Dback is application for observe docker containers, make bulk incremental backups
of their mounts (folders and volumes), and pass backups to S3 bucket. Restoring to exist containers is also available.
Runs restic under the hood.
There is an instance with some important dockerized apps like Jenkins, GitLab, Vault, etc...
- Somebody wants to add an extra dockerized application, and he won't setup backup for the app
- All the apps can afford short downtime of each container
- All exist and extra dockerized apps of the instance must have periodical (daily) backup
Run test application. Zabbix.
docker run --name dback-example-zabbix --restart always -p 127.0.0.1:80:80 -d zabbix/zabbix-appliance:alpine-4.4.0
Run s3 server (minio), with a bucket
docker run --rm -d --name dback-test-1.minio -p 127.0.0.1:9000:9000 -e MINIO_ACCESS_KEY=dback_test -e MINIO_SECRET_KEY=3b464c70cf691ef6512ed51b2a minio/minio:RELEASE.2020-03-25T07-03-04Z server /data
docker run --rm -d --link dback-test-1.minio:minio --entrypoint=sh minio/mc:RELEASE.2020-05-28T23-43-36Z -c "mc config host add minio http://minio:9000 dback_test 3b464c70cf691ef6512ed51b2a && mc mb minio/dback-test"
Wait for ~1min for zabbix init
Open http://localhost, check the login form shown
Backup mounts of zabbix, and may be some other containers matching default selection pattern
docker run --rm -t --link dback-test-1.minio:minio -v //var/run/docker.sock:/var/run/docker.sock dback/dback:0.0.110 backup --s3-endpoint=http://minio:9000 -b=dback-test -a=dback_test -s=3b464c70cf691ef6512ed51b2a -p=SecureResticPassword11
Corrupt zabbix DB
docker exec -t dback-example-zabbix bash -c "rm -rf /var/lib/mysql/*"
Open http://localhost, check database error shown
Restore all mounts of zabbix container
docker run --rm -t --link dback-test-1.minio:minio -v //var/run/docker.sock:/var/run/docker.sock dback/dback:0.0.110 restore container dback-example-zabbix --s3-endpoint=http://minio:9000 -b=dback-test -a=dback_test -s=3b464c70cf691ef6512ed51b2a -p=SecureResticPassword11
Open http://localhost, check login form works again
By default, backup will be applied for all mounts of each container matched the options:
- HostConfig.RestartPolicy != no
- HostConfig.AutoRemove == false
- Status.Running == true
The pattern can be overridden with --matcher flag. It is based on xpath matching in docker inspect
xml. You can see the xml with dback inspect <container>
.
You able to ignore some mounts by regex.
dback backup --exclude-mount "^/(drone.*|dback-test-1.5.*)$"
this call will ignore all mounts started from "/drone" or "/dback-test-1.5"
Inspired by these projects:
https://github.com/blacklabelops/volumerize
https://github.com/christophetd/duplicacy-autobackup
https://github.com/loomchild/volume-backup
https://github.com/istepanov/docker-backup-to-s3
https://github.com/lobaro/restic-backup-docker
The apps listed above did not support some features dback provides:
- Containers observation. Dback is find and backup all containers matching the pattern.
- Auto stop/start containers. Dback is always stops containers before make backup, and then start they, even if something went wrong.
- Incremental backup. 2nd and subsequent backups are faster than 1st, because restic sending and store only the difference between shots.
- Bulk restoring. You are able to restore all the mounts of target container, and even all saved mounts of all containers, with a single command.
- Concurrency. By default - start a thread for each mount. Can be decreased.
- Retrying. Restic will retry mount backup procedure, if something went wrong.
That's why dback is more useful in some cases.