kopia lustrzana https://github.com/Ovski4/docker-borgbackup-cron
Porównaj commity
9 Commity
Autor | SHA1 | Data |
---|---|---|
Baptiste Bouchereau | b71a8862e4 | |
Baptiste Bouchereau | 4d1a10152b | |
Baptiste Bouchereau | b0fe97f793 | |
Baptiste Bouchereau | bfac85eb03 | |
Baptiste Bouchereau | b0ff0299d4 | |
Baptiste Bouchereau | 295ffb0a5e | |
Baptiste Bouchereau | 4f283a2f07 | |
Baptiste Bouchereau | 96b3673cb0 | |
Baptiste Bouchereau | ba06fa892e |
15
Dockerfile
15
Dockerfile
|
@ -1,23 +1,28 @@
|
|||
FROM ovski/ansible:v2.9.6
|
||||
FROM ovski/ansible:v2.13.3
|
||||
|
||||
# Clone ansible playbooks
|
||||
RUN apt-get --allow-releaseinfo-change update && apt-get install -y git
|
||||
RUN git clone https://github.com/Ovski4/ansible-playbook-smtp-email.git /var/smtp-email-playbook
|
||||
RUN git clone https://github.com/Ovski4/ansible-playbook-mysql-dump.git /var/mysql-dump-playbook
|
||||
RUN git clone https://github.com/Ovski4/ansible-playbook-mongo-dump.git /var/mongo-dump-playbook
|
||||
RUN git clone https://github.com/Ovski4/ansible-playbook-borg-backup.git /var/borg-backup-playbook
|
||||
RUN git clone https://github.com/Ovski4/ansible-playbook-elasticsearch-snapshot.git /var/elasticsearch-snapshot-playbook
|
||||
|
||||
# Install borg
|
||||
RUN apt install -y \
|
||||
RUN apt-get install -y \
|
||||
python3 \
|
||||
python3-dev \
|
||||
python3-pip \
|
||||
python-virtualenv \
|
||||
libssl-dev openssl \
|
||||
python3-virtualenv \
|
||||
libacl1-dev libacl1 \
|
||||
libssl-dev \
|
||||
liblz4-dev libzstd-dev libxxhash-dev \
|
||||
build-essential \
|
||||
pkg-config python3-pkgconfig \
|
||||
borgbackup
|
||||
|
||||
# Install packages for mysqldump
|
||||
RUN apt-get install -y mariadb-client
|
||||
RUN apt-get install -y mariadb-client python3-apt
|
||||
RUN pip3 install PyMySql
|
||||
|
||||
# Install cron
|
||||
|
|
51
README.md
51
README.md
|
@ -2,9 +2,25 @@ Borg backup cron
|
|||
=================
|
||||
|
||||
A docker image to backup periodically a folder using borg.
|
||||
Additionnally this image can dump a mysql database in the same folder beforehand.
|
||||
Additionnally this image can:
|
||||
* dump a mysql database in the same folder beforehand
|
||||
* dump a mongo database
|
||||
* create an elasticsearch snapshot
|
||||
* end an email on failure
|
||||
|
||||
You can also run the cron job directly by overriding the command with `/var/backup_script.sh`
|
||||
|
||||
Table of contents
|
||||
-----------------
|
||||
|
||||
- [Build](#build)
|
||||
- [Usage](#usage)
|
||||
- [With mysql dump](#with-mysql-dump)
|
||||
- [With mongo dump](#with-mongo-dump)
|
||||
- [With elasticsearch snapshot](#with-elasticsearch-snapshot)
|
||||
- [Sending an email on failure](#sending-an-email-on-failure)
|
||||
- [Use secrets instead of env variables](#use-secrets-instead-of-env-variables)
|
||||
|
||||
Build
|
||||
-----
|
||||
|
||||
|
@ -36,7 +52,7 @@ docker run \
|
|||
ovski/borgbackup-cron
|
||||
```
|
||||
|
||||
With mysql dump
|
||||
### With mysql dump
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
|
@ -48,7 +64,7 @@ docker run \
|
|||
ovski/borgbackup-cron
|
||||
```
|
||||
|
||||
With mongo dump
|
||||
### With mongo dump
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
|
@ -59,10 +75,39 @@ docker run \
|
|||
ovski/borgbackup-cron
|
||||
```
|
||||
|
||||
### With elasticsearch snapshot
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
# ... other options
|
||||
-e ELASTICSEARCH_PORT=9200 \
|
||||
-e ELASTICSEARCH_HOST=elasticsearch \
|
||||
-e ELASTICSEARCH_REPOSITORY=backup \
|
||||
ovski/borgbackup-cron
|
||||
```
|
||||
|
||||
### Sending an email on failure
|
||||
|
||||
```bash
|
||||
docker run \
|
||||
# ... other options
|
||||
-e SMTP_USER=smtpuser@gmail.com \
|
||||
-e SMTP_PASSWORD=smtppassword \
|
||||
-e SMTP_PORT=465 \
|
||||
-e SMTP_HOST=smtp.gmail.com \
|
||||
-e MAIL_TO=user@recipient.com \
|
||||
-e MAIL_BODY="Email content" \
|
||||
-e MAIL_SUBJECT="Email subject" \
|
||||
ovski/borgbackup-cron
|
||||
```
|
||||
|
||||
### Use secrets instead of env variables
|
||||
|
||||
You can also use secrets in a stack to store sensitive information.
