163 lines
5.2 KiB
Markdown
163 lines
5.2 KiB
Markdown
+++
|
|
title = "Backups (restic, duplicity...)"
|
|
weight = 25
|
|
+++
|
|
|
|
|
|
Backups are essential for disaster recovery but they are not trivial to manage.
|
|
Using Garage as your backup target will enable you to scale your storage as needed while ensuring high availability.
|
|
|
|
## Borg Backup
|
|
|
|
Borg Backup is very popular among the backup tools but it is not yet compatible with the S3 API.
|
|
We recommend using any other tool listed in this guide because they are all compatible with the S3 API.
|
|
If you still want to use Borg, you can use it with `rclone mount`.
|
|
|
|
## git-annex
|
|
|
|
[git-annex](https://git-annex.branchable.com/) supports synchronizing files
|
|
with its [S3 special remote](https://git-annex.branchable.com/special_remotes/S3/).
|
|
|
|
Note that `git-annex` requires to be compiled with Haskell package version
|
|
`aws-0.24` to work with Garage.
|
|
|
|
```bash
|
|
garage key new --name my-key
|
|
garage bucket create my-git-annex
|
|
garage bucket allow my-git-annex --read --write --key my-key
|
|
```
|
|
|
|
Register your Key ID and Secret key in your environment:
|
|
|
|
```bash
|
|
export AWS_ACCESS_KEY_ID=GKxxx
|
|
export AWS_SECRET_ACCESS_KEY=xxxx
|
|
```
|
|
|
|
Within a git-annex enabled repository, configure your Garage S3 endpoint with
|
|
the following command:
|
|
|
|
```bash
|
|
git annex initremote garage type=S3 encryption=none host=my-garage-instance.mydomain.tld protocol=https bucket=my-git-annex requeststyle=path region=garage signature=v4
|
|
```
|
|
|
|
Files can now be synchronized using the usual `git-annex` `copy` or `get`
|
|
commands.
|
|
|
|
Note that for simplicity - this example does not enable encryption for the files
|
|
sent to Garage - please refer to the
|
|
[git-annex encryption page](https://git-annex.branchable.com/encryption/) for
|
|
how to configure this.
|
|
|
|
## Restic
|
|
|
|
Create your key and bucket:
|
|
|
|
```bash
|
|
garage key create my-key
|
|
garage bucket create backup
|
|
garage bucket allow backup --read --write --key my-key
|
|
```
|
|
|
|
Then register your Key ID and Secret key in your environment:
|
|
|
|
```bash
|
|
export AWS_ACCESS_KEY_ID=GKxxx
|
|
export AWS_SECRET_ACCESS_KEY=xxxx
|
|
```
|
|
|
|
Configure restic from environment too:
|
|
|
|
```bash
|
|
export RESTIC_REPOSITORY="s3:http://localhost:3900/backups"
|
|
|
|
echo "Generated password (save it safely): $(openssl rand -base64 32)"
|
|
export RESTIC_PASSWORD=xxx # copy paste your generated password here
|
|
```
|
|
|
|
Do not forget to save your password safely (in your password manager or print it). It will be needed to decrypt your backups.
|
|
|
|
Now you can use restic:
|
|
|
|
```bash
|
|
# Initialize the bucket, must be run once
|
|
restic init
|
|
|
|
# Backup your PostgreSQL database
|
|
# (We suppose your PostgreSQL daemon is stopped for all commands)
|
|
restic backup /var/lib/postgresql
|
|
|
|
# Show backup history
|
|
restic snapshots
|
|
|
|
# Backup again your PostgreSQL database, it will be faster as only changes will be uploaded
|
|
restic backup /var/lib/postgresql
|
|
|
|
# Show backup history (again)
|
|
restic snapshots
|
|
|
|
# Restore a backup
|
|
# (79766175 is the ID of the snapshot you want to restore)
|
|
mv /var/lib/postgresql /var/lib/postgresql.broken
|
|
restic restore 79766175 --target /var/lib/postgresql
|
|
```
|
|
|
|
Restic has way more features than the ones presented here.
|
|
You can discover all of them by accessing its documentation from the link below.
|
|
|
|
|
|
*External links:* [Restic Documentation > Amazon S3](https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#amazon-s3)
|
|
|
|
## Duplicity
|
|
|
|
*External links:* [Duplicity > man](https://duplicity.gitlab.io/duplicity-web/vers8/duplicity.1.html) (scroll to "URL Format" and "A note on Amazon S3")
|
|
|
|
## Duplicati
|
|
|
|
*External links:* [Duplicati Documentation > Storage Providers](https://duplicati.readthedocs.io/en/latest/05-storage-providers/#s3-compatible)
|
|
|
|
The following fields need to be specified:
|
|
```
|
|
Storage Type: S3 Compatible
|
|
Use SSL: [ ] # Only if you have SSL
|
|
Server: Custom server url (s3.garage.localhost:3900)
|
|
Bucket name: bucket-name
|
|
Bucket create region: Custom region value (garage) # Or as you've specified in garage.toml
|
|
AWS Access ID: Key ID from "garage key info key-name"
|
|
AWS Access Key: Secret key from "garage key info key-name"
|
|
Client Library to use: Minio SDK
|
|
```
|
|
|
|
Click `Test connection` and then no when asked `The bucket name should start with your username, prepend automatically?`. Then it should say `Connection worked!`.
|
|
|
|
|
|
## knoxite
|
|
|
|
*External links:* [Knoxite Documentation > Storage Backends](https://knoxite.com/docs/storage-backends/#amazon-s3)
|
|
|
|
## kopia
|
|
|
|
*External links:* [Kopia Documentation > Repositories](https://kopia.io/docs/repositories/#amazon-s3)
|
|
|
|
To create the Kopia repository, you need to specify the region, the HTTP(S) endpoint, the bucket name and the access keys.
|
|
For instance, if you have an instance of garage running on `https://garage.example.com`:
|
|
|
|
```
|
|
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=garage.example.com
|
|
```
|
|
|
|
Or if you have an instance running on localhost, without TLS:
|
|
|
|
```
|
|
kopia repository create s3 --region=garage --bucket=mybackups --access-key=KEY_ID --secret-access-key=SECRET_KEY --endpoint=localhost:3900 --disable-tls
|
|
```
|
|
|
|
After the repository has been created, check that everything works as expected:
|
|
|
|
```
|
|
kopia repository validate-provider
|
|
```
|
|
|
|
You can then run all the standard kopia commands: `kopia snapshot create`, `kopia mount`...
|
|
Everything should work out-of-the-box.
|