odarriba / docker-timemachine Goto Github PK

Here are the steps I followed:

Run the container.
$ docker run -h timemachine --name timemachine --restart=unless-stopped -d -v /mnt/user/timemachine:/timemachine -p 548:548 -p 636:636 odarriba/timemachine

Confirm it's working.

Add the user.
$ docker exec timemachine add-account backup password tm /timemachine/backup

And this is what I get when I try to login...

Any clues as to what might be going on here?

Just updated to b93ac2782ded (have been stable for forever) and my Macs couldn't connect to the AFP volume. I tried a few restart/rebuilds of the image, same issue.

My docker-compose environment looks like this (and has looked like this for a year+):

    environment:
     - AFP_LOGIN=tm
     - AFP_PASSWORD=some_passsword
     - AFP_NAME=TimeMachine
     - AFP_SIZE_LIMIT=700000

I was able to fix my issue by running add-account:

$ docker exec 5eab255ef4ee add-account tm some_password TimeMachine /timemachine
chpasswd: password for 'tm' changed

After that I am able to connect via AFP normally. So, it seems like the default single user setup using AFP envs might be broken in some way in a recent change.

Is there an option to delete user account and/or change credentials (password)?
Edit: nevermind, I looked at Dockerfile and will code a solution similar to add-account. Is there anything I should be aware of before coding?

I've compiled the SMB version for a Raspberry Pi and it seems working well (after also editing the avahi service to hide the bogus home folder visible).

One problem I'm experiencing is:

I made sure to mount the external volume (ext4) in the same directory through fstab, after making the mounting folder with correct ownership (pi), the Mac can copy and delete files without problems into the share, inside the container the /timemachine folder got the right permissions for the username I chose and the root group.

The problem is that the host computer cannot write or delete files inside the original volume, I noticed that the folder owner now results as: systemd-timesync and if I change it to pi through chown the Mac cannot write into the folder anymore.

How is this possible? Why the container changes the ownership to this strange user?
Thanks

As it stands now, the instance only has the capability to interact with one client. Are users supposed to run multiple instances of this for each client who needs this?

It looks like afp.conf has the capability to handle multiple clients.

Implementing this would require a rather significant change to the UI, and might be best addressed in a fork. What do you think?

I have hdd that I use with timemaschine via usb connection
Can I use it w/o re-formatting?

Something like this?: https://askubuntu.com/questions/332315/how-to-read-and-write-hfs-journaled-external-hdd-in-ubuntu-without-access-to-os

I recently tried to use this docker image, and the container got stuck in a restart loop. The command I used is as follows (this strips out everything unnecessary, and I tried with actually mapping volumes and users correctly as well):

docker run -h timemachine --name timemachine --restart=unless-stopped -d -it --net=host  odarriba/timemachine-rpi

However, after looking at the logs of the container, I only saw this:

2018-06-17T01:01:15.065484122Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:15.556469372Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:16.105062200Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:16.869803631Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:18.049291672Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:20.057097210Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:23.635228735Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:30.423332594Z standard_init_linux.go:195: exec user process caused "exec format error"
2018-06-17T01:01:43.593194284Z standard_init_linux.go:195: exec user process caused "exec format error"

as the container was restarting. I am running docker in an LXD container on Ubuntu 18.04 if that is relevant. Is there an obvious reason why this is happening?

I was puzzled why when my container rebooted (either because I was shutting down the container or because of machine reboot) the netatalk service inside the container would not start.
I believe that this is caused by a stale lock file in /var/lock/netatalk

I have altered the start_services.sh to remove that file before starting the service and it seems that the issue is fixed for me.

What are your thoughts on this?

I am getting authentication errors when trying to initiate a time machine backup on a fresh Docker container, built from master rev. 9ef27f0.

I have set the docker environment variables to timemachine/timemachine on the container.
I can connect with cmd-k using those credentials, but time machine fails.

I am running OSX 10.13.1.

Any hints on diagnosing the authentication issue?

Hi there,

Thanks for what looks like a fabulous docker image!

I have got it up and running, and I've added two users user1 and user2 with the docker exec timemachine add-account command. The user1 and user2 directories get created under the /timemachine directory. So far so good.

