这是我在 stackoverflow 上的第一个问题,所以我希望它会遵守社区准则:
我已经基于已经存在的 image 镜像构建了一个 docker existing,该镜像的唯一目的是在容器中运行重复性以将文件和文件夹备份到欧洲的 Amazon S3 存储桶。
在由镜像生成的容器内手动运行时,重复性工作了几天。现在我继续使用 CoreOS 通过主机上的单元文件运行容器,并且事情不再起作用了 - 但该命令也不起作用我在双重容器中手动运行它..
运行命令:
docker run --rm --env-file=<my backup env file>.env --name=<container image> -v <cache container>:/home/duplicity/.cache/duplicity -v <docker volume with gpg keys>:/home/duplicity/.gnupg --volumes-from <docker container of interest> gymnae/duplicity
env 文件包含以下内容:
PASSPHRASE=<my super secret passphrase>
AWS_ACCESS_KEY_ID=<my aws access key id>
AWS_SECRET_ACCESS_KEY=<my aws access key>
SOURCE_PATH=<where does the data come from>
REMOTE_URL=s3://s3.eu-central-1.amazonaws.com/<my bucket>
PARAMS_CLEAN="--remove-older-than 3M --force --extra-clean"
ENCRYPT_KEY=<derived from the gpg key>
在
init.sh 上调用的 docker run 看起来像这样:#!/bin/sh
duplicity \
--verbosity 8 \
--s3-use-ia \
--s3-use-new-style \
--s3-use-server-side-encryption \
--s3-european-buckets \
--allow-source-mismatch \
--ssl-no-check-certificate \
--s3-unencrypted-connection \
--volsize 150 \
--gpg-options "--no-tty" \
--encrypt-key $ENCRYPT_KEY \
--sign-key $ENCRYPT_KEY \
$SOURCE_PATH \
$REMOTE_URL
我尝试了
-i 、 -it 、 -t 和 -d - 但结果总是一样的:===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
GPG error detail: Traceback (most recent call last):
File "/usr/bin/duplicity", line 1532, in <module>
with_tempdir(main)
File "/usr/bin/duplicity", line 1526, in with_tempdir
fn()
File "/usr/bin/duplicity", line 1380, in main
do_backup(action)
File "/usr/bin/duplicity", line 1508, in do_backup
incremental_backup(sig_chain)
File "/usr/bin/duplicity", line 662, in incremental_backup
globals.backend)
File "/usr/bin/duplicity", line 425, in write_multivol
at_end = gpg.GPGWriteFile(tarblock_iter, tdp.name, globals.gpg_profile, globals.volsize)
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 356, in GPGWriteFile
file.close()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 241, in close
self.gpg_failed()
File "/usr/lib/python2.7/site-packages/duplicity/gpg.py", line 226, in gpg_failed
raise GPGError(msg)
GPGError: GPG Failed, see log below:
===== Begin GnuPG log =====
gpg: using "<supersecret>" as default secret key for signing
gpg: signing failed: Not a tty
gpg: [stdin]: sign+encrypt failed: Not a tty
===== End GnuPG log =====
gpg 尝试签名时的
Not a tty 错误很奇怪。以前似乎没有问题,或者我在深夜类做了一些疯狂的打字,它曾经工作过,但现在它不想再工作了。
最佳答案
对于任何遇到相同问题的人,感谢 duply 的开发者,我找到了答案
https://sourceforge.net/p/ftplicity/bugs/76/#74c5
总之,需要从gpg 2.1开始添加GPG_OPTS='--pinentry-mode loopback',在allow-loopback-pinentry中添加.gnupg/gpg-agent.conf
这使我更接近工作设置。
关于amazon-s3 - 基于 Alpine 的重复图像中的 "Not a tty"错误,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/36356924/