Hi All,
I created a landscape docker with the containers (domoticz,homebridge,mosquitto,wireguad,zwave) with a different volume on the RPI2 with Pi OS (Bulleyes)
The domotic system is operationnel and very stable. I’m happy to discover and use the docker system.
But now i would like to save the system on the nas with the docker command and i save the container and the data everyday, i execute
sudo docker export <container_name> |gzip > container_name.tar.gz
tar czfP - /home/pi/<container_name> > data_domoticz.tar.gz
the questions :
is it mandatory to put in pause or stop the container for the save action ?
is it the good action to restaure on a new sd card ?
Side supervision, i execute
sudo docker inspect <container_name> -f '{{.RestartCount}}
sudo systemctl status docker.service |egrep -i ‘(running’)
sudo systemctl status docker.socket|egrep -i ‘(running’)
sudo systemctl status containerd.service |egrep -i ‘(running’)
the question
is it sufficient to supervise the docker system ?
I think its overkill to backup the whole container, almost every container will have a kind of data directory, and is described in the hub.docker.com page, and what I do, is i only take a backup of that datadir, and the docker-compose.yml file. then i have everything i need to get that same container up and running again.
yes i save also the docker compose and the data, but if you put in the docker compose domoticz/domoticz:latest and if you have a crash after 6 month and you rexecute the docker-compose you don’t have the good version for which your system was stable, is it correct ?
Yes thats correct, that it will pull the newest image since the host dosnt have it.
But if you’re “afraid” of upgrading, you should/could use other tags than latest: Docker to specify the exact image you want.
But then there is a risk that in some point, they might delete older versions.
Exactly, in fact in my configuration, if i don’t touch the system during 5 years in this case the best solution is to save the Docker Image and not the container to return from crash and restore quickly the service -First solution
I save only the file docker-compose and i use docker pull to reload the image -Second solution
i save the docker-compose file, and i save the Image once a month that is sufficient -Third solution
I save the container every day or once a month
I think first solution is safe if the image exist on the docker hub
if the image sourcing is not sure the second solution is safe
on the rpi2, i have the docker service domoticz, homebridge, mosquitto, wireguad, zwave
when you have upgrade , It is not unusual you have a liitle bug and the smart process doesn’t function in my house, and the differents services exchange between them and consequence the home automation is down
Yeah, exactly. I mean, you mention not touching the system for 5 years, and wanting to be able to restore it… but a 5-year-old network service image will contain unpatched security vulnerabilities. It doesn’t matter how stable it is, it still isn’t usually safe to keep such old devices online without updating.
The domoticz security policy, for example, is clear: " Currently, only the latest Stable release and the latest Beta release will receive security fixes addressing reported and confirmed security issues." Anything older, and you’re gonna stay vulnerable.
sure
In fact if regular updating is necessary(every 6 months for domoticz), i can do without the image save
but today i’m working on my home automation but when i make a pause ,i don’t touch the system during 2 years(max 5 years).
@ferdnyc or @terpz , when you save the volume, is it necessary to put in pause the container ?
Never export Docker containers, since it will only save the filesystem of the container not the actual container with its metadata. You will lose all the metadata so when you try to import it, it will probably not start as the new container has no idea what it should start unless you provide the whole command with all the environment variables and everything I might have missed.
Why would that be the case? Unless you pull the new image intentionally or lose the tag for some reason and Docker has to download it again, you will use the already downloaded image without updating it. If your system automatically updates images, you must have a reason for it, so you probably want to run the new version every time. If it is not the case, you need to disable the auto update or use a specific version as it was already suggested.
By the way the tag “latest” points to the beta version. Are you sure you want to use a beta and not the “stable” tag? If you are using a beta version the chance is much higher to run into a bug.
About pausing: When a container needs to be paused while executing a Docker command, Docker will pause it even if you don’t do it manually. It happens when you “commit” a container as an image, so I would expect it to happen during exporting as well. Since volumes are read and written by the container, it is better to pause or stop the container to avoid inconsistency on the filesystem or at least copy the volume or mounted folder using rsync to follow the changes. If you just want to save some uploaded photos, the risk is smaller, but if you want to sync some databases, you need to be more careful or you can lose all your data.
i see 3 cases
crash SD, i create a new SD card with the monthly backup and restore the daily volume backup
crash upgrade services, i rollback with the last stable release present on the system and the volume
crash database, i restore the volume with daily volume backup
Thanks a lot for the differents explications, now it’s clear for me @rimelek you say
If it is not the case, you need to disable the auto update or use a specific version as it was already suggested.
where is the parameter auto update , it’s depend if the image already exist , is it true ?