Backup database as part of update

2026-01-27 18:19:33 +00:00 · 2021-05-19 22:25:35 +02:00
parent 0bac7614b2
commit 8db02e2d38
4 changed files with 249 additions and 5 deletions
--- a/db_migrations.patch
+++ b/db_migrations.patch
@@ -0,0 +1,237 @@
+diff --git a/sa/_db/migrations/20210223140000_CombinedSchema.sql b/sa/_db/migrations/20210223140000_CombinedSchema.sql
+index f9705d01..783c371e 100644
+--- a/sa/_db/migrations/20210223140000_CombinedSchema.sql
+++ b/sa/_db/migrations/20210223140000_CombinedSchema.sql
+@@ -1,7 +1,9 @@
+ -- +goose Up
+ -- SQL in section 'Up' is executed when this migration is applied
+ 
+-CREATE TABLE `authz2` (
+DROP TABLE IF EXISTS `authz`;
+
+CREATE TABLE IF NOT EXISTS `authz2` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `identifierType` tinyint(4) NOT NULL,
+   `identifierValue` varchar(255) NOT NULL,
+@@ -21,7 +23,7 @@ CREATE TABLE `authz2` (
+   KEY `expires_idx` (`expires`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `blockedKeys` (
+CREATE TABLE IF NOT EXISTS `blockedKeys` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `keyHash` binary(32) NOT NULL,
+   `added` datetime NOT NULL,
+@@ -34,7 +36,7 @@ CREATE TABLE `blockedKeys` (
+   KEY `extantCertificatesChecked_idx` (`extantCertificatesChecked`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `certificateStatus` (
+CREATE TABLE IF NOT EXISTS `certificateStatus` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `serial` varchar(255) NOT NULL,
+   `subscriberApproved` tinyint(1) DEFAULT 0,
+@@ -54,7 +56,7 @@ CREATE TABLE `certificateStatus` (
+   KEY `notAfter_idx` (`notAfter`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `certificatesPerName` (
+CREATE TABLE IF NOT EXISTS `certificatesPerName` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `eTLDPlusOne` varchar(255) NOT NULL,
+   `time` datetime NOT NULL,
+@@ -63,14 +65,9 @@ CREATE TABLE `certificatesPerName` (
+   UNIQUE KEY `eTLDPlusOne_time_idx` (`eTLDPlusOne`,`time`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `crls` (
+-  `serial` varchar(255) NOT NULL,
+-  `createdAt` datetime NOT NULL,
+-  `crl` varchar(255) NOT NULL,
+-  PRIMARY KEY (`serial`)
+-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+DROP TABLE IF EXISTS `crls`;
+ 
+-CREATE TABLE `fqdnSets` (
+CREATE TABLE IF NOT EXISTS `fqdnSets` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `setHash` binary(32) NOT NULL,
+   `serial` varchar(255) NOT NULL,
+@@ -81,7 +78,7 @@ CREATE TABLE `fqdnSets` (
+   KEY `setHash_issued_idx` (`setHash`,`issued`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `issuedNames` (
+CREATE TABLE IF NOT EXISTS `issuedNames` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `reversedName` varchar(640) CHARACTER SET ascii NOT NULL,
+   `notBefore` datetime NOT NULL,
+@@ -92,7 +89,7 @@ CREATE TABLE `issuedNames` (
+   KEY `reversedName_renewal_notBefore_Idx` (`reversedName`,`renewal`,`notBefore`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `keyHashToSerial` (
+CREATE TABLE IF NOT EXISTS `keyHashToSerial` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `keyHash` binary(32) NOT NULL,
+   `certNotAfter` datetime NOT NULL,
+@@ -102,7 +99,7 @@ CREATE TABLE `keyHashToSerial` (
+   KEY `keyHash_certNotAfter` (`keyHash`,`certNotAfter`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `newOrdersRL` (
+CREATE TABLE IF NOT EXISTS `newOrdersRL` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `regID` bigint(20) NOT NULL,
+   `time` datetime NOT NULL,
+@@ -111,14 +108,16 @@ CREATE TABLE `newOrdersRL` (
+   UNIQUE KEY `regID_time_idx` (`regID`,`time`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `orderToAuthz2` (
+DROP TABLE IF EXISTS `orderToAuthz`;
+
+CREATE TABLE IF NOT EXISTS `orderToAuthz2` (
+   `orderID` bigint(20) NOT NULL,
+   `authzID` bigint(20) NOT NULL,
+   PRIMARY KEY (`orderID`,`authzID`),
+   KEY `authzID` (`authzID`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `orders` (
+CREATE TABLE IF NOT EXISTS `orders` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `registrationID` bigint(20) NOT NULL,
+   `expires` datetime NOT NULL,
+@@ -131,7 +130,9 @@ CREATE TABLE `orders` (
+   KEY `regID_created_idx` (`registrationID`,`created`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `registrations` (
+DROP TABLE IF EXISTS `pendingAuthorizations`;
+
+CREATE TABLE IF NOT EXISTS `registrations` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `jwk` mediumblob NOT NULL,
+   `jwk_sha256` varchar(255) NOT NULL,
+@@ -148,7 +149,7 @@ CREATE TABLE `registrations` (
+ 
+ -- Tables below have foreign key constraints, so are created after all other tables.
+ 
+-CREATE TABLE `certificates` (
+CREATE TABLE IF NOT EXISTS `certificates` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `registrationID` bigint(20) NOT NULL,
+   `serial` varchar(255) NOT NULL,
+@@ -163,7 +164,7 @@ CREATE TABLE `certificates` (
+   CONSTRAINT `regId_certificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `orderFqdnSets` (
