restic是一个快速、高效、安全的备份程序。它支持三个主流操作系统(Linux、macOS、Windows),restic支持多种备份方式,可以将数据备份到本地、SFTP、AWS S3、Backblaze B2等。
生产环境中,数据对于一个公司而言就是命脉,定期备份数据非常重要,虽然部分服务商会提供一些收费/免费的备份服务,但也无法保证绝对安全,必要情况下我们还可以将数据存放在其它地方。restic支持加密备份、增量备份,快照回滚等特点,用做数据备份非常合适。
这篇文章记录一下在CentOS 7环境下使用restic将数据备份到另一台服务器(SFTP方式)的全过程,避免大家踩坑。(阅读此文章需要一定的Linux运维基础,不建议新手折腾)
安装restic
restic使用Golang开发,提供了很方便的二进制版本,我们这里选择以二进制方式进行安装,最新的版本可以前往Github下载:https://github.com/restic/restic/releases
#下载restic
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
#解压
bzip2 -d restic_0.9.5_linux_amd64.bz2
#重命名
mv restic_0.9.5_linux_amd64 /usr/sbin/restic
#赋予执行权限
chmod +x /usr/sbin/restic
通过上面几个简单步骤,restic就算安装完成,不出意外,我们执行命令restic -h
就可以看到使用帮助了。
[root@ali_sgp ~]# restic -h
restic is a backup program which allows saving multiple revisions of files and
directories in an encrypted repository stored on different backends.
Usage:
restic [command]
Available Commands:
backup Create a new backup of files and/or directories
cache Operate on local cache directories
cat Print internal objects to stdout
check Check the repository for errors
diff Show differences between two snapshots
dump Print a backed-up file to stdout
find Find a file, a directory or restic IDs
forget Remove snapshots from the repository
generate Generate manual pages and auto-completion files (bash, zsh)
help Help about any command
init Initialize a new repository
key Manage keys (passwords)
list List objects in the repository
ls List files in a snapshot
migrate Apply migrations
mount Mount the repository
prune Remove unneeded data from the repository
rebuild-index Build a new index file
recover Recover data from the repository
restore Extract the data from a snapshot
self-update Update the restic binary
snapshots List all snapshots
stats Scan the repository and show basic statistics
tag Modify tags on snapshots
unlock Remove locks other processes created
version Print version information
Flags:
--cacert file file to load root certificates from (default: use system certificates)
--cache-dir string set the cache directory. (default: use system default cache directory)
--cleanup-cache auto remove old cache directories
-h, --help help for restic
--json set output mode to JSON for commands that support it
--key-hint string key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
--limit-download int limits downloads to a maximum rate in KiB/s. (default: unlimited)
--limit-upload int limits uploads to a maximum rate in KiB/s. (default: unlimited)
--no-cache do not use a local cache
--no-lock do not lock the repo, this allows some operations on read-only repos
-o, --option key=value set extended option (key=value, can be specified multiple times)
--password-command string specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND)
-p, --password-file string read the repository password from a file (default: $RESTIC_PASSWORD_FILE)
-q, --quiet do not output comprehensive progress report
-r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY)
--tls-client-cert string path to a file containing PEM encoded TLS client certificate and private key
-v, --verbose n be verbose (specify --verbose multiple times or level n)
Use "restic [command] --help" for more information about a command.
初始化restic
xiaoz选择的是将当前服务器数据通过SFTP方式备份到另一台服务器,因此在操作之前请先参考:Linux配置使用密钥登录 ,确保当前服务器能够通过密钥免密码自动登录到另一台服务器,假设这一步您已经完成,接下来我们对restic进行初始化。
#初始化restic
$ restic -r sftp:user@host:/srv/restic-repo init
enter password for new backend:
enter password again:
created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo
Please note that knowledge of your password is required to access the repository.
Losing your password means that your data is irrecoverably lost.
- 初始化的时候会要求输入2次密码,注意这个密码是restic用来加密和解密数据使用的密码,不是服务器密码,请不要忘记,一旦忘记密码数据将无法解密,等同于数据丢失。
/srv/restic-repo
指的是另一台服务器上的路径
更多初始化说明,请参考官方帮助文档:Preparing a new repository
备份数据
初始化完毕后我们就可以输入下面的命令对数据进行备份了:
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default
/data/aliyun_sgp
:指的是远程服务器的目录(目标文件夹)/data/wwwroot
:需要备份的文件夹(本地文件夹)/data/wwwroot/default
:需要排除的文件夹(不需要备份的目录)
查看和移除快照
restic采取增量备份方式,再下次备份的时候restic只会备份有改动和增加的文件,并创建一个快照(还原点),快照的常用命令如下:
查看目标文件夹的快照
$ restic -r /srv/restic-repo snapshots
enter password for repository:
ID Date Host Tags Directory
----------------------------------------------------------------------
40dc1520 2015-05-08 21:38:30 kasimir /home/user/work
79766175 2015-05-08 21:40:19 kasimir /home/user/work
bdbd3439 2015-05-08 21:45:17 luigi /home/art
590c8fc8 2015-05-08 21:47:38 kazik /srv
9f0bc19e 2015-05-08 21:46:11 luigi /srv
删除指定快照
$ restic -r /srv/restic-repo forget bdbd3439
enter password for repository:
removed snapshot d3f01f63
清理快照引用数据(删除快照后数据不会释放,因此需要清理一下引用数据)
restic -r /srv/restic-repo prune
恢复快照
$ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work
/srv/restic-repo
:快照存储的路径79766175
:快照的ID/tmp/restore-work
:目标文件夹(你要恢复到哪里)
免密码操作
restic在操作的时候每次都会询问密码,如果您希望操作的时候不再询问密码,可以做如下操作:
#新建一个文件,将restic密码存放在里面
vi /root/.restic.pw
#设置为环境变量
export RESTIC_PASSWORD_FILE=/root/.restic.pw
这样下次再备份数据的时候将不再要求输入密码,可以很方便的进行Shell脚本编写。
最后
restic对数据进行加密备份,采用增量备份方式,支持多种备份方式,用来备份服务器数据是一个非常不错的选择,更多使用说明可参考官方帮助文档。
- 帮助文档:Restic Documentation
- restic项目地址:https://github.com/restic/restic