I do command-K on the Mac to mount the Time Machine VM. Works. If I create a test directory in the /timemachine/user1 directory from the VM, this test directory immediately shows up on the Mac Finder window.

However... Time Machine won't show me my timemachine VM when I go to select disk. And if I try to create a folder from the Mac, it prompts me for username/password, and fails (even though I provide the correct u/p).

The user1 and user2 folders are showing as drwxr-xr-x 2 root root

Any idea what I'm missing?

My docker /timemachine is mapped to /mnt/timemachine on the VM, which in turn is a mounted CIFS share. I have read/write permissions as I can create and delete stuff no problem (as root on the VM).

I hope that all makes sense and you can give an easy answer!

Thanks again!

I upgraded to your latest recently (from last July) and my TM share name changed to simply 'tm'. I am setting AFP_NAME to 'TimeMachine'.

as I understand, we have to use hfsplus formatted partition

so approximated manual might be like this:

sudo apt-get install hfsplus hfsutils hfsprogs

sudo mkdir /mnt/timemachine # provide your path to mount point

# remove/create a partition
# fdisk howto: https://www.tldp.org/HOWTO/Partition/fdisk_partitioning.html
sudo fdisk /dev/sda 

sudo mkfs.hfsplus /dev/sda1 # specify your partition

blkid # find partuuid

# add to /etc/fstab:
/dev/disk/by-partuuid/be54d979-02 /mnt/timemachine hfsplus rw,force,exec,auto,users 0 2

sudo mount -a # check fstab before reboot

Hi there,

Can you add the ability to set a specific UID & GID when creating the docker via environment variables? Right now this can only be done if we manually create the user using the script.

The usecase is inside the docker-compose.yml file

broken after first backup

but disk is mountable and I even can create and modify files on it and I can open timemachine image (mxtnr-mbp.sparsebundle) as a archive but I cannot mount it

Hi, thanks for the very useful image!

Netatalk offers config options for allowing/denying specific hosts or whole subnets, which sometimes is very handy:

http://netatalk.sourceforge.net/3.0/htmldocs/afp.conf.5.html

hosts allow = IP host address/IP netmask bits [ ... ] (V)
Only listed hosts and networks are allowed, all others are rejected. The network address may be specified either in dotted-decimal format for IPv4 or in hexadecimal format for IPv6.

Example: hosts allow = 10.1.0.0/16 10.2.1.100 2001:0db8:1234::/48

hosts deny = IP host address/IP netmask bits [ ... ] (V)
Listed hosts and nets are rejected, all others are allowed.

Example: hosts deny = 192.168.100/24 10.1.1.1 2001:db8::1428:57ab

It would be nice to expose this via a parameter as well!

PS: This is a volume-level parameter, so it would need to be injected into the [<<volume-name>>] section in add-account.

docker puts files into /var/lib/docker/overlay2/1c5c2a0de7a49e46ec984252a8c092b503eb366f1f176b9c35f352f4e227b5c5/merged/mnt/timemachine

instead of /mnt/timemachine

do you know, in what direction I can search to fix it?

when i using command according to documentation
sudo docker exec timemachine add-account pi password tm /timemachine
i get follow errors:
chown: /timemachine/.Spotlight-V100/Store-V2/4B5837BF-6FA9-418C-B16C-CBC268CC8467/psid.db: Operation not permitted chown: /timemachine/.Spotlight-V100/Store-V2/4B5837BF-6FA9-418C-B16C-CBC268CC8467/tmp.Lion: Operation not permitted chown: /timemachine/.Spotlight-V100/Store-V2/4B5837BF-6FA9-418C-B16C-CBC268CC8467/Lion.created: Operation not permitted
etc ....

P.S. /etc/fstab (i use external HDD ExFat)
UUID=F988-8B5A /home/pi/tm exfat force,rw,user,auto 0 0

Tried to use the readme who say :

 on an ARM-Device (like the Raspberry Pi)
Get the precompiled image (latest compilation on 29-03-2018):

It don't work using that, the dest path used by docker is wrong (probably #59 !)

Maybe the readme deserves an update ?

