简介
restic 是一个疾速、高效和平安的备份程序。它反对三大操作系统(Linux、macOS、Windows)和一些较小的操作系统(FreeBSD、OpenBSD)。它应用 go 编程语言编写,应用 AES-256 对数据进行加密,并应用 Poly1305-AES 对数据进行身份验证。
github地址:https://github.com/restic/restic
设计准则
Restic 是一个能够正确进行备份的程序,其设计遵循以下准则:
- 简略:备份应该是一个顺畅的过程,否则您可能会想跳过它。Restic 应该易于配置和应用,以便在数据失落的状况下,您能够间接复原它。同样,复原数据不应该很简单。
- 疾速:应用 restic 备份数据应仅受网络或硬盘带宽的限度,以便您能够每天备份文件。如果须要太多工夫,没有人会进行备份。复原备份应该只传输要复原的文件所需的数据,这样这个过程也很快。
- 可验证:比备份更重要的是复原,所以 restic 使您能够轻松验证所有数据是否能够复原。
- 平安:Restic 应用加密技术来保障您数据的机密性和完整性。假如备份数据的存储地位不是受信赖的环境(例如,系统管理员等其他人能够拜访您的备份的共享空间)。Restic 旨在爱护您的数据免受此类攻击者的侵害。
- 高效:随着数据的增长,额定的快照应该只占用理论增量的存储。更重要的是,在将反复数据理论写入存储后端之前,应该对其进行去重,以节俭贵重的备份空间。
装置
CentOS
[root@centos7 ~]# yum install yum-plugin-copr -y[root@centos7 ~]# yum copr enable copart/restic -yLoaded plugins: copr, fastestmirrorcopr done[root@centos7 ~]# yum install restic -y如果下面的装置呈现谬误,请执行上面的命令解决源的问题
[root@centos7 ~]# yum-config-manager --add-repo https://copr.fedorainfracloud.org/coprs/copart/restic/repo/epel-7/copart-restic-epel-7.repoLoaded plugins: fastestmirroradding repo from: https://copr.fedorainfracloud.org/coprs/copart/restic/repo/epel-7/copart-restic-epel-7.repograbbing file https://copr.fedorainfracloud.org/coprs/copart/restic/repo/epel-7/copart-restic-epel-7.repo to /etc/yum.repos.d/copart-restic-epel-7.reporepo saved to /etc/yum.repos.d/copart-restic-epel-7.repomacOS
# brew$ brew install restic# macprots$ sudo port install restic更多装置形式请参考:https://restic.readthedocs.io...
配置备份存储库
保留备份的地位称为“存储库”。存储库能够存储在本地,也能够存储在某个近程服务器或服务上。反对以下几种存储形式:
对于主动备份,restic 承受环境变量中的存储库地位RESTIC_REPOSITORY。Restic 还能够从通过--repository-file选项或环境变量指定的文件中读取存储库地位RESTIC_REPOSITORY_FILE。
对于明码,有几个选项:
- 设置环境变量 RESTIC_PASSWORD
- 通过选项--password-file或环境变量指定带有明码的文件门路 RESTIC_PASSWORD_FILE
- 通过选项--password-command或环境变量 配置须要明码时调用的程序RESTIC_PASSWORD_COMMAND
创立本地存储库
以创立本地存储库为例
[root@centos7 ~]# restic init --repo /restic/backup_direnter password for new repository: enter password again: created restic repository dff64d39c6 at /restic/backup_dirPlease note that knowledge of your password is required to accessthe repository. Losing your password means that your data isirrecoverably lost.#提醒很明确,让你记住在此处输出的明码,丢掉明码就是丢掉了数据其它存储库创立形式请参考官网文档:
https://restic.readthedocs.io...
备份实操
备份目录data下的内容到存储库
[root@centos7 ~]# restic -r /restic/backup_dir --verbose backup ./dataopen repositoryenter password for repository: repository dff64d39 opened successfully, password is correctcreated new cache in /root/.cache/resticlock repositoryload index filesno parent snapshot found, will read all filesstart scan on [./data]start backup on [./data]scan finished in 1.455s: 2922 files, 71.126 MiBFiles: 2922 new, 0 changed, 0 unmodifiedDirs: 99 new, 0 changed, 0 unmodifiedData Blobs: 2889 newTree Blobs: 99 newAdded to the repo: 72.083 MiBprocessed 2922 files, 71.126 MiB in 0:05 #备份的文件数及大小snapshot 4d20711e saved #创立了文件快照--verbose #输入过程信息也能够备份单个文件
[root@centos7 ~]# ls ./datagoInception-linux-amd64-v1.2.3.tar.gz httpd-2.4.6-95.el7.centos.x86_64.rpm mingongge.z02httpd-2.4.46 mingongge.file mingongge.ziphttpd-2.4.46.tar.gz mingongge.z01[root@centos7 ~]# restic -r /restic/backup_dir --verbose backup ./data/mingongge.zipopen repositoryenter password for repository: repository dff64d39 opened successfully, password is correctlock repositoryload index filesno parent snapshot found, will read all filesstart scan on [./data/mingongge.zip]start backup on [./data/mingongge.zip]scan finished in 0.249s: 1 files, 942.793 KiBFiles: 1 new, 0 changed, 0 unmodifiedDirs: 1 new, 0 changed, 0 unmodifiedData Blobs: 0 newTree Blobs: 2 newAdded to the repo: 750 Bprocessed 1 files, 942.793 KiB in 0:00snapshot 3e5b7dea saved如果你再次执行第一步的备份命令,会发现它不再减少内容,只是为以后的数据再减少一个快照。其实,restic它具备扫描文件的性能(一一文件扫描比对),所以也只会备份存储一次雷同的数据。
文件检测性能
扫描每个文件的全部内容,十分浪费资源,所以 restic 还应用基于文件元数据的更改检测规定来确定文件自上次备份以来是否可能未更改,如果是,则不会再次扫描文件。
在Unix(包含 Linux 和 Mac)上,鉴于文件与先前备份中的文件位于同一地位,以下文件元数据属性必须匹配能力假设其内容未更改:
- 批改工夫戳(mtime)
- 元数据更改工夫戳 (ctime)
- 文件大小
- inode 编号(用于援用文件系统中的文件的外部编号)
所以,基于上述的起因,引入一些参数,如下:
--force #敞开更改检测,从新扫描全副文件--ignore-ctime #要求 mtime 匹配,但容许 ctime 不同--ignore-inode #要求 mtime 匹配,但容许 inode number 和 ctime 不同排除文件参数
--exclude #指定一次或屡次排除一个或多个项--iexclude #与exclude雷同,但疏忽门路的状况--exclude-caches #指定一次排除蕴含非凡文件的文件夹--exclude-file #指定一次排除蕴含非凡文件的文件夹--iexclude-file #与exclude-file雷同,但疏忽门路的状况--exclude-if-present foo #排除文件夹蕴含名为foo的文件--exclude-larger-than size #指定一次以排除大于给定大小的文件更多相干的性能请参考:https://restic.readthedocs.io...
存储库应用
既然数据备份到了存储库,所以,咱们也须要去应用存储库,上面来介绍相干的操作。
列出存储库的所有快照
这个性能和平时在零碎上应用ls命令雷同,查看显示的性能
[root@centos7 ~]# restic -r /restic/backup_dir/ snapshotsenter password for repository: repository dff64d39 opened successfully, password is correctID Time Host Tags Paths-------------------------------------------------------------------------------4d20711e 2021-06-04 03:40:47 centos7 /root/data3e5b7dea 2021-06-04 03:46:34 centos7 /root/data/mingongge.zip94c62288 2021-06-04 03:51:21 centos7 /root/data-------------------------------------------------------------------------------3 snapshots#还能够应用上面的参数进行过滤匹配查看--path="dir_name"--host hostname#通过雷同的过滤器(主机、门路、标签)对输入进行分组--group-by更多内容请参考:https://restic.readthedocs.io...
