Run custom commands during the backup lifecycle

In certain scenarios it can be required to run specific commands before and after a backup is taken (e.g. dumping a database). When mounting the Docker socket into the docker-volume-backup container, you can define pre- and post-commands that will be run in the context of the target container (it is also possible to run commands inside the docker-volume-backup container itself using this feature).

In a multi-node Swarm setup, commands can currently only be run on the node the offen/docker-volume-backup container is running on. Labeled containers on other nodes are not visible to the backup command.

Such commands are defined by specifying the command in a docker-volume-backup.[step]-[pre|post] label where step can be any of the following phases of a backup lifecycle:

  • archive (the tar archive is created)
  • process (the tar archive is processed, e.g. encrypted - optional)
  • copy (the tar archive is copied to all configured storages)
  • prune (existing backups are pruned based on the defined ruleset - optional)

So that the docker-volume-backup container can access the labels on other containers, it is necessary that the docker socket is mounted into the docker-volume-backup container as shown in the Quickstart example.

Taking a database dump using mysqldump would look like this:

version: '3'

services:
  # ... define other services using the `data` volume here
  database:
    image: mariadb
    volumes:
      - backup_data:/tmp/backups
    labels:
      - docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump --all-databases > /backups/dump.sql'

volumes:
  backup_data:

Due to Docker limitations, you currently cannot use any kind of redirection in these commands unless you pass the command to /bin/sh -c or similar. I.e. instead of using echo "ok" > ok.txt you will need to use /bin/sh -c 'echo "ok" > ok.txt'.

If you have more than one docker-volume-backup container (possibly across several docker-compose environments) to backup or you are using multiple backup schedules, you will need to use EXEC_LABEL in the configuration and a docker-volume-backup.exec-label label on each container using custom commands to ensure that the commands are only run by the correct docker-volume-backup instance.

In case you use EXEC_LABEL together with configuration mounted from conf.d it’s important to understand that a distinct EXEC_LABEL should be set in each configuration. Else, schedules that do not specify an EXEC_LABEL will still trigger commands on all containers with such labels, no matter whether they specify docker-volume-backup.exec-label or not.

version: '3'

services:
  database:
    image: mariadb
    volumes:
      - backup_data:/tmp/backups
    labels:
      - docker-volume-backup.archive-pre=/bin/sh -c 'mysqldump --all-databases > /tmp/volume/dump.sql'
      - docker-volume-backup.exec-label=database

  backup:
    image: offen/docker-volume-backup:v2
    environment:
      EXEC_LABEL: database
    volumes:
      - data:/backup/dump:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  backup_data:

The backup procedure is guaranteed to wait for all pre or post commands to finish before proceeding. However, there are no guarantees about the order in which they are run, which could also happen concurrently.

By default the backup command is executed by the user provided by the container’s image. It is possible to specify a custom user that is used to run commands in dedicated labels with the format docker-volume-backup.[step]-[pre|post].user:

version: '3'

services:
  gitea:
    image: gitea/gitea
    volumes:
      - backup_data:/tmp
    labels:
      - docker-volume-backup.archive-pre.user=git
      - docker-volume-backup.archive-pre=/bin/bash -c 'cd /tmp; /usr/local/bin/gitea dump -c /data/gitea/conf/app.ini -R -f dump.zip'

Make sure the user exists and is present in passwd inside the target container.