borgmatic-collective/borgmatic
borgmatic-collective
/
borgmatic
14
57
Fork 41
Code Issues 54 Pull Requests 2 Actions Packages Releases 122 Activity

MySQL backup for -name: all doesn't work but is ok for each database separately #325

New Issue
Closed
opened 2020-06-11 12:15:24 +00:00 by Auroch · 5 comments
Auroch commented 2020-06-11 12:15:24 +00:00
Copy Link

What I'm trying to do and why

Dump Mysql databases as i do for postgreSQL, using -name: all

Steps to reproduce (if a bug)

    - name: all
      hostname: localhost
      port: 3306
      username: root
      password: "<PASSWORD>"
      options: "--single-transaction --quick"
Produce this error :
#> borgmatic --verbosity 1 --files
...
ssh://user@borgServer/PATH: Dumping PostgreSQL databases
ssh://user@borgServer/PATH: Dumping PostgreSQL database all to /tmp/borgmatic/postgresql_databases/localhost/all
pg_dumpall --no-password --clean --if-exists > /tmp/borgmatic/postgresql_databases/localhost/all
ssh://user@borgServer/PATH: Calling mysql_databases hook function dump_databases
ssh://user@borgServer/PATH: Dumping MySQL databases
ssh://user@borgServer/PATH: Querying for "all" MySQL databases to dump
mysql --host localhost --port 3306 --protocol tcp --user root --skip-column-names --batch --execute show schemas
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
ssh://user@borgServer/PATH: Error running actions for repository
Command '('mysql', '--host', 'localhost', '--port', '3306', '--protocol', 'tcp', '--user', 'root', '--skip-column-names', '--batch', '--execute', 'show schemas')' returned non-zero exit status 1
...
But with this config style where i put all databases but each configured :
        - name: firstdatabase
          hostname: localhost
          port: 3306
          username: root
          password: "<PASSWORD>"
          options: "--single-transaction --quick"
        - name: seconddatabase
          hostname: localhost
          port: 3306
          username: root
          password: "<PASSWORD>"
          options: "--single-transaction --quick"
        ...
Produce no error :
ssh://user@borgServer/PATH: Pruning archives
ssh://user@borgServer/PATH: Creating archive
ssh://user@borgServer/PATH: Removing PostgreSQL database dumps
ssh://user@borgServer/PATH: Removing MySQL database dumps
ssh://user@borgServer/PATH: Dumping PostgreSQL databases
ssh://user@borgServer/PATH: Dumping MySQL databases
Creating archive at "ssh://user@borgServer/PATH::{hostname}-{now}"
A /etc/

Other notes / implementation ideas

The SQL error is the same as if I try to connect in command line without giving password. Is it possible that borgmatic not give the password with "all" ?

Environmentif

borgmatic version: [1.5.6]

borgmatic installation method: [pip3]

borg installation method: [debian stretch]

Borg version: [1.1.9]

Python version: [3.5.3]

Database version (if applicable): [Ver 15.1 Distrib 10.1.44-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2]

operating system and version: [Debian 9.12]

