Because of their scalability and high-availability, Buckets are a great option for storing backups.
Restic is an open-source, fast and secure backup program. It uses encryption to protect your backups, ensuring that only you can access the data. For more information about Restic, see:
-
Create your credentials
For a step-by-step guide, see the getting started article "Generating S3 credentials".
Make sure you save the credentials in a safe location right after you create them. You cannot view the secret key again, neither via Cloud Console nor via API.
-
Install Restic
If you haven't already, install Restic now. You can follow the official instructions at restic.readthedocs.io.
-
Store the restic password
You can use
apg, the Advanced Password Generator, to create a random password. On Debian-based systems, you can install it withapt install apg.apg -a 1 -m 32 -n 1 -M NCLCopy the restic password from the output and save it locally.
-
Create environment variables
Replace the values with your data.
unset HISTFILE export RESTIC_REPOSITORY="s3:fsn1.your-objectstorage.com/<your_bucket_name>" export AWS_ACCESS_KEY_ID="<your_access_key>" export AWS_SECRET_ACCESS_KEY="<your_secret_key>" export RESTIC_PASSWORD="<your_restic_password>"
-
Initialize the restic repository
restic initYou should get an output like this:
created restic backend <random_hash> at s3:fsn1.your-objectstorage.com/<your_bucket_name>
-
Create a backup
First, create a test file:
echo "Content of test file." > ~/test.txtNow create a backup of the new test file:
restic backup ~/test.txtThe backup should show up in your Bucket.
-
Check for errors
restic check
-
Setup automatic backups
You can use either resticprofile or cron jobs to automate the creation of backups.
-
resticprofile
Install resticprofile as explained in the official documentation. Create the file
profiles.yamland add the following content:--- # yaml-language-server: $schema=https://creativeprojects.github.io/resticprofile/jsonschema/config-1.json version: '1' default: repository: 's3:https://fsn1.your-objectstorage.com/<your_bucket_name>' initialize: true env: AWS_ACCESS_KEY_ID: <your_access_key> AWS_SECRET_ACCESS_KEY: <your_secret_key> RESTIC_PASSWORD: <your_restic_password> backup: source: - ~/test.txt # - /etc # - /home # - /root #exclude: # - .ansible/ # - .cache/ schedule-permission: system schedule-log: "profile-backup.log" # Every day at midnight schedule: "*-*-* 00:00:00" forget: # Keep the last 10 snapshots keep-last: 10 prune: true schedule-permission: system schedule-log: "profile-forget.log" # Every day at half past midnight schedule: "*-*-* 00:30:00"Now test creating a backup:
resticprofile --dry-run backupIf the output contains "finished 'backup'", you can now schedule the backups:
resticprofile scheduleCheck the status:
systemctl status resticprofile-backup@profile-default.timer systemctl status resticprofile-forget@profile-default.service
-
Cron jobs
Create a script with the information from step 4:
#!/bin/bash # Set up environment variables unset HISTFILE export RESTIC_REPOSITORY="s3:fsn1.your-objectstorage.com/<your_bucket_name>" export AWS_ACCESS_KEY_ID="<your_access_key>" export AWS_SECRET_ACCESS_KEY="<your_secret_key>" export RESTIC_PASSWORD="<your_restic_password>" restic backup ~/test.txt # Delete old snapshots, see: # https://restic.readthedocs.io/en/stable/060_forget.html#removing-snapshots-according-to-a-policy restic forget --keep-last 10 --prune restic checkMake the script executable:
chmod +x ~/backup.sh chmod 700 ~/backup.shRun the script manually, to check if it works:
./backup.shIf the snapshot shows up in the Bucket, you can setup the cron job:
crontab -eAnd add this line:
0 0 * * * $HOME/backup.shThis cron job will run the script every day at midnight.
* * * * * /path │ │ │ │ └───────────── Day of the week (0 - 6) │ │ │ └───────────── Month (1 - 12) │ │ └───────────── Day of the month (1 - 31) │ └───────────── Hour (0 - 23) └───────────── Minute (0 - 59)
-
Your data should now be backed up automatically.