*$ ]] || fail "rôle exclu invalide : ${role}"
|
||||
if [[ -n "$regex" ]]; then
|
||||
regex+="|"
|
||||
fi
|
||||
regex+="$role"
|
||||
done
|
||||
|
||||
printf '%s' "$regex"
|
||||
}
|
||||
|
||||
###############################################################################
|
||||
# Envoi Discord
|
||||
#
|
||||
@@ -151,15 +182,28 @@ send_discord_message() {
|
||||
###############################################################################
|
||||
[[ -f "$SSH_KEY" ]] || fail "clé SSH introuvable : $SSH_KEY"
|
||||
[[ -r "$SSH_KEY" ]] || fail "clé SSH non lisible : $SSH_KEY"
|
||||
[[ "$PGPORT" =~ ^[0-9]+$ ]] || fail "PGPORT invalide"
|
||||
[[ "$BACKUP_REMOTE_SSH_PORT" =~ ^[0-9]+$ ]] || fail "BACKUP_REMOTE_SSH_PORT invalide"
|
||||
[[ "$PGUSER" =~ ^[a-zA-Z0-9_][a-zA-Z0-9_-]*$ ]] || fail "PGUSER invalide"
|
||||
|
||||
export PGPASSWORD
|
||||
|
||||
SSH_OPTS=(
|
||||
-i "$SSH_KEY"
|
||||
-p "$BACKUP_REMOTE_SSH_PORT"
|
||||
-o IdentitiesOnly=yes
|
||||
-o BatchMode=yes
|
||||
-o ConnectTimeout="$SSH_CONNECT_TIMEOUT"
|
||||
-o StrictHostKeyChecking=accept-new
|
||||
-o StrictHostKeyChecking=yes
|
||||
)
|
||||
|
||||
SCP_OPTS=(
|
||||
-i "$SSH_KEY"
|
||||
-P "$BACKUP_REMOTE_SSH_PORT"
|
||||
-o IdentitiesOnly=yes
|
||||
-o BatchMode=yes
|
||||
-o ConnectTimeout="$SSH_CONNECT_TIMEOUT"
|
||||
-o StrictHostKeyChecking=yes
|
||||
)
|
||||
|
||||
REMOTE_SSH="${BACKUP_REMOTE_USER}@${BACKUP_REMOTE_HOST}"
|
||||
@@ -217,7 +261,7 @@ if [[ "$POSTGRES_INSTALLED" == "true" ]]; then
|
||||
log "Création du rôle PostgreSQL ${PGUSER} suite à une installation neuve..."
|
||||
|
||||
sudo -u postgres psql -d postgres -c \
|
||||
"CREATE ROLE \"${PGUSER}\" WITH LOGIN SUPERUSER CREATEDB CREATEROLE PASSWORD '${PGPASSWORD}';" \
|
||||
"CREATE ROLE \"${PGUSER}\" WITH LOGIN SUPERUSER CREATEDB CREATEROLE PASSWORD '$(sql_escape_literal "$PGPASSWORD")';" \
|
||||
>>"$LOG_FILE" 2>&1 || fail "échec de création du rôle ${PGUSER}"
|
||||
|
||||
log "Rôle PostgreSQL ${PGUSER} créé."
|
||||
@@ -251,9 +295,10 @@ if [[ "${USE_LIST,,}" == "oui" || "${USE_LIST,,}" == "o" ]]; then
|
||||
DB="${DBS_ARRAY[$((DB_INDEX - 1))]}"
|
||||
else
|
||||
read -r -p "Nom exact de la base à restaurer : " DB
|
||||
[[ -n "$DB" ]] || fail "nom de base vide"
|
||||
fi
|
||||
|
||||
validate_db_name "$DB"
|
||||
|
||||
log "Environnement : $ENV_NAME"
|
||||
log "Base cible sélectionnée : $DB"
|
||||
|
||||
@@ -312,7 +357,7 @@ LOCAL_DB_DUMP_FILE="${LOCAL_RESTORE_DIR}/$(basename "$LAST_REMOTE_DB_DUMP")"
|
||||
LOCAL_ROLES_FILE=""
|
||||
|
||||
log "Téléchargement du dump..."
|
||||
scp "${SSH_OPTS[@]}" "${REMOTE_SSH}:${LAST_REMOTE_DB_DUMP}" "$LOCAL_DB_DUMP_FILE" \
|
||||
scp "${SCP_OPTS[@]}" "${REMOTE_SSH}:${LAST_REMOTE_DB_DUMP}" "$LOCAL_DB_DUMP_FILE" \
|
||||
>>"$LOG_FILE" 2>&1 || fail "échec du téléchargement du dump principal"
|
||||
|
||||
###############################################################################
|
||||
@@ -322,7 +367,7 @@ if [[ -n "$LAST_REMOTE_ROLES_FILE" ]]; then
|
||||
LOCAL_ROLES_FILE="${LOCAL_RESTORE_DIR}/$(basename "$LAST_REMOTE_ROLES_FILE")"
|
||||
|
||||
log "Téléchargement du fichier des rôles..."
|
||||
scp "${SSH_OPTS[@]}" "${REMOTE_SSH}:${LAST_REMOTE_ROLES_FILE}" "$LOCAL_ROLES_FILE" \
|
||||
scp "${SCP_OPTS[@]}" "${REMOTE_SSH}:${LAST_REMOTE_ROLES_FILE}" "$LOCAL_ROLES_FILE" \
|
||||
>>"$LOG_FILE" 2>&1 || fail "échec du téléchargement du fichier des rôles"
|
||||
else
|
||||
log "La restauration des rôles sera ignorée."
