Dockerfile #3
Comments
|
Thank you for your work @aacater I'm testing your dockerfile in the next few days. |
|
Just out of curiosity. Is there any progress on this issue? |
|
Currently BorgWarehouse works with: a system user = SSH access in a jail, without shell and only with strict access to BorgBackup commands. I haven't found a way to achieve user persistence in docker. Docker is not designed for that and so it's on pause right now on this topic because I don't know how to go further. The problem is not to run BorgWarehouse as a webui in docker, the problem is the implementation of the system aspects in docker and especially the persistence of the created system users. I have the impression that there is no implementation of BorgBackup on Docker either which does not help. |
|
I have a docker image based on alpine linux i use for borgbackup. It's basically a alpine box with ansible & SSH. I have made it so that it will download a config from a configurable repo and build it's users/authorize_keys based on that and start the SSH server with borg. I have been using it for some time and this works for me. As a reaction to your "I haven't found a way to achieve user persistence in docker. ". Me neither i just recreate the users every time docker starts based on data i have. This way you don't need to persist them. You only need a database or config file and a init script :) |
What I see other, popular projects do is simply set user permissions on container startup. You let your users configure UID/GID when creating the container. In my experience (and on my system) that has worked great so far. And when it doesn't, it probably means that data is not for my backup container to read or backup, so I should look for alternatives. For instance a database data dump instead of reading shards. Currently I'm running Vorta as a container and that works reasonably well. I run it on a potato so VNC feels sluggish. And things like restores are just really slow and tedious. @Pimmetje Sounds wonderful. I also wanted to look into this. Even if it was only something to play with 😉. |
|
If any of you want to contribute to this task, I'm interested ☺. Personally, I don't have much time right now. But maybe the next few months. |
|
I was looking into it. If i have time ill make u a quick demo based on the current code but ill make it work not safe. That's for a later time :D |
|
I have created something based on alpine linux that build to a container. Ill see if i can testrun it in the next few days so i can post it here. |
|
I sent everyone in this issue a link to some quick & dirty POC i made. It's to dirty for my taste to make public :). I have not fully debugged/tested it. But it seem to create the users when u restart the container. That was the most important thing i wanted to show for now. |
|
Looking forward to seeing this, would be great to try this project out - but I didn't want to install nodejs etc on my servers OS when I have everything else running as a container. I suspect others will be in a similar boat so you might see an uptake in adoption once this is in! |
|
@Ravinou Did u have time to look at the POC? |
|
Hi @Pimmetje it's in my todolist. Sorry I haven't had time to test it but I will! |
A big uptake, because of that is typically something you'd like to run on a NAS. |
|
Hi, @Pimmetje share to me a POC and I started testing it and giving him feedback. |
|
I looked this over multiple times, but I couldn't find an easy way to make this work. Also when I tried to restore my latest Borg backup, which was created with Vorta, the backup was empty. That's why I have looked elsewhere and since than have migrated to kopia/kopia which seems to work a bit better for me. Thanks again for all the effort and I hope you'll get things going! 🚀 |
|
have you considered a volume mount providing user info data file which has parseable format (ie csv: user,uid,gid,shell,etc whatever u need) and have the entrypoint script read and create the accounts? |
|
@erpadmin that is basically what i did (i used ansible). But than the backend need to change to just create a yaml and run updatescript everytime something changes. I think that is also better for the installed version. Makes it cross platform as a bonus. |
|
Hi, I'm currently working (after work or at weekends) on bringing BorgWarehouse and BorgBackup closer together, in more scrupulous compliance with their documentation on use as a central repository. (See #47 ) As a result, I'm working on v2, which will be a breaking change, but will enable us to move to single unix user management. This approach will make the BorgWarehouse back-end fully compatible with Docker. Work in progress! Stay tuned! |
|
Hi, a major rewrite for Docker porting is coming to an end. I'm pretty proud of the many evenings and Saturdays I've spent working on BorgWarehouse, and I hope you enjoy this version. You will find :
To give me strength, I can only invite you to consider github sponsor (one-time/monthly), and talk about BorgWarehouse. It keeps me going! Have fun with docker 🚀 |
|
Wow this is exciting! Thank you! |
I wiped up a quick Dockerfile if someone wants to use it: https://gist.github.com/aacater/6086b51732dfdd9a6ef0db6fa7d316d4
It is currently working. Although I have not tested it intensively.
Notes
Some minor bugs:
When copying commands from the UI, the hostname and port are not filled in, they are just left blank. For example I get
ssh://bdd5588d@:/./repo1, when based on my environment variables it should bessh://bdd5588d@localhost:2222/./repo1. I am unsure if this is related to the Dockerfile or the app.I initially limited the borgwarehouse user's access to commands like in the docs. But then the scripts where getting stuck with sudo requiring a password. Too lazy to debug this at the moment.
Not currently implemented:
When the container is recreated all users are reset which means each repo's user is removed.
createRepo.shseems like it could easily be modified to create a user with a specific user and uid, instead of both being random.Then
entrypoint.shcould look atrepo.jsonand recreate each user as needed. It would have to get the UID right so the user actually owned the relevant files. So maybe store UID inrepo.jsonalso? Or forget about having the correct UID and create a user with a random UID thenchownto fix the repo's permissions. That seems like its more work though.Feature Request:
I would like it if it was possible to set the config (
./config/) and home (/var/borgwarehouse) directories using environment variables. This would allowentrypoint.shto be simplified because/app/config/would no longer be used in the container. Instead of creating the json files from hardcoded values, the script could copy files from/app/config/to/config/for example.The text was updated successfully, but these errors were encountered: