pschiffe / docker-borg Goto Github PK

I'm a bit confused where to place the sshfs identity file (guess that's another term for the private SSH key used to connect to a remote server).
Do I put the host path to the key in the SSHFS_IDENTITY_FILE environment variable?
Or does the key need to be in one of the volumes mapped into the container and have to give that path inside the container to the SSHFS_IDENTITY_FILE variable?

Thanks a lot!

Hello,

I am trying to run a backup with your borg container as described in the Readme with the following command:

docker run \
  -e SSHFS='user@hostname:/path/to/repo' \
  -e SSHFS_PASSWORD=my-ssh-password \
  -e BORG_PASSPHRASE=my-secret-pw \
  -e BACKUP_DIRS=/borg/data \
  -e COMPRESSION=lz4 \
  -e PRUNE=1 \
  -v borg-cache:/root/.cache/borg \
  -v mariadb-data:/borg/data/mariadb:ro \
  -v worpdress-data:/borg/data/wordpress:ro \
  --cap-add SYS_ADMIN --device /dev/fuse --security-opt label:disable \
  --name borg-backup \
  pschiffe/borg

There seems to be some issue with borg init, since it gives me this error message:

usage: borg init [-h] [--critical] [--error] [--warning] [--info] [--debug]
                 [--debug-topic TOPIC] [-p] [--log-json] [--lock-wait SECONDS]
                 [--show-version] [--show-rc] [--umask M] [--remote-path PATH]
                 [--remote-ratelimit RATE] [--consider-part-files]
                 [--debug-profile FILE] -e MODE [--append-only]
                 [--storage-quota QUOTA]
                 [REPOSITORY]
borg init: error: the following arguments are required: -e/--encryption

Any idea how I can fix this?

Hello, thanks for the awesome container!

When connecting to my remote repo with the container, I keep getting the following errors:

Connection closed by remote host. Is borg working on the server?
terminating with error status, rc 2

I'm using keys for authentication and have the keys (both id_rsa and id_rsa.pub) mounted under root/.ssh.

My remote repo is not on port 22, but 23.
So, for the REPO I have added the following: BORG_REPO='[email protected]:23/./backups/server'

I don't know how to fix this.
Thanks again!

EDIT: borg is on the server, because I can make backups to it with the local install of Borg.

EDIT2: When using a port different than 22, you need to specify ssh://[email protected]".
Withouth the ssh:// part the port gets ignored. I'm just unsure how this container parses that environment variable.
Because if I add ssh:// in front of it (ssh://[email protected]:23/./backups/server) I get the following:

Repository /'ssh:/[email protected]:23/./backups/server does not exist. terminating with error status, rc 2

You should really keep your image up-to-date, possibly also add a CI to keep it up-to-date and automatically push updates.
Also GitHub provides Dependabot, though IÄm not sure it would catch these issues here…

The thing is, your image is the most popular on Docker Hub for Borg with >500k pulls.

E.g. here you use Fedora 31:

Fedora 31 is long outdated/unmaintained, so better upgrade that…

In the entrypoint script borg-backup.sh there are two possible ways to mount the SSHFS, either by using an identity file or explicitly stating a password.

Latter has some problems with passwords containing characters such as "#":

SSHFS_PASSWORD="echo ${SSHFS_PASSWORD} |"
eval "${SSHFS_PASSWORD} sshfs ${SSHFS} /mnt/sshfs ${SSHFS_IDENTITY_FILE} ${SSHFS_PASSWORD_OPT}"

This would evaluate to:

echo XXXX#YYYY | sshfs ...

leading to just 'XXXX' echoed into nowhere and the rest of the line interpreted as a comment.

I believe it should be SSHFS_PASSWORD="echo \"${SSHFS_PASSWORD}\" |" to fix the issue, e.g. adding some quotes here around ${SSHFS_PASSWORD}.

Hi,
i'm trying to run this container in TN Scale as a Pod.
I tried with the
SYS_ADMIN --device /dev/fuse
and without.
On truenas, i executed modprobe fuse, module is loaded (lsmod), and /dev/fuse exists on the host.

Error:
fuse: device not found, try 'modprobe fuse' first
(no more text)

Also passing /dev/fuse as voluem does not help.

Any idea?
Thanks

Hi,
do you intend to keep the docker image on docker hub up to date ? The current borgbackup version 1.1.10 while the one provided in your image is the older one 1.1.8

Hello!

I've been using your script (partly) for years, and I'm really happy :) Thanks a lot for your work ;)

I'm now asking for upstream to have an official image, and created this PR.

I copied your script and README, and mentionned your name. I hope it is fine, if not, please let me know.

If you have comments, feel free to comment there. (and close this issue.

I'd love to use your image to backup to my rmeote borg repsoitory. But how to I provide an SSH key to the container so it can log into the remote repo?
Or is it only intended to use password within the BORG_REPO variable?

Also in case you did not notice, I commented on borgbackup/borg#4372 and noticed some security-relevant stuff you may also want to consider to change…

Hi,
When I'm trying to backup directory using unencrypted repository I'm getting "Attempting to access a previously unknown unencrypted repository" error.
I know that I could avoid that using BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK. However, I still feel that something is wrong. Due to this error I'm not fully sure that borg will use cache which is essential for me. Could you please help me with that issue?

