forked from coop-cloud/backup-bot-two
Backup Bot II: This Time Without Abra.
Philipp Rothmann
24d2c0e85b
* Backupbot will now copy all volumes from a service with backupbot.enabled = 'true' label from the /var/lib/docker/volumes/ path directly. This reduces the resource overhead of copying stuff from one volume to another. Recipes need to be adjustet that db-dumps are saved into a volume now! * Remove the Dockerfile and move stuff into a entrypoint. This simplifies the whole versioning thing and makes this "just" a recipe Co-authored-by: Moritz < moritz.m@local-it.org> |
||
---|---|---|
.drone.yml | ||
.env.sample | ||
.envrc.sample | ||
.gitignore | ||
abra.sh | ||
backup.sh | ||
compose.s3.yml | ||
compose.ssh.yml | ||
compose.swarm-cronjob.yml | ||
compose.yml | ||
entrypoint.sh | ||
README.md | ||
renovate.json |
Backupbot II
This Time, It's Easily Configurable
Automatically take backups from all volumes of running Docker Swarm services and runs pre- and post commands.
Background
There are lots of Docker volume backup systems; all of them have one or both of these limitations:
- You need to define all the volumes to back up in the configuration system
- Backups require services to be stopped to take consistent copies
Backupbot II tries to help, by
- letting you define backups using Docker labels, so you can easily collect your backups for use with another system like docker-volume-backup.
- running pre- and post-commands before and after backups, for example to use database tools to take a backup from a running service.
Deployment
With Co-op Cloud
- Set up Docker Swarm and
abra
abra app new backup-bot-two
abra app config <your-app-name>
, and set storage options. Either configureCRON_SCHEDULE
, or set upswarm-cronjob
abra app secret generate <your-app-name> restic-password v1
, optionally with--pass
before<your-app-name>
to save the generated secret inpass
.abra app secret insert <your-app-name> ssh-key v1 ...
or similar, to load required secrets.abra app deploy <your-app-name>
- Category: Utilities
- Status: 0, work-in-progress
- Image:
thecoopcloud/backup-bot-two
, 4, upstream - Healthcheck: No
- Backups: N/A
- Email: N/A
- Tests: No
- SSO: N/A
Configuration
Like Traefik, or swarm-cronjob
, Backupbot II uses access to the Docker socket to read labels from running Docker Swarm services:
services:
db:
deploy:
labels:
backupbot.backup: ${BACKUP:-"true"}
backupbot.backup.pre-hook: 'mysqldump -u root -p"$(cat /run/secrets/db_root_password)" -f /volume_path/dump.db'
backupbot.backup.post-hook: "rm -rf /volume_path/dump.db"
backupbot.backup
-- set totrue
to back up this service (REQUIRED)backupbot.backup.pre-hook
-- command to run before copying files (optional), save all dumps into the volumesbackupbot.backup.post-hook
-- command to run after copying files (optional)
As in the above example, you can reference Docker Secrets, e.g. for looking up database passwords, by reading the files in /run/secrets
directly.
Development
- Install
direnv
cp .envrc.sample .envrc
- Edit
.envrc
as appropriate, including settingDOCKER_CONTEXT
to a remote Docker context, if you're not running a swarm server locally. - Run
./backup.sh
-- you can add the--skip-backup
or--skip-upload
options if you just want to test one other step