From e0de5ac001b109f7a55b5e51b677cef6ed7625ae Mon Sep 17 00:00:00 2001 From: seanlook Date: Mon, 13 Nov 2023 17:32:31 +0800 Subject: [PATCH] =?UTF-8?q?fix(backend):=20=E5=A4=87=E4=BB=BD=E5=B7=A1?= =?UTF-8?q?=E6=A3=80=E6=97=A5=E6=9C=9F=E4=BF=AE=E5=A4=8D=20close=20#1763?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/go-pubpkg/iocrypt/example.go | 2 ++ dbm-services/common/go-pubpkg/iocrypt/gpg.go | 2 ++ .../db-tools/mysql-dbbackup/docs/UserGuide.md | 6 ++++-- .../mysql_backup/check_binlog_backup.py | 10 ++++++---- .../mysql_backup/check_full_backup.py | 20 ++++++++++--------- 5 files changed, 25 insertions(+), 15 deletions(-) diff --git a/dbm-services/common/go-pubpkg/iocrypt/example.go b/dbm-services/common/go-pubpkg/iocrypt/example.go index fe6fe123ec..7844b62e2d 100644 --- a/dbm-services/common/go-pubpkg/iocrypt/example.go +++ b/dbm-services/common/go-pubpkg/iocrypt/example.go @@ -6,6 +6,8 @@ import ( "os" ) +// doEncryptFile example +// usually use cmutil EncryptOpt func doEncryptFile() error { srcFilename := "aaa.tar" srcFile, err := os.Open(srcFilename) diff --git a/dbm-services/common/go-pubpkg/iocrypt/gpg.go b/dbm-services/common/go-pubpkg/iocrypt/gpg.go index b56053accd..862313c8e6 100644 --- a/dbm-services/common/go-pubpkg/iocrypt/gpg.go +++ b/dbm-services/common/go-pubpkg/iocrypt/gpg.go @@ -1 +1,3 @@ package iocrypt + +// gpg file encrypt: not implemented yet diff --git a/dbm-services/mysql/db-tools/mysql-dbbackup/docs/UserGuide.md b/dbm-services/mysql/db-tools/mysql-dbbackup/docs/UserGuide.md index 99ebcc61a7..d90e14baa6 100644 --- a/dbm-services/mysql/db-tools/mysql-dbbackup/docs/UserGuide.md +++ b/dbm-services/mysql/db-tools/mysql-dbbackup/docs/UserGuide.md @@ -204,7 +204,8 @@ EncryptElgo = - 留空默认为 openssl - 如果是 xbcrypt,默认从工具目录下找 `bin/xbcrypt`,也可以指定工具全路径 3. EncryptAlgo: 加密算法,留空会有默认加密算法 - - openssl [aes-256-cbc, aes-128-cbc, sm4-cbc],文件后缀 `.enc`。sm4-cbc 为国密对称加密算法 + - openssl [aes-256-cbc, aes-128-cbc, sm4-cbc],文件后缀 `.enc`。 + sm4-cbc 为国密对称加密算法,需要 mysql 本机上的 openssl>1.1.1 - xbcrypt [AES256, AES192, AES128],文件后缀 `.xb` 4. EncryptPublicKey: public key 文件 - 用于 对 passphrase 加密,上报加密字符串。需要对应的平台 私钥 secret key 才能对 加密后的passphrase 解密 @@ -231,7 +232,8 @@ openssl rsautl -decrypt -inkey rsa.pem -in encrypted.key // 3. 使用密码 passphrase 解密文件 ``` -一般 passphrase 需要从平台的页面获取,因为私钥不能泄露给使用者。 + +**用户只能拿到加密后的密码,明文 passphrase 需要从平台的页面解密获取,因为解密用的私钥不能泄露。** - openssl 解密文件 ``` diff --git a/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_binlog_backup.py b/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_binlog_backup.py index 9e7df18b2a..d39fe89e0a 100644 --- a/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_binlog_backup.py +++ b/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_binlog_backup.py @@ -8,8 +8,8 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ -import datetime from collections import defaultdict +from datetime import datetime, timedelta from django.utils.translation import ugettext as _ @@ -49,9 +49,11 @@ def _check_binlog_backup(cluster_type): """ for c in Cluster.objects.filter(cluster_type=cluster_type): backup = ClusterBackup(c.id, c.immute_domain) - now_time = datetime.datetime.now().date() - start_time = datetime.datetime.combine(now_time, datetime.time()) - end_time = start_time + datetime.timedelta(hours=23, minutes=59, seconds=59) + now = datetime.now() + yesterday = now - timedelta(days=1) + start_time = datetime(yesterday.year, yesterday.month, yesterday.day) + end_time = datetime(yesterday.year, yesterday.month, yesterday.day, 23, 59, 59) + items = backup.query_binlog_from_bklog(start_time, end_time) instance_binlogs = defaultdict(list) shard_binlog_stat = {} diff --git a/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_full_backup.py b/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_full_backup.py index 05665acce2..1b3630393c 100644 --- a/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_full_backup.py +++ b/dbm-ui/backend/db_periodic_task/local_tasks/mysql_backup/check_full_backup.py @@ -8,8 +8,8 @@ an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. """ -import datetime from collections import defaultdict +from datetime import datetime, timedelta from django.utils.translation import ugettext as _ @@ -54,12 +54,13 @@ def _check_tendbha_full_backup(): """ for c in Cluster.objects.filter(cluster_type=ClusterType.TenDBHA): backup = ClusterBackup(c.id, c.immute_domain) - now_time = datetime.datetime.now().date() - start_time = datetime.datetime.combine(now_time, datetime.time()) - end_time = start_time + datetime.timedelta(hours=23, minutes=59, seconds=59) + now = datetime.now() + yesterday = now - timedelta(days=1) + start_time = datetime(yesterday.year, yesterday.month, yesterday.day) + end_time = datetime(yesterday.year, yesterday.month, yesterday.day, 23, 59, 59) + items = backup.query_backup_log_from_bklog(start_time, end_time) # print("cluster={} backup_items:{}".format(c.immute_domain, items)) - for i in items: if i.get("data_schema_grant", "") == "all": bid = i.get("backup_id") @@ -99,12 +100,13 @@ def _check_tendbcluster_full_backup(): """ for c in Cluster.objects.filter(cluster_type=ClusterType.TenDBCluster): backup = ClusterBackup(c.id, c.immute_domain) - now_time = datetime.datetime.now().date() - start_time = datetime.datetime.combine(now_time, datetime.time()) - end_time = start_time + datetime.timedelta(hours=23, minutes=59, seconds=59) + now = datetime.now() + yesterday = now - timedelta(days=1) + start_time = datetime(yesterday.year, yesterday.month, yesterday.day) + end_time = datetime(yesterday.year, yesterday.month, yesterday.day, 23, 59, 59) + items = backup.query_backup_log_from_bklog(start_time, end_time) # print("cluster={} backup_items:{}".format(c.immute_domain, items)) - for i in items: if i.get("data_schema_grant", "") == "all": bid = "{}#{}".format(i.get("backup_id"), i.get("shard_value"))