Djeex/docudjeex
1
1
Fork 0
Code Issues Pull Requests Projects Wiki Activity
Files
77b87485b0ec615394d68e71fe5e801faf66cb67
docudjeex/content/5.nonsense/2.bash/5.backrest-docker-stop.md
Djeex 77b87485b0 Backrest Dcoker Stop
2025-10-22 15:45:27 +00:00

126 lines
3.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
navigation: true
title: Backrest Docker Stop
main:
fluid: false
---
:ellipsis{left=0px width=40rem top=10rem blur=140px}
# Backrest Docker Stop
---
[Backrest](https://github.com/garethgeorge/backrest) is a fantastic backup tool.
In the case of [Serveex](https://docu.djeex.fr/serveex/introduction), most of the data that needs to be backed up consists of containers — and those containers often include databases.
The problem? You cant safely back up a database while its running.
There are plenty of complex solutions involving database dumps, but often the simplest method is to stop the containers, perform the backup, and then restart them.
**Backrest** doesnt natively provide this functionality, but it does allow the execution of custom scripts triggered by events — for example, at the start and end of a backup plan.
Our goal is to stop the containers whose databases need to be backed up when the backup plan starts, and restart them when the backup plan finishes.
To achieve this, well need a small Bash script and a secure connection between Backrest and the Docker socket, to enable the following sequence:
- The backup plan starts
- The event triggers the execution of a custom script
- The script contacts Docker and retrieves a list of containers labeled `backrest.backup.stop=true`
- It stops those containers
- The backup plan completes
- The event triggers another custom script
- The script contacts Docker again, retrieves the same list, and restarts those containers
---
## Securely Connecting Backrest and Docker
To allow **Backrest** to communicate securely with Docker, well use [Docker Socket Proxy](https://github.com/linuxserver/docker-socket-proxy).
This avoids exposing the full Docker socket and grants only the necessary permissions.
Heres an example Docker stack:
```yaml
---
services:
backrest:
image: garethgeorge/backrest:latest
container_name: backrest
hostname: backrest
security_opt:
- no-new-privileges:true
volumes:
- ... # your volumes
environment:
- ... # your environment variables
- DOCKER_HOST=tcp://socket-proxy-backrest:2375
restart: unless-stopped
ports:
- ... # your ports
depends_on:
- socket-proxy
socket-proxy:
image: lscr.io/linuxserver/socket-proxy:latest
container_name: socket-proxy-backrest
security_opt:
- no-new-privileges:true
environment:
- CONTAINERS=1
- ALLOW_START=1
- ALLOW_STOP=1
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: unless-stopped
read_only: true
tmpfs:
- /run
```
With this setup, Backrest can communicate with Docker safely and securely.
---
## The Scripts
Below are the scripts to use for **Backrest**s *start* and *end* backup events.
::code-group
```sh [Stop]
#!/usr/bin/env bash
BACKUP_LABEL="backrest.backup.stop=true"
BACKUP_CONTAINERS=$(docker ps -aqf "label=$BACKUP_LABEL")
for BC in $BACKUP_CONTAINERS
do
docker stop "$BC"
done
sleep 10
```
```sh [Start]
#!/usr/bin/env bash
BACKUP_LABEL="backrest.backup.stop=true"
BACKUP_CONTAINERS=$(docker ps -aqf "label=$BACKUP_LABEL")
for BC in $BACKUP_CONTAINERS
do
docker start "$BC"
done
sleep 10
```
---
## The Label
Once the scripts are in place and configured for the proper **Backrest** hooks, you just need to add the label `backrest.backup.stop=true` to the `compose.yaml` files of the containers that should stop and restart during backups:
```yaml
services:
your_service:
...
labels:
- backrest.backup.stop=true
```
And thats it!
At the next backup, all containers with the correct label will automatically stop during the backup and restart once its finished.
Reference in New Issue View Git Blame Copy Permalink