+CREATE TABLE IF NOT EXISTS `orderFqdnSets` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `setHash` binary(32) NOT NULL,
+   `orderID` bigint(20) NOT NULL,
+@@ -177,7 +178,7 @@ CREATE TABLE `orderFqdnSets` (
+   CONSTRAINT `orderFqdnSets_registrationID_registrations` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `precertificates` (
+CREATE TABLE IF NOT EXISTS `precertificates` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `registrationID` bigint(20) NOT NULL,
+   `serial` varchar(255) NOT NULL,
+@@ -191,7 +192,7 @@ CREATE TABLE `precertificates` (
+   CONSTRAINT `regId_precertificates` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `requestedNames` (
+CREATE TABLE IF NOT EXISTS `requestedNames` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `orderID` bigint(20) NOT NULL,
+   `reversedName` varchar(253) CHARACTER SET ascii NOT NULL,
+@@ -201,7 +202,9 @@ CREATE TABLE `requestedNames` (
+   CONSTRAINT `orderID_orders` FOREIGN KEY (`orderID`) REFERENCES `orders` (`id`) ON DELETE CASCADE
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+ 
+-CREATE TABLE `serials` (
+DROP TABLE IF EXISTS `sctReceipts`;
+
+CREATE TABLE IF NOT EXISTS `serials` (
+   `id` bigint(20) NOT NULL AUTO_INCREMENT,
+   `registrationID` bigint(20) NOT NULL,
+   `serial` varchar(255) NOT NULL,
+@@ -223,15 +226,71 @@ DROP TABLE `precertificates`
+ DROP TABLE `requestedNames`
+ DROP TABLE `serials`
+ 
+CREATE TABLE `authz` (
+  `id` varchar(255) NOT NULL,
+  `identifier` varchar(255) NOT NULL,
+  `registrationID` bigint(20) NOT NULL,
+  `status` varchar(255) NOT NULL,
+  `expires` datetime DEFAULT NULL,
+  `combinations` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `registrationID_identifier_status_expires_authz_idx` (`registrationID`,`identifier`,`status`,`expires`),
+  CONSTRAINT `regId_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+ DROP TABLE `authz2`
+ DROP TABLE `blockedKeys`
+ DROP TABLE `certificateStatus`
+ DROP TABLE `certificatesPerName`
+-DROP TABLE `crls`
+
+CREATE TABLE `crls` (
+  `serial` varchar(255) NOT NULL,
+  `createdAt` datetime NOT NULL,
+  `crl` varchar(255) NOT NULL,
+  PRIMARY KEY (`serial`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+ DROP TABLE `fqdnSets`
+ DROP TABLE `issuedNames`
+ DROP TABLE `keyHashToSerial`
+ DROP TABLE `newOrdersRL`
+
+CREATE TABLE `orderToAuthz` (
+  `orderID` bigint(20) NOT NULL,
+  `authzID` varchar(255) NOT NULL,
+  PRIMARY KEY (`orderID`,`authzID`),
+  KEY `authzID` (`authzID`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+ DROP TABLE `orderToAuthz2`
+ DROP TABLE `orders`
+-DROP TABLE `registrations`
+
+CREATE TABLE `pendingAuthorizations` (
+  `id` varchar(255) NOT NULL,
+  `identifier` varchar(255) NOT NULL,
+  `registrationID` bigint(20) NOT NULL,
+  `status` varchar(255) NOT NULL,
+  `expires` datetime DEFAULT NULL,
+  `combinations` varchar(255) NOT NULL,
+  `LockCol` bigint(20) NOT NULL,
+  PRIMARY KEY (`id`),
+  KEY `identifier_registrationID_status_expires_idx` (`identifier`,`registrationID`,`status`,`expires`),
+  KEY `registrationID_status_expires_idx` (`registrationID`,`status`,`expires`),
+  CONSTRAINT `regId_pending_authz` FOREIGN KEY (`registrationID`) REFERENCES `registrations` (`id`) ON DELETE NO ACTION ON UPDATE NO ACTION
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+-- DROP TABLE `registrations`
+
+CREATE TABLE `sctReceipts` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `sctVersion` tinyint(1) NOT NULL,
+  `logID` varchar(255) NOT NULL,
+  `timestamp` bigint(20) NOT NULL,
+  `extensions` blob DEFAULT NULL,
+  `signature` blob DEFAULT NULL,
+  `certificateSerial` varchar(255) NOT NULL,
+  `LockCol` bigint(20) DEFAULT NULL,
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `certificateSerial_logID` (`certificateSerial`,`logID`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
--- a/docker-compose.patch
+++ b/docker-compose.patch
@@ -1,10 +1,9 @@
 diff --git a/docker-compose.yml b/docker-compose.yml
-index 19cc67b1..b572b420 100644
+index 13cc6a54b..afbfd4bdf 100644
 --- a/docker-compose.yml
 +++ b/docker-compose.yml
@@ -5,7 +5,7 @@ services:
-         image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.15.7_2021-02-17}
-
+         image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.15.7_2021-02-25}
         environment:
             - FAKE_DNS=10.77.77.77
 -            - BOULDER_CONFIG_DIR=test/config
@@ -52,7 +51,7 @@ index 19cc67b1..b572b420 100644
 +            max-file: "5"
 +        restart: always
 +    labca:
-         image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.15.7_2021-02-17}
+         image: letsencrypt/boulder-tools:${BOULDER_TOOLS_TAG:-go1.15.7_2021-02-25}
 -        environment:
 -            GO111MODULE: "on"
 -            GOFLAGS: "-mod=vendor"
--- a/gui/setup.sh
+++ b/gui/setup.sh
@@ -11,4 +11,6 @@ if [ ! -e bin/labca ]; then
    go build -o bin/labca
 fi

