Dockup
Docker image to backup your Docker container volumes
This is a fork from wetransform-os/dockup that uses s3cmd
instead of awscli
.
Why the name? Docker + Backup = Dockup
Usage
You have a container running with one or more volumes:
$ docker run -d --name mysql tutum/mysql
From executing a $ docker inspect mysql
we see that this container has two volumes:
"Volumes": {
"/etc/mysql": {},
"/var/lib/mysql": {}
}
Backup
Launch dockup
container with the following flags:
$ docker run --rm \
--env-file env.txt \
--volumes-from mysql \
--name dockup unfinishedsentenc/dockup:latest
The contents of env.txt
being something like:
AWS_ACCESS_KEY_ID=<key_here>
AWS_SECRET_ACCESS_KEY=<secret_here>
AWS_DEFAULT_REGION=us-east-1
S3_HOST=s3.amazonaws.com
S3_HOST_BUCKET=%(bucket)s.s3.amazonaws.com
S3_SSL=true
BACKUP_NAME=mysql
PATHS_TO_BACKUP=/etc/mysql /var/lib/mysql
S3_BUCKET_NAME=container-backup
S3_FOLDER=mybackups/
RESTORE=false
dockup
will use your AWS credentials to create a new bucket with name as per the environment variable S3_BUCKET_NAME
, or if not defined, using the default name container-backup
. The paths in PATHS_TO_BACKUP
will be tarballed, gzipped, time-stamped and uploaded to the S3 bucket.
To place backups in a specific folder in the S3 bucket, provide it in the S3_FOLDER
variable.
It should either be empty or hold a path and end with a slash.
To use a custom S3 endpoint (like RGW or Minio) you can supply s3cmd options via
the environment variables S3_HOST
for --host
, S3_HOST_BUCKET
for
--host-bucket
and S3_SSL=false
for --no-ssl
. They default to AWS.
For more complex backup tasks as dumping a database, you can optionally define the environment variables BEFORE_BACKUP_CMD
and AFTER_BACKUP_CMD
.
Detect volumes
Instead of providing paths manually you can set the PATHS_TO_BACKUP
to auto
.
Using this setting the backup script will try to the detect the volumes mounted into the running backup container and include these into the backup archive.
Scheduling
If you want dockup
to run the backup as a cron task, you can set the environment variable CRON_TIME
to the desired frequency, for example CRON_TIME=0 0 * * *
to backup every day at midnight.
Retries
Sometimes creating the TAR archive may fail, often due to modifications to the files while tar
is running.
If this happens very often, you should consider using a different option than creating TAR archives for backup.
The BEFORE_BACKUP_CMD
and AFTER_BACKUP_CMD
environment variables can help with that.
If this happens seldomly and you want to avoid a backup failing due to that, you can configure Dockup to retry creating the archive if it fails. For that, use the following environment variables:
- BACKUP_TAR_TRIES - maximum number of tries for the backup (defaults to
5
) - BACKUP_TAR_RETRY_SLEEP - number of seconds to wait between retries (defaults to
30
)
Restore
To restore your data simply set the RESTORE
environment variable to true
- this will restore the latest backup from S3 to your volume. If you want to restore a specific backup instead of the last one, you can also set the environment variable LAST_BACKUP
to the desired tarball name.
For more complex restore operations, you can define a command to be run once the tarball has been downloaded and extracted using the environment variable AFTER_RESTORE_CMD
.
Encryption
You can use GnuPG to encrypt backup archives and decrpyt them again when you need to restore them. You need a GnuPG public key for encryption and the corresponding private key for decryption. Keep the private key safe (and secret), otherwise you will not be able to restore your backups.
For backup, the following environment variables need to be set:
- GPG_KEYRING - the location of the public keyring containing the public key you want to use for encryption
- GPG_KEYNAME - the user ID identifying the key
For restoring an encrypted file, the following environment variables need to be set:
- GPG_KEYRING - the location of the public keyring
- GPG_SECRING - the location of the secret keyring containing the private key you need for decryption
- GPG_PASSPHRASE - the passphrase needed to access the private key
Notifications
To enable notifications for backups you can use the following environment variables:
- NOTIFY_BACKUP_SUCCESS - set to
true
to enable notifications on backup success - NOTIFY_BACKUP_FAILURE - set to
true
to enable notifications on backup failure
In addition, you need to configure a notification method.
Currently supported are the following notifications methods:
Slack
To configure Slack notifications you need to set at least the NOTIFY_SLACK_WEBHOOK_URL
environment variable.
Create an Incoming Webhook as a new integration in Slack and put the Webhook URL in here.
Local testing
There is a handy script ./test-backup.sh
you can use for local testing.
All you need is Docker and configuring your S3 connection.
For that purpose, copy test-env.txt.sample
to test-env.txt
and adapt the variables accordingly.
Optionally generate a GPG key for testing encryption/decryption using ./gen-test-key.sh
.
It will be automatically used when you execute ./test-backup.sh
.
If you want to test w/o encryption after generating the key, rn ./test-backup.sh --no-encryption
.