#### What I'm trying to do and why Dump Mysql databases as i do for postgreSQL, using -name: all #### Steps to reproduce (if a bug) - name: all hostname: localhost port: 3306 username: root password: "<PASSWORD>" options: "--single-transaction --quick" ##### Produce this error : ``` #> borgmatic --verbosity 1 --files ... ssh://user@borgServer/PATH: Dumping PostgreSQL databases ssh://user@borgServer/PATH: Dumping PostgreSQL database all to /tmp/borgmatic/postgresql_databases/localhost/all pg_dumpall --no-password --clean --if-exists > /tmp/borgmatic/postgresql_databases/localhost/all ssh://user@borgServer/PATH: Calling mysql_databases hook function dump_databases ssh://user@borgServer/PATH: Dumping MySQL databases ssh://user@borgServer/PATH: Querying for "all" MySQL databases to dump mysql --host localhost --port 3306 --protocol tcp --user root --skip-column-names --batch --execute show schemas ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) ssh://user@borgServer/PATH: Error running actions for repository Command '('mysql', '--host', 'localhost', '--port', '3306', '--protocol', 'tcp', '--user', 'root', '--skip-column-names', '--batch', '--execute', 'show schemas')' returned non-zero exit status 1 ... ``` ##### But with this config style where i put all databases but each configured : ``` - name: firstdatabase hostname: localhost port: 3306 username: root password: "<PASSWORD>" options: "--single-transaction --quick" - name: seconddatabase hostname: localhost port: 3306 username: root password: "<PASSWORD>" options: "--single-transaction --quick" ... ``` ##### Produce no error : ``` ssh://user@borgServer/PATH: Pruning archives ssh://user@borgServer/PATH: Creating archive ssh://user@borgServer/PATH: Removing PostgreSQL database dumps ssh://user@borgServer/PATH: Removing MySQL database dumps ssh://user@borgServer/PATH: Dumping PostgreSQL databases ssh://user@borgServer/PATH: Dumping MySQL databases Creating archive at "ssh://user@borgServer/PATH::{hostname}-{now}" A /etc/ ``` #### Other notes / implementation ideas The SQL error is the same as if I try to connect in command line without giving password. Is it possible that borgmatic not give the password with "all" ? #### Environmentif **borgmatic version:** [1.5.6] **borgmatic installation method:** [pip3] **borg installation method:** [debian stretch] **Borg version:** [1.1.9] **Python version:** [3.5.3] **Database version (if applicable):** [Ver 15.1 Distrib 10.1.44-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2] **operating system and version:** [Debian 9.12]
witten added the
bug
 label 2020-06-11 17:39:14 +00:00
witten commented 2020-06-11 17:53:29 +00:00
Owner
Copy Link

Thank you for filing this one! The main difference between borgmatic's MySQL hook for "all" vs. a single database is that "all" causes borgmatic to run mysql ... --execute 'show schemas' in order to list each database to dump. Based on your output, that looks like the command that's failing due to Access denied.

I've confirmed on my system that the password environment variable is properly passed through to this show schemas command. In fact, if I change my "all" configuration to use the wrong password, I get Access denied... while it works fine with the right password.

So assuming you've got the right password there, then my next guess is that it's a MySQL user-level permissions issue.

Are you able to connect to the database and check out the contents of the mysql.user table?

Example:

MYSQL_PWD=yourpass mysql --host localhost --port 3306 --protocol tcp --user root
...
> select User, Select_priv, Execute_priv from mysql.user;

On my machine, I get results something like this:

+------+-------------+--------------+
| User | Select_priv | Execute_priv |
+------+-------------+--------------+
| root | Y           | Y            |
| root | Y           | Y            |
+------+-------------+--------------+
2 rows in set (0.002 sec)

Not sure why root is there twice. But in any case, the user clearly has execute privilige, needed for show schemas to work. So does your root user have that permission enabled?

Thank you for filing this one! The main difference between borgmatic's MySQL hook for "all" vs. a single database is that "all" causes borgmatic to run `mysql ... --execute 'show schemas'` in order to list each database to dump. Based on your output, that looks like the command that's failing due to `Access denied`. I've confirmed on my system that the password environment variable is properly passed through to this `show schemas` command. In fact, if I change my "all" configuration to use the wrong password, I get `Access denied`... while it works fine with the right password. So assuming you've got the right password there, then my next guess is that it's a MySQL user-level permissions issue. Are you able to connect to the database and check out the contents of the [`mysql.user` table](https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql)? Example: ```bash MYSQL_PWD=yourpass mysql --host localhost --port 3306 --protocol tcp --user root ... > select User, Select_priv, Execute_priv from mysql.user; ``` On my machine, I get results something like this: ```text +------+-------------+--------------+ | User | Select_priv | Execute_priv | +------+-------------+--------------+ | root | Y | Y | | root | Y | Y | +------+-------------+--------------+ 2 rows in set (0.002 sec) ``` Not sure why `root` is there twice. But in any case, the user clearly has execute privilige, needed for `show schemas` to work. So does your `root` user have that permission enabled?
Auroch commented 2020-06-11 20:58:53 +00:00
Author
Copy Link

