Docker recently introduced a new utility called Docker Machine (currently in beta) that will make it easier to deploy Docker to the cloud or to hypervisors such as Hyper-V. Running Docker as a virtual server adds an extra layer of complexity, so administrators must consider what is needed to protect Docker.
To successfully back up a Docker deployment running within a Hyper-V virtual server, you must understand the anatomy of the Docker virtual server. You also need to understand what happens when you run a Hyper-V-aware backup.
Creating a Docker host
Docker Machine allows a Docker host to be deployed in a standardized way in the cloud and virtual server environments. Docker Machine accomplishes this by using drivers for the various environments in which Docker can be deployed. For instance, drivers are available for Amazon Web Services, Hyper-V, Microsoft Azure, Rackspace and others.
To create a Docker host on a Hyper-V server, you need to download and install OpenSSH and the Windows version of Docker Machine. You should also add the OpenSSH binaries to your Hyper-V server path so Docker Machine can find them.
Once the required components are in place, creating a Docker host is as easy as running a single command. Open an elevated Command Prompt window, navigate to the folder containing Docker Machine and then enter the executable name (Docker-machine_windows-amd64.exe) followed by the -d switch, the name of your driver (in this case, Hyper-V) and the name you want to assign to the virtual machine (VM) you are creating. For instance, the command might look something like this:
Docker-machine_windows-amd64.exe -d hyper-v Docker
When this command is run, Docker Machine completes several different tasks. Some of the more significant ones (from a backup perspective) include:
- Creating a virtual hard disk (VHD) using the name specified in the command line;
- Downloading a DVD image named Boot2Docker.ISO;
- Creating a VM;
- Linking the Boot2Docker.ISO file to the newly created VM as a virtual DVD drive;
- Linking the VHD to the VM;
- Starting the VM; and
- Assigning the VM an IP address and port number.
Protecting the Docker host
On the surface, it would seem that protecting the newly created Docker host would work the same way as protecting any other Hyper-V VM. And in many ways, it does. As with most Hyper-V VMs, protecting the Docker host involves using a Hyper-V-aware backup application to perform a host-level backup. However, there are some special considerations.
The Docker host depends on some components that are external to the VM. Some Hyper-V backup applications back up VM components such as VHDs, configuration files and snapshots, but ignore anything else that might exist on the host. Microsoft best practices have long stated that you should not run applications in the Hyper-V parent partition, so some backup applications do not protect the contents of the parent partition unless you specifically tell them to.
In the case of a Docker host, the parent partition contains the Docker Machine executable. Although this executable is used to create a Docker host, it can also be used to perform other tasks such as retrieving a list of Docker hosts, removing a Docker host and so on. As such, it is important to protect the Docker Machine executable.
OpenSSH is used in the creation of Docker hosts, so you need to protect the OpenSSH configuration information (which is stored in files within the OpenSSH folder structure).
You will also need to protect the Boot2Docker.ISO file. Docker hosts boot from this file (not from the VHD). Ensure your backup application not only protects the ISO file, but that VM-level restorations maintain the link between the VM and the ISO file.
Boot2Docker is a tiny Linux kernel approximately 23 MB in size. As such, Boot2Docker does not contain Hyper-V Integration Services. This means your Docker host VM cannot take advantage of Volume Shadow Copy Service-enabled backups. VMs without Hyper-V Integration Services installed must be momentarily placed in a saved state until a snapshot can be created. VMs are normally only placed in a saved state for a very brief period of time.
About the author:
Brien M. Posey, MCSE, has received Microsoft's MVP award for Exchange Server, Windows Server and Internet Information Server. Brien has served as CIO for a nationwide chain of hospitals and has been responsible for the Department of Information Management at Fort Knox. Visit Brien's personal website.