- What’s your ENow AppGov Score? Free Microsoft Entra ID app security assessment - Thu, Nov 30 2023
- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
With Docker, the most predominant container runtime in the enterprise, how can you perform Docker backup and protect critical containers?
Application and data
Backing up your containers usually involves backing up the container itself (the application) and the container data. If you have persistent data, it is best to have it mounted on the host or some other storage location where the data can be protected outside the container. Even virtual machine backups will do if your container host is a VM.
The folder below, "/homelabservices/unifi/data/lib," is a persistent folder on the Docker container host.
Built-in Docker commands for container backup
The following built-in Docker container commands allow you to back up the container and images:
- docker commit
- docker save
- docker export
With the docker commit command, you can save the running container to a new image, including the changes you made to the running container. It is a handy command if you start the container from a specific image and then need to make several changes. In addition, the commit command can save the currently running container to a container image.
With regard to the Docker backup container process, this is an excellent command to save an image of your currently running container. Use the following command:
docker commit <container name> <container image name>
The docker save command allows you to save one or more images to a TAR file. In addition, the save command preserves the image layer information, including history and metadata. Once you have the TAR file, you can copy it to a new container host and run the docker load command to load the saved images onto the new Docker host.
Below, we use the following command to list the images and see the newly created image:
docker image ls
Once you have a TAR file backup of the Docker image, you can run the docker load command to load the image from the TAR file using the following:
docker load -I <tar file name>
With the docker export command, you can export the file system contents for a specific container as a TAR archive file. Using the docker import command, you can then import the TAR file as a Docker image. Since the docker export command captures the file system, it can be used to grab the data that exists in the container, which allows the data to be backed up/moved.
Use the following command to export the file system of a Docker container:
docker export <container name> > <tar file name>
You can untar the TAR file and mount it into a directory that contains the exported data. After untarring the file, we use the ls command to list the contents of the container file system.
Docker backup container process
Let's look at backing up a container on one Docker host and restoring the backup on either the same or a different host. In the walkthrough, we will take a running Nginx container, modify a file within the container, commit the container to a new image, and then save the container as a TAR file that we can move off the Docker host.
Using the commands above to back up your container, use the following workflow:
Backing up the container application
You can use the following tools to back up your container application:
- Use docker commit to commit your running container to a new image.
- Use docker save to save the image to a TAR file.
Backing up your container application data
To back up the container application data mounted in a persistent folder on your Docker host, you can use VM-level image backup tools provided by your data protection solution to grab a low-level copy of your container data. However, you can also use the docker export command to export the contents of your running container file system to have a copy of your data.
Below, we have modified the configuration for an Nginx container, thereby customizing the Nginx configuration file.
After using the docker commit and docker save commands to save the image to a TAR file, you can use the docker load command to load the container into your image repositories on your target Docker host. You can copy your data to the appropriate folders if you have persistent data that needs mounting.
After loading the image and running the container, you can see that the loaded container image includes the configuration changes. You can load a saved Docker container image using the following command:
docker load -i <tar file from save command>
On the target Docker container host, spinning up a new Nginx container using the committed/saved image includes the changes as expected.
Subscribe to 4sysops newsletter!
The built-in Docker commands, including docker commit, save, and export, allow you to keep your application changes and even export a copy of the data mounted in your containers. Having a data protection solution backing up your file data is a good idea. As organizations move to a more modern app footprint, it's important to understand how to back up your Docker containers and data.