From be50d792b66dad4a3e29047019e6b9d69f1f7f43 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sun, 3 Oct 2021 16:04:16 +0300
Subject: [PATCH] Preperations for registry backup.
I only have off-site backups for host01. In case I need to rebuild ns4
or rebuild shore.co.il infrastructure I need those images (although I
can probably build them locally and push them, it's probably easier and
faster to restore from backups). So this commit includes:
- Empty Python script.
- pre-commit hooks for Python.
- Dockerfile for the image (with the requirements and script).
- GitLab CI job for backup on host01 (bind mount the dockerd socket and
/var/backups) and a notification job in case the backup fails.
All that's left is to write the backup script.
---
.gitlab-ci.yml | 32 ++++++++++++++++++++++++++
.pre-commit-config.yaml | 50 +++++++++++++++++++++++++++++++++++++++++
backup/.dockerignore | 2 ++
backup/Dockerfile | 4 ++++
backup/backup | 2 ++
5 files changed, 90 insertions(+)
create mode 100644 backup/.dockerignore
create mode 100644 backup/Dockerfile
create mode 100755 backup/backup
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 70cfcad..9c4fa9a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,6 +4,8 @@ include:
file: templates/pre-commit.yml
- project: shore/ci-templates
file: templates/docker.yml
+ - project: shore/ci-templates
+ file: templates/notify.yml
stages:
- test
@@ -13,11 +15,41 @@ stages:
build:
extends: .compose-build
tags: &tags [ns4.shore.co.il]
+ rules:
+ - if: $CI_PIPELINE_SOURCE != "schedule"
pull:
extends: .compose-pull
tags: *tags
+ rules:
+ - if: $CI_PIPELINE_SOURCE != "schedule"
run:
+ rules:
+ - if: $CI_PIPELINE_SOURCE != "schedule"
+ when: manual
extends: .compose-run
tags: *tags
+
+
+backup:
+ rules:
+ - if: $CI_PIPELINE_SOURCE == "schedule"
+ stage: deploy
+ tags: [host01.shore.co.il]
+ image: docker.io/library/docker:20.10
+ before_script:
+ - >-
+ docker build
+ --tag registry.shore.co.il/registry-backup
+ --pull
+ backup
+ script:
+ - >-
+ docker run
+ --volume /var/backups/registry:/var/backups/registry
+ --volume /run/docker.sock:/run/docker.sock
+ registry.shore.co.il/registry-backup
+ backup registry.shore.co.il /var/backups/registry
+ after_script:
+ - docker image prune -f
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 1b84689..5ae94b5 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -54,3 +54,53 @@ repos:
rev: v2.7.0
hooks:
- id: hadolint
+
+ - repo: https://github.com/ambv/black
+ rev: 21.9b0
+ hooks:
+ - id: black
+ args:
+ - |
+ --line-length=79
+
+ - repo: https://github.com/PyCQA/prospector
+ rev: 1.5.1
+ hooks:
+ - id: prospector
+ args:
+ - |-
+ --max-line-length=79
+ - |-
+ --with-tool=pyroma
+ - |-
+ --with-tool=bandit
+ - |-
+ --without-tool=pep257
+ - |-
+ --doc-warnings
+ - |-
+ --test-warnings
+ - |-
+ --full-pep8
+ - |-
+ --strictness=high
+ - |-
+ --no-autodetect
+ additional_dependencies:
+ - bandit
+ - pyroma
+
+ - repo: https://gitlab.com/pycqa/flake8.git
+ rev: 3.9.2
+ hooks:
+ - id: flake8
+ args:
+ - |-
+ --doctests
+ additional_dependencies:
+ - flake8-bugbear
+
+ - repo: https://github.com/codespell-project/codespell.git
+ rev: v2.1.0
+ hooks:
+ - id: codespell
diff --git a/backup/.dockerignore b/backup/.dockerignore
new file mode 100644
index 0000000..ff99b53
--- /dev/null
+++ b/backup/.dockerignore
@@ -0,0 +1,2 @@
+*
+!backup
diff --git a/backup/Dockerfile b/backup/Dockerfile
new file mode 100644
index 0000000..7be4b23
--- /dev/null
+++ b/backup/Dockerfile
@@ -0,0 +1,4 @@
+FROM docker.io/library/alpine:3.14
+# hadolint ignore=DL3018
+RUN apk add --update --no-cache docker-py
+COPY --chown=root:root backup /usr/local/bin/backup
diff --git a/backup/backup b/backup/backup
new file mode 100755
index 0000000..82505f4
--- /dev/null
+++ b/backup/backup
@@ -0,0 +1,2 @@
+#!/usr/bin/env python3
+"""Backup a container image registry."""
--
GitLab