Rear using duply as backup method
In previous blog posts we described how to make a secure (encrypted) backup to a cloud storage provider using duply (with duplicity) and how to generate GnuPG cryptographic keys.
We can use duply (or duplicity) with relax-and-recover (rear) to take care of full backup of the GNU/Linux system. Therefore, duplicity is responsible for backup and restore and rear is just taking care of the rescue image and doing the restore of the disk partitions, including creating volume groups and file systems. After that, rear hands over the task to duplicity to do the restore. And, finally, when all has been restored (read the OS part) take care of making the disk bootable using grub or another boot loader.
The way duply works we first have to setup a duply profile as user root, which defines the backup/restore path towards the cloud infrastructure, e.g.
# grep -v \# /root/.duply/ubuntu-15-04-backup/conf | sed -e '/^$/d' GPG_KEY='BD4A8DCC' GPG_PW='my_secret_key_phrase' TARGET='scp://root:my_secret_password@freedom//exports/archives/ubuntu-15-04' SOURCE='/' MAX_AGE=1M MAX_FULL_BACKUPS=1 MAX_FULLS_WITH_INCRS=1 VERBOSITY=5 TEMP_DIR=/tmp
What does the above configuration accomplishes? Well, it comes to a full backup of
/ being send to a remote system freedom using encrypted duplicity backup method. However, we must avoid making backups of some directories to avoid hangs during the restore. We do that by adding these in the
exclude file listed as one file system per line:
# grep -v \# /root/.duply/ubuntu-15-04-backup/exclude | sed -e '/^$/d' /proc /sys /run /var/lib/ntp/proc /root/.cache /tmp /var/tmp /mnt
Now we think we have a working duplicity backup, right? Wrong, you better check it by using the command:
# duply ubuntu-15-04-backup status Start duply v1.9.1, time is 2015-09-02 15:19:49. Using profile '/root/.duply/ubuntu-15-04-backup'. ... Found primary backup chain with matching signature chain: ------------------------- Chain start time: Wed Aug 26 11:06:44 2015 Chain end time: Thu Aug 27 11:03:32 2015 Number of contained backup sets: 3 Total number of contained volumes: 45 Type of backup set: Time: Num volumes: Full Wed Aug 26 11:06:44 2015 35 Incremental Thu Aug 27 10:58:24 2015 5 Incremental Thu Aug 27 11:03:32 2015 5 ------------------------- No orphaned or incomplete backup sets found. Using temporary directory /tmp/duplicity-X4ETex-tempdir --- Finished state OK at 15:19:50.907 - Runtime 00:00:00.891 ---
So it seems we have a working duply setup. We can now configure relax-and-recover (rear) if it is installed of course. If not, you can download it from the web The configuration we need to setup up so that rear works with duplicity (and duply) is as follow:
# grep -v \# /etc/rear/site.conf | sed -e '/^$/d' BACKUP=DUPLICITY DUPLY_PROFILE="ubuntu-15-04-backup" OUTPUT=ISO OUTPUT_URL=nfs://freedom/exports/isos
site.conf file is telling rear to use the backup method duplicity with the variable
BACKUP=DUPLICITY and as we want to use
duply wrapper we need to tell rear to use the corresponding profile with the variable
DUPLY_PROFILE. On the other hand, we define to send the rescue image as an ISO image (via
OUTPUT=ISO) to a remote nfs server (freedom) via the definition of
To create a rear rescue image we can type
rear -v mkrescue and that should be it as far what rear concerns as the customer is responsible to foresee a full backup of the system. Normally, as duplicity is an external backup method for relax-and-recover, rear is not making any backup at all. However, somebody made a pull request which does make a full backup using duplicity during a rear session. Therefore, if you use
rear -v mkbackup it will create a rescue image and start making a backup as well.
# rear -v mkbackup Relax-and-Recover 1.17.1 / Git Using log file: /var/log/rear/rear-ubuntu-15-04.log The last full backup taken with duply/duplicity was: Last full backup date: Wed Aug 26 11:06:44 2015 Creating disk layout Creating root filesystem layout TIP: To login as root via ssh you need to set up /root/.ssh/authorized_keys or SSH_ROOT_PASSWORD in your configuration file Copying files and directories Copying binaries and libraries Copying kernel modules Creating initramfs Making ISO image Wrote ISO image: /var/lib/rear/output/rear-ubuntu-15-04.iso (132M) Copying resulting files to nfs location Starting full backup with duply/duplicity
To verify that a backup was created you could re-run
duply ubuntu-15-04-backup status and you should see at the end:
Type of backup set: Time: Num volumes: Full Wed Aug 26 11:06:44 2015 35 Incremental Thu Aug 27 10:58:24 2015 5 Incremental Thu Aug 27 11:03:32 2015 5 Incremental Wed Sep 2 16:05:41 2015 5 ------------------------- No orphaned or incomplete backup sets found. Using temporary directory /tmp/duplicity-dzm3hQ-tempdir --- Finished state OK at 16:07:48.580 - Runtime 00:00:00.672 ---
To recover this system afterwards you just need to boot from the rescue image created and type
rear -v recover to restore the complete system using rear and duplicity.