Hi, everything is in place but when I follow the proposed steps I get a permission denied on /timemachine into the docker container. I tried to create the user with a different uid & gid and set the permissions of my /external_drive on my host but it didn’t work. What I have found to work around this issue is creating the container with the —privileged=true setting. But, is there a way to adjust the permissions without this option ? Thanks !

It seems that AFP is deprecated, and Time Machine is now supported on Samba 4.8 and higher. See samba-team/samba#64.

It would be nice if this container would support that, perhaps in a separate branch.

I have done everything correctly and my mac/timemachine can connect to it. Once it passes the point of 'Preparing backup' it stops and shows this message the drive is formatted with etx4:

It works when I don't have encryption enabled

Just rebuilt my containers and realized I can't log into the time machine any more. Seemingly, the latest change to add users removed the AFP_LOGIN, AFP_PASSWORD and AFP_NAME attributes. Still investigating, will update this issue once I know for sure. Going back to old version in the meantime.

Running the following command on a Windows host yields

docker run -h timemachine --name timemachine -e AFP_LOGIN=<YOUR_USER> -e AFP_PASSWORD=<YOUR_PASS> -e AFP_NAME=<TIME_MACHINE_NAME> -e AFP_SIZE_LIMIT=<MAX_SIZE_IN_MB> -d -v /route/to/your/timemachine:/timemachine -t -i -p 548:548 -p 636:636 odarriba/timemachine

the following logs for the container. The container won't start after being built.

chown: changing ownership of '/timemachine/System Volume Information': Permission denied
chown: changing ownership of '/timemachine': Permission denied

I have a 3.6 tb drive mounted on /mnt/sdb/
The server root is /, a 50% filled 502gb SSD

Following command to start the docker:
docker run -h timemachine --name timemachine --restart=unless-stopped -d -v /mnt/sdb/timemachine/ -it -p 548:548 -p 636:636 --ulimit nofile=65536:65536 odarriba/timemachine

Following command to add the user:
docker exec timemachine add-account kwj <PASSWORD> rcvol /mnt/sdb/timemachine/backup

The root disk keeps showing up in time machine instead of the external volume, see picture.
Any ideas what I am doing wrong?

Container will exit after start.

> docker-compose up
Creating ittimemachine_tm_1
Attaching to ittimemachine_tm_1
tm_1 | Starting Netatalk services:  netatalk.
ittimemachine_tm_1 exited with code 0

my docker-compose file:

tm:
  image: odarriba/timemachine
  hostname: tm.xxx.com
  volumes:
    - /mnt/hdd/data/timemachine:/timemachine
  ports:
    - '548:548'
    - '636:636'
  environment:
    AFP_LOGIN: usr
    AFP_PASSWORD: pwd
    AFP_NAME: Time_Machine
    AFP_SIZE_LIMIT: 2000000

Problem

In the Dockerfile the service netatalk is installed like this:

wget http://prdownloads.sourceforge.net/netatalk/netatalk-${netatalk_version}.tar.gz

In particular:

• No SSL is being used.
• No signatures are verified.

This leaves all users of this image exposed if MITM or similar attacks are / have been performed at build time.

Proposed Solution

• Downloads should be done via https://. The official URL seems to be https://downloads.sourceforge.net/project/netatalk/netatalk/3.1.10/netatalk-3.1.10.tar.bz2.
• The client (e.g., wget, curl) should verify the SSL certificate.
• Preferably, if GPG signatures for netatalk exist (haven't checked), they should also be verified. (Sourceforge doesn't have the best reputation for secure hosting ...)
• A new version with the changes above should be released soon.

On a previous version, I was able to enable encrypted backups from my Mac just fine. With the new version I am unable to select this.

Almost without fail, I have to reselect my backup drive once every other day or so because it's suddenly not available... Not sure if this is a mac issue, or a docker issue but would love to get this hammered out so backups aren't requiring additional babysitting...

Essentially, it ends up requiring selecting the server again, waiting for the drive to show up and then logging back in again.

After a docker system prune, timemachine does not seem to be able to get back to normal since the user accounts are lost.

