变更keyring file到更安全的位置

Signed-off-by: DingWenguan <dingwenguan@htsdfp.com>

config/my.cnf

@@ -0,0 +1,143 @@
+# For advice on how to change settings please see
+# http://dev.mysql.com/doc/refman/8.0/en/server-configuration-defaults.html
+#
+############################################################
+[mysqldump]
+socket=/mysql/data/mysql.sock
+
+
+[mysql]
+socket=/mysql/data/mysql.sock
+
+
+[mysqld]
+#
+############################################################
+#  Memory
+############################################################
+innodb_buffer_pool_size=2G
+innodb_log_buffer_size=64M
+tmp_table_size=64M
+max_heap_table_size=64M
+sort_buffer_size=4M
+
+
+############################################################
+#  general
+############################################################
+datadir=/mysql/data
+tmpdir=/tmp
+socket=/mysql/data/mysql.sock
+log-error=/var/log/mysqld.log
+pid-file=/var/run/mysqld/mysqld.pid
+character-set-server=utf8mb4
+collation-server=utf8mb4_general_ci
+user=mysql
+local-infile=0
+
+
+############################################################
+#  storage engine
+############################################################
+default_storage_engine=InnoDB
+innodb_file_per_table=on
+innodb_data_home_dir=/mysql/data
+innodb_log_group_home_dir=/mysql/data
+innodb_redo_log_capacity=4G
+innodb_undo_directory=/mysql/data
+#innodb_log_file_size=512M #deprecated
+#innodb_log_files_in_group=2 #deprecated
+#innodb_undo_tablespaces=3 #deprecated
+innodb_undo_log_truncate=on
+sync_binlog=1
+early-plugin-load=keyring_file.so
+keyring_file_data=/mysql/backup/keyring_file/keyring
+default_table_encryption=on
+table_encryption_privilege_check=on
+innodb_redo_log_encrypt=on
+innodb_undo_log_encrypt=on
+block_encryption_mode=aes-256-cbc
+
+
+############################################################
+#  connection
+############################################################
+max_connections=500
+wait_timeout=28800
+interactive_timeout=28800
+port=12138
+
+
+############################################################
+#  logon
+############################################################
+plugin-load-add=connection_control.so
+connection-control=FORCE_PLUS_PERMANENT
+connection-control-failed-login-attempts=FORCE_PLUS_PERMANENT
+connection-control-failed-connections-threshold=5
+connection-control-min-connection-delay=86400000
+connection-control-max-connection-delay=86400000
+
+plugin-load-add=validate_password.so
+validate_password=FORCE_PLUS_PERMANENT
+validate_password_length=13
+validate_password_policy=1
+validate_password_mixed_case_count=1
+validate_password_number_count=1
+validate_password_special_char_count=1
+default_password_lifetime=90
+
+plugin-load-add=auth_socket.so
+auth_socket=FORCE_PLUS_PERMANENT
+
+
+############################################################
+# binlog
+############################################################
+log-bin=/mysql/backup/log/mysql-bin
+log_bin_index=/mysql/backup/log/binlog.index
+binlog_format=mixed
+#expire_logs_days=7 #deprecated
+binlog_expire_logs_seconds=604800
+max_binlog_size=100M
+binlog_encryption=on
+
+
+
+############################################################
+# auditing
+############################################################
+general_log=on
+general_log_file=/mysql/backup/log/mysql.log
+log_timestamps=system
+long_query_time=10
+slow_query_log=on
+slow-query-log-file=/mysql/backup/log/slowquery.log
+log-queries-not-using-indexes=on
+
+
+############################################################
+# ssl/tls
+############################################################
+ssl=on
+ssl-ca=/etc/mysql/certs/ca-cert.pem
+ssl-cert=/etc/mysql/certs/server-cert.pem
+ssl-key=/etc/mysql/certs/server-key.pem
+#require_secure_transport=on
+
+
+############################################################
+# replication
+# Please comment this block if replication is not used.
+# Caution: 
+#       server_id should differ between source and replica
+#       read-only should be set dynamically and persistently
+############################################################
+server_id=1
+relay-log=/mysql/backup/log/mysql-relay
+max_binlog_size=500M
+#read-only=0
+
+
+############################################################
+

script/README.md

@@ -0,0 +1 @@
+# This is a repository for scripts.

