Official Docker image? #4364
Comments
|
I personally don't use docker. For which of the supported platforms would you like to add docker images? |
|
Docker runs on most platforms, so any OS is fine. Most "single binary" images tend to be based on alpine linux, but Debian, Ubuntu, Fedora, or the like is a fine base image, I don't think anyone would care much. We're thinking about using Borg at big company XYZ and we have a huge Kubernetes cluster. We would like to use Borg for automating backups and all that jazz. The image would be used as a sidecar container to run alongside another container in our cluster, and back up any contents that are important. Containers are supposed to be single purpose, single process, so installing a cron and the borg binary alongside say our Jenkins container isn't much of an option. As I said before, we can make our own, but an image with official support that is updated as borg is updated, and changed as borg has different dependencies would be great. |
|
I have 2 comments here :) I came to open the same issue ;) Yes, an official image would be amazing, I already created this one and I'd be happy to PR upstream if it is something you want to have. We also have 2 docker-compose that goes with that: @DarrienG for kubernetes you are actually looking at https://appscode.com/products/stash/ ;) I know it is based on restic, but it is so cool ;) (And I'd love to have that with borg, restic doesn't have compression) |
|
Considering the linux fat binaries are built on debian, debian 64bit would be a good base. In master branch we use stretch currently. Have a look at the Vagrantfile "stretch64" machine. If this shall have a chance to become part of release process, it must be fully automated. Also, there is a unfinished ticket of specifying a standard client/server setup, so guess the docker images could be based on that. #1553 |
|
At work we use a modified version of docker-library, which is likely overkill. It looks like the docker foundation has their own GitHub integration which will probably do this in just a few clicks. Set it up to only build when a new tag is added, and you should be good to go. |
|
I'ld like to build binaries on machines / OS I control, not in the "cloud". |
|
If you're ok with Travis (which isn't on your machine, but it does look like your build system) you can build through that on a tag release: https://docs.travis-ci.com/user/docker/ and https://docs.travis-ci.com/user/deployment/releases/ Otherwise you'll want to add a webhook that fires a POST or whatever to a server you own. Building the image will look like this: # With an authenticated docker client, see https://docs.docker.com/v17.12/docker-cloud/builds/push-images/
LATEST="borg_collective/borg-backup:latest"
DOCKER_IMAGE="borg_collective/borg-backup:$GIT_TAG_FROM_WEBHOOK"
git clone https://github.com/borgbackup/borg
cd borgbackup
git checkout $GIT_TAG
docker build -t "$DOCKER_IMAGE" .
docker tag "$DOCKER_IMAGE" "$LATEST"
docker push "$DOCKER_IMAGE"
docker push "$LATEST" |
|
FWIW - I'm not entirely certain how the release process works for borgbackup. If you on the other hand make tags on your local machine and then push the tag up, you could make a hook on your git client itself which will in turn run the above commands quietly in the background. |
|
Where is the pipeline to push to pip? Do you have some infrastructure to host a docker registry and run a pipeline? I do plan to build one here if you need. (there is no runner nor registry yet, but I'll work on that on the coming weeks). |
|
The stuff needs to be build in the vagrant VM, see Vagrantfile "stretch64" (as I already said above). No travis, no github, no AWS, ... I'ld accept a PR that is tested and modifies the Vagrantfile (master branch) so it builds 2(?) docker images. But as I don't use / don't need docker, I won't implement this myself. |
|
Ok, I understand, I took a look at the vagrant, it will be easy.
This would be cool indeed and cover most of what people need :) I'll modify my PR later with that. @DarrienG you'll have to help me maintainer that, if we share the work, it should be easier :) @ThomasWaldmann I have more questions: How do you push to pip? After reading the vagrant file, it was not clear to me. Thanks for your time! |
|
I thought you wanted to make one for the client and one for the server. But just do what makes sense. :) The source dist (sdist, then uploaded to pypi after signing) currently comes from my development machine, the fat binaries are built and tested in the (self-installed, if possible) vagrant VMs you see in the Vagrantfile and fetched from there to dev machine via vagrant scp. I'ld fetch the docker image from there in the same way. Inside the docker image, I guess working from source (via the sdist, python setup.py sdist, no need to wait for pypi or downloading it from there) is better than using the fat binary (which is a rather huge wrapper, but that is not needed as that is solved by docker, AFAIK). I don't know any docker stuff, but an obvious requirement is that users can verify authenticity of any downloaded file via a gpg signature before running it as root and letting it access all their files. Another requirement is not "polluting" the vagrant machines with low-trust stuff (e.g. binary downloads from 3rd party sources, not debian). Prometheus stuff sounds rather specific, so I guess without makes more sense for broad use. |
|
@pierreozoux Happy to help get this going and keep it up to snuff. We're using a company image in some alpha services right now and would definitely like official support. Since you already have a Dockerfile and all that, feel free to add me to the review you make. I personally don't think Prometheus metrics should be P1/built in. |
|
I am also very much in favor of an official image with the borg binary installed. Seeing the discussion veered a little off course in my opinion, I think that:
I also might be able to assist in that area if it is desired. I am a heavy docker user, but unfortunately, a borg noob.... EDIT Is there any reason not to simply rely on the official alpine package? FROM alpine
RUN apk --no-cache add borgbackup
ENTRYPOINT ["borg"]
CMD []Then, all that is left to do is create the README, perhaps add a couple more directives, configure automated build and be done with it. No? |
|
See #4538 with some alpine msgpack issue. Guess until that is solved and also borgbackup updated to latest stable, this is no good base. |
|
