From 9e028df9a7cd40c72bbd82868a03e2d247a3f8f5 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 12:08:37 -0500 Subject: [PATCH 1/6] [IMP] implement two stage build --- Dockerfile | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 74b2da6..18d2099 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.9-alpine +FROM golang:1.9-alpine as builder MAINTAINER info@lobaro.com RUN echo http://nl.alpinelinux.org/alpine/v3.6/community >> /etc/apk/repositories @@ -9,7 +9,11 @@ RUN git clone https://github.com/restic/restic \ && cp restic /usr/local/bin/ RUN apk del git -RUN mkdir /mnt/restic + +FROM busybox + +COPY --from=builder /usr/local/bin/restic /bin/ +RUN mkdir -p /mnt/restic /var/spool/cron/crontabs ENV RESTIC_REPOSITORY=/mnt/restic ENV RESTIC_PASSWORD="" From bf045a4be3b327ddc1b7c51ef28a1970685ee6c4 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 12:09:03 -0500 Subject: [PATCH 2/6] [CLEAN] bakcup is already `git update-index --chmod=+x`ed --- Dockerfile | 1 - backup.sh | 0 2 files changed, 1 deletion(-) mode change 100644 => 100755 backup.sh diff --git a/Dockerfile b/Dockerfile index 18d2099..8da09dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,7 +28,6 @@ ENV RESTIC_JOB_ARGS="" VOLUME /data COPY backup.sh /bin/backup -RUN chmod +x /bin/backup COPY entry.sh /entry.sh diff --git a/backup.sh b/backup.sh old mode 100644 new mode 100755 From 3b400123d3dcb2d0357ba87c3f543494d2c10532 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 13:23:35 -0500 Subject: [PATCH 3/6] [REF] base on busybox --- Dockerfile | 21 ++++++--------------- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8da09dd..54b11f5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,11 @@ -FROM golang:1.9-alpine as builder -MAINTAINER info@lobaro.com - -RUN echo http://nl.alpinelinux.org/alpine/v3.6/community >> /etc/apk/repositories -RUN apk add --no-cache git nfs-utils openssh fuse -RUN git clone https://github.com/restic/restic \ - && cd restic \ - && go run build.go \ - && cp restic /usr/local/bin/ -RUN apk del git - - FROM busybox -COPY --from=builder /usr/local/bin/restic /bin/ -RUN mkdir -p /mnt/restic /var/spool/cron/crontabs +# Get restic executable +ENV RESTIC_VERION=0.8.1 +ADD https://github.com/restic/restic/releases/download/v${RESTIC_VERION}/restic_${RESTIC_VERION}_linux_amd64.bz2 / +RUN bzip2 -d restic_${RESTIC_VERION}_linux_amd64.bz2 && mv restic_${RESTIC_VERION}_linux_amd64 /bin/restic && chmod +x /bin/restic + +RUN mkdir -p /mnt/restic /var/spool/cron/crontabs /var/log ENV RESTIC_REPOSITORY=/mnt/restic ENV RESTIC_PASSWORD="" @@ -28,7 +20,6 @@ ENV RESTIC_JOB_ARGS="" VOLUME /data COPY backup.sh /bin/backup - COPY entry.sh /entry.sh RUN touch /var/log/cron.log From 918b7f656ade4e0fed8d9f3afc7687ac8070b2ed Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 13:36:36 -0500 Subject: [PATCH 4/6] [IMP] kill service if sync fails This, used in combination with a scheduler, clearly marks "problem" to the cluster operator --- backup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/backup.sh b/backup.sh index 95a685d..21434e6 100755 --- a/backup.sh +++ b/backup.sh @@ -30,6 +30,7 @@ else echo "Backup Failed with Status ${rc}" restic unlock copyErrorLog + kill 1 fi if [ -n "${RESTIC_FORGET_ARGS}" ]; then From 0eb6656705299e0f2642d7a576e1a1edd86cfffb Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 15:07:01 -0500 Subject: [PATCH 5/6] [FIX] use BusyBox with glibc for the remaining dynamically linked libs --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 54b11f5..7b0ede6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM busybox +FROM busybox:glibc # Get restic executable ENV RESTIC_VERION=0.8.1 From f0811315604fbdae77114fe632a534c30aefc9ed Mon Sep 17 00:00:00 2001 From: David Arnold Date: Sun, 11 Feb 2018 15:43:45 -0500 Subject: [PATCH 6/6] [FIX] get root cert into the busybox --- Dockerfile | 6 ++++++ entry.sh | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7b0ede6..071ead6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,11 @@ +FROM alpine as certs +RUN apk update && apk add ca-certificates + + FROM busybox:glibc +COPY --from=certs /etc/ssl/certs /etc/ssl/certs + # Get restic executable ENV RESTIC_VERION=0.8.1 ADD https://github.com/restic/restic/releases/download/v${RESTIC_VERION}/restic_${RESTIC_VERION}_linux_amd64.bz2 / diff --git a/entry.sh b/entry.sh index 39a4264..a01f82d 100755 --- a/entry.sh +++ b/entry.sh @@ -3,6 +3,12 @@ set -e echo "Starting container ..." +RESTIC_CMD=restic + +if [ -n "${ROOT_CERT}" ]; then + RESTIC_CMD="${RESTIC_CMD} --cert ${ROOT_CERT}" +fi + if [ -n "${NFS_TARGET}" ]; then echo "Mounting NFS based on NFS_TARGET: ${NFS_TARGET}" mount -o nolock -v ${NFS_TARGET} /mnt/restic