How to backup critical Docker data on Linux
Running containers on a Linux server comes with inherent risks, especially when critical data is involved. This guide will show you some effective container backup and disaster recovery strategies for your Linux server.
How to Identify Critical Data
Before creating a backup of your containers on a Linux server, it’s essential to identify critical data. In the context of containers, critical data typically reside in volumes. These volumes are attached to your container and store critical user data, configuration files, etc.
To view volumes in Docker on your Linux system, use the docker volume ls command. This command lists all available volumes on your system.
sudo docker volume ls
Examine the volumes in the docker volume ls output. Choose a volume to inspect, and execute the docker volume inspect command. This command reveals the metadata for your selected volume, including the host filesystem mount point.
sudo docker volume inspect [volume-name]
In the docker volume inspect output, look for “Mountpoint” to determine where your volume stores its files on the host system. Once you find this mount point, you can use the ls command to view the data stored in the volume. This step is crucial to ensure you know the data’s location before backing it up.
ls /location/after/mountpoint/
Alternatively, you can utilize the following complex command to inspect and view the mount point data in one step. Remember to replace [volume-name] with the name of your Docker container volume from docker volume ls.
su -
docker volume inspect [volume-name] | grep "Mountpoint" | awk '{print $2}' | tr -d '",' | xargs ls
How to Backup Docker Containers and Volumes
Now that you’ve verified the data in your container volumes, you can proceed to create backups. It’s important to note that backing up containers and volumes is done differently. This distinction arises because a container represents non-persistent data, while a volume contains persistent data. In this section, we’ll guide you through the process of backing up both.
Backing up Containers
To create a backup of a Docker container, you can generate an image of it. To do this, first, identify the container you want to back up by listing all containers on your system using the docker ps -a command:
sudo docker ps -a
Locate the ID of the container you wish to backup. Then, use this ID in the following command to create a new image:
sudo docker commit [CONTAINER_ID] [new-image-name]
Finally, use the docker save command to export your newly created image to a file:
sudo docker save [new-image-name] > /path/where/you/wish/to/save/container_backup.tar
Backing up Volumes
Backing up a Docker volume is a little different from a container. To create a backup, start by identifying the Docker volume on your system you wish to back up. Refer to the “Identifying Critical Data” section of the guide for a refresher.
Once you’ve identified your volume, you can use the following command to create a backup of your Docker volume in the current Host working directory (the folder your terminal is currently accessing.) Be sure to change “path_to_volume” with your Docker volume’s mount point, and “your_container” with the container ID or container name.
docker run --volumes-from your_container -v $(pwd):/backup ubuntu tar cvf /backup/volume-backup.tar /path_to_volume
Note that the “path_to_volume” can be obtained with the following command in a terminal.
docker volume inspect [volume-name] | grep "Mountpoint"
This command will return the mount point of the volume, and you can replace “path_to_volume” in the docker run command to create a backup of your Docker volume.
How to store your Docker backups securely
To securely store your Docker backups, you should encrypt them. Encryption can be done in many ways on Linux. In this guide, we’ll use GPG, as it is easy to understand. To create a backup, enter the directory in which you created your backup using the cd command. In this example, our backup is in /mnt/external-storage/backup/.
cd /mnt/external-storage/backup/
From here, use the gpg command to encrypt the Tar backup of the volume. What is GPG? GPG is Gnu Privacy Guard. It is an encryption tool. When you use GPG with the -c option, it’ll prompt you to enter a password.
gpg -c volume-backup.tar
When your backup is complete, you can store this on an offsite storage location, or on another server for safe-keeping.
How to restore your backup
To restore your backup, simply untar it to the location the volume is mounted to. For example, to restore it to a volume’s _data directory, you can use the tar -C command.
su -
tar xvf volume-backup.tar -C /var/lib/docker/volumes/YOUR_VOLUME_NAME_HERE/_data
This command should restore it to the specific location. However, know that if you’ve chosen to encrypt the backup, you will need to decrypt it before attempting a restore. If you need to decrypt your backup, you can run the following gpg command.
gpg -o decrypted-volume-backup.tar -d volume-backup.tar.gpg
