Restic
Restic is an open source backup program written in Golang and can run on Linux, Windows, and Mac.
Download: https://github.com/restic/restic/releases/latest
Cheat sheet
| Description | Command |
|---|---|
| Initialize a new repository | restic init
|
| Backup files | restic backup /path/to/files
|
| Backup files using a file list | restic backup --files-from=$filelist
|
| Backup files with a specific tag | restic backup --tag $tag /path/to/files
|
| Show available snapshots and their snapshot IDs | restic snapshots
|
| Restore a snapshot to the given destination | restic restore $snapshotid -t $destination
|
| Restore a specific file from a specific snapshot | restic restore $snapshotid -t $destination -i $path_to_file
|
| Mount a snapshot (to explore/restore) | restic mount $mountpoint
|
| Delete all snapshots and prune backend storage | restic forget --prune
|
| Delete all snapshots except a specific tag | restic forget --keep-tag=$tag
|
To automate restic, you may want to pass in the repository password in the RESTIC_PASSWORD environment variable.
Setup
Automate backups with cron
Add a cronjob:
# crontab -e
## Add:
## */15 * * * * . ~/.restic.env ; /usr/local/bin/restic backup --files-from=/root/restic.files --tag automated 2>> ~/restic.err >> ~/restic.log
S3 compatible backend
A S3 backed repository can be created by defining the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables and then initializing a new repository using a s3 endpoint.
- Set up the two environment variables.
export AWS_ACCESS_KEY_ID="***"
export AWS_SECRET_ACCESS_KEY="***"
On Oracle Cloud Infrastructure (OCI), you need to generate the AWS access key id and secret under Identity & Security -> Users -> your account -> Customer Secret Keys. The S3 repository on OCI follows this format: https://<namespace>.compat.objectstorage.<region>.oraclecloud.com, where <namespace> is given under your bucket information and region is found in your dashboard's URL. On AWS, you will need to set up a new user under IAM with a 'programmatic access' access type. You will then have to allow this account access (DeleteObject, GetObject, PutObject, ListBucket, GetBucketLocation) to this S3 resource. Once the account is created, you should be able to see its Access key ID and Secret access key.
- Initialize the repository to use your S3 bucket.
# export RESTIC_REPOSITORY="s3:https://s3-server/bucket-name"
# restic init
## Or, without defining RESTIC_REPOSITORY, specify the repository with -r
# restic -r s3:https://s3-server/bucket-name init
- Provider a password to your new repository
AWS storage tiers
Restic backups to Amazon S3 will use the STANDARD storage class and supports some of the other instant retrieval storage classes. Restic does not officially support the slower retrieval storage classes including S3 Glacier Deep Archive since the program expects quick retrieval times to function. It also may incur additional early deletion fees when it tries to prune data blobs because it likely will need to rewrite (ie. delete and re-upload) data.
Restic only supports the following storage classes:
STANDARD,STANDARD_IA, Standard-Infrequent Access. Minimum 30 day storage duration.ONEZONE_IA, One Zone-Infrequent Access. Costs 20% less than S3 Standard-IA. Stores data in only one availability zone vs. the standard minimum of three. Minimum 30 day storage duration.INTELLIGENT_TIERING, Intelligent-Tiering. Costs $2.5 per 1,000,000 objects per month. Infrequently accessed data (older than 180 days / 6 months) gets stored on the infrequent access tier at a reduced price ($0.0125 vs the standard $0.023 per GB/mo).REDUCED_REDUNDANCY
See: https://aws.amazon.com/s3/storage-classes/