Thank you very much for your quick response and the time spent testing and thinking.
It's a backup for a family system, so it's not very important or urgent, but I try to contribute by bringing up the info :-)

SO Yes for me the permissions are there :

MariaDB [(none)]> select User, Host, Select_priv, Execute_priv from mysql.user;
+-------------------+-----------+-------------+--------------+
| User              | Host      | Select_priv | Execute_priv |
+-------------------+-----------+-------------+--------------+
| root              | localhost | Y           | Y            |
| xxxxxxxxxxxx      | localhost | N           | N            |
| yyyyyyyyyyyyyyyyy | localhost | N           | N            |
| zzzzzzzzz         | localhost | N           | N            |
| aaaaaaaaaaaaa     | localhost | N           | N            |
| bbbb              | localhost | N           | N            |
| cccccc            | localhost | N           | N            |
| dddddddddddd      | localhost | N           | N            |
+-------------------+-----------+-------------+--------------+
8 rows in set (0.00 sec)

(Perhaps your root is there with two different hosts ?)

and if i try

mysql -u root -p --execute 'show schemas'
Enter password: 
+--------------------+
| Database           |
+--------------------+
| xxxxxxxxxxxx       |
| yyyyyyyyyyyyyyyyy  |
| zzzzzzzzz          |
| aaaaaaaaaaaaa      |
| bbbb               |
| cccccc             |
| dddddddddddd       |
+--------------------+

The result is ok

Thank you very much for your quick response and the time spent testing and thinking. It's a backup for a family system, so it's not very important or urgent, but I try to contribute by bringing up the info :-) SO Yes for me the permissions are there : ``` MariaDB [(none)]> select User, Host, Select_priv, Execute_priv from mysql.user; +-------------------+-----------+-------------+--------------+ | User | Host | Select_priv | Execute_priv | +-------------------+-----------+-------------+--------------+ | root | localhost | Y | Y | | xxxxxxxxxxxx | localhost | N | N | | yyyyyyyyyyyyyyyyy | localhost | N | N | | zzzzzzzzz | localhost | N | N | | aaaaaaaaaaaaa | localhost | N | N | | bbbb | localhost | N | N | | cccccc | localhost | N | N | | dddddddddddd | localhost | N | N | +-------------------+-----------+-------------+--------------+ 8 rows in set (0.00 sec) ``` (Perhaps your root is there with two different hosts ?) and if i try ``` mysql -u root -p --execute 'show schemas' Enter password: +--------------------+ | Database | +--------------------+ | xxxxxxxxxxxx | | yyyyyyyyyyyyyyyyy | | zzzzzzzzz | | aaaaaaaaaaaaa | | bbbb | | cccccc | | dddddddddddd | +--------------------+ ``` The result is ok
witten commented 2020-06-11 21:12:05 +00:00
Owner
Copy Link

That's super odd! Have you tried the exact command that borgmatic is invoking to see whether that works?

MYSQL_PWD=yourpass mysql --host localhost --port 3306 --protocol tcp --user root --skip-column-names
    --batch --execute 'show schemas'

(Substituting yourpass of course.)

That's super odd! Have you tried the exact command that borgmatic is invoking to see whether that works? ```bash MYSQL_PWD=yourpass mysql --host localhost --port 3306 --protocol tcp --user root --skip-column-names --batch --execute 'show schemas' ``` (Substituting `yourpass` of course.)
Auroch commented 2020-06-12 05:39:04 +00:00
Author
Copy Link

Indeed, after having searched quite a bit before posting my problem here, I only acted like a sheep following your request and without thinking :-)

So I executed the full command and there, ... it doesn't work.
(THe same one with -p, ask password and work)

After some research on the Internet, I came across a Virtualmin thread : https://www.virtualmin.com/node/56959

I usually pass the parameters in /etc/mysql/mariadb.conf.d/... but, and I don't know why, the /root/.my.cnf is completed with a previous password (probably set by the mysql_secure_installation script for mysql ?).
This attribute has precedence over command line environnement variable like MYSQL_PWD, so the password was systematicaly false.

