Sign in Subscribe
Docker

Docker Consolidation Project, Part Four

David Buhlman

3 min read
Docker Consolidation Project, Part Four
Photo by Julia Craice / Unsplash

Migrate Authentik Security

So this will be an interesting one since I have foolishly not set up any backups for it yet. I did find some documentation for a backup. docker-compose run --rm worker backup

Install Authentik Security on DOCKER-01

Steps performed on DOCKER-01

  • sudo mkdir /apps/Authentik-Security

After installing Authentik on DOCKER-01 I see that Authentik on AUTHENTIK-01 is behind a version, so I should update that before I try to backup or migrate any data.

Steps performed on AUTHENTIK-01

  • sudo apt update
  • sudo apt upgrade
  • cd /apps/authentik
  • sudo docker-compose down
  • sudo docker-compose pull
  • sudo docker-compose up -d
  • sudo docker-compose run --rm worker backup
    • Unknown command: 'backup'
  • sudo docker-compose down

Ahhh well I see now that this was deprecated and removed some time ago. So there's no backup? Yup, no backup, they recommend an actual backup software to perform the backup. Ok, so I guess my best guess would be to try and just copy over the container's data?

  • mkdir /home/david/Backups
  • sudo cp -r /apps/authentik/. /home/david/Backups/authentik
  • sudo cp -r /var/lib/docker/volumes/authentik_database/. /home/david/Backups/authentik_database
  • sudo cp -r /var/lib/docker/volumes/authentik_redis/. home/david/Backups/authentik_redis
  • sudo chown -R david:david /home/david/Backups

Steps performed on desktop via Windows Subsystem for Linux

  • rsync -av -e "ssh -i /home/david/.ssh/authentik-01" [email protected]:/home/david/Backups/authentik /mnt/e/domain.local/AUTHENTIK-01/
  • rsync -av -e "ssh -i /home/david/.ssh/authentik-01" [email protected]:/home/david/Backups/authentik_database/ /mnt/e/domain.local/AUTEHNTIK-01/
  • rsync -av -e "ssh -i /home/david/.ssh/authentik-01" [email protected]:/home/david/Backup/authentik_redis /mnt/e/domain.local/AUTHENTIK-01/

Except my commands fail out. That's because I need to install rsync on AUTHENTIK-01.

Steps performed on AUTHENTIK-01

  • sudo apt install rsync
  • I then combine all the files I want to transfer into home/david/authentik-backup.tar.gz

Steps performed on DOCKER-01

  • sudo apt install rsync

Steps performed on desktop via Windows Subsystem for Linux

  • rsync -av -e "ssh -i /home/david/.ssh/authentik-01" [email protected]:/home/david/authentik-backup.tar.gz /mnt/e/domain.local/AUTHENTIK-01/authentic-backup.tar.gz
  • rsync -av -e "ssh -i /home/david/.ssh/docker-01" /mnt/e/domain.local/AUTHENTIK-01/authentik-backup.tar.gz [email protected]:/home/david/authentik-backup.tar.gz

Steps performed on DOCKER-01

  • tar -xvf authentik-backup.tar.gz
  • cd /home/david/home/david/Backups
  • sudo cp /authentik/docker-compose.yml /apps/Authentik-Security/docker-compose.yml
  • sudo cp /authentik/.env /apps/Authentik-Security/.env
  • sudo docker-compose pull
  • sudo cp -R /home/david/home/david/Backups/authentik/certs/ /apps/Authentik-Security/
  • sudo cp -R /home/david/home/david/Backups/authentik/custom-templates/apps/Authentik-Security
  • sudo cp -R /home/david/home/david/Backups/authentik/media/ /apps/Authentik-Security
  • cd /var/lib/docker/volumes
  • sudo cp -R /home/david/home/david/Backups/authentik_database/ /var/lib/docker/volumes/authentik_database
  • sudo cp -R /home/david/home/david/Backups/authentik_redis/ /var/lib/docker/volumes/authentik_redis
  • sudo docker-compose up -d

I test in my browser by going to http://docker1.domain.local:9000 and its successful, the page loads. But it gives me an error of Failed to authenticate when I try to login. Did I need to copy my files over after the initial build up? Let's test it out.

  • sudo docker-compose down
  • sudo cp -R /home/david/home/david/Backups/authentik_database /var/lib/docker/volumes/authentik-security_database/
  • sudo cp -R /home/david/home/david/Backups/authentik_redis/ /var/lib/docker/volumes/authentik-security_redis/
  • sudo docker-compose up -d

Still not seeing any of my data in Authentik. That's because I did not get it copied in to the correct directories. Once I did, poof! It worked like a charm! I do see that Bookstack is having trouble connecting though. It might be due to AUTHENTIK-01's IP address is hard coded somewhere in Bookstack at this point. Or more likely the DNS is hard coded and I have to update that.

I do confirm that authentik.domain.local is hard coded into Bookstack's .env file. So once I move the DNS everything should be working.

Steps performed on DC-02 via Windows Admin Center

  • I navigate to DNS
  • I select domain.local
  • I select AUTHENTIK.domain.local from AUTHENTIK-01's IP address to DOCKER-01's IP address