Freeze break: exclude session data from db dumps

[Pierre-Yves Chibon]

On Thu, Apr 02, 2015 at 09:41:02AM -0600, Kevin Fenzi wrote:
> It was noted yesterday that the koji db dump we have published
> contained the 'sessions' table in it. Sessions are cleared every 24
> hours (a cron job on koji02) and also only contain a session key, which
> is tied to a specific IP address. While the exposure is small/close to
> 0 here, I would still like to close it out and make sure it is 0.  
> 
> I already added the below change to our koji backup-databases script
> and removed the old db dump from yesterday, so there should be no
> active sessions that are public from the previous dump now. 
> 
> This would also affect other postgresql servers db dumps. For those
> databases that don't have a 'sessions' table, it's a noop. If some
> databases do have such a table, I contend we don't want to back it up
> there either. ;) 
> 
> After this change is made, a run of the postgresql-server playbook is
> also needed to push the change out. 
> 
> +1s?
> 
> kevin
> --
> diff --git a/roles/postgresql_server/files/backup-database b/roles/postgresql_server/files/backup-database
> index 3f6e7d8..cd2bede 100644
> --- a/roles/postgresql_server/files/backup-database
> +++ b/roles/postgresql_server/files/backup-database
> @@ -4,7 +4,7 @@
>  DB=$1
>  
>  # Make our latest backup
> -/usr/bin/pg_dump -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
> +/usr/bin/pg_dump --exclude-table-data=sessions -C $DB | /usr/bin/xz > /backups/$DB-$(date +%F).dump.xz
>  
>  # Also, delete the backup from a few days ago.
>  rm -f /backups/$DB-$(date --date="3 days ago" +%F).dump.xz

+1 for me

Pierre
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150402/26dac0aa/attachment.sig>