mirantis/dtr backup

Create a backup of MSR.

Usage

docker run -i --rm mirantis/dtr \
    backup [command options] > backup.tar

Example Commands

Basic

docker run -i --rm --log-driver none mirantis/dtr:2.9.21 \
    backup --ucp-ca "$(cat ca.pem)" --existing-replica-id 5eb9459a7832 > backup.tar

Advanced (with chained commands)

The following command has been tested on Linux:

DTR_VERSION=$(docker container inspect $(docker container ps -f \
  name=dtr-registry -q) | grep -m1 -Po '(?<=DTR_VERSION=)\d.\d.\d'); \
REPLICA_ID=$(docker inspect -f '{{.Name}}' $(docker ps -q -f name=dtr-rethink) | cut -f 3 -d '-'); \
read -p 'ucp-url (The MKE URL including domain and port): ' UCP_URL; \
read -p 'ucp-username (The MKE administrator username): ' UCP_ADMIN; \
read -sp 'ucp password: ' UCP_PASSWORD; \
docker run --log-driver none -i --rm \
  --env UCP_PASSWORD=$UCP_PASSWORD \
  mirantis/dtr:$DTR_VERSION backup \
  --ucp-username $UCP_ADMIN \
  --ucp-url $UCP_URL \
  --ucp-ca "$(curl https://${UCP_URL}/ca)" \
  --existing-replica-id $REPLICA_ID > \
  dtr-metadata-${DTR_VERSION}-backup-$(date +%Y%m%d-%H_%M_%S).tar

Description

The backup command creates a tar file with the contents of the volumes used by MSR, and prints it. You can then use mirantis/dtr restore to restore the data from an existing backup.

Note

  • This command only creates backups of configurations, and image metadata. It does not back up users and organizations. Users and organizations can be backed up during an MKE backup.

    It also does not back up Docker images stored in your registry. You should implement a separate backup policy for the Docker images stored in your registry, taking into consideration whether your MSR installation is configured to store images on the filesystem or is using a cloud provider.

  • This backup contains sensitive information and should be stored securely.

  • Using the --offline-backup flag temporarily shuts down the RethinkDB container. Take the replica out of your load balancer to avoid downtime.

Options

Option

Environment variable

Description

--debug

$DEBUG

Enable debug mode for additional logs.

--existing-replica-id

$DTR_REPLICA_ID

The ID of an existing MSR replica. To add, remove or modify an MSR replica, you must connect to the database of an existing replica.

--help-extended

$DTR_EXTENDED_HELP

Display extended help text for a given command.

--ignore-events-table

$DTR_IGNORE_EVENTS_TABLE

Option to prevent backup of the events table for online backups, to reduce backup size (the option is not available for offline backups).

--ignore-scan-data

$DTR_IGNORE_SCAN_DATA

Option to prevent backup of the scanning data for online backups, to reduce backup size (the option is not available for offline backups).

--include-job-logs

$DTR_INCLUDE_JOB_LOGS

Option to include job logs in online backups.

--nocolor

$NOCOLOR

Disable output coloring in logs.

--offline-backup

$DTR_OFFLINE_BACKUP

This flag takes RethinkDB down during backup and takes a more reliable backup. If you back up MSR with this flag, RethinkDB will go down during backup. However, offline backups are guaranteed to be more consistent than online backups.

--ucp-ca

$UCP_CA

Use a PEM-encoded TLS CA certificate for MKE. Download the MKE TLS CA certificate from https://<mke-url>/ca, and use --ucp-ca "$(cat ca.pem)".

--ucp-insecure-tls

$UCP_INSECURE_TLS

Disable TLS verification for MKE. The installation uses TLS but always trusts the TLS certificate used by MKE, which can lead to man-in-the-middle attacks. For production deployments, use --ucp-ca "$(cat ca.pem)" instead.

--ucp-password

$UCP_PASSWORD

The MKE administrator password.

--ucp-url

$UCP_URL

The MKE URL including domain and port.

--ucp-username

$UCP_USERNAME

The MKE administrator username.