Added 2 separate restic containers one for S3 other for GC. #50
Conversation
TheDivine
force-pushed
the
MBSD-297/Restic-for-aws-and-gc
branch
from
baf926d to
0f5e928
Compare
| @@ -7,7 +7,7 @@ services: | |||
| restart: unless-stopped | |||
| environment: | |||
| - MYSQL_ROOT_HOST=% | |||
| - MYSQL_ROOT_PASSWORD=$MW_DB_INSTALLDB_PASS | |||
| - MYSQL_ROOT_PASSWORD=/run/secrets/db_root_password | |||
There was a problem hiding this comment.
Should not this be MYSQL_ROOT_PASSWORD_FILE ?
| @@ -37,7 +37,7 @@ services: | |||
| - MW_DB_INSTALLDB_USER=root | |||
| - MW_DB_INSTALLDB_PASS | |||
| - MW_DB_USER=root | |||
| - MW_DB_PASS=$MW_DB_INSTALLDB_PASS | |||
| - MW_DB_PASS=/run/secrets/db_root_password | |||
There was a problem hiding this comment.
This won't work by itself, please see how it's done here https://github.com/WikiWorks/docker-wikicity.com/blob/main/config/LocalSettings.php#L96
| @@ -118,7 +118,9 @@ services: | |||
| - MATOMO_DATABASE_HOST=db | |||
| - MATOMO_DATABASE_DBNAME=matomo | |||
| - MATOMO_DATABASE_USERNAME=root | |||
| - MATOMO_DATABASE_PASSWORD=$MW_DB_INSTALLDB_PASS | |||
| - MATOMO_DATABASE_PASSWORD=/run/secrets/db_root_password | |||
There was a problem hiding this comment.
This also won't work. The variable is expected to contain a password string, not a path to the password file. We may need to invent something here, I welcome @pastakhov for input
| profiles: | ||
| - production | ||
| restart: unless-stopped | ||
| links: | ||
| - db | ||
| environment: | ||
| - MW_DB_USER=root | ||
| - MW_DB_PASS=$MW_DB_INSTALLDB_PASS | ||
| - MW_DB_PASS=/run/secrets/db_root_password |
There was a problem hiding this comment.
Same as above - this won't work like that, the variable is expected to contain a password string, not a path to a file containing a password
| - MW_DB_NAME=$MW_DB_NAME | ||
| - RESTIC_REPOSITORY_FILE=/run/secrets/restic_s3_repository |
There was a problem hiding this comment.
I don't think repository should be made secret
| - RESTIC_TAG=backup_full | ||
| - AWS_SHARED_CREDENTIALS_FILE=/run/secrets/aws_credentials |
There was a problem hiding this comment.
We should use AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY instead https://github.com/WikiTeq/restic-backup-docker?tab=readme-ov-file#environment-variables
| - db | ||
| environment: | ||
| - MW_DB_USER=root | ||
| - MW_DB_PASS=/run/secrets/db_root_password |
| - RESTIC_REPOSITORY_FILE=/run/secrets/restic_gc_repository | ||
| - RESTIC_PASSWORD_FILE=/run/secrets/restic_password | ||
| - RESTIC_TAG=backup_full | ||
| - GOOGLE_APPLICATION_CREDENTIALS=/run/secrets/gcloud_credentials |
There was a problem hiding this comment.
As per https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#google-cloud-storage there should be both GOOGLE_PROJECT_ID and GOOGLE_APPLICATION_CREDENTIALS set
Added 2 separate restic containers one for S3 other for GC and use secrets
MBSD-297