Docker/pfsense-backup
1
0
Fork 0
Code Issues Actions Packages Activity

Initial commit

Browse Source
This commit is contained in:
Kelvin Jasperson
2017-08-12 19:12:53 -06:00
commit a454bcd3bf
3 changed files with 114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+6
View File
@@ -0,0 +1,6 @@
FROM alpine
RUN apk update ; apk add wget
COPY pfsense-backup.sh /
VOLUME ["/data"]
CMD ["/pfsense-backup.sh"]
README.md
+43
View File
@@ -0,0 +1,43 @@
# zxjinn/pfsense-backup
## Short description
Runs a lightweight Alpine container to back up PFSense.
## Full details
This image can be used to run a one-time backup of PFSense, or it can be configured to stay in the background and retrieve backups on a user-specified schedule.
This has been tested to work against PFSense 2.3.3 and 2.3.4 and nothing else. It might stop working if PFSense changes something about how backups are completed. By default the backup will contain all the RRD data, if that is not desired see Parameters below.
### Running
#### One-time container
This is a good method for testing to ensure all the parameters are correct. If this command does not succeed, the cron-version below will most likely not succeed either.
Running this command will start the container, connect to the PFSense host specified with the credentials provided and retrieve a backup. The backup file will be placed in the directory the command was run from, the container will then quit.
```
docker run --rm --volume $(pwd):/data --env PFSENSE_USER=backupuser--env PFSENSE_IP=192.168.0.1 --env PFSENSE_PASS=changeme --env PFSENSE_SCHEME=https zxjinn/pfsense-backup
```
#### Continuous container
It's recommended to test the parameters with the one-time version above before trying the continuous backup mode out.
Running this command will start the container and send it to the background. While in the background the container will connect to the PFSense host specified with the credentials provided and retrieve a backup. The backup file will be placed in the directory the command was run from. On the cron schedule, a new backup file will be placed in that directory.
This specific command will back up once per day at midnight UTC, as the container's time zone is set to UTC.
```
docker run --detach --volume $(pwd):/data --env PFSENSE_USER=backupuser --env PFSENSE_IP=192.168.0.1 --env PFSENSE_PASS=changeme --env PFSENSE_SCHEME=https --env PFSENSE_CRON_SCHEDULE='0 0 * * *' zxjinn/pfsense-backup
```
### Parameters
- `PFSENSE_USER` Required. The PFSense user to log in with.
- `PFSENSE_PASS` Required. The password for the PFSense user specified.
- `PFSENSE_USER` Required. The IP (or DNS name) of the PFSense server.
- `PFSENSE_SCHEME` Required. Should either be `http` or `https`. This parameter is not validated.
- `PFSENSE_CRON_SCHEDULE` Optional. The cron schedule to use, should contain 5 items separated by spaces. This parameter is not validated. No default.
- `PFSENSE_BACK_UP_RRD_DATA`. Optional. Should be either 1 or 0. This parameters is not validated. Include RRD data in the backup? 1=yes, 0=no. Default=1.
## Help!
- Is the username correct?
- Is the password correct? Is it quoted properly?
- The container runs in the UTC timezone, so the cron schedule might be offset from what was expected.
## Credits
Hat tip to [furiousgeorge/pfsense-backup](https://hub.docker.com/r/furiousgeorge/pfsense-backup/) for the idea and some of the code, github at [hannah98/pfsense-backup](https://github.com/hannah98/pfsense-backup).
pfsense-backup.sh
Executable
+65
View File
@@ -0,0 +1,65 @@
#!/bin/sh
# function definition
function do_backup()
{
wget -qO- --keep-session-cookies --save-cookies cookies.txt \
--no-check-certificate ${url}/diag_backup.php \
| grep "name='__csrf_magic'" | sed 's/.*value="\(.*\)".*/\1/' > csrf.txt
wget -qO- --keep-session-cookies --load-cookies cookies.txt \
--save-cookies cookies.txt --no-check-certificate \
--post-data "login=Login&usernamefld=${PFSENSE_USER}&passwordfld=${PFSENSE_PASS}&__csrf_magic=$(cat csrf.txt)" \
${url}/diag_backup.php | grep "name='__csrf_magic'" \
| sed 's/.*value="\(.*\)".*/\1/' > csrf2.txt
wget --keep-session-cookies --load-cookies cookies.txt --no-check-certificate \
--post-data "download=download${getrrd}&__csrf_magic=$(head -n 1 csrf2.txt)" \
${url}/diag_backup.php -q -O /data/config-${PFSENSE_IP}-${timestamp}.xml
return_value=$?
if [ $return_value -eq 0 ]; then
echo "Backup saved as config-${PFSENSE_IP}-${timestamp}.xml"
else
echo "Backup failed"
exit 1
fi
rm cookies.txt csrf.txt csrf2.txt
}
# main execution
# check for required parameters
errors=0
if [ -z "$PFSENSE_IP" ]; then echo "Must provide PFSENSE_IP" ; errors=$(($errors + 1)) ; fi
if [ -z "$PFSENSE_USER" ]; then echo "Must provide PFSENSE_USER" ; errors=$(($errors + 1)); fi
if [ -z "$PFSENSE_PASS" ]; then echo "Must provide PFSENSE_PASS" ; errors=$(($errors + 1)); fi
if [ -z "$PFSENSE_SCHEME" ]; then echo "Must provide PFSENSE_SCHEME" ; errors=$(($errors + 1)); fi
if [ $errors -ne 0 ]; then exit 1; fi
# check for optional parameters
if [ -z "$PFSENSE_CRON_SCHEDULE" ]; then cron=0 ; else cron=1 ; fi
if [ -z "$PFSENSE_BACK_UP_RRD_DATA" ]; then
getrrd=""
else
if [ "$PFSENSE_BACK_UP_RRD_DATA" == "0" ] ; then
getrrd="&donotbackuprrd=yes"
else
getrrd=""
fi
fi
# set up variables
url=${PFSENSE_SCHEME}://${PFSENSE_IP}
timestamp=$(date +%Y%m%d%H%M%S)
if [ $cron -eq 1 ]; then
if [ -z "$FROM_CRON" ]; then
echo "$PFSENSE_CRON_SCHEDULE FROM_CRON=1 /pfsense-backup.sh" | crontab -
crond -f
else
do_backup
fi
else
do_backup
fi