Backing Up to Box With Restic
We now recommend kopia for backups; this page is unmaintained.
restic
in combination with rclone
makes a versatile cloud backup solution. Once you have rclone
set up, restic
backups are very simple. This tutorial demonstrates how to back up your personal and group compute
directories to Box. Note that restic
is versatile and can be used in other configurations as well--pulling data to your personal machine, for example, or pushing it to your department's servers.
Prerequisites
First you will have to set up rclone
to work with Box.
You will need the rclone
and restic
modules loaded:
module load rclone restic
For security, choose a strong, unique password and enter it into a file, for example ~/.restic-password
:
echo 'my 100% unique password' > ~/.restic-password
If you don't want the password stored, you can skip this step and omit --password-file ~/.restic-password
when backing up, but automating your backups will be significantly harder in this case since you will either need to enter the password manually each time restic
runs or figure out how to use --password-command
. Do not lose or forget your password--since restic
's encryption is actually secure, your password is the only way to decrypt the repository.
You will need a directory (e.g. ORCBackup
) in which to store your restic backups. If you are backing up to Box, use rclone
to create it:
rclone mkdir box:ORCBackup
Initializing a repository
Before backing up, restic
needs to initialize the directory where it will be storing data. When using an rclone
back end, prefix the rclone
back end and directory name with "rclone:
":
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
init
Once a repository is initialized, you can back up anything to it. Since restic
deduplicates, it's advantageous to maintain only one repository, backing up all of your computers and projects to it.
Run a backup
After initialization creating a backup is very simple. We recommend using tags to keep your backups sorted.
Suppose you want to backup your compute
directory in addition to that of fslg_mygroup
, distinguishing the backups with tags my_compute
and fslg_mygroup_compute
respectively. You can do so with:
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
backup ~/compute/ \
--tag my_compute
sleep 30 # so Box actually deletes restic's lockfile
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
backup /fslgroup/fslg_mygroup/compute/ \
--tag fslg_mygroup_compute
The trailing slashes are important--excluding them will result in worthless backups of the symlinks themselves.
Automating backups
After this initial backup, you will probably want to schedule regular backups. The following script will run the backup and "prune" old backups (to keep space use from growing indefinitely); it keeps 2 weeks of daily, 3 months of weekly, 1 year of monthly, and 5 years of yearly backups for ~/compute
, and 1 week of daily and 6 weeks of weekly backups for /fslgroup/fslg_mygroup/compute
.
#!/bin/bash -l
# Load rclone and restic
module load rclone restic
# Set password and repo environment varialbe so we don't have to specify '--password-file' and '--repo'
export RESTIC_PASSWORD_FILE=~/.restic-password
export RESTIC_REPOSITORY=rclone:box:ORCBackup
# Back up
restic backup ~/compute/ --tag my_compute
sleep 30 # so Box actually deletes restic's lockfile
restic backup /fslgroup/fslg_mygroup/compute/ --tag fslg_mygroup_compute
sleep 30 # so Box actually deletes restic's lockfile
# Prune backups
restic forget --prune --tag my_compute --keep-daily 14 \
--keep-weekly 12 \
--keep-monthly 12 \
--keep-yearly 5
sleep 30 # so Box actually deletes restic's lockfile
restic forget --prune --tag fslg_mygroup_compute --keep-daily 7 --keep-weekly 6
In order to run this every day, save the script somewhere (e.g. ~/restic-backup.sh
), add execute permissions to it (chmod +x ~/restic-backup.sh
), and add a corresponding cron entry by running crontab -e
. You will probably want it to look something like this:
MAILTO=your_email@address.com
M H * * * ~/restic-backup.sh > ~/restic-backup.log
...where M
should be replaced with a minute (0-59) and H
should be replaced with an hour (0-23). This will run the backup script each day at a given time. Most users will only need to back up weekly or monthly:
MAILTO=your_email@address.com
# weekly (replace `W` with a number 0-6)
M H * * W ~/restic-backup.sh > ~/restic-backup.log
# monthly (replace 'L' with a number 0-31, preferably 0-28)
M H L * * ~/restic-backup.sh > ~/restic-backup.log
An added advantage of running under cron on our systems is that if the job fails (or prints anything to stderr), you will receive an email with the error message(s) as long as you have MAILTO
set to the correct address. Make sure that you direct stdout to a file (~/restic-backup.log
in these examples), or you will get an email every time the backup script runs whether or not it was successful
Checking your backups
You should check your backups roughly monthly; taking a few hours a year to make sure that you would only lose a month of work at worst is well worth the effort.
Use restic mount
to check your backups--just create a directory and mount the repository there:
mkdir /tmp/restic-mount
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
mount /tmp/restic-mount
# Now press 'Ctrl-Z' to stop the process, then...
bg # resume mount process in background
restic_pid=$!
cd /tmp/restic-mount
/tmp/restic-mount
will contain four directories: hosts
, ids
, snapshots
, and tags
. They all contain the same data, but are organized differently; generally, tags
is the most useful. It will be organized something like this:
tags/
|-- fslg_mygroup_compute
| |-- 2020-10-01T14:56:03-06:00
| |-- 2020-10-02T13:45:42-06:00
| '-- latest -> 2020-10-02T13:45:42-06:00
'-- my_compute
|-- 2020-10-01T13:45:02-06:00
|-- 2020-10-02T13:45:01-06:00
'-- latest -> 2020-10-02T13:44:18-06:00
Each of the subdirectories under the tags will contain everything in the associated backup--for example, if you navigate to tags/my_compute/latest
and run ls
, you will see the exact same files and directories as exist in your ~/compute
directory. This is very useful for restoring single files or small groups of files (e.g. on accidental deletion)--just mount the repository, find the file(s), and copy them back to their original location.
Once you are finished, navigate out of the mount, kill the restic mount
process, and clean up the mount directory:
cd /tmp
kill $restic_pid
rmdir restic-mount
Restoring from backup
In case of a major data loss, restic mount
isn't efficient--you'll want to use restic restore
. To restore the most recent snapshot of /fslgroup/fslg_mygroup/compute/
to its original location, for example, you can use:
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
restore latest \
--tag fslg_mygroup_compute \
--target /fslgroup/fslg_mygroup/compute/
Be very careful with restore
--it will overwrite anything that exists in the target directory, so only use the original directory if all truly is lost or if you have moved everything that is salvageable elsewhere.
You can, of course, specify older snapshots--for example, you might want to use the snapshot of your compute directory from two days ago, since you just realized that a breaking change happened yesterday before the backup ran. To find out which snapshot corresponds to that backup, use restic snapshot
:
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
snapshots
The results will look something like this:
ID Time Host Tags Paths
------------------------------------------------------------------------
fa582527 2020-10-01 13:45:02 login02 my_compute /
ca22a0dc 2020-10-01 14:56:03 login02 fslg_mygroup_compute /
04df3762 2020-10-02 13:45:01 login02 wind-ssd /
ad81d9a1 2020-10-02 13:45:42 login02 fslg_mygroup_compute /
------------------------------------------------------------------------
4 snapshots
fa582527
is the snapshot corresponding to the backup of your ~/compute
directory from two days ago. If you just want to restore one file, ~/compute/somedir/someprogram.c
, you can specify it with --include
(there is a corresponding --exclude
flag as well):
restic --password-file ~/.restic-password \
--repo rclone:box:ORCBackup \
restore fa582527 \
--target ~/compute/ \
--include /somedir/someprogram.c
Last changed on Tue Jan 23 12:02:19 2024