共计 4940 个字符,预计需要花费 13 分钟才能阅读完成。
本站提供 Linux 服务器运维,自动化脚本编写等服务,如有需要请联系博主微信:xiaozme
restic 是一个快速、高效、安全的备份程序。它支持三个主流操作系统(Linux、macOS、Windows),restic 支持多种备份方式,可以将数据备份到本地、SFTP、AWS S3、Backblaze B2 等。
生产环境中,数据对于一个公司而言就是命脉,定期备份数据非常重要,虽然部分服务商会提供一些收费 / 免费的备份服务,但也无法保证绝对安全,必要情况下我们还可以将数据存放在其它地方。restic 支持加密备份、增量备份,快照回滚等特点,用做数据备份非常合适。
这篇文章记录一下在 CentOS 7 环境下使用 restic 将数据备份到另一台服务器(SFTP 方式)的全过程,避免大家踩坑。(阅读此文章需要一定的 Linux 运维基础,不建议新手折腾)
安装 restic
restic 使用 Golang 开发,提供了很方便的二进制版本,我们这里选择以二进制方式进行安装,最新的版本可以前往 Github 下载:https://github.com/restic/restic/releases
| # 下载 restic | |
| wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2 | |
| #解压 | |
| bzip2 -d restic_0.9.5_linux_amd64.bz2 | |
| #重命名 | |
| mv restic_0.9.5_linux_amd64 /usr/sbin/restic | |
| #赋予执行权限 | |
| chmod +x /usr/sbin/restic |
通过上面几个简单步骤,restic 就算安装完成,不出意外,我们执行命令 restic -h 就可以看到使用帮助了。
| [root@ali_sgp ~]# restic -h | |
| restic is a backup program which allows saving multiple revisions of files and | |
| directories in an encrypted repository stored on different backends. | |
| Usage: | |
| restic [command] | |
| Available Commands: | |
| backup Create a new backup of files and/or directories | |
| cache Operate on local cache directories | |
| cat Print internal objects to stdout | |
| check Check the repository for errors | |
| diff Show differences between two snapshots | |
| dump Print a backed-up file to stdout | |
| find Find a file, a directory or restic IDs | |
| forget Remove snapshots from the repository | |
| generate Generate manual pages and auto-completion files (bash, zsh) | |
| help Help about any command | |
| init Initialize a new repository | |
| key Manage keys (passwords) | |
| list List objects in the repository | |
| ls List files in a snapshot | |
| migrate Apply migrations | |
| mount Mount the repository | |
| prune Remove unneeded data from the repository | |
| rebuild-index Build a new index file | |
| recover Recover data from the repository | |
| restore Extract the data from a snapshot | |
| self-update Update the restic binary | |
| snapshots List all snapshots | |
| stats Scan the repository and show basic statistics | |
| tag Modify tags on snapshots | |
| unlock Remove locks other processes created | |
| version Print version information | |
| Flags: | |
| --cacert file file to load root certificates from (default: use system certificates) | |
| --cache-dir string set the cache directory. (default: use system default cache directory) | |
| --cleanup-cache auto remove old cache directories | |
| -h, --help help for restic | |
| --json set output mode to JSON for commands that support it | |
| --key-hint string key ID of key to try decrypting first (default: $RESTIC_KEY_HINT) | |
| --limit-download int limits downloads to a maximum rate in KiB/s. (default: unlimited) | |
| --limit-upload int limits uploads to a maximum rate in KiB/s. (default: unlimited) | |
| --no-cache do not use a local cache | |
| --no-lock do not lock the repo, this allows some operations on read-only repos | |
| -o, --option key=value set extended option (key=value, can be specified multiple times) | |
| --password-command string specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND) | |
| -p, --password-file string read the repository password from a file (default: $RESTIC_PASSWORD_FILE) | |
| -q, --quiet do not output comprehensive progress report | |
| -r, --repo string repository to backup to or restore from (default: $RESTIC_REPOSITORY) | |
| --tls-client-cert string path to a file containing PEM encoded TLS client certificate and private key | |
| -v, --verbose n be verbose (specify --verbose multiple times or level n) | |
| Use "restic [command] --help" for more information about a command. |
初始化 restic
xiaoz 选择的是将当前服务器数据通过 SFTP 方式备份到另一台服务器,因此在操作之前请先参考:Linux 配置使用密钥登录 ,确保当前服务器能够通过密钥免密码自动登录到另一台服务器,假设这一步您已经完成,接下来我们对 restic 进行初始化。
| # 初始化 restic | |
| $ restic -r sftp:user@host:/srv/restic-repo init | |
| enter password for new backend: | |
| enter password again: | |
| created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo | |
| Please note that knowledge of your password is required to access the repository. | |
| Losing your password means that your data is irrecoverably lost. |
- 初始化的时候会要求输入 2 次密码,注意这个密码是 restic 用来加密和解密数据使用的密码,不是服务器密码,请不要忘记,一旦忘记密码数据将无法解密,等同于数据丢失。
/srv/restic-repo指的是另一台服务器上的路径
更多初始化说明,请参考官方帮助文档:Preparing a new repository
备份数据
初始化完毕后我们就可以输入下面的命令对数据进行备份了:
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default
/data/aliyun_sgp:指的是远程服务器的目录(目标文件夹)/data/wwwroot:需要备份的文件夹(本地文件夹)/data/wwwroot/default:需要排除的文件夹(不需要备份的目录)
查看和移除快照
restic 采取增量备份方式,再下次备份的时候 restic 只会备份有改动和增加的文件,并创建一个快照(还原点),快照的常用命令如下:
查看目标文件夹的快照
| $ restic -r /srv/restic-repo snapshots | |
| enter password for repository: | |
| ID Date Host Tags Directory | |
| ---------------------------------------------------------------------- | |
| 40dc1520 2015-05-08 21:38:30 kasimir /home/user/work | |
| 79766175 2015-05-08 21:40:19 kasimir /home/user/work | |
| bdbd3439 2015-05-08 21:45:17 luigi /home/art | |
| 590c8fc8 2015-05-08 21:47:38 kazik /srv | |
| 9f0bc19e 2015-05-08 21:46:11 luigi /srv |
删除指定快照
| $ restic -r /srv/restic-repo forget bdbd3439 | |
| enter password for repository: | |
| removed snapshot d3f01f63 |
清理快照引用数据(删除快照后数据不会释放,因此需要清理一下引用数据)
restic -r /srv/restic-repo prune
恢复快照
| $ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work | |
| enter password for repository: | |
| restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621 +0200 CEST> to /tmp/restore-work |
/srv/restic-repo:快照存储的路径79766175:快照的 ID/tmp/restore-work:目标文件夹(你要恢复到哪里)
免密码操作
restic 在操作的时候每次都会询问密码,如果您希望操作的时候不再询问密码,可以做如下操作:
| # 新建一个文件,将 restic 密码存放在里面 | |
| vi /root/.restic.pw | |
| #设置为环境变量 | |
| export RESTIC_PASSWORD_FILE=/root/.restic.pw |
这样下次再备份数据的时候将不再要求输入密码,可以很方便的进行 Shell 脚本编写。
最后
restic 对数据进行加密备份,采用增量备份方式,支持多种备份方式,用来备份服务器数据是一个非常不错的选择,更多使用说明可参考官方帮助文档。
- 帮助文档:Restic Documentation
- restic 项目地址:https://github.com/restic/restic
正文完
星哥玩云-微信公众号
