CentOS 7使用restic备份VPS数据

2022-08-13 16:28:22 浏览数 (1)

restic是一个快速、高效、安全的备份程序。它支持三个主流操作系统(Linux、macOS、Windows),restic支持多种备份方式,可以将数据备份到本地、SFTP、AWS S3、Backblaze B2等。

生产环境中,数据对于一个公司而言就是命脉,定期备份数据非常重要,虽然部分服务商会提供一些收费/免费的备份服务,但也无法保证绝对安全,必要情况下我们还可以将数据存放在其它地方。restic支持加密备份、增量备份,快照回滚等特点,用做数据备份非常合适。

这篇文章记录一下在CentOS 7环境下使用restic将数据备份到另一台服务器(SFTP方式)的全过程,避免大家踩坑。(阅读此文章需要一定的Linux运维基础,不建议新手折腾

安装restic

restic使用Golang开发,提供了很方便的二进制版本,我们这里选择以二进制方式进行安装,最新的版本可以前往Github下载:https://github.com/restic/restic/releases

代码语言:javascript复制
#下载restic
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_linux_amd64.bz2
#解压
bzip2 -d restic_0.9.5_linux_amd64.bz2
#重命名
mv restic_0.9.5_linux_amd64 /usr/sbin/restic
#赋予执行权限
chmod  x /usr/sbin/restic

通过上面几个简单步骤,restic就算安装完成,不出意外,我们执行命令restic -h就可以看到使用帮助了。

代码语言:javascript复制
[root@ali_sgp ~]# restic -h

restic is a backup program which allows saving multiple revisions of files and
directories in an encrypted repository stored on different backends.

Usage:
  restic [command]

Available Commands:
  backup        Create a new backup of files and/or directories
  cache         Operate on local cache directories
  cat           Print internal objects to stdout
  check         Check the repository for errors
  diff          Show differences between two snapshots
  dump          Print a backed-up file to stdout
  find          Find a file, a directory or restic IDs
  forget        Remove snapshots from the repository
  generate      Generate manual pages and auto-completion files (bash, zsh)
  help          Help about any command
  init          Initialize a new repository
  key           Manage keys (passwords)
  list          List objects in the repository
  ls            List files in a snapshot
  migrate       Apply migrations
  mount         Mount the repository
  prune         Remove unneeded data from the repository
  rebuild-index Build a new index file
  recover       Recover data from the repository
  restore       Extract the data from a snapshot
  self-update   Update the restic binary
  snapshots     List all snapshots
  stats         Scan the repository and show basic statistics
  tag           Modify tags on snapshots
  unlock        Remove locks other processes created
  version       Print version information

Flags:
      --cacert file               file to load root certificates from (default: use system certificates)
      --cache-dir string          set the cache directory. (default: use system default cache directory)
      --cleanup-cache             auto remove old cache directories
  -h, --help                      help for restic
      --json                      set output mode to JSON for commands that support it
      --key-hint string           key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
      --limit-download int        limits downloads to a maximum rate in KiB/s. (default: unlimited)
      --limit-upload int          limits uploads to a maximum rate in KiB/s. (default: unlimited)
      --no-cache                  do not use a local cache
      --no-lock                   do not lock the repo, this allows some operations on read-only repos
  -o, --option key=value          set extended option (key=value, can be specified multiple times)
      --password-command string   specify a shell command to obtain a password (default: $RESTIC_PASSWORD_COMMAND)
  -p, --password-file string      read the repository password from a file (default: $RESTIC_PASSWORD_FILE)
  -q, --quiet                     do not output comprehensive progress report
  -r, --repo string               repository to backup to or restore from (default: $RESTIC_REPOSITORY)
      --tls-client-cert string    path to a file containing PEM encoded TLS client certificate and private key
  -v, --verbose n                 be verbose (specify --verbose multiple times or level n)

Use "restic [command] --help" for more information about a command.

初始化restic

xiaoz选择的是将当前服务器数据通过SFTP方式备份到另一台服务器,因此在操作之前请先参考:Linux配置使用密钥登录 ,确保当前服务器能够通过密钥免密码自动登录到另一台服务器,假设这一步您已经完成,接下来我们对restic进行初始化。

代码语言:javascript复制
#初始化restic
$ restic -r sftp:user@host:/srv/restic-repo init
enter password for new backend:
enter password again:
created restic backend f1c6108821 at sftp:user@host:/srv/restic-repo
Please note that knowledge of your password is required to access the repository.
Losing your password means that your data is irrecoverably lost.
  • 初始化的时候会要求输入2次密码,注意这个密码是restic用来加密和解密数据使用的密码,不是服务器密码,请不要忘记,一旦忘记密码数据将无法解密,等同于数据丢失
  • /srv/restic-repo指的是另一台服务器上的路径

更多初始化说明,请参考官方帮助文档:Preparing a new repository

备份数据

初始化完毕后我们就可以输入下面的命令对数据进行备份了:

代码语言:javascript复制
restic -r sftp:user@host:/data/aliyun_sgp --verbose backup /data/wwwroot --exclude=/data/wwwroot/default
  • /data/aliyun_sgp:指的是远程服务器的目录(目标文件夹)
  • /data/wwwroot:需要备份的文件夹(本地文件夹)
  • /data/wwwroot/default:需要排除的文件夹(不需要备份的目录)

查看和移除快照

restic采取增量备份方式,再下次备份的时候restic只会备份有改动和增加的文件,并创建一个快照(还原点),快照的常用命令如下:

查看目标文件夹的快照

代码语言:javascript复制
$ restic -r /srv/restic-repo snapshots
enter password for repository:
ID        Date                 Host      Tags  Directory
----------------------------------------------------------------------
40dc1520  2015-05-08 21:38:30  kasimir         /home/user/work
79766175  2015-05-08 21:40:19  kasimir         /home/user/work
bdbd3439  2015-05-08 21:45:17  luigi           /home/art
590c8fc8  2015-05-08 21:47:38  kazik           /srv
9f0bc19e  2015-05-08 21:46:11  luigi           /srv

删除指定快照

代码语言:javascript复制
$ restic -r /srv/restic-repo forget bdbd3439
enter password for repository:
removed snapshot d3f01f63

清理快照引用数据(删除快照后数据不会释放,因此需要清理一下引用数据)

代码语言:javascript复制
restic -r /srv/restic-repo prune

恢复快照

代码语言:javascript复制
$ restic -r /srv/restic-repo restore 79766175 --target /tmp/restore-work
enter password for repository:
restoring <Snapshot of [/home/user/work] at 2015-05-08 21:40:19.884408621  0200 CEST> to /tmp/restore-work
  • /srv/restic-repo:快照存储的路径
  • 79766175:快照的ID
  • /tmp/restore-work:目标文件夹(你要恢复到哪里)

免密码操作

restic在操作的时候每次都会询问密码,如果您希望操作的时候不再询问密码,可以做如下操作:

代码语言:javascript复制
#新建一个文件,将restic密码存放在里面
vi /root/.restic.pw
#设置为环境变量
export RESTIC_PASSWORD_FILE=/root/.restic.pw

这样下次再备份数据的时候将不再要求输入密码,可以很方便的进行Shell脚本编写。

最后

restic对数据进行加密备份,采用增量备份方式,支持多种备份方式,用来备份服务器数据是一个非常不错的选择,更多使用说明可参考官方帮助文档。

  • 帮助文档:Restic Documentation
  • restic项目地址:https://github.com/restic/restic

0 人点赞