+[ -e /bin/ip ] || (apt update && apt install -y iproute2)
+
 bin/labca
--- a/8
+++ b/8
@@ -24,7 +24,7 @@ dockerComposeVersion="1.28.5"

 labcaUrl="https://github.com/hakwerk/labca/"
 boulderUrl="https://github.com/letsencrypt/boulder/"
-boulderTag="release-2021-02-22"
+boulderTag="release-2021-03-01"

 #
 # Color configuration
@@ -563,6 +563,12 @@ config_boulder() {
    mkdir -p "cmd/mail-tester"
    cp $cloneDir/mail-tester.go cmd/mail-tester/main.go

+    sudo -u labca -H patch -p1 < $cloneDir/db_migrations.patch &>>$installLog
+    cp sa/_db/migrations/20210223140000_CombinedSchema.sql "$boulderLabCADir/.backup/"
+
+    mkdir -p $baseDir/backup
+    [ -z "$(docker ps | grep boulder_bmysql_1)" ] || docker exec -it boulder_bmysql_1 mysqldump boulder_sa_integration >$baseDir/backup/dbdata-${runId}.sql
+
    cd "$boulderLabCADir"
    sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ocsp-responder.json
    sed -i -e "s/test-ca2.pem/test-ca.pem/" config/ocsp-updater.json