|
||||
@@ -341,7 +386,7 @@ fi
|
||||
###############################################################################
|
||||
DB_EXISTS="$(
|
||||
psql -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d postgres -tAc \
|
||||
"SELECT 1 FROM pg_database WHERE datname='${DB}'" 2>>"$LOG_FILE" || true
|
||||
"SELECT 1 FROM pg_database WHERE datname='$(sql_escape_literal "$DB")'" 2>>"$LOG_FILE" || true
|
||||
)"
|
||||
|
||||
if [[ "$DB_EXISTS" == "1" ]]; then
|
||||
@@ -364,9 +409,14 @@ if [[ -n "$LOCAL_ROLES_FILE" ]]; then
|
||||
FILTERED_ROLES_FILE="${LOCAL_RESTORE_DIR}/filtered_$(basename "$LOCAL_ROLES_FILE")"
|
||||
ROLES_CREATE_LIST="${LOCAL_RESTORE_DIR}/roles_to_create_$(basename "$LOCAL_ROLES_FILE")"
|
||||
ROLES_APPLY_FILE="${LOCAL_RESTORE_DIR}/roles_apply_$(basename "$LOCAL_ROLES_FILE")"
|
||||
EXCLUDED_ROLES_REGEX="$(build_excluded_roles_regex)"
|
||||
|
||||
grep -viE '^(CREATE ROLE|ALTER ROLE) (backup_liot|postgres)\b' "$LOCAL_ROLES_FILE" \
|
||||
> "$FILTERED_ROLES_FILE" || true
|
||||
if [[ -n "$EXCLUDED_ROLES_REGEX" ]]; then
|
||||
grep -viE "^(CREATE ROLE|ALTER ROLE) (${EXCLUDED_ROLES_REGEX})\\b" "$LOCAL_ROLES_FILE" \
|
||||
> "$FILTERED_ROLES_FILE" || true
|
||||
else
|
||||
cp "$LOCAL_ROLES_FILE" "$FILTERED_ROLES_FILE"
|
||||
fi
|
||||
|
||||
log "Fichier des rôles filtré généré : ${FILTERED_ROLES_FILE}"
|
||||
|
||||
@@ -383,7 +433,7 @@ if [[ -n "$LOCAL_ROLES_FILE" ]]; then
|
||||
|
||||
ROLE_EXISTS="$(
|
||||
psql -h "$PGHOST" -p "$PGPORT" -U "$PGUSER" -d postgres -tAc \
|
||||
"SELECT 1 FROM pg_roles WHERE rolname='${role_name}'" 2>>"$LOG_FILE" || true
|
||||
"SELECT 1 FROM pg_roles WHERE rolname='$(sql_escape_literal "$role_name")'" 2>>"$LOG_FILE" || true
|
||||
)"
|
||||
|
||||
if [[ "$ROLE_EXISTS" != "1" ]]; then
|
||||
@@ -448,4 +498,4 @@ Hôte PostgreSQL : ${PGHOST}:${PGPORT}
|
||||
Dump utilisé : $(basename "$LAST_REMOTE_DB_DUMP")
|
||||
Log : ${LOG_FILE}"
|
||||
|
||||
send_discord_message "$SUCCESS_MESSAGE"
|
||||
send_discord_message "$SUCCESS_MESSAGE"
|
||||
|
||||
@@ -39,6 +39,9 @@ BACKUP_REMOTE_HOST=
|
||||
# Répertoire racine distant :
|
||||
BACKUP_REMOTE_DIR=/home/.../backups/bdd-recette
|
||||
|
||||
# Port SSH du serveur de backup
|
||||
BACKUP_REMOTE_SSH_PORT=22
|
||||
|
||||
###############################################################################
|
||||
# SSH
|
||||
###############################################################################
|
||||
@@ -50,6 +53,12 @@ SSH_KEY=/home/.../.ssh/id_ed25519_backup
|
||||
# Variable optionnelle dans le script, mais utile ici comme valeur par défaut
|
||||
SSH_CONNECT_TIMEOUT=8
|
||||
|
||||
# Validation stricte des clés hôtes SSH (yes/no)
|
||||
BACKUP_KNOWN_HOSTS_STRICT=yes
|
||||
|
||||
# Fichier known_hosts utilisé par ssh/scp
|
||||
BACKUP_KNOWN_HOSTS_FILE=/home/.../.ssh/known_hosts
|
||||
|
||||
###############################################################################
|
||||
# LOGS
|
||||
###############################################################################
|
||||
@@ -72,9 +81,12 @@ LOCAL_RESTORE_DIR=/tmp/rebuild-bdd-recette
|
||||
# Nom du dossier distant contenant les exports SQL des rôles
|
||||
REMOTE_ROLES_DIR_NAME=user
|
||||
|
||||
# Rôles PostgreSQL à exclure lors de la restauration
|
||||
EXCLUDED_RESTORE_ROLES="postgres"
|
||||
|
||||
###############################################################################
|
||||
# DISCORD
|
||||
###############################################################################
|
||||
|
||||
# Webhook Discord pour notifier le succès de la restauration
|
||||
DISCORD_WEBHOOK_URL=
|
||||
DISCORD_WEBHOOK_URL=
|
||||
|
||||
Reference in New Issue
Block a user