And thus, it's not a bug, it's just a feature and a PEBCAK. I'm Sorry.
Thank you for your time.

Indeed, after having searched quite a bit before posting my problem here, I only acted like a sheep following your request and without thinking :-) So I executed the full command and there, ... it doesn't work. (THe same one with -p, ask password and work) After some research on the Internet, I came across a Virtualmin thread : https://www.virtualmin.com/node/56959 I usually pass the parameters in /etc/mysql/mariadb.conf.d/... but, and I don't know why, the /root/.my.cnf is completed with a previous password (probably set by the mysql_secure_installation script for mysql ?). This attribute has precedence over command line environnement variable like MYSQL_PWD, so the password was systematicaly false. And thus, it's not a bug, it's just a feature and a PEBCAK. I'm Sorry. Thank you for your time.
witten commented 2020-06-12 06:14:35 +00:00
Owner
Copy Link

No worries! I'm glad you figured it out.. You may be interested in this related ticket, which includes discussions of work-arounds for that same issue: #306

No worries! I'm glad you figured it out.. You may be interested in this related ticket, which includes discussions of work-arounds for that same issue: #306
witten added
question / support
 and removed
bug
 labels 2020-06-12 06:14:46 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
spot-check
1.8.11
1.8.10
1.8.9
1.8.8
1.8.7
1.8.6
1.8.5
1.8.4
1.8.3
1.8.2
1.8.1
1.8.0
1.7.15
1.7.14
1.7.13
1.7.12
1.7.11
1.7.10
1.7.9
1.7.8
1.7.7
1.7.6
1.7.5
1.7.4
1.7.3
1.7.2
1.7.1
1.7.0
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.24
1.5.23
1.5.22
1.5.21
1.5.20
1.5.19
1.5.18
1.5.17
1.5.16
1.5.15
1.5.14
1.5.13
1.5.12
1.5.11
1.5.10
1.5.9
1.5.8
1.5.7
1.5.7.dev0
1.5.6
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.5.0
1.4.22
1.4.21
1.4.20
1.4.19
1.4.18
1.4.17
1.4.16
1.4.15
1.4.14
1.4.13
1.4.12
1.4.11
1.4.10
1.4.9
1.4.8
1.4.7
1.4.6
1.4.5
1.4.4
1.4.3
1.4.2
1.4.1
1.4.0
1.3.26
1.3.25
1.3.24
1.3.23
1.3.22
1.3.21
1.3.20
1.3.19
1.3.18
1.3.17
1.3.16
1.3.15
1.3.14
1.3.13
1.3.12
1.3.11
1.3.10
1.3.9
1.3.8
1.3.7
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.3.0
1.2.18
1.2.17
1.2.16
1.2.15
1.2.14
1.2.13
1.2.12
1.2.11
1.2.10
1.2.9
1.2.8
1.2.7
1.2.6
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.1.15
1.1.14
1.1.13
1.1.12
1.1.11
1.1.10
1.1.9
1.1.7
1.1.6
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0
0.1.8
0.1.7
0.1.6
0.1.5
0.1.4
0.1.3
0.1.2
0.1.1
0.1.0
0.0.7
0.0.6
0.0.5
0.0.4
0.0.3
0.0.2
Labels
Clear labels   
bug

   
data loss

   
design finalized

   
good first issue

   
new feature area

   
question / support

   
security

   
waiting for response
No Label
bug
data loss
design finalized
good first issue
new feature area
question / support
security
waiting for response
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: borgmatic-collective/borgmatic#325
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?