Variables, Dockerfile, better syntax, etc.

2021-11-06 19:45:39 +02:00 · 2021-11-06 19:45:39 +02:00 · 8317f50a8a
parent 49ed657084
commit 8317f50a8a
5 changed files with 80 additions and 24 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -0,0 +1,8 @@
+export RESTIC_SFTP_HOST="user@domain.tld"
+export RESTIC_PASSWORD_FILE=/run/secrets/restic-password
+export BACKUP_DEST=/backups
+
+export SERVER_NAME=domain.tld
+export DOCKER_CONTEXT=$SERVER_NAME
+
+#export SERVICES_OVERRIDE="ghost_domain_tld_app ghost_domain_tld_db"
--- a/14
+++ b/14
@ -0,0 +1,14 @@
+FROM docker:19.03.13-dind
+
+RUN apk add --upgrade --no-cache \
+  bash \
+  curl \
+  restic
+
+RUN curl -L https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 --output /usr/bin/jq
+RUN chmod +x /usr/bin/jq
+
+COPY backup.sh /usr/bin/backup.sh
+RUN chmod +x /usr/bin/backup.sh
+
+ENTRYPOINT ["/usr/bin/backup.sh"]
--- a/README.md
+++ b/README.md
@ -2,6 +2,13 @@

 Automatically backup files from running Docker Swarm services based on labels.

+## Background
+
+There are lots of Docker volume backup systems; all of them have one or both of
+these problems:
+ - You need to define all the volumes to back up in the configuration system
+ - Backups require services to be stopped to take consistent copies
+
 ## TODO

 - [ ] Make a Docker image of this
@ -13,8 +20,9 @@ Automatically backup files from running Docker Swarm services based on labels.

 (Haven't done secrets yet, here are two options)

-v1:
 ```
+services:
+  db:
    deploy:
      labels:
        backupbot.backup: "true"
@ -24,17 +32,6 @@ v1:
        backupbot.backup.post-hook: "rm -rf /tmp/dump/dump.db"
        backupbot.backup.path: "/tmp/dump/"
 ```
-v2:
-```
-    deploy:
-      labels:
-        backupbot.backup: "true"
-        backupbot.backup.repos: "$some_thing"
-        backupbot.backup.at: "* * * * *"
-        backupbot.backup.post-hook: "rm -rf /tmp/dump/dump.db"
-        backupbot.backup.secrets": "db_root_password",
-        backupbot.backup.pre-hook: 'mysqldump -u root -p"$DB_ROOT_PASSWORD" -f /tmp/dump/dump.db'
-```

 ## Questions:

--- a/backup.sh
+++ b/backup.sh
@ -1,15 +1,20 @@
 #!/bin/bash

-# FIXME: just for testing
-backup_path=backups
+server_name="${SERVER_NAME:?SERVER_NAME not set}"

-# FIXME: just for testing
-export DOCKER_CONTEXT=demo.coopcloud.tech
+restic_password_file="${RESTIC_PASSWORD_FILE:?RESTIC_PASSWORD_FILE not set}"

-mapfile -t services < <(docker service ls --format '{{ .Name }}')
+restic_sftp_host="${RESTIC_SFTP_HOST:?RESTIC_SFTP_HOST not set}"

-# FIXME: just for testing
-services=( "ghost_demo_app" "ghost_demo_db" )
+restic_repo="sftp:$restic_sftp_host:/$server_name"
+
+backup_path="${BACKUP_DEST:?BACKUP_DEST not set}"
+
+if [ -n "$SERVICES_OVERRIDE" ]; then
+	services=($SERVICES_OVERRIDE)
+else
+	mapfile -t services < <(docker service ls --format '{{ .Name }}')
+fi

 for service in "${services[@]}"; do
 	echo "service: $service"
@ -32,7 +37,7 @@ for service in "${services[@]}"; do
 		if [ "$pre" != "null" ]; then
 			# run the precommand
 			# shellcheck disable=SC2086
-			docker exec "$container" $pre
+			docker exec "$container" sh -c "$pre"
 		fi

 		# run the backup
@ -41,10 +46,12 @@ for service in "${services[@]}"; do
 		if [ "$post" != "null" ]; then
 			# run the postcommand
 			# shellcheck disable=SC2086
-			docker exec "$container" $post
+			docker exec "$container" sh -c "$post"
 		fi
 	fi
-	restic -p restic-password \
-		backup --quiet -r sftp:u272979@u272979.your-storagebox.de:/demo.coopcloud.tech \
-		--tag coop-cloud "$backup_path"
 done
+
+restic -p "$restic_password_file" \
+	backup --quiet -r "$restic_repo" \
+	-o sftp.command="ssh $restic_sftp_host -s sftp" \
+	--tag coop-cloud "$backup_path"
--- a/compose.yml
+++ b/compose.yml
@ -0,0 +1,30 @@
+---
+version: "3.8"
+services:
+  app:
+    image: thecoopcloud/backup-bot-two:latest
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+      - "backups:/backups"
+    environment:
+      - RESTIC_REPO
+      - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
+      - BACKUP_DEST=/backups
+      - SERVER_NAME
+    secrets:
+      - restic_password
+
+    deploy:
+      mode: replicated
+      replicas: 0
+      labels:
+        - "swarm.cronjob.enable=true"
+        # Note(3wc): every minute, testing
+        - "swarm.cronjob.schedule=*/5 * * * *"
+        # - "swarm.cronjob.schedule=0 9 * * 1-5" # office hours
+        - coop-cloud.${STACK_NAME}.app.version=24.98.9-slim-d3db1c25
+      restart_policy:
+        condition: none
+
+volumes:
+  backups: