parent
f6a873c954
commit
9aafaa623a
@ -1,2 +0,0 @@ |
|||||||
FROM nginx:1.19 |
|
||||||
COPY index.html /usr/share/nginx/html/index.html |
|
@ -1,36 +1,43 @@ |
|||||||
version: '2.0' |
version: '3.8' |
||||||
services: |
|
||||||
|
|
||||||
# REGISTRY |
services: |
||||||
registry: |
registry-ui: |
||||||
image: registry:2.6.2 |
image: joxit/docker-registry-ui:main |
||||||
container_name: registry |
container_name: registry-ui |
||||||
|
restart: always |
||||||
ports: |
ports: |
||||||
- "5000:5000" |
- 8087:80 |
||||||
environment: |
environment: |
||||||
REGISTRY_AUTH: htpasswd |
- SINGLE_REGISTRY=true |
||||||
REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm |
- REGISTRY_TITLE=Docker Registry UI |
||||||
REGISTRY_AUTH_HTPASSWD_PATH: /auth/htpasswd |
- DELETE_IMAGES=true |
||||||
volumes: |
- SHOW_CONTENT_DIGEST=true |
||||||
- ./auth:/auth |
- NGINX_PROXY_PASS_URL=http://registry:5000 |
||||||
- ./registry-data:/var/lib/registry |
- SHOW_CATALOG_NB_TAGS=true |
||||||
- ./registry-config:/etc/docker/registry |
- CATALOG_MIN_BRANCHES=1 |
||||||
|
- CATALOG_MAX_BRANCHES=1 |
||||||
|
- TAGLIST_PAGE_SIZE=100 |
||||||
|
- REGISTRY_SECURED=false |
||||||
|
- CATALOG_ELEMENTS_LIMIT=1000 |
||||||
networks: |
networks: |
||||||
- registry-ui-net |
- registry-ui-net |
||||||
|
|
||||||
# UI |
registry: |
||||||
ui: |
image: registry:2.8.2 |
||||||
image: joxit/docker-registry-ui:1.5-static |
container_name: registry |
||||||
container_name: ui_registry |
restart: always |
||||||
ports: |
|
||||||
- 8087:80 |
|
||||||
environment: |
environment: |
||||||
- REGISTRY_TITLE=DockerRegistry |
REGISTRY_HTTP_HEADERS_Access-Control-Origin: '[http://registry.example.com]' |
||||||
- REGISTRY_URL=http://registry:5000 |
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]' |
||||||
depends_on: |
REGISTRY_HTTP_HEADERS_Access-Control-Credentials: '[true]' |
||||||
- registry |
REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]' |
||||||
|
REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]' |
||||||
|
REGISTRY_STORAGE_DELETE_ENABLED: 'true' |
||||||
|
volumes: |
||||||
|
- ./registry/data:/var/lib/registry |
||||||
|
- ./registry-config:/etc/docker/registry |
||||||
networks: |
networks: |
||||||
- registry-ui-net |
- registry-ui-net |
||||||
|
|
||||||
networks: |
networks: |
||||||
registry-ui-net: |
registry-ui-net: |
@ -1,5 +0,0 @@ |
|||||||
<html> |
|
||||||
<title>Hello Docker</title> |
|
||||||
<p>Hello le Garage numerique!</p> |
|
||||||
</html> |
|
||||||
|
|
@ -0,0 +1,39 @@ |
|||||||
|
version: 0.1 |
||||||
|
log: |
||||||
|
fields: |
||||||
|
service: registry |
||||||
|
storage: |
||||||
|
delete: |
||||||
|
enabled: true |
||||||
|
cache: |
||||||
|
blobdescriptor: inmemory |
||||||
|
filesystem: |
||||||
|
rootdirectory: /var/lib/registry |
||||||
|
maintenance: |
||||||
|
uploadpurging: |
||||||
|
enabled: true |
||||||
|
age: 168h |
||||||
|
interval: 24h |
||||||
|
dryrun: false |
||||||
|
readonly: |
||||||
|
enabled: false |
||||||
|
http: |
||||||
|
addr: :5000 |
||||||
|
headers: |
||||||
|
X-Content-Type-Options: [nosniff] |
||||||
|
Access-Control-Allow-Origin: ['http://127.0.0.1:8000'] |
||||||
|
Access-Control-Allow-Credentials: [true] |
||||||
|
Access-Control-Allow-Methods: ['HEAD', 'GET', 'OPTIONS', 'DELETE'] |
||||||
|
Access-Control-Allow-Headers: ['Authorization', 'Accept', 'Cache-Control'] |
||||||
|
Access-Control-Max-Age: [1728000] |
||||||
|
Access-Control-Allow-Credentials: [true] |
||||||
|
Access-Control-Expose-Headers: ['Docker-Content-Digest'] |
||||||
|
auth: |
||||||
|
htpasswd: |
||||||
|
realm: basic-realm |
||||||
|
path: /etc/docker/registry/htpasswd |
||||||
|
health: |
||||||
|
storagedriver: |
||||||
|
enabled: true |
||||||
|
interval: 10s |
||||||
|
threshold: 3 |
Binary file not shown.
@ -1,63 +0,0 @@ |
|||||||
#!/bin/bash |
|
||||||
|
|
||||||
#//// GREG POUR LE GARAGE NUMERIQUE \\\\# |
|
||||||
|
|
||||||
# Ce script fonctionne avec le docker-compose.yml du projet https://gitlab.com/greglebreton/docker.git -> branche docker-registry |
|
||||||
# Ce script maintient un registre privée accueillant des sauvegardes de conteneurs quotidiennement de manière automatisée. |
|
||||||
# Le delta est exprimé en jour et est effectué par comparaison entre la date du jour et la date d'enregistrement de l'image. |
|
||||||
|
|
||||||
date=$(date +"%Y-%m-%d") |
|
||||||
|
|
||||||
# A RENSEIGNER |
|
||||||
## chemin vers le dossier docker cloné sans le dernier / |
|
||||||
registryPath="" |
|
||||||
## exemple monRegistreDocker.monDomaine.com |
|
||||||
dockerRegistryAdress="" |
|
||||||
## nombre de jours de sauvegarde à conserver par rapport à la date du jour (à ajuster si les sauvegardes ne sont pas quotidiennes) |
|
||||||
max="" |
|
||||||
## registres à ignorer |
|
||||||
exceptions=( "container1" "container2" ) |
|
||||||
|
|
||||||
################################################################################################### |
|
||||||
|
|
||||||
echo "docker clean start..." |
|
||||||
|
|
||||||
## DOCKER LIST IMG REGISTRY |
|
||||||
registry=$(ls $registryPath/registry-data/docker/registry/v2/repositories/) |
|
||||||
|
|
||||||
## DOCKER LIST TAGS FOR EACH REPO |
|
||||||
for repo in $registry |
|
||||||
do |
|
||||||
for ex in ${exceptions[@]} |
|
||||||
do |
|
||||||
if [ $repo == $ex ] |
|
||||||
then |
|
||||||
break |
|
||||||
else |
|
||||||
tags=$(ls $registryPath/registry-data/docker/registry/v2/repositories/$repo/_manifests/tags/) |
|
||||||
|
|
||||||
for tag in $tags |
|
||||||
do |
|
||||||
datebackup=$(stat -c '%w' $registryPath/registry-data/docker/registry/v2/repositories/$repo/_manifests/tags/$tag) |
|
||||||
gooddatebackup="${datebackup:0:10}" |
|
||||||
|
|
||||||
echo $gooddatebackup |
|
||||||
|
|
||||||
if [ ${tag:0:2} == "01" ] |
|
||||||
then |
|
||||||
break |
|
||||||
else |
|
||||||
let delta=($(date +%s -d $date)-$(date +%s -d $gooddatebackup))/86400 |
|
||||||
|
|
||||||
if [ $delta -gt $max ] |
|
||||||
then |
|
||||||
echo "$dockerRegistryAdress/$repo:$tag deleted!" |
|
||||||
regctl tag rm $dockerRegistryAdress/$repo:$tag |
|
||||||
fi |
|
||||||
fi |
|
||||||
done |
|
||||||
fi |
|
||||||
done |
|
||||||
done |
|
||||||
|
|
||||||
echo "registre nettoyé" |
|
@ -1,89 +0,0 @@ |
|||||||
#!/bin/bash |
|
||||||
|
|
||||||
#//// GREG POUR LE GARAGE NUMERIQUE \\\\# |
|
||||||
|
|
||||||
# Script automatisant le push de conteneur vers un registre privé de backups ainsi que les volumes correspondants. |
|
||||||
# Le docker login au registre doit être effectué au moins une fois manuellement. |
|
||||||
# Configurer l'adresse du registre ainsi que les informations sur le serveur de backups |
|
||||||
# Les volumes et labels sont archivés et transférés par ssh vers le serveur de backup une fois par mois (le 1er). |
|
||||||
|
|
||||||
############################## CONFIG ############################## |
|
||||||
|
|
||||||
date=`date +%d-%m` |
|
||||||
# dockerregistry="monregistre.mondomaine.com" |
|
||||||
dockerregistry="" |
|
||||||
# sshHost="user@server-IP" |
|
||||||
sshHost="" |
|
||||||
# sshPort=9999 |
|
||||||
sshPort= |
|
||||||
backupFolder="~/docker-volumes-backup/" |
|
||||||
# exceptions=( "container1" "container2") |
|
||||||
#exceptions=( "" ) |
|
||||||
|
|
||||||
############################## CONTAINERS BACKUP ############################## |
|
||||||
|
|
||||||
# LISTING DES CONTAINERS |
|
||||||
stack=$(docker ps -aq) |
|
||||||
|
|
||||||
for container in $stack |
|
||||||
do |
|
||||||
echo "backup du conteneur $container" |
|
||||||
# GET CONTAINER NAME |
|
||||||
docker inspect --format='{{.Name}}' $container > containers.txt |
|
||||||
containerName=$(sed 's/[/]*//' containers.txt) |
|
||||||
|
|
||||||
for exception in ${exceptions[@]} |
|
||||||
do |
|
||||||
if [ $container == $exception ] |
|
||||||
then |
|
||||||
break |
|
||||||
else |
|
||||||
# COMMIT AND PUSH TO REGSTRY |
|
||||||
docker container commit $container $dockerregistry$containerName-backup:$date |
|
||||||
docker push $dockerregistry$containerName-backup:$date |
|
||||||
fi |
|
||||||
done |
|
||||||
done |
|
||||||
|
|
||||||
# CLEANING |
|
||||||
rm -rf containers.txt |
|
||||||
|
|
||||||
############################## VOLUMES & LABELS BACKUP ############################## |
|
||||||
|
|
||||||
if [ ${date:0:02} == "01" ] |
|
||||||
then |
|
||||||
# LISTING DES VOLUMES |
|
||||||
volumes=$(docker volume ls -q) |
|
||||||
|
|
||||||
for volume in $volumes |
|
||||||
do |
|
||||||
echo "backup du volume $volume" |
|
||||||
|
|
||||||
# GET CONTAINER ID |
|
||||||
containerId=$(docker ps -a -q --filter volume=$volume) |
|
||||||
# GET CONTAINER NAME |
|
||||||
docker inspect --format='{{.Name}}' $containerId > volumes.txt |
|
||||||
container=$(sed 's/[/]*//' volumes.txt) |
|
||||||
|
|
||||||
# STOP THE CONTAINER (FOR VOLUMES INTEGRITY) |
|
||||||
docker stop $container |
|
||||||
# BACKUP VOLUME IN ARCHIVE |
|
||||||
docker run -v $volume:/volume -v $(pwd)/backup:/backup --rm loomchild/volume-backup backup volumes/$container-volume:$date |
|
||||||
# BACKUP DOCKER VOLUMES LABELS |
|
||||||
docker inspect $volume -f "{{json .Labels}}" > backup/labels/$container-labels.json |
|
||||||
# RESTART THE CONTAINER |
|
||||||
docker start $container |
|
||||||
|
|
||||||
# CLEANING |
|
||||||
rm -rf volumes.txt |
|
||||||
done |
|
||||||
|
|
||||||
# MV VOLUMES & LABELS BACKUP TO BACKUP HOST |
|
||||||
scp -r -P $sshPort $(pwd)/backup/* $sshHost:$backupFolder |
|
||||||
# CLEANING |
|
||||||
rm -rf containers.txt; rm -rf $(pwd)/backup/volumes/*; rm -rf $(pwd)/backup/labels/* |
|
||||||
|
|
||||||
echo "copie des archives de volumes vers le serveur de backup ok" |
|
||||||
fi |
|
||||||
|
|
||||||
echo "backup des containers terminée" |
|
Loading…
Reference in new issue