mirror of
https://github.com/offen/docker-volume-backup.git
synced 2024-11-24 22:20:28 +01:00
Possibility to use -u (user) option in docker exec (#203)
* Add user option for docker exec * Add test for user option * Return test version for image * remove gitea config file * refactor tests * remove comments & fix image name * add docs * cleanup * Update README.md with suggested correction Co-authored-by: Frederik Ring <frederik.ring@gmail.com> * fix backup command & bind folder instead of volume --------- Co-authored-by: tao <generaltao.md@gmail.com> Co-authored-by: Frederik Ring <frederik.ring@gmail.com>
This commit is contained in:
parent
2ac1f0cea4
commit
7f20036b15
@ -644,6 +644,8 @@ volumes:
|
|||||||
The backup procedure is guaranteed to wait for all `pre` or `post` commands to finish before proceeding.
|
The backup procedure is guaranteed to wait for all `pre` or `post` commands to finish before proceeding.
|
||||||
However there are no guarantees about the order in which they are run, which could also happen concurrently.
|
However there are no guarantees about the order in which they are run, which could also happen concurrently.
|
||||||
|
|
||||||
|
By default the backup command is executed by the root user. It is possible to specify a custom user in container labels with the format `docker-volume-backup.[step]-[pre|post]-[user]`. The option will allow you to run a specific step command by specified user. Make sure the user exists and present in `passwd` inside the target container.
|
||||||
|
|
||||||
### Encrypting your backup using GPG
|
### Encrypting your backup using GPG
|
||||||
|
|
||||||
The image supports encrypting backups using GPG out of the box.
|
The image supports encrypting backups using GPG out of the box.
|
||||||
|
@ -21,7 +21,7 @@ import (
|
|||||||
"golang.org/x/sync/errgroup"
|
"golang.org/x/sync/errgroup"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *script) exec(containerRef string, command string) ([]byte, []byte, error) {
|
func (s *script) exec(containerRef string, command string, user string) ([]byte, []byte, error) {
|
||||||
args, _ := argv.Argv(command, nil, nil)
|
args, _ := argv.Argv(command, nil, nil)
|
||||||
commandEnv := []string{
|
commandEnv := []string{
|
||||||
fmt.Sprintf("COMMAND_RUNTIME_ARCHIVE_FILEPATH=%s", s.file),
|
fmt.Sprintf("COMMAND_RUNTIME_ARCHIVE_FILEPATH=%s", s.file),
|
||||||
@ -31,6 +31,7 @@ func (s *script) exec(containerRef string, command string) ([]byte, []byte, erro
|
|||||||
AttachStdin: true,
|
AttachStdin: true,
|
||||||
AttachStderr: true,
|
AttachStderr: true,
|
||||||
Env: commandEnv,
|
Env: commandEnv,
|
||||||
|
User: user,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, nil, fmt.Errorf("exec: error creating container exec: %w", err)
|
return nil, nil, fmt.Errorf("exec: error creating container exec: %w", err)
|
||||||
@ -159,8 +160,11 @@ func (s *script) runLabeledCommands(label string) error {
|
|||||||
cmd, _ = c.Labels["docker-volume-backup.exec-post"]
|
cmd, _ = c.Labels["docker-volume-backup.exec-post"]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
userLabelName := fmt.Sprintf("%s.user", label)
|
||||||
|
user := c.Labels[userLabelName]
|
||||||
|
|
||||||
s.logger.Infof("Running %s command %s for container %s", label, cmd, strings.TrimPrefix(c.Names[0], "/"))
|
s.logger.Infof("Running %s command %s for container %s", label, cmd, strings.TrimPrefix(c.Names[0], "/"))
|
||||||
stdout, stderr, err := s.exec(c.ID, cmd)
|
stdout, stderr, err := s.exec(c.ID, cmd, user)
|
||||||
if s.c.ExecForwardOutput {
|
if s.c.ExecForwardOutput {
|
||||||
os.Stderr.Write(stderr)
|
os.Stderr.Write(stderr)
|
||||||
os.Stdout.Write(stdout)
|
os.Stdout.Write(stdout)
|
||||||
|
2
test/user/.gitignore
vendored
Normal file
2
test/user/.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
local
|
||||||
|
backup
|
30
test/user/docker-compose.yml
Normal file
30
test/user/docker-compose.yml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
version: '2.4'
|
||||||
|
|
||||||
|
services:
|
||||||
|
alpine:
|
||||||
|
image: alpine:3.17.3
|
||||||
|
tty: true
|
||||||
|
volumes:
|
||||||
|
- app_data:/tmp
|
||||||
|
labels:
|
||||||
|
- docker-volume-backup.archive-pre.user=testuser
|
||||||
|
- docker-volume-backup.archive-pre=/bin/sh -c 'whoami > /tmp/whoami.txt'
|
||||||
|
|
||||||
|
|
||||||
|
backup:
|
||||||
|
image: offen/docker-volume-backup:${TEST_VERSION:-canary}
|
||||||
|
deploy:
|
||||||
|
restart_policy:
|
||||||
|
condition: on-failure
|
||||||
|
environment:
|
||||||
|
BACKUP_FILENAME: test.tar.gz
|
||||||
|
BACKUP_CRON_EXPRESSION: 0 0 5 31 2 ?
|
||||||
|
EXEC_FORWARD_OUTPUT: "true"
|
||||||
|
volumes:
|
||||||
|
- ./local:/archive
|
||||||
|
- app_data:/backup/data:ro
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
app_data:
|
||||||
|
archive:
|
30
test/user/run.sh
Normal file
30
test/user/run.sh
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cd $(dirname $0)
|
||||||
|
. ../util.sh
|
||||||
|
current_test=$(basename $(pwd))
|
||||||
|
|
||||||
|
docker compose up -d
|
||||||
|
|
||||||
|
user_name=testuser
|
||||||
|
docker exec user-alpine-1 adduser --disabled-password "$user_name"
|
||||||
|
|
||||||
|
docker compose exec backup backup
|
||||||
|
|
||||||
|
tar -xvf ./local/test.tar.gz
|
||||||
|
if [ ! -f ./backup/data/whoami.txt ]; then
|
||||||
|
fail "Could not find file written by pre command."
|
||||||
|
fi
|
||||||
|
pass "Found expected file."
|
||||||
|
|
||||||
|
tar -xvf ./local/test.tar.gz
|
||||||
|
if [ "$(cat ./backup/data/whoami.txt)" != "$user_name" ]; then
|
||||||
|
fail "Could not find expected user name."
|
||||||
|
fi
|
||||||
|
pass "Found expected user."
|
||||||
|
|
||||||
|
docker compose down --volumes
|
||||||
|
sudo rm -rf ./local
|
||||||
|
|
Loading…
Reference in New Issue
Block a user