script/backup_database.py

@@ -0,0 +1,146 @@
+# coding=UTF-8
+############################################################################################
+#
+# Author:      Wenguan Ding
+# Date:        2025/03/07
+# Description: This script is developed to run logical hot backup for mysql database(s)
+# Revision:
+#              Date             Author              Comment
+#             -------------    --------------      -----------------------------------------
+#              2025/03/07       Wenguan Ding        Created
+#              2025/03/11       Wenguan Ding        use auth_socket plugin to login database
+#
+############################################################################################
+import os
+import subprocess
+import time
+import gzip
+import sys
+import argparse
+
+# 解析命令行参数
+parser = argparse.ArgumentParser(description="MySQL热备份脚本")
+parser.add_argument("-d", "--database", help="要备份的数据库名称(输入'all'备份所有数据库)", required=True)
+parser.add_argument("-p", "--path", help="备份文件存储路径", required=True)
+parser.add_argument("-t", "--day", help="保留备份天数", required=True)
+args = parser.parse_args()
+
+# 配置信息
+MYSQL_USER = "backup_htfp"   # MySQL用户名
+#MYSQL_PASSWORD = "xxxxxxx"  # MySQL密码. 设置了auth-socket,无需使用密码
+#MYSQL_HOST = "localhost"    # MySQL主机. 设置了auth-socket, 无需指定host
+#MYSQL_PORT = "12138"        # MySQL端口. 设置了auth-socket, 无需指定host
+
+# 创建备份目录（如果不存在）
+if not os.path.exists(args.path):
+    os.makedirs(args.path)
+
+def backup_database(db_name, backup_dir):
+    """备份单个数据库"""
+    timestamp = time.strftime("%Y%m%d_%H%M%S")
+    backup_file = os.path.join(backup_dir, "{0}_backup_{1}.sql".format(db_name, timestamp))
+    compressed_backup_file = backup_file + ".gz"
+
+    try:
+        print("开始备份数据库: {0}".format(db_name))
+        with open(backup_file, "w") as f:
+            subprocess.check_call(
+                [
+                    "mysqldump",
+                    "--user={0}".format(MYSQL_USER),
+                   # "--password={0}".format(MYSQL_PASSWORD),
+                   # "--host={0}".format(MYSQL_HOST),
+                   # "--port={0}".format(MYSQL_PORT),
+                    "--single-transaction",  # 确保热备份
+                    "--routines",  # 备份存储过程和函数
+                    "--triggers",  # 备份触发器
+                    "--events",  # 备份事件
+                    db_name,
+                ],
+                stdout=f,
+            )
+        print("数据库备份成功，文件保存到: {0}".format(backup_file))
+
+        # 压缩备份文件
+        with open(backup_file, "rb") as f_in:
+            with gzip.open(compressed_backup_file, "wb") as f_out:
+                f_out.writelines(f_in)
+        print("备份文件已压缩: {0}".format(compressed_backup_file))
+
+        # 删除未压缩的备份文件
+        os.remove(backup_file)
+        print("已删除未压缩的备份文件: {0}".format(backup_file))
+
+    except subprocess.CalledProcessError as e:
+        print("备份失败: {0}".format(e))
+    except Exception as e:
+        print("发生错误: {0}".format(e))
+
+def get_all_databases():
+    """获取所有数据库名称"""
+    try:
+        output = subprocess.check_output(
+            [
+                "mysql",
+                "--user={0}".format(MYSQL_USER),
+              #  "--password={0}".format(MYSQL_PASSWORD),
+              #  "--host={0}".format(MYSQL_HOST),
+              #  "--port={0}".format(MYSQL_PORT),
+                "-e",
+                "SHOW DATABASES;",
+            ]
+        )
+        databases = output.splitlines()[1:]  # 跳过第一行标题
+        return databases
+    except subprocess.CalledProcessError as e:
+        print("获取数据库列表失败: {0}".format(e))
+        return []
+
+
+
+def delete_old_backup_files(directory, n):
+    """开始清理过期备份文件"""
+    print("开始清理过期备份文件 ...")
+    
+    # 获取当前时间
+    current_time = time.time()
+    # 计算n天前的时间戳
+    time_threshold = current_time - (n * 86400)  # 86400秒 = 1天
+
+    # 遍历目录中的文件
+    for filename in os.listdir(directory):
+        file_path = os.path.join(directory, filename)
+        # 检查是否是文件，并且文件名包含"backup"并以".sql.gz"结尾
+        if os.path.isfile(file_path) and "backup" in filename and filename.endswith(".sql.gz"):
+            # 获取文件的创建时间
+            file_creation_time = os.path.getctime(file_path)
+            #print(file_path)
+            # 如果文件创建时间早于阈值，则删除文件
+            if file_creation_time < time_threshold:
+                print("删除过期备份: {}".format(file_path))
+                os.remove(file_path)
+                
+                      
+# 执行备份
+if args.database.lower() == "all":
+    databases = get_all_databases()
+    if databases:
+        print("开始备份所有数据库: {0}".format(databases))
+        for db in databases:
+            if db not in ["information_schema", "performance_schema", "mysql", "sys"]:  # 跳过系统数据库
+                backup_database(db, args.path)
+    else:
+        print("未找到可备份的数据库")
+else:
+    backup_database(args.database, args.path)
+
+
+# 检查目录是否存在
+if not os.path.isdir(args.path):
+    print("Error: Directory '{}' does not exist.".format(directory))
+    sys.exit(1)
+
+# 调用函数删除符合条件的旧文件
+delete_old_backup_files(args.path, int(args.day))
+print("Done.")
+