I was considering making /etc/afp.conf a volume mount, but that won't suffice since the user accounts will also need to be re-created.

I'm using multiple user accounts otherwise the startup environment variables would have worked.

If I don't use Avahi, am I going to have to manually connect to the server every time I want to backup, or will mac do that for me? I assume not.

I'm trying to host this on a Windows server. Would I be able to get auto-connection / discovery working on Windows? I'm assuming it'd have to be through something besides avahi?

The Raspberry Pi ARM version hasn't been merged with the master for a while now.
Is there a specific reason for that, or was something changed that is not supported by the ARM architecture?

This is my first time using docker-timemachine and I haven't been able to get things working. On the client machine, I connect to the server using cmd+k and "afp://192.168.1.x". Then in the Time Machine window, I click "Select Backup Disk". I see my disk here, "/path/to/my/shared_disk". I select the disk and click "Use Disk". I am now asked for a username and password. I enter the username and password and click "connect" which takes be to the previous screen where I select my disk again. This repeats.

I'm not well versed in Mac. running the following command log show --predicate 'subsysten == com.apple.TimeMachine"' --debug` on the client system shows the follow log which is the only thing in the correct time window.

2017-11-03 19:10:55.303516-0200 0x13be Error 0x0 340 UserEventAgent: (TimeMachine) [com.apple.TimeMachine.TMLogError] com.apple.TMHelperAgent.SetupOffer enabled

Hello,

Today I tried to build an image using a Docker file and failed to compile Netatalk.
I played a bit with the alpine versions and found that there are no problems with compilation when ALPINE_VERSION = 3.10, the current latest version is ALPINE_VERSION = 3.13.

Hey and thanks for the project :)

Dear Dev,

I have noticed that the init script will not allow the container to be stopped any more. It might be worth while to put the action in rc.local so that docker stop/kill command work.

Regards,
Cristian

Hi, please forgive any ignorance. Relatively new to Docker.
I recently did a fresh pull and run of the image, and it seems the container is now interfering with my already existing Samba server on the host machine. Any advice?

Thank you. Thinks have been working great so far!

Hi, thanks for the container, seems to work well, except there is a slight flaw - the network volume is incorrectly reporting free space when I try to use a much larger external USB drive. I am running a high capacity 6TB USB drive but the mounted volume on my mac is only reporting the total capacity of the built in hard drive on my server which is much lower..

I got this up and running, thanks for a great image!

But after TM backup has initialized, I get an error:

The backup disk needs 152,06 GB for the backup but only 87,19 GB are available. Select a larger backup disk or make the backup smaller by excluding files

I specified a mountpoint of 300000 (300GB) when creating my user. The mount point is on a mdadm array with 2.5TB free so there must be some restriction in the image.

Any ideas?

Can I use this image to serve multiple disks? If so, how to configure this with ENV vars?

Server:

• Ubuntu 16.4.2 LTS
• Latest docker-timemachine, followed instructions
• avahi-daemon up and running (according to instructions)
• Firewall (ufw) disabled

MBP:

• Running 10.12.3
• All firewalls disabled (system + Little Snitch)
• Running on same network

Result:

• MBP (Settings -> Time Machine) does not detect any Time Machine drives

Update

• Alrighty, if I manually mount the volume first (afp://myhost) I can connect to it.
• Makes me wonder, is this supposed to create a Time Machine disk, or just an AFP volume? In that case the instructions should be clearer how to connect to it!

This issue was related to an incorrect docker run command. I ommited to use the proposed nomenclature: /external_drive:/timemachine. It is very important not to forget the « : » to avoid the 50gb max disk space into the container.

I really like this solution.
but providing docker-compose will help more people.

Docker compose

I have used the add-account script to setup 2 user accounts.
These are present in the afp.conf file.
The problem that I'm facing is that I can only login to the user account create last, e.g.
add-account user1
login available from mbp
add-account user2
login available from mbp
if i now try to connect from mbp with user1, I get the following error:
There was a problem connecting to the server
In the afp log I see
Apr 23 06:28:56.276443 afpd[70] {dsi_stream.c:504} (error:DSI): dsi_stream_read: len:0, unexpected EOF

Any thoughts?