Personally, I think we can proceed and make preparations for an official docker image, based on the assumption that the alpine package will be fixed soon. For reference, here is the issue tracker for the I intend to prepare such an image for my own use, and to follow the principles I mentioned earlier. If anyone might be interested in putting this under borg's official umbrella, I am happy to do so and contribute what I can. |
|
If anyone is interested:
So, I am putting this here for a couple of reasons:
In any case, I hope an official image comes out, and I hope it is not a lot more complicated than this Dockerfile. |
i agree, the use-cases are very different, so a base image should really just provide the software and its dependencies, but not even define an |
|
I very much like @DannyBen take on this. For quite some time I used the following line in my Dockerfile to have the latest Borg version (should be extended by some tests): |
|
Not sure if there's been any more movement on this, but FWIW I also agree with @DannyBen and @funkyfuture in that the base image should be generic and not preclude some people from using it due to it being opinionated. Additional functionality and/or opinions on its use should be specified in people's own images derived from the official base image. |
|
Hi guys, This issue has not been updated for a quite a while. What's the current status? |
|
There's PR #4372 open since quite a while. While I don't personally use docker and thus have no clue about it, I feel it is too complex and should be way simpler (IIRC there were also some comments along these lines). There is also the maintenance issue: if we merge some "official Docker support", we need to maintain it. I obviously won't do it and so there is some fear that the more complex it is, the less maintainable it will be. So, blockers: a simple thing and maintainers for it. |
|
Why are people making it complex? Example: Did not tested this Dockerfile, but if it's not this, it's very close to this. |
|
Done, Just made my own Backup oriented Docker image: |
|
Very nice thank you! |
|
Maybe this can serve as the "official" image? |
|
I had a look at the Alpine related issues above, and they have all been fixed, so having an Alpine based docker image should not be an issue any more. |
|
I also have my own since there are no official ones with borg and tool for database backup. (https://github.com/azlux/borgbackup-docker) |
|
A single image whose entrypoint is a dumb init wrapped call to borg Stuff like cron in a container is a no go |
|
Hi all, I'm new to Borg but have a lot of experience with Docker and am looking at bringing Borg into my container infrastructure. If people are still looking for a solution here, I'd be happy to look at resurrecting @pierreozoux 's PR (#4372) for an official image. I can also commit to maintaining the container in the future. @ThomasWaldmann are there docs somewhere on the release process I could read so I can make sure the docker implementation can integrate with your existing process? |
|
There is a "how to release" section in the development section of the docs. And as I don't use docker, docker is not part of that process. |
|
@enpaul I use borgmatic as client and borg-backup as server just fine in rootless podman containers in arch linux. |
|
Hello there, Maybe this is useful for some looking here. |
|
@AnotherStranger is there a changelog to see what you optimized without analyzing every commit? |
|
The main differences are:
I doubt that upstreaming is something tgbyte would desire, as I changed the baseimage. Maybe the borg serve with path restriction is worth upstreaming. |
|
That sounds nice. Also I hope the fork won't get abandoned and receive an upgrade guide for us end users. :) |
|
@MartinX3 |
|
Hi everyone, I went with another route though. I tried deploying AnotherStranger/docker-borg-backup on TrueNAS SCALE, but the Environment variables only accept values up to 1024 characters :( so I couldn't pass a value with multiple SSH keys. I also wanted more flexibility in the My approach is to use a generic OpenSSH image linuxserver/openssh-server instead of looking for a Borg-specific image. I found out about LinuxServer.io, which is a collection of community-maintained images. They are all built with s6-overlay which makes them very easy to customize and extend. They also have design standards, such as storing all persistent configuration in Here is my full solution: |
Do you know if this works also on TrueNAS SCALE 23.10? Any opinion on whether a similar approach be suitable if instead one wanted to run Borg as a client on TrueNAS SCALE? |
Hey @adeverteuil, Regarding the Environment variable size: The container now supports mounting your authorized_keys file as an alternative to the Environment variable. So for anyone who is still looking for this feature, you can give my container image a try here: https://github.com/AnotherStranger/docker-borg-backup/issues. Regarding TrueNas: There is a chart to install the borg-server image to your TrueNas Scale installation available here. However, I don't have a TrueNas server, so I can't say anything about this chart. If anyone here has any Feedback or feature requests for the server image, feel free to open an Issue in the docker-borg-backup repo. |
|
BTW in case one does not know it yet, https://borgwarehouse.com/ looks like a very promising candidate, if you want a little more aka a (web) GUI to manage the repositories of your backup (server). I have not practically tested it yet, but it looks very great from what I can see and read there! |
I did try on TrueNAS Scale using the docker-compose.yaml |
and others
Have you checked borgbackup docs, FAQ, and open Github issues?
Yes
Is this a BUG / ISSUE report or a QUESTION?
Issue
System information. For client/server mode post info for both machines.
N/A
Your borg version (borg -V).
N/A
Operating system (distribution) and version.
N/A
Hardware / network configuration, and filesystems used.
N/A
There are a couple of unofficial Docker images for borg, but there's interest in an official Docker image. Especially after the runc vulnerability that was reported the other day, an officially supported image would inspire more trust in it.
I know I could always build one of my own, but the world is moving towards containerized services, and it would likely drive up usage.
I don't mind making a Docker related PR if desired :)
The text was updated successfully, but these errors were encountered: