Backups and disaster recovery

Estimated reading time: 3 minutes

When you decide to start using Docker Trusted Registry on a production setting, you should configure it for high availability.

The next step is creating a backup policy and disaster recovery plan.

DTR data persistency

Docker Trusted Registry persists:

  • Configurations: the cluster configurations are stored on a key-value store that is replicated through all DTR replicas.
  • Repository metadata: the information about the repositories and images deployed. This information is replicated through all DTR replicas.
  • Certificates and keys: the certificates, public keys, and private keys that are used for mutual TLS communication.

This data is persisted on the host where DTR is running, using named volumes. Learn more about DTR named volumes.

DTR also persists Docker images on the filesystem of the host running DTR, or on a cloud provider, depending on the way DTR is configured.

Backup DTR data

To perform a backup of a DTR node, use the backup command. This command creates a backup of DTR:

  • Configurations,
  • Repository metadata,
  • Certificates and keys used by DTR.

These files are added to a tar archive, and the result is streamed to stdout.

The backup command does not create a backup of Docker images. You should implement a separate backup policy for the Docker images, taking in consideration whether your DTR installation is configured to store images on the filesystem or using a cloud provider.

The backup command also doesn’t create a backup of the users and organizations. That data is managed by UCP, so when you create a UCP backup you’re creating a backup of the users and organizations metadata.

When creating a backup, the resulting .tar file contains sensitive information like private keys. You should ensure the backups are stored securely.

You can check the reference documentation, for the backup command to learn about all the available flags.

As an example, to create a backup of a DTR node, you can use:

$ docker run -i --rm docker/dtr backup \
  --ucp-url <ucp-url> \
  --ucp-insecure-tls \
  --existing-replica-id <replica-id> \
  --ucp-username <ucp-admin> \
  --ucp-password <ucp-password> > /tmp/backup.tar

Where:

  • --ucp-url is the address of UCP,
  • --ucp-insecure-tls is to trust the UCP TLS certificate,
  • --existing-replica-id is the id of the replica to backup,
  • --ucp-username, and --ucp-password are the credentials of a UCP administrator.

To validate that the backup was correctly performed, you can print the contents of the tar file created:

$ tar -tf /tmp/backup.tar

Restore DTR data

You can restore a DTR node from a backup using the restore command. This command performs a fresh installation of DTR, and reconfigures it with the configuration created during a backup.

The command starts by installing DTR, restores the configurations stored on etcd, and then restores the repository metadata stored on RethinkDB. You can use the --config-only option, to only restore the configurations stored on etcd.

This command does not restore Docker images. You should implement a separate restore procedure for the Docker images stored in your registry, taking in consideration whether your DTR installation is configured to store images on the filesystem or using a cloud provider.

You can check the reference documentation, for the backup command to learn about all the available flags.

As an example, to install DTR on the host and restore its state from an existing backup:

# Install and restore configurations from an existing backup
$ docker run -i --rm \
  docker/dtr restore \
  --ucp-url <ucp-url> \
  --ucp-insecure-tls \  
  --ucp-username <ucp-admin> \
  --ucp-password <ucp-password> \
  --dtr-external-url <dtr-url> < /tmp/backup.tar

Where:

  • --ucp-url is the address of UCP,
  • --ucp-insecure-tls is to trust the UCP TLS certificate,
  • --ucp-username, and --ucp-password are the credentials of a UCP administrator,
  • --dtr-external-url is the domain name or ip where DTR can be reached.

Where to go next

chat icon Feedback? Suggestions? Can't find something in the docs?
Edit this page Request docs changes Get support
Rate this page: