Protect your precious files and irreplaceable photos with restic backup program. It's fast, encrypted and you can use it directly from the Linux command line. Here's how to set it up.
The value of backups
All hardware has a limited life. Mechanical Hard drives (Hard drives) Y solid state drives (SSD) they do not last permanently. Also accidents happen. Laptops can be lost, steal or drop down the stairs.
It used to be said that the value of an effective backup system only becomes clear once the data has been lost. When failures or losses occur, you need to have a quick and easy way to get your files and information back. If an organization loses data, the implications are serious. It could even jeopardize business continuity. Even in a home environment, data loss can be a painful experience. Backups are the only sensible safeguards.
And at the same time from everything else, accidental or malicious loss of personally identifiable data is considered a violation under some data protection laws, as the General data protection regulation (GDPR).
There are a couple of considerations to pay attention to when selecting backup software. Where do you want your backups to be stored? On a removable drive, on another machine through your Local area network (LAN) or in cloud storage? Apparently, you need to use a backup program that can write to and restore from the data storage you want to use.
Backups must be encrypted, especially if they are to be stored off-site or in the cloud. If they are encrypted, they cannot be read or restored by unauthorized persons.
The program must be fast. You don't want to wait all day for a backup or restore to complete. Some programs store a base backup image and subsequently store the differences between the base image and the source machine for each subsequent backup. This speeds up the backup procedure considerably. It also uses less space for your backups.
restic does all this. It is without costs, open source, licensed by 2-BSD License Clauseand in active development. The source code is activated GitHub.
Where to back up
In this post, we will store our backups on another computer on our network. That's great, because it provides fast file transfers and it is easy to backup and restore from. In a real world setting, additionally a backup is required to another off-site location. If your live systems and your backups are in the same location and disaster strikes that location (a fire, a robbery or a flood), your hen will cook unless you have an off-site backup.
How could we wait, restic can back up to an external drive that can be removed from the premises and, even better, can directly backup to cloud storage.
Outside the Box, restless you can backup to:
- A local directory or a local removable drive.
- A networked computer via SSH file transfer protocol (SFTP). This, decidedly, needs to Safe cover (SSH).
- Servidor HTTP REST.
- AWS S3.
- OpenStack Swift.
- BackBlaze B2.
- Microsoft Azure Blob Storage.
- Google cloud storage.
If you need to back up to a data destination that is not on that list, you can combine the power by rclone with restic and go back to any of the 40 about destinations that rclone supports.
SFTP network backups require SSH to be installed and configured on the backup server. This is the machine where the backups will be stored. If you configure SSH keys on the backup server and the machine to backup, you won't be prompted for the SSH password every time you run a backup.
One way to automate your backups is to create short scripts or shell functions and use cron to run them at specific times. Using SSH keys will allow you to avoid the problem of providing a password for unattended backups.
RELATED: How to create and install SSH keys from the Linux Shell
Installation of restic
The restic application can be found in the repositories of the main Linux distributions, so installing it is a simple line using the package manager of each distribution.
To install restic on Ubuntu, scribe:
sudo apt install restic
The command to use in Fedora is:
sudo dnf install restic
In Manjaro we use pacman:
sudo pacman -Sy restic
Configuring the restic
Make sure you have SSH configured on the backup server machine and that you can make a remote connection from the machine to be backed up. That is the client machine. In our test network, the client's name is “ubuntu-20-10” and the server is called “backup box”.
In the terminology of restic, backups are stored as snapshots in a repository. Each backup creates a new snapshot. We need to create a place for the repository on the server.
We need to create a directory on the backup server to host the repository. Historically, the services provided by a server were located in the directory “/ srv”. Therefore we will place our repository there.
On the backup server, issue this command. You can name the repository directory as you like. We are using the name “restic” for the sake of simplicity.
sudo mkdir / srv / restic
We need to make sure this directory is reachable for the person who will handle the backups. If they were several people, it would make sense to create a user group and give it access to the directory.
sudo chown dave:dave /srv/restic
Let's check the configuration in the directory:
ls -hl /srv
Now we can move to the client machine and create the repository on the server from there. Replace your username, the backup server name and the repository directory name to match your options. You can use the IP adress from the backup server if you prefer.
