New to Duplicati, and find it very neat.
Running most of my packages in Debian as containers, including Duplicati. Wanting to create a backup configuration with selected files, to make it quick and easy to restore for when the box crashes.
My understanding is that the packages installed are executed every so often and the .db files and others, are being written and so on. Wondering if there is a way to stop such containers before Duplicati runs the backup, and then restart such containers after the backup/verify is done.
Meaning, I see a whole lot of âAdvance Optionsâ, if there is something to maybe run: âdocker stop sonarr radarr lidarr mylar ombiâ and after the backup/verify to run âdocker start âŚâ
TIA
Youâll want to look into run-script-before.
https://duplicati.readthedocs.io/en/latest/06-advanced-options/#run-script-before
However if youâre running duplicati inside docker you will need to also need to mount the docker socket into the duplicati container so you can control docker from there.
1 Like
That got me somewhat going. Added the following to the compose and it is âsomewhatâ working⌠not reallyâŚ
duplicati:
** volumes:**
** - /var/run/docker.sock:/var/run/docker.sock**
** - /usr/bin/docker:/usr/bin/docker**
If I go via the Portainer console or docker exec -it duplicati bash
, I can run the duplicati-stop or duplicati-start files that I created, chmod +x under the /usr/local/lib. Both files will stop/start the containers if I run the command. So, outside the docker it works.
I added via Settings/Default Options the run-script-after/before and wrote the command /usr/local/bin/duplicati-start on the run-script-after, and same, but duplicati-stop on the run-script-before.
It never stopped them. The following is from the Verbose log data
The script âduplicati-stop-dockersâ returned with exit code 255
The script âduplicati-start-dockersâ reported error messages: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/sonarr/start: dial unix /var/run/docker.sock: connect: permission denied
Error: failed to start containers: sonarr
Ah, I think we forgot one step. The container should be running as the root user so it has access but docker has some security features to prevent containers from accidentally getting too much control.
ââprivilegedâ should allow the container to execute on the docker socket. It should just be âprivileged: trueâ in docker compose.
Nope, same error as above. This is what my docker-compose for duplicati has:
https://pastebin.com/FCBcQXcJ
Files at /usr/local/bin with chmod +x so they can be executed from anywhere:
duplicati-stop-dockers: https://pastebin.com/5THemXY2
duplicati-start-dockers: https://pastebin.com/C88TqHYq
When I run the following command at the command line: docker exec duplicati -it bash
which takes me to the specific containerâs command line, I can execute: duplicati-stop-dockers and the dockers are stopped; the same with running: duplicati-start-dockers
So that shows me that within that container (duplicati) I am able to run them commands and the docker.sock is allowing the commands to work. I can do all the same if I reach the console via Portainer for the duplicati container.
At the Duplicati/Settings/Default Options: https ://imgur.com/yAmVtQh
(please copy/paste the link above, remove the blank space between https AND :// as the system wouldnât allow me to post a 3rd link)
So any future backup always stop/start the containers that need to be backed up.
Hmm, it if works when you docker exec into the container, then itâs an issue with the container user itâs running under. By default docker exec will put you into the container as root, while the docker-compose provided is asking the container to start as UID=1000.
I donât think you need execution permissions on the socket, since itâs used for data transfer not execution. Default permissions are srw-rw----. 1 root docker
, so presumably chmod 0666
should provide the correct permissions for anyone to use the docker socket.
It would probably be more secure to create a user on your host system, and then mapping the Duplicati container to that userâs ID. Then you can add that user to the docker group and have access from the container without allowing anyone to control your docker host.