检测存储库数据
[root@centos7 ~]# restic -r /restic/backup_dir/ checkusing temporary cache in /tmp/restic-check-cache-294136679enter password for repository: repository dff64d39 opened successfully, password is correctcreated new cache in /tmp/restic-check-cache-294136679create exclusive lock for repositoryload indexescheck all packscheck snapshots, trees and blobs[0:00] 100.00% 3 / 3 snapshotsno errors were found数据恢复
这个才是重点啊,复原数据才是王炸。
创立模仿数据删除的环境
[root@centos7 ~]# cd data/[root@centos7 data]# lltotal 33796-rw-r--r-- 1 root root 13034487 Aug 30 2020 goInception-linux-amd64-v1.2.3.tar.gzdrwxr-sr-x 11 root 40 4096 Dec 24 22:35 httpd-2.4.46-rw-r--r-- 1 root root 9363314 Aug 5 2020 httpd-2.4.46.tar.gz-rw-r--r-- 1 root root 2846172 Oct 14 2020 httpd-2.4.6-95.el7.centos.x86_64.rpm-rw-r--r-- 1 root root 0 Jan 16 11:32 mingongge.file-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z01-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z02-rw-r--r-- 1 root root 965420 Jan 16 16:24 mingongge.zip[root@centos7 data]# rm -rf ./*[root@centos7 data]# lltotal 0复原数据
间接从快照复原误删除的数据
[root@centos7 ~]# restic -r /restic/backup_dir/ restore 4d20711e --target /root/enter password for repository: repository dff64d39 opened successfully, password is correctrestoring <Snapshot 4d20711e of [/root/data] at 2021-06-04 03:40:47.878873654 -0400 EDT by root@centos7> to /root/[root@centos7 ~]# ll /root/data/total 33796-rw-r--r-- 1 root root 13034487 Aug 30 2020 goInception-linux-amd64-v1.2.3.tar.gzdrwxr-sr-x 11 root 40 4096 Dec 24 22:35 httpd-2.4.46-rw-r--r-- 1 root root 9363314 Aug 5 2020 httpd-2.4.46.tar.gz-rw-r--r-- 1 root root 2846172 Oct 14 2020 httpd-2.4.6-95.el7.centos.x86_64.rpm-rw-r--r-- 1 root root 0 Jan 16 11:32 mingongge.file-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z01-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z02-rw-r--r-- 1 root root 965420 Jan 16 16:24 mingongge.zip下面的这种复原办法相当指定从某某快照复原数据,有时候快照较多,你不晓得如何疾速从哪个快照复原的话,能够应用 latest 参数,去从最初一次备份的快照中复原数据。
[root@centos7 ~]# rm -rf /root/data/*[root@centos7 ~]# ll /root/data/total 0[root@centos7 ~]# restic -r /restic/backup_dir/ restore latest --target /root/enter password for repository: repository dff64d39 opened successfully, password is correctrestoring <Snapshot 94c62288 of [/root/data] at 2021-06-04 03:51:21.232686491 -0400 EDT by root@centos7> to /root/[root@centos7 ~]# ll /root/data/total 33796-rw-r--r-- 1 root root 13034487 Aug 30 2020 goInception-linux-amd64-v1.2.3.tar.gzdrwxr-sr-x 11 root 40 4096 Dec 24 22:35 httpd-2.4.46-rw-r--r-- 1 root root 9363314 Aug 5 2020 httpd-2.4.46.tar.gz-rw-r--r-- 1 root root 2846172 Oct 14 2020 httpd-2.4.6-95.el7.centos.x86_64.rpm-rw-r--r-- 1 root root 0 Jan 16 11:32 mingongge.file-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z01-rw-r--r-- 1 root root 4194304 Jan 16 16:24 mingongge.z02-rw-r--r-- 1 root root 965420 Jan 16 16:24 mingongge.zip其它治理介绍
删除快照
这里的快照和备份的文件名义是雷同的,快照多了,可能就须要定期删除,个别对于数据的备份工夫要求基本上30天是一个周期,除了特地重要的数据可能更久一点,这个依据理论状况定。
[root@centos7 ~]# restic -r /restic/backup_dir/ snapshotsenter password for repository: repository dff64d39 opened successfully, password is correctID Time Host Tags Paths-------------------------------------------------------------------------------4d20711e 2021-06-04 03:40:47 centos7 /root/data3e5b7dea 2021-06-04 03:46:34 centos7 /root/data/mingongge.zip94c62288 2021-06-04 03:51:21 centos7 /root/data-------------------------------------------------------------------------------3 snapshots[root@centos7 ~]# restic -r /restic/backup_dir/ forget 4d20711eenter password for repository: repository dff64d39 opened