Skip to content

Commit

Permalink
fix: permission issues on backup images
Browse files Browse the repository at this point in the history
  • Loading branch information
@this-is-tobi
this-is-tobi committed Aug 1, 2024
1 parent 4e36560 commit bbe0883
Show file tree
Hide file tree
Showing 6 changed files with 36 additions and 32 deletions.
6 changes: 3 additions & 3 deletions ci/matrix.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"context": "./docker/pg-backup",
"dockerfile": "./docker/pg-backup/Dockerfile",
"target": "build",
"tag": "1.4.0"
"tag": "1.4.1"
}
},
{
Expand All @@ -41,7 +41,7 @@
"context": "./docker/s3-backup",
"dockerfile": "./docker/s3-backup/Dockerfile",
"target": "build",
"tag": "1.1.0"
"tag": "1.1.1"
}
},
{
Expand All @@ -50,7 +50,7 @@
"context": "./docker/vault-backup",
"dockerfile": "./docker/vault-backup/Dockerfile",
"target": "build",
"tag": "1.1.0"
"tag": "1.1.1"
}
}
]
19 changes: 10 additions & 9 deletions docker/pg-backup/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,15 @@
FROM docker.io/postgres:15.7 AS build

ARG TARGETARCH
ENV HOME=/home/postgres
ARG USERNAME=postgres
ENV HOME=/home/${USERNAME}

WORKDIR $HOME
RUN apt update && apt install -y ca-certificates wget && rm -rf /var/lib/apt/lists/*
RUN wget https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc \
&& mv mc /usr/bin && chmod +x /usr/bin/mc \
&& chgrp -R 0 "$HOME" && chmod -R g=u "$HOME"
COPY --chown=postgres:root ./backup.sh ./backup.sh
USER postgres
WORKDIR ${HOME}
RUN chown -R ${USERNAME}:root ${HOME} && chgrp -R 0 ${HOME} && chmod -R g=u ${HOME}
RUN apt update && apt install -y ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& wget https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc \
&& mv mc /usr/bin && chmod +x /usr/bin/mc
COPY --chown=${USERNAME}:root ./backup.sh ./backup.sh
USER ${USERNAME}

ENTRYPOINT [ "/bin/sh", "./backup.sh" ]
ENTRYPOINT ["/bin/sh", "./backup.sh"]
3 changes: 1 addition & 2 deletions docker/pg-backup/backup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,7 @@ PGPASSWORD="${DB_PASS}" pg_dump -Fc -U "${DB_USER}" -h "${DB_HOST}" -p "${DB_POR
printf "\n\nBackup finished\n\n"

# Delete backups older than
re='^[0-9]+$'
if [[ ! -z "${RETENTION}" ]] && [[ "${RETENTION}" =~ $re ]]; then
if [ ! -z "${RETENTION}" ]; then
printf "\n\nDelete backups older than ${RETENTION}days in '${S3_BUCKET_NAME}${S3_BUCKET_PREFIX:+/}${S3_BUCKET_PREFIX}'\n\n"

mc ${MC_EXTRA_ARGS} rm --recursive --force --older-than "${RETENTION}" backup_host/${S3_BUCKET_NAME%/}${S3_BUCKET_PREFIX:+/}${S3_BUCKET_PREFIX}
Expand Down
22 changes: 13 additions & 9 deletions docker/s3-backup/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,18 @@
FROM docker.io/debian:12 AS build

ARG TARGETARCH
ENV HOME=/home/debian
ARG USERNAME=debian
ARG USER_UID=1000
ARG USER_GID=${USER_UID}
ENV HOME=/home/${USERNAME}

WORKDIR $HOME
RUN apt update && apt install -y ca-certificates wget && rm -rf /var/lib/apt/lists/*
RUN wget https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc \
&& mv mc /usr/bin && chmod +x /usr/bin/mc \
&& chgrp -R 0 "$HOME" && chmod -R g=u "$HOME"
COPY --chown=debian:root ./backup.sh ./backup.sh
USER debian
WORKDIR ${HOME}
RUN groupadd -g ${USER_UID} ${USERNAME} && useradd -m -d ${HOME} -s /bin/bash -g ${USERNAME} -u ${USER_UID} ${USERNAME} \
&& chown -R ${USERNAME}:root ${HOME} && chgrp -R 0 ${HOME} && chmod -R g=u ${HOME}
RUN apt update && apt install -y ca-certificates wget && rm -rf /var/lib/apt/lists/* \
&& wget https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc \
&& mv mc /usr/bin && chmod +x /usr/bin/mc
COPY --chown=${USERNAME}:root ./backup.sh ./backup.sh
USER ${USERNAME}

ENTRYPOINT [ "/bin/sh", "./backup.sh" ]
ENTRYPOINT ["/bin/sh", "./backup.sh"]
15 changes: 8 additions & 7 deletions docker/vault-backup/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,14 @@
FROM docker.io/hashicorp/vault:1.17.2 AS build

ARG TARGETARCH
ENV HOME=/home/vault
ARG USERNAME=vault
ENV HOME=/home/${USERNAME}

WORKDIR $HOME
WORKDIR ${HOME}
RUN chown -R ${USERNAME}:root ${HOME} && chgrp -R 0 ${HOME} && chmod -R g=u ${HOME}
RUN wget https://dl.min.io/client/mc/release/linux-${TARGETARCH}/mc \
&& mv mc /usr/bin && chmod +x /usr/bin/mc \
&& chgrp -R 0 "$HOME" && chmod -R g=u "$HOME"
COPY --chown=vault:root ./backup.sh ./backup.sh
USER vault
&& mv mc /usr/bin && chmod +x /usr/bin/mc
COPY --chown=${USERNAME}:root ./backup.sh ./backup.sh
USER ${USERNAME}

ENTRYPOINT [ "/bin/sh", "./backup.sh" ]
ENTRYPOINT ["/bin/sh", "./backup.sh"]
3 changes: 1 addition & 2 deletions docker/vault-backup/backup.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ echo "${VAULT_TOKEN}" | vault login -address=${VAULT_ADDR} -non-interactive ${VA
printf "\n\nBackup finished\n\n"

# Delete backups older than
re='^[0-9]+$'
if [[ ! -z "${RETENTION}" ]] && [[ "${RETENTION}" =~ $re ]]; then
if [ ! -z "${RETENTION}" ]; then
printf "\n\nDelete backups older than ${RETENTION} days in '${S3_BUCKET_NAME}${S3_BUCKET_PREFIX:+/}${S3_BUCKET_PREFIX}'\n\n"

mc ${MC_EXTRA_ARGS} rm --recursive --force --older-than "${RETENTION}" backup_host/${S3_BUCKET_NAME%/}${S3_BUCKET_PREFIX:+/}${S3_BUCKET_PREFIX}
Expand Down

0 comments on commit bbe0883

Please sign in to comment.