|
||||
Instead of specifiying environment variables, create the following secrets in /var/secrets (default location):
|
||||
|
||||
```
|
||||
/run/secrets/borg_passphrase instead of BORG_PASSPHRASE
|
||||
/run/secrets/db_password instead of MYSQL_PASSWORD
|
||||
/run/secrets/smtp_password instead of SMTP_PASSWORD
|
||||
```
|
||||
|
|
|
@ -1,5 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
send_email_on_error() {
|
||||
ansible-playbook /var/smtp-email-playbook/main.yml \
|
||||
-e "smtp_user=$SMTP_USER" \
|
||||
-e "smtp_password=$SMTP_PASSWORD" \
|
||||
-e "smtp_port=$SMTP_PORT" \
|
||||
-e "smtp_host=$SMTP_HOST" \
|
||||
-e "mail_to='$MAIL_TO'" \
|
||||
-e "mail_body='$MAIL_BODY'" \
|
||||
-e "mail_subject='$MAIL_SUBJECT'"
|
||||
}
|
||||
|
||||
# Only handle errors if the required environment variables are defined to send an email
|
||||
if [[ ! -z "$SMTP_USER" && ! -z "$SMTP_PASSWORD" && ! -z "$SMTP_PORT" && ! -z "$SMTP_HOST" && ! -z "$MAIL_TO" && ! -z "$MAIL_BODY" && ! -z "$MAIL_SUBJECT" ]]; then
|
||||
set -o errexit -o errtrace
|
||||
trap send_email_on_error ERR
|
||||
fi
|
||||
|
||||
if [[ ! -z "$MYSQL_USER" && ! -z "$MYSQL_DATABASE" && ! -z "$MYSQL_PASSWORD" && ! -z "$MYSQL_HOST" ]]; then
|
||||
ansible-playbook /var/mysql-dump-playbook/main.yml \
|
||||
-e "mysql_dumps_target_folder=$LOCAL_FOLDER" \
|
||||
|
@ -19,6 +36,13 @@ if [[ ! -z "$MONGO_HOST" && ! -z "$MONGO_DATABASE" && ! -z "$MONGO_PORT" ]]; the
|
|||
-e "db_name=$MONGO_DATABASE"
|
||||
fi
|
||||
|
||||
if [[ ! -z "$ELASTICSEARCH_HOST" && ! -z "$ELASTICSEARCH_REPOSITORY" && ! -z "$ELASTICSEARCH_PORT" ]]; then
|
||||
ansible-playbook /var/elasticsearch-snapshot-playbook/main.yml \
|
||||
-e "elasticsearch_port=$ELASTICSEARCH_PORT" \
|
||||
-e "elasticsearch_host=$ELASTICSEARCH_HOST" \
|
||||
-e "elasticsearch_repository=$ELASTICSEARCH_REPOSITORY"
|
||||
fi
|
||||
|
||||
ansible-playbook /var/borg-backup-playbook/main.yml \
|
||||
-e "ssh_connection=$SSH_CONNECTION" \
|
||||
-e "private_key_path=$PRIVATE_KEY_PATH" \
|
||||
|
|
|
@ -9,7 +9,7 @@ if [[ -n "$SSH_KNOWN_HOSTS" ]]; then
|
|||
chmod 644 ~/.ssh/known_hosts
|
||||
while IFS=' ' read -ra entries; do
|
||||
for entry in "${entries[@]}"; do
|
||||
ssh-keyscan -Ht rsa ${entry} >> ~/.ssh/known_hosts
|
||||
ssh-keyscan ${entry} >> ~/.ssh/known_hosts
|
||||
done
|
||||
done <<< "$SSH_KNOWN_HOSTS"
|
||||
fi
|
||||
|
@ -27,6 +27,12 @@ if [[ -f /run/secrets/db_password ]]; then
|
|||
export MYSQL_PASSWORD=$(cat /run/secrets/db_password)
|
||||
fi
|
||||
|
||||
|
||||
if [[ -f /run/secrets/smtp_password ]]; then
|
||||
echo "Setting SMTP_PASSWORD env variable from secret"
|
||||
export SMTP_PASSWORD=$(cat /run/secrets/smtp_password)
|
||||
fi
|
||||
|
||||
# Make env variables accessible in crontab
|
||||
declare -p | grep -Ev 'BASHOPTS|BASH_VERSINFO|EUID|PPID|SHELLOPTS|UID' > /container.env
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue