共计 4940 个字符,预计需要花费 13 分钟才能阅读完成。
本站提供 Linux 服务器运维,自动化脚本编写等服务,如有需要请联系博主微信:xiaozme
restic 是一个快速、高效、安全的备份程序。它支持三个主流操作系统(Linux、macOS、Windows),restic 支持多种备份方式,可以将数据备份到本地、SFTP、AWS S3、Backblaze B2 等。
生产环境中,数据对于一个公司而言就是命脉,定期备份数据非常重要,虽然部分服务商会提供一些收费 / 免费的备份服务,但也无法保证绝对安全,必要情况下我们还可以将数据存放在其它地方。restic 支持加密备份、增量备份,快照回滚等特点,用做数据备份非常合适。
这篇文章记录一下在 CentOS 7 环境下使用 restic 将数据备份到另一台服务器(SFTP 方式)的全过程,避免大家踩坑。(阅读此文章需要一定的 Linux 运维基础,不建议新手折腾)
安装 restic
restic 使用 Golang 开发,提供了很方便的二进制版本,我们这里选择以二进制方式进行安装,最新的版本可以前往 Github 下载:https://github.com/restic/restic/releases
# 下载 restic | |
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2 | |
#解压 | |
bzip2 -d restic_0.9.5_linux_amd64.bz2 | |
#重命名 | |
mv restic_0.9.5_linux_amd64 /usr/sbin/restic | |
#赋予执行权限 | |
chmod +x /usr/sbin/restic |
通过上面几个简单步骤,restic 就算安装完成,不出意外,我们执行命令 restic -h
就可以看到使用帮助了。
[root@ali_sgp ~]# restic -h | |
restic is a backup program which allows saving multiple revisions of files and | |
directories in an encrypted repository stored on different backends. | |
Usage: | |
restic [command] | |
Available Commands: | |
backup Create a new backup of files and/or directories | |
cache Operate on local cache directories | |
cat Print internal objects to stdout | |
check Check the repository for errors | |
diff Show differences between two snapshots | |
dump Print a backed-up file to stdout | |
find Find a file, a directory or restic IDs | |
forget Remove snapshots from the repository | |
generate Generate manual pages and auto-completion files (bash, zsh) | |
help Help about any command | |
init Initialize a new repository | |
key Manage keys (passwords) | |
list List objects in the repository | |
ls List files in a snapshot | |
migrate Apply migrations | |
mount Mount the repository | |
prune Remove unneeded data from the repository | |
rebuild-index Build a new index file | |
recover Recover data from the repository | |
restore Extract the data from a snapshot | |
self-update Update the restic binary | |
snapshots List all snapshots | |
stats Scan the repository and show basic statistics | |
tag Modify tags on snapshots | |
unlock Remove locks other processes created | |
version Print version information | |
Flags: | |
--cacert file file to load root certificates from (default: use system certificates) | |
--cache-dir string set the cache directory. (default: use system default cache directory) | |
--cleanup-cache auto remove old cache directories | |
-h, --help help for restic | |
--json set output mode to JSON for commands that support it | |
--key-hint string key ID of key to try decrypting first (default: $RESTIC_KEY_HINT) | |
--limit-download int limits downloads to a maximum rate in KiB/s. (default: unlimited) | |
--limit-upload int limits uploads to a maximum rate in KiB/s. (default: unlimited) | |
--no-cache do not use a local cache | |
--no-lock do not lock the repo, this allows some operations on read-only repos | |
-o, --option key=value set extended option (key=value, can be specified multiple times) | |
--password-command string specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND) | |
-p, --password-file string read the repository password from a file (default: $RESTIC_PASSWORD_FILE) | |
-q, --quiet do not output comprehensive progress report | |
-r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY) | |
--tls-client-cert string path to a file containing PEM encoded TLS client certificate and private key | |
-v, --verbose n be verbose (specify --verbose multiple times or level n) | |
Use "restic [command] --help" for more information about a command. |
初始化 restic
xiaoz 选择的是将当前服务器数据通过 SFTP 方式备份到另一台服务器,因此在操作之前请先参考:Linux 配置使用密钥登录 ,确保当前服务器能够通过密钥免密码自动登录到另一台服务器,假设这一步您已经完成,接下来我们对 restic 进行初始化。
# 初始化 restic | |
$ restic -r sftp:user@host:/srv/restic-repo init | |
enter password for new backend: | |
enter password again: | |
created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo | |
Please note that knowledge of your password is required to access the repository. | |
Losing your password means that your data is irrecoverably lost. |
- 初始化的时候会要求输入 2 次密码,注意这个密码是 restic 用来加密和解密数据使用的密码,不是服务器密码,请不要忘记,一旦忘记密码数据将无法解密,等同于数据丢失。
/srv/restic-repo
指的是另一台服务器上的路径
更多初始化说明,请参考官方帮助文档:Preparing a new repository
备份数据
初始化完毕后我们就可以输入下面的命令对数据进行备份了:
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default
/data/aliyun_sgp
:指的是远程服务器的目录(目标文件夹)/data/wwwroot
:需要备份的文件夹(本地文件夹)/data/wwwroot/default
:需要排除的文件夹(不需要备份的目录)
查看和移除快照
restic 采取增量备份方式,再下次备份的时候 restic 只会备份有改动和增加的文件,并创建一个快照(还原点),快照的常用命令如下:
查看目标文件夹的快照
$ restic -r /srv/restic-repo snapshots | |
enter password for repository: | |
ID Date Host Tags Directory | |
---------------------------------------------------------------------- | |
40dc1520 2015-05-08 21:38:30 kasimir /home/user/work | |
79766175 2015-05-08 21:40:19 kasimir /home/user/work | |
bdbd3439 2015-05-08 21:45:17 luigi /home/art | |
590c8fc8 2015-05-08 21:47:38 kazik /srv | |
9f0bc19e 2015-05-08 21:46:11 luigi /srv |
删除指定快照
$ restic -r /srv/restic-repo forget bdbd3439 | |
enter password for repository: | |
removed snapshot d3f01f63 |
清理快照引用数据(删除快照后数据不会释放,因此需要清理一下引用数据)
restic -r /srv/restic-repo prune
恢复快照
$ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work | |
enter password for repository: | |
restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work |
/srv/restic-repo
:快照存储的路径79766175
:快照的 ID/tmp/restore-work
:目标文件夹(你要恢复到哪里)
免密码操作
restic 在操作的时候每次都会询问密码,如果您希望操作的时候不再询问密码,可以做如下操作:
# 新建一个文件,将 restic 密码存放在里面 | |
vi /root/.restic.pw | |
#设置为环境变量 | |
export RESTIC_PASSWORD_FILE=/root/.restic.pw |
这样下次再备份数据的时候将不再要求输入密码,可以很方便的进行 Shell 脚本编写。
最后
restic 对数据进行加密备份,采用增量备份方式,支持多种备份方式,用来备份服务器数据是一个非常不错的选择,更多使用说明可参考官方帮助文档。
- 帮助文档:Restic Documentation
- restic 项目地址:https://github.com/restic/restic
