Discover the Advantages of Cloud-based Solution With Restic
We’ve talked about cloud backups on this course but not done much with them until now because of the setup needed. So let’s look at how to send your backups to the cloud. For home and small business use, it’s easy to set up automated file synchronization using commercial cloud services such as Apple iCloud, Microsoft OneDrive, Dropbox, etc., but in a commercial environment, or if you want a more sophisticated control of GFS versioning, you might not want to have every individual workstation managing its own backups - you could have hundreds of cloud repositories to manage!
Restic provides a way to centralize backups from multiple office-based devices to a cloud service. In addition, you can also backup multiple cloud-based systems to a cloud location. Those features are not unique to Restic, but the program makes them very easy to set up, so the software is worth checking out. You’ll find many of the cloud-oriented commands are very similar to the ones we covered when backing up to a local USB stick, so now let’s try to send your backups to Amazon Web Services (AWS).
Write a Script for Cloud-based Backup
To send our example backup of the syslog files to the cloud, you need a cloud account. We prepared this document to explain how to set up a free Amazon AWS Cloud account and get it ready for this exercise. If you check out the Restic docs, you’ll see that it’s possible to use other cloud service providers just as easily.
Once we have the Amazon account and Restic user setup, we will need the following information:
The AWS Restic user’s account name.
AWS Restic user’s access key ID.
The AWS Restic user’s secret.
A strong password for your Restic repository (choose one now).
All of the work is completed in a Linux terminal window on your work PC, with your user given root permissions (sudo su -). If you have kept your terminal window open after the previous exercises, you will be in the right place. If not, refer back and open a new window.
Now you’re ready to go! You can set up a cloud repository on Amazon’s S3 platform. See how in the video below:
As you have seen, the first step is to create a Restic environment file. Use your favorite editor to create a file called /root/.restic.env, and add the following:
export AWS_ACCESS_KEY_ID="AKI**********" export AWS_SECRET_ACCESS_KEY="********************" export RESTIC_PASSWORD="YourChosenResticRepositoryPassword" export RESTIC_REPOSITORY="s3:https://s3.amazonaws.com/YourBucketName"
When you have exited and saved this file, secure it so only the root user can access it, with the command:
chmod 400 /root/.restic.env
Next, execute the file and immediately create your repository type:
source /root/.restic.env ; restic init
If you have made it this far, there’s good news; things get easier from now on!
Much of the Restic syntax from previous exercises work just the same except that you refer to your S3 bucket storage, which is all done in the .env file you made earlier!
Try these commands:
source /root/.restic.env ; restic backup /var/log/syslog*
If that works without errors, run the command a couple more times and note the result. If something unexpected happens, check the line for syntax errors and review your .env file to make sure the information in it is correct. If things still don’t work, backtrack through your setup at AWS.
Next try:
source /root/.restic.env ; restic snapshots
You should have now taken your first few backups and then listed the snapshots from the Restic repository in the S3 bucket!
Now, for the big leap, how about making a cron script that does a daily backup to the S3 bucket!? You have the syntax above (the first line: source /root/.restic.env ; restic backup /var/log/syslog*
), so use your experience from earlier to:
Make sure you are working as the root user (sudo su -).
Create a script called mys3backup.sh and put all of the Restic backup lines from above in it.
Make the script executable (remember the chmod command you used on your first script).
Add the script to crontab using your favorite editor. Initially, set the script to run every 5 minutes, then after you’ve done all your testing, modify it to a more realistic schedule.
You know what happens next…
Test Your Script
Time to test our script and see whether we can send a backup to the cloud! Check out this video and see how easy it is to drop some bytes into a bucket!
To run our script manually, we have to type in:
source /root/.restic.env ; /root/mys3backup.sh
Don’t forget the second part ( /root/mys3backup.sh
) to check if a snapshot has been added to the bucket.
Next, remember how we modified the original crontab line to create a local log file? We do the same here by adding the following:
2>&1 | tee -a /root/S3-restic-log-$(date -d "today" +"%Y%m%d%H%M").log
Finally, to get some data back, list your snapshots again using the command from earlier, then pick an ID and try with:
source /root/.restic.env ; restic restore 62a0683f --target /root/s3restore
Replace the 62a0683f with the ID of your chosen snapshot. You should now have a restored copy of some /var/log/snapshot files below /root/s3restore; go check them out!
And there you go, you’ve now set up a cloud-based backup on AWS and tested it!
Just a quick reminder: you have a free tier account running at Amazon AWS. You might want to try a few more backups and restores with it or even find out a bit more about what you can do with S3 buckets!
We’ve come a long way with Restic but only really scratched the surface in terms of what it can do. If you want to explore further, check out the Restic documentation and this really excellent independent article.
Let’s Recap!
Restic makes the leap from local to cloud backups quite straightforward once the cloud account and a user have been set up.
Robocopy is a handy tool for the bulk copying of files for simple backups; however, Restic takes things further and supports encryption, GFS schemes, and versioning (
agings
) out of the box, oh and did we mention that it’s available for Windows and Apple Macs too!Amazon Web Services (AWS) provides an object storage service called S3 (Simple Storage Services)— a great target for Restic backups.
The Linux source command is a tool that can restrict the propagated scope of declared variables, so it’s ideal for protecting secrets and private keys.
Always test your backups!
Congratulations, you are now familiar with Amazon AWS S3 buckets and have mastered the fundamentals of setting up and managing cloud backups using Restic! That’s quite a lot - well done!
Before we let you loose on the world with all this new knowledge, it would not be fair to see you go without one last quiz!