We are using the -r (repository) to specify the path to the repository that we are going to create. The restico initcommand initializes the repository.
restic -r sftp:[email protected]:/srv/restic init
You will be prompted for the password of the user account on the backup server. If you have configured SSH keys between the server and the client, you will not need to do this step.
In addition, you will be asked for the repository password and later you will be asked to confirm it. This password should be used to interact with the repository in the future. Don't lose it! You will not be able to back up or restore your data if you lose your password.
It only takes a moment to create and initialize the repository.
Create a backup
Creating a backup is very easy. We use the backup command with restic, tell it what we want to backup and to which repository to send the backup.
restic backup Documents/kernel/ -r sftp:[email protected]:/srv / restic
You must provide the user password and the repository password. While the backup is running, the names of the files being copied are displayed, along with statistics that tell you how many files will be copied in total, how many have been copied so far and what percentage of the backup is complete. Snapshots are encrypted through the advanced encryption standard AES-256.
Because this was the first backup in this repository, all files that were backed up were new. We said restic was fast: backups were made of more than 70.000 files in 23 seconds. That's all the Linux kernel source code.
On another test machine, I made a backup of more than 350.000 files totaling more than 170 Gibraltar in an hour and a half.
I created a new file on the client in the source directory and ran another backup. The command is the same as before.
restic backup Documents/kernel/ -r sftp:[email protected]:/srv / restic
The source directory tree was scanned for changes, the new file was detected and backed up. That second little backup took three seconds to complete, including scanning the other files for changes.
Let's take a look at the two snapshots we have in the repository. The restic command for this is snapshots.
restic -r sftp:[email protected]:/srv/restic snapshots
Each snapshot has been assigned a hexadecimal identifier as a unique identification. The date and time each snapshot was created is displayed. It also shows the name of the computer from which the backup was made and the path to the data that was backed up.
Then I created a second new file and created another backup. Again, the command line is the same as before.
As with our previous reload backup, this little update took three seconds to complete.
At this stage, you are probably tired of entering the repository password. We can address that before using the snapshots command to view our collection of three snapshots. Open an editor and type the password of the repository in it, then press “Enter” to start a new line. Save the file as “.rest_pass” in your personal directory.
To make sure no one else can see the password, change file access mode bits using chmod :
chmod 600 .rest_pass
This means that no one but you can enter the file.
Now we can pass this to the rest of the command line using the -p (password file). If you have also configured SSH keys between the client and the server, you will also not have to enter the password of the user account. You can easily automate your backups with cron once human interaction has been removed from the procedure.
restic snapshots -r sftp:[email protected]:/srv/restic -p .rest_pass
We are no longer asked for the repository password, which is great. We don't need to remember it and we can't misspell it.
Work with snapshots
The restico diff The command enables you to see the differences between two snapshots. Use the unique IDs of the two snapshots you want to compare. You can see the IDs of the snapshots when you use the restic snapshot command.
restic diff -r sftp:[email protected]:/srv/restic -p .rest_pass 8f98cd29 8700e4bf
Differences between snapshots are displayed as columns of statistics.
The restico check The command performs a verification test with all snapshots in the repository.
restic check -r sftp:[email protected]:/srv/restic -p .rest_pass
To delete a snapshot, must tell restic that forget that and for prune that. You must use the unique ID of the snapshot to identify which snapshot to delete.
restic forget --prune -r sftp:[email protected]:/srv/restic -p .rest_pass e506e089
Restoring data
When it's time to restore your backup data, it's as simple as creating the backup. You must specify which snapshot to restore. You can use the unique ID of a snapshot or you can use the latest tag to use the most recent snapshot in the repository.
You must also provide a directory for the restored data to be copied using the target option.
restic restore latest --target ~/restored-data -r sftp:[email protected]:/srv/restic -p .rest_pass
Restoring is as fast as going back. Checking in the destination directory, we can see that the directory tree and files have been restored for us.
ls
Make backup copies, sleep easy
Data loss is a serious obstacle. A robust backup solution means you have one less thing to worry about. With restic, you can automate your backups to local repositories and in the cloud and sleep peacefully.
