Merge pull request #7 from offen/swarm-support

Support Docker in Swarm mode

.circleci/config.yml

@@ -1,40 +1,70 @@
 version: 2.1
 
 jobs:
-  build:
+  canary:
     docker:
       - image: cimg/base:2020.06
     working_directory: ~/docker-volume-backup
     steps:
       - checkout
-      - setup_remote_docker
+      - setup_remote_docker:
+          version: 20.10.6
       - run:
           name: Build
-          command: make build
-      - run:
-          name: Check if image needs to be pushed
           command: |
-            if [[ -z "$CIRCLE_TAG" ]]; then
+            docker build . -t offen/docker-volume-backup:canary
-              echo "Not a git tag, nothing to do ..."
+      - run:
-              circleci-agent step halt
+          name: Create container from image
+          command: |
+            docker run -d offen/docker-volume-backup:canary
+            echo "Sleeping for 30s before checking if container is still running."
+            sleep 30
+            count=$(docker ps -q | wc -l)
+            if [[ $count != "1" ]]; then
+              echo "Expected one container to be running, found $count."
+              exit 1
             fi
+            docker stop $(docker ps -q)
+
+  build:
+    docker:
+      - image: cimg/base:2020.06
+        environment:
+          DOCKER_BUILDKIT: '1'
+          DOCKER_CLI_EXPERIMENTAL: enabled
+    working_directory: ~/docker-volume-backup
+    steps:
+      - checkout
+      - setup_remote_docker:
+          version: 20.10.6
       - docker/install-docker-credential-helper
       - docker/configure-docker-credentials-store
       - run:
           name: Push to Docker Hub
           command: |
             echo "$DOCKER_ACCESSTOKEN" | docker login --username offen --password-stdin
-            docker tag offen/docker-volume-backup:local offen/docker-volume-backup:$CIRCLE_TAG
+            # This is required for building ARM: https://gitlab.alpinelinux.org/alpine/aports/-/issues/12406
-            docker tag offen/docker-volume-backup:local offen/docker-volume-backup:latest
+            docker run --rm --privileged linuxkit/binfmt:v0.8
-            docker push offen/docker-volume-backup:$CIRCLE_TAG
+            docker context create docker-volume-backup
-            docker push offen/docker-volume-backup:latest
+            docker buildx create docker-volume-backup --name docker-volume-backup --use
+            docker buildx inspect --bootstrap
+            docker buildx build --platform linux/amd64,linux/arm64,linux/arm/v7 \
+              -t offen/docker-volume-backup:$CIRCLE_TAG \
+              -t offen/docker-volume-backup:latest \
+              . --push
 
 workflows:
   version: 2
-  deploy:
+  docker_image:
     jobs:
+      - canary:
+          filters:
+            tags:
+              ignore: /^v.*/
       - build:
           filters:
+            branches:
+              ignore: /.*/
             tags:
               only: /^v.*/
 

Dockerfile

@@ -1,16 +1,20 @@
 # Copyright 2021 - Offen Authors <hioffen@posteo.de>
-# SPDX-License-Identifier: MIT
+# SPDX-License-Identifier: MPL-2.0
+
+FROM golang:1.16-alpine as builder
+ARG MC_VERSION=RELEASE.2021-06-13T17-48-22Z
+RUN go install -ldflags "-X github.com/minio/mc/cmd.ReleaseTag=$MC_VERSION" github.com/minio/mc@$MC_VERSION
 
 FROM alpine:3.14
 
 WORKDIR /root
 
 RUN apk add --update ca-certificates docker openrc gnupg
+RUN update-ca-certificates
 RUN rc-update add docker boot
 
-RUN wget https://dl.min.io/client/mc/release/linux-amd64/mc && \
+COPY --from=builder /go/bin/mc /usr/bin/mc
-  chmod +x mc && \
+RUN mc --version
-  mv mc /usr/bin/mc
 
 COPY src/backup.sh src/entrypoint.sh /root/
 RUN chmod +x backup.sh && mv backup.sh /usr/bin/backup \

Makefile

@@ -1,5 +0,0 @@
-DOCKER_TAG ?= local
-
-.PHONY: build
-build:
-	@docker build -t offen/docker-volume-backup:$(DOCKER_TAG) .

README.md

@@ -106,6 +106,12 @@ volumes:
   data:
 ```
 
+## Using with Docker Swarm
+
+By default, Docker Swarm will restart stopped containers automatically, even when manually stopped. If you plan to have your containers / services stopped during backup, this means you need to apply the `on-failure` restart policy to your service's definitions. A restart policy of `always` is not compatible with this tool.
+
+---
+
 ## Differences to `futurice/docker-volume-backup`
 
 This image is heavily inspired by the `futurice/docker-volume-backup`. We decided to publish this image as a simpler and more lightweight alternative because of the following requirements:
@@ -114,3 +120,5 @@ This image is heavily inspired by the `futurice/docker-volume-backup`. We decide
 - This image makes use of the MinIO client `mc` instead of the full blown AWS CLI for uploading backups.
 - The original image proposed to handle backup rotation through AWS S3 lifecycle policies. This image adds the option to rotate old backups through the same script so this functionality can also be offered for non-AWS storage backends like MinIO.
 - InfluxDB specific functionality was removed.
+- `arm64` and `arm/v7` architectures are supported.
+- Docker in Swarm mode is supported.

src/backup.sh

@@ -39,7 +39,7 @@ if [ "$CONTAINERS_TO_STOP_TOTAL" != "0" ]; then
 fi
 
 info "Creating backup"
-BACKUP_FILENAME="$(date +"${BACKUP_FILENAME:-backup-%Y-%m-%dT%H-%M-%S.tar.gz}")"
+BACKUP_FILENAME="$(date +"$BACKUP_FILENAME")"
 tar -czvf "$BACKUP_FILENAME" $BACKUP_SOURCES # allow the var to expand, in case we have multiple sources
 
 if [ ! -z "$GPG_PASSPHRASE" ]; then
@@ -51,8 +51,31 @@ if [ ! -z "$GPG_PASSPHRASE" ]; then
 fi
 
 if [ "$CONTAINERS_TO_STOP_TOTAL" != "0" ]; then
-  info "Starting containers back up"
+  info "Starting containers/services back up"
-  docker start $CONTAINERS_TO_STOP
+  # The container might be part of a stack when running in swarm mode, so
+  # its parent service needs to be restarted instead once backup is finished.
+  SERVICES_REQUIRING_UPDATE=""
+  for CONTAINER_ID in $CONTAINERS_TO_STOP; do
+    SWARM_SERVICE_NAME=$(
+      docker inspect \
+        --format "{{ index .Config.Labels \"com.docker.swarm.service.name\" }}" \
+        $CONTAINER_ID
+    )
+    if [ -z "$SWARM_SERVICE_NAME" ]; then
+      echo "Restarting $(docker start $CONTAINER_ID)"
+    else
+      echo "Removing $(docker rm $CONTAINER_ID)"
+      # Multiple containers might belong to the same service, so they will
+      # be restarted only after all names are known.
+      SERVICES_REQUIRING_UPDATE="${SERVICES_REQUIRING_UPDATE} ${SWARM_SERVICE_NAME}"
+    fi
+  done
+
+  if [ -n "$SERVICES_REQUIRING_UPDATE" ]; then
+    for SERVICE_NAME in "$(echo -n "$SERVICES_REQUIRING_UPDATE" | tr ' ' '\n' | sort -u)"; do
+      docker service update --force $SERVICE_NAME
+    done
+  fi
 fi
 
 if [ ! -z "$AWS_S3_BUCKET_NAME" ]; then