successfully, password is correct[0:00] 100.00% 1 / 1 files deleted[root@centos7 ~]# restic -r /restic/backup_dir/ snapshotsenter password for repository: repository dff64d39 opened successfully, password is correctID Time Host Tags Paths-------------------------------------------------------------------------------3e5b7dea 2021-06-04 03:46:34 centos7 /root/data/mingongge.zip94c62288 2021-06-04 03:51:21 centos7 /root/data-------------------------------------------------------------------------------2 snapshots#这个形式和复原雷同,都是指定快照ID这种形式的删除,只是将快照删除了,然而援用的文件依然在存储库中,也就是说存储库的大小没有变动,须要应用 prune 参数来革除数据。
[root@centos7 ~]# restic -r /restic/backup_dir/ pruneenter password for repository: repository dff64d39 opened successfully, password is correctloading indexes...loading all snapshots...finding data that is still in use for 2 snapshots[0:00] 100.00% 2 / 2 snapshotssearching used packs...collecting packs for deletion and repacking[0:00] 100.00% 19 / 19 packs processedto repack: 0 blobs / 0 Bthis removes 0 blobs / 0 Bto delete: 0 blobs / 0 Btotal prune: 0 blobs / 0 Bremaining: 2990 blobs / 72.175 MiBunused size after prune: 0 B (0.00% of remaining size)done还能够应用上面的命令同时执行下面两步的操作,相当于合并操作
restic forget --keep-last 1 --prune#--keep-last 1 不删除最初一次的快照更多对于快照删除请参考:https://restic.readthedocs.io...
存储库的明码治理
咱们能够应用key命令来为同一个存储库设置多个明码,还能够应用 add、list、remove、passwd 来治理明码。
- 查看明码
[root@centos7 ~]# restic -r /restic/backup_dir/ key listenter password for repository: repository dff64d39 opened successfully, password is correct ID User Host Created---------------------------------------------*d216779f root centos7 2021-06-04 03:28:34---------------------------------------------- 新增明码
[root@centos7 ~]# restic -r /restic/backup_dir/ key addenter password for repository: repository dff64d39 opened successfully, password is correctenter new password: enter password again: saved new key as <Key of root@centos7, created on 2021-06-04 04:43:18.024358447 -0400 EDT m=+18.001857421>[root@centos7 ~]# restic -r /restic/backup_dir/ key listenter password for repository: repository dff64d39 opened successfully, password is correct ID User Host Created---------------------------------------------*d216779f root centos7 2021-06-04 03:28:34 33d0b428 root centos7 2021-06-04 04:43:18---------------------------------------------删除
[root@centos7 ~]# restic -r /restic/backup_dir/ key remove 33d0b428enter password for repository: repository dff64d39 opened successfully, password is correctremoved key 33d0b428cba5c62585f1190432e61d46b88b4a6418c693d09ec47db596eace1f[root@centos7 ~]# restic -r /restic/backup_dir/ key listenter password for repository: repository dff64d39 opened successfully, password is correct ID User Host Created---------------------------------------------*d216779f root centos7 2021-06-04 03:28:34---------------------------------------------更改明码
[root@centos7 ~]# restic -r /restic/backup_dir/ key passwdenter password for repository: repository dff64d39 opened successfully, password is correctenter new password: enter password again: saved new key as <Key of root@centos7, created on 2021-06-04 04:51:13.658184739 -0400 EDT m=+27.022974479>[root@centos7 ~]# restic -r /restic/backup_dir/ key listenter password for repository: repository dff64d39 opened successfully, password is correct ID User Host Created---------------------------------------------*a62168f6 root centos7 2021-06-04 04:51:13---------------------------------------------#明码已更新实现,ID变动上能够看进去
常见问题
https://restic.readthedocs.io...
更多相干的性能,及其操作,有趣味的读者能够自行装置体验。民工哥我一圈体验下来,感觉这个restic 的确是一款十分弱小、疾速、平安高效的备份神器,要害的要害是开源收费,太香了,强裂举荐。