How to reproduce? Run twice following commands

mkdir borg-archive borg-repo source-test

docker run -h foo --privileged \
-e "BACKUP_DIRS=/to-backup" \
-e BORG_REPO="/mnt/s3fs/backup" \
-e ARCHIVE="$(date +%Y-%m-%d--%H-%M-%S)" \
-v $(pwd)/borg-archive:/root/.cache/borg \
-v $(pwd)/source-test:/to-backup \
-v $(pwd)/borg-repo:/mnt/s3fs \
pschiffe/borg

Output:

matzz@matzz ~/test/test $ mkdir borg-archive borg-repo source-test
matzz@matzz ~/test/test $ docker run -h foo --privileged \
> -e "BACKUP_DIRS=/to-backup" \
> -e BORG_REPO="/mnt/s3fs/backup" \
> -e ARCHIVE="$(date +%Y-%m-%d--%H-%M-%S)" \
> -v $(pwd)/borg-archive:/root/.cache/borg \
> -v $(pwd)/source-test:/to-backup \
> -v $(pwd)/borg-repo:/mnt/s3fs \
> pschiffe/borg
Not using encryption. If you want to encrypt your files, set $BORG_PASSPHRASE variable.
ls: cannot access '/mnt/s3fs/backup': No such file or directory
Initializing repository at "/mnt/s3fs/backup"
Encryption NOT enabled.
Use the "--encryption=repokey|keyfile" to enable encryption.
Synchronizing chunks cache...
Archives: 0, w/ cached Idx: 0, w/ outdated Idx: 0, w/o cached Idx: 0.
Done.
terminating with success status, rc 0
------------------------------------------------------------------------------
Archive name: 2019-02-24--00-17-53
Archive fingerprint: f2a0ce71ff6d0593934330faa4e6d82c3a77a64e759e5d1a699aed72ae38170e
Time (start): Sat, 2019-02-23 23:17:54
Time (end):   Sat, 2019-02-23 23:17:54
Duration: 0.00 seconds
Number of files: 0
Utilization of max. archive size: 0%
------------------------------------------------------------------------------
                       Original size      Compressed size    Deduplicated size
This archive:                  556 B                524 B                524 B
All archives:                  556 B                524 B                524 B

                       Unique chunks         Total chunks
Chunk index:                       2                    2
------------------------------------------------------------------------------
terminating with success status, rc 0
Starting repository check
Starting repository index check
Completed repository check, no problems found.
Starting archive consistency check...
Analyzing archive 2019-02-24--00-17-53 (1/1)
Archive consistency check complete, no problems found.
terminating with success status, rc 0
matzz@matzz ~/test/test $ docker run -h foo --privileged \
> -e "BACKUP_DIRS=/to-backup" \
> -e BORG_REPO="/mnt/s3fs/backup" \
> -e ARCHIVE="$(date +%Y-%m-%d--%H-%M-%S)" \
> -v $(pwd)/borg-archive:/root/.cache/borg \
> -v $(pwd)/source-test:/to-backup \
> -v $(pwd)/borg-repo:/mnt/s3fs \
> pschiffe/borg
Not using encryption. If you want to encrypt your files, set $BORG_PASSPHRASE variable.
Warning: Attempting to access a previously unknown unencrypted repository!
Do you want to continue? [yN] Aborting.
Cache initialization aborted
terminating with error status, rc 2

After I was able to run the docker BorgBackup Image (with the great support of @pschiffe !) on WSL (Windows Subsystem for Linux) I tried to transfer the solution to a server.
But here I got the error message
fuse: mount failed: Permission denied
when starting the container.

I ggogled a bit and found that others had similar issues with fuse mounts in containers. They blamed AppArmor (afaik something similar to SELinux) and recommended to use the --security-opt apparmor:unconfined option.
I tried that and the docker-borg image worked on the server, too.
Thought that could be good information for you, @pschiffe .

I don't know enough about AppArmor (in fact almost nothing) to tell why it works on WSL without the additional option, but not on the server. Both run the same OS (Ubuntu 22.04.4 LTS). I assume some AppArmor default setting are different between both installations.

I got this warning while restoring a file:

Warning: File system encoding is "ascii", extracting non-ascii filenames will not be supported.
Hint: You likely need to fix your locale setup. E.g. install locales and use: LANG=en_US.UTF-8

It's from borg https://github.com/borgbackup/borg/blob/3db27f950e901fa6fcb679962a8432bd1ed059e0/src/borg/archiver.py#L626

Hi, I attempt to use docker-borg unsuccessfully with ssh key authentication:

docker run \
  -e SSHFS='backupuser@remotemachine:/home/backupuser
  -e SSHFS_IDENTITY_FILE=/root/ssh-key/key \
  -e BACKUP_DIRS=/borg/data \
  -e PRUNE=1 \
  -v borg-config:/root \
  --cap-add SYS_ADMIN --device /dev/fuse --security-opt label:disable --security-opt apparmor:unconfined \
  --name borg-backup \
  pschiffe/borg

I get the error message read: Connection reset by peer

SSH and SSHFS run separately, do the ssh key authentication properly on the remote machine.

Many thanks for your help.

Since restoring a Borg backup can take a while, I like to run the extract command with the option --progress . With this option the percentage of the already restored archive is shown.
Is there a way to configure Borg in the container to run with option --progress?

Christian