62826: Acronis Cyber Protect: How to create a Docker container with Agent for Linux

use Google Translate

    Last update: 19-04-2022

    This article applies to:

    • Acronis Cyber Cloud 21.03 and later
    • Acronis Cyber Protect 15 Build 24426 and later

    Introduction

    The guide describes the steps required to set up and configure a Docker container with Acronis Agent for Linux, which can then be used to run on any Docker host in order to perform off-host data processing operations and/or protect data hosted on network shares (for example from NAS devices).

    The examples provided in this guide are describing Docker running on a Synology NAS device, but the prepared Docker image can be used to run containers on any platform which supports Docker.

    The described solution applies to both Acronis Cyber Protect 15 installed locally or managed from the cloud (“Cloud deployment” mode) and Acronis Cyber Protect Cloud.

    High-level overview

    This guide covers the following topics:

    1. How to build a new Docker image based on any version (build #) of Acronis Agent for Linux, using Acronis-provided “Dockerfile” and startup scripts plus standard “CentOS” image from Docker repository.
    2. How to create and configure the Docker container from the prepared Docker image and run it on Synology NAS devices Docker containerization software.
    3. Which licenses are required for the Dockerized agent.
    4. How to update the Dockerized agent to the most recent version of Acronis Cyber Protect 15/Acronis Cyber Protect Cloud when new updates come out.

    Preparation

    1. (Optional) If you plan to run Docker host on your NAS device, then check if your NAS model is compatible with containerization software. Examples:

    NOTE (!): NAS devices using ARM CPU are not supported. See for example How can I determine whether my NAS uses an ARM or x86 processor?

    2. Required licenses. The common rule is that the license required for Acronis Agent for Linux running inside Docker container matches the license required for the machine where you run Docker host. If you run Docker on a NAS device, then it is considered as a Linux machine with the following license requirements:

    1. One “Acronis Cyber Protect 15 Standard Server” or “Acronis Cyber Protect 15 Advanced Server” license if you use Acronis Cyber Protect 15 installed locally (local deployment mode).
    2. One quota of "Servers" offering item if you use Acronis Cyber Protect Cloud or Acronis Cyber Protect 15 in “Cloud deployment” mode.

    3. Prepare registration token for registering Acronis Backup agent in Acronis Cyber Protect Cloud platform OR in Acronis Cyber Protect 15 running locally:

    •  Login to the Acronis Cyber Cloud Portal (https://cloud.acronis.com/) and log into Backup console OR log into Backup console of locally installed Acronis Cyber Protect 15
    •  (If you use Acronis Cyber Protect Cloud) Copy the address of the datacenter assigned to your account for later use (https://us4-cloud.acronis.com in the below example)

    • From All devices list click Add in the right upper corner and Generate a new registration token. COPY the token for later use

    Create Docker container on Synology NAS

    1. Go to your Synology NAS Administration Portal and open “Package Center”. 
    2. Search for “Docker” and click “Install” if it’s not installed:

    3. Open “Docker” application, search for “centos” container image in “Registry” menu and download this image 

       Alternatively, you can run Docker CLI command by connecting to Docker host (Synology NAS) via SSH client: “docker pull centos:latest

    4. Download and unpack Dockerfile and start.sh scripts from https://dl.acronis.com/u/DockerAgent/AcronisDockerScripts.zip
    5. Review the contents of “Dockerfile” and adjust the 1st line if you want to use a different base OS image (“centos:latest” in the above example) which will be used to create a new Docker image with Acronis Agent for Linux inside. Make sure to select the OS supported by Acronis Agent for Linux.
    6. Create a new shared folder under \docker\ (created by default after Docker app installation) and upload the “Dockerfile” + “start.sh” files to it, for example, via “File Station” tool on Synology NAS. On the below screenshot the new folder is “AcronisAgent”:

    7. Enable SSH access to your Synology NAS device: Control Panel -> Terminal & SNMP -> Enable SSH service

    8. Connect to your Synology NAS device which acts as a Docker host via any SSH client (for example Putty) using an account with administrator privileges and build the container using the following command:

      sudo docker build --build-arg src_path="[HTTPs URL to installation file]" -t [image name]:[image tag] [path to Dockerfile folder]

      …where:

      1. [HTTPs URL to installation file] = link to the installation package which includes Acronis Cyber Protect Agent for Linux. NOTE (!): there must be "" quotes used for the path to avoid syntax errors.

        i. Example for Acronis Cyber Protect 15 (on-premises): https://dl.acronis.com/u/AcronisCyberProtect15/Release/AcronisCyberProtect_15_64-bit.x86_64 

        Note: this link is for full Acronis Cyber Protect 15 Linux-based installation package, which includes Agent for Linux.

        ii.    Example for Acronis Cyber Protect Cloud (cloud): 
        https://mc-beta-cloud.acronis.com/download/u/baas/4.0/15.0.27493/CyberProtect_AgentForLinux_x86_64.bin 

        Note: the links to required installation packages can be retrieved from Devices -> click Add -> Linux -> start downloading and cancel -> retrieve the URL from your browser Downloads page: 

