Release 3.7.1 - See CHANGELOG.md

Author: tiredofit

CHANGELOG.md

@@ -1,3 +1,12 @@
+## 3.7.1 2022-12-19 <dave at tiredofit dot ca>
+
+   ### Changed
+      - Add MYSQL_ENABLE_TLS environment variable to switch on and off
+
+   ### Reverted
+      - Set default for MYSQL_TLS_CA_FILE to accomodate for most use cases
+
+
 ## 3.7.0 2022-12-16 <dave at tiredofit dot ca>
 
    ### Added

README.md

@@ -183,9 +183,10 @@ Your Organization will be mapped to `DB_USER` and your root token will need to b
 | `MYSQL_MAX_ALLOWED_PACKET`     | Max allowed packet if backing up MySQL / MariaDB                                                                                      | `512M`                    |
 | `MYSQL_SINGLE_TRANSACTION`     | Backup in a single transaction with MySQL / MariaDB                                                                                   | `TRUE`                    |
 | `MYSQL_STORED_PROCEDURES`      | Backup stored procedures with MySQL / MariaDB                                                                                         | `TRUE`                    |
+| `MYSQL_ENABLE_TLS`             | Enable TLS functionality for MySQL client                                                                                             | `FALSE`                   |
 | `MYSQL_TLS_VERIFY`             | (optional) If using TLS (by means of MYSQL_TLS_* variables) verify remote host                                                        | `FALSE`                   |
 | `MYSQL_TLS_VERSION`            | What TLS `v1.1` `v1.2` `v1.3` version to utilize                                                                                      | `TLSv1.1,TLSv1.2,TLSv1.3` |
-| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS e.g. `/etc/ssl/cert.pem` should suffice for most non self signed setups |                           |
+| `MYSQL_TLS_CA_FILE`            | Filename to load custom CA certificate for connecting via TLS  | `/etc/ssl/cert.pem`                          |
 | `MYSQL_TLS_CERT_FILE`          | Filename to load client certificate for connecting via TLS                                                                            |                           |
 | `MYSQL_TLS_KEY_FILE`           | Filename to load client key for connecting via TLS                                                                                    |                           |
 

install/assets/defaults/10-db-backup

@@ -12,9 +12,11 @@ ENABLE_CHECKSUM=${ENABLE_CHECKSUM:-"TRUE"}
 ENABLE_PARALLEL_COMPRESSION=${ENABLE_PARALLEL_COMPRESSION:-"TRUE"}
 MANUAL_RUN_FOREVER=${MANUAL_RUN_FOREVER:-"TRUE"}
 MODE=${MODE:-"AUTO"}
+MYSQL_ENABLE_TLS=${MYSQL_ENABLE_TLS:-"FALSE"}
 MYSQL_MAX_ALLOWED_PACKET=${MYSQL_MAX_ALLOWED_PACKET:-"512M"}
 MYSQL_SINGLE_TRANSACTION=${MYSQL_SINGLE_TRANSACTION:-"TRUE"}
 MYSQL_STORED_PROCEDURES=${MYSQL_STORED_PROCEDURES:-"TRUE"}
+MYSQL_TLS_CA_FILE=${MYSQL_TLS_CA_FILE:-"/etc/ssl/cert/pem"}
 MYSQL_TLS_VERIFY=${MYSQL_TLS_VERIFY:-"FALSE"}
 MYSQL_TLS_VERSION=${MYSQL_TLS_VERSION:-"TLSv1.1,TLSv1.2,TLSv1.3"}
 PARALLEL_COMPRESSION_THREADS=${PARALLEL_COMPRESSION_THREADS:-"$(nproc)"}

install/assets/functions/10-db-backup

@@ -49,24 +49,22 @@ bootstrap_variables() {
             sanity_var DB_NAME "Database Name to backup. Multiple seperated by commas"
             [[ ( -n "${DB_PASS}" ) || ( -n "${DB_PASS_FILE}" ) ]] && file_env 'DB_PASS'
             [[ ( -n "${DB_PASS}" ) ]] && export MYSQL_PWD=${DB_PASS}
-            if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
-            fi
-            if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
-            fi
-            if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
-            fi
-            if var_true "${TLS_VERIFY}" ; then
-                mysql_tls=TRUE
-                mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
-            fi
-            if var_true "${mysql_tls}" ; then
-                mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+            if var_true "${MYSQL_ENABLE_TLS}" ; then
+                if [ -n "${MYSQL_TLS_CA_FILE}" ] ; then
+                    mysql_tls_args="--ssl_ca=${MYSQL_TLS_CA_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_CERT_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_cert=${MYSQL_TLS_CERT_FILE}"
+                fi
+                if [ -n "${MYSQL_TLS_KEY_FILE}" ] ; then
+                    mysql_tls_args="${mysql_tls_args} --ssl_key=${MYSQL_TLS_KEY_FILE}"
+                fi
+                if var_true "${TLS_VERIFY}" ; then
+                    mysql_tls_args="${mysql_tls_args} --sslverify-server-cert"
+                fi
+                if [ -n "${MYSQL_TLS_VERSION}" ; then
+                    mysql_tls_args="${mysql_tls_args} --tls_version=${MYSQL_TLS_VERSION}"
+                fi
             fi
         ;;
         "mssql" | "microsoftsql" )