      2. [image name]:[image tag] = the name and version of the container image to be created

      3. [path to Dockerfile folder] = local path to Dockerfile folder on the Docker host

      Example #1: The below command will create a Docker container image with the latest Acronis Cyber Protect 15 update:

      sudo docker build --build-arg src_path="https://dl.acronis.com/u/AcronisCyberProtect15/Release/AcronisCyberProtect_15_64-bit.x86_64" -t acronis_agent:27009 /volume1/docker/AcronisAgent/

      Example #2: This command will create a Docker container image with Acronis Cyber Protect Cloud Agent for Linux build #27493 from https://beta-cloud.acronis.com:

      sudo docker build --build-arg src_path="https://mc-beta-cloud.acronis.com/download/u/baas/4.0/15.0.27493/CyberProtect_AgentForLinux_x86_64.bin" -t acroniscloud_agent:27493 /volume1/docker/AcronisAgent/

      This command may take several minutes to finish, as it will download the Acronis installation file into the Docker host first. The process should complete with the following or similar outputs:

    9. Add a new network in Docker app configuration via Synology DSM UI or ensure that existing configured networks provide proper external connections for containers. The new network is required on Synology since the default ‘bridge’ network does not have default Gateway configured which is essential for proper networking operations for Acronis Agent for Linux:

    10. Launch the container from the downloaded image with the following parameters to pay attention to:
      1. Container Name” value will be used as the agent hostname after registration on the management server
      2. Execute container using high privilege” option must be enabled:

      3. The container must be connected to the newly created network:

    11. Switch back to Putty interface and register the agent on Acronis Management Server via RegisterAgent tool (see on-premise and cloud documentation for more details about the tool usage):
      1. List the started containers via “sudo docker ps” command -> note the “Names” value for the started container
      2. Run the following command which will trigger the agent registration inside the container:
        1. Acronis Cyber Protect 15: 

          sudo docker exec -it [container name or ID] /usr/lib/Acronis/RegisterAgentTool/RegisterAgent -a https://[Local management Server or cloud datacenter address]:[Port (for local management server only)] --token [Registration token] -o register -t [type of registration: local or cloud]

          Example: 

          sudo docker exec -it acc_agent1 /usr/lib/Acronis/RegisterAgentTool/RegisterAgent -a https://192.168.0.10:9877 --token B835-CB62-4AAD -o register -t local

        2. Acronis Cyber Protect Cloud/Acronis Cyber Protect 15 in “cloud management” mode:

          sudo docker exec -it [container name or ID] /usr/lib/Acronis/RegisterAgentTool/RegisterAgent -a https://[Datacenter URL] --token [Registration token] -o register -t [type of registration: local or cloud]

          Example:

          sudo docker exec -it acronis_agent1 /usr/lib/Acronis/RegisterAgentTool/RegisterAgent -a https://mc-beta-cloud.acronis.com --token 241C-C614-40F6 -o register -t cloud

    12. Finish. The Agent should appear in the backup console in the Devices list under the same name as defined for container in step 9 above:

    Protecting data via the containerized agent

    1. Go to the Cyber Protection web portal (Acronis Cyber Cloud: https://cloud.acronis.com/; Acronis Cyber Protect 15: https://[YourManagementServerAddress:9877] ) and create protection plans:

    2. Under Backup module, create a Files/folders backup:
      “What to backup”: Files/folders
      “Items to backup”: Network Folder, for example a network share on the same NAS device which acts as Docker host
      Define the remaining options as you like and save the plan. Example:

    Agent update

    How to update Agent for Linux in the container to the latest build.

    Acronis Cyber Protect 15 in on-premises (local) installation mode

    1. Connect to the Docker host via SSH client using administrator account
    2. Run the following commands which will download the new installation file inside the container and perform the update.

    This command will switch into the container shell:

    sudo docker exec -it [ContainerName] bash

    This command will download the installation file into the /tmp/ folder inside container:

    wget -O /tmp/AcronisBackup.x86_64 [URL to installation file]

    Note: the URL to the latest version of the installation file is usually https://dl.acronis.com/u/AcronisCyberProtect15/Release/AcronisCyberProte...

    These commands will allow execution of the installation file and will run it in automated mode to perform the update.

    chmod 777 /tmp/AcronisBackup.x86_64

    /tmp/AcronisBackup.x86_64 -a

    These commands will clean up the downloaded installation file to save space and will exit the shell:

    rm /tmp/AcronisBackup.x86_64

    exit

    Acronis Cyber Protect Cloud or Acronis Cyber Protect 15 in “cloud management” mode

    Perform update using the standard procedure for Agent for Linux described in the documentation:

    1. Open Acronis Cyber Protect web console interface
    2. Go to Settings->Agents
    3. Select the required Agent for Linux
    4. Click Update Agent.

    Limitations and important notes

    1. To backup data via the Docker agent only Files/Folders backup type should be used. Entire machine or Disks/volumes backup type is not supported.
    2. “Vulnerability Assessment” feature is shown as available in backup console UI when creating a protection plan, however its proper functioning is not guaranteed for Agent for Linux running inside the Docker container. 

    Tags: