如何在Ubuntu 16.04上使用Duplicity备份
时间:2020-03-05 15:26:35 来源:igfitidea点击:
Duplicity是一个软件应用程序,它提供加密的数字签名,版本化的tar格式备份卷,可以将其上载到远程或者本地文件服务器。
它是Ubuntu,Linux Mint,Debian,Fedora等所有主要的Linux发行版,还支持。
Duplicity支持使用,SSH/SCP,RSYNC,FTP,WebDAV等在文件系统或者服务器之间本地或者远程协调文件。
在本教程中,我将解释如何设置重复性并使用它在Ubuntu服务器上安全地自动化备份。
准备工作
我们需要从存储库安装Ubuntu的所有默认包。
$apt-get update $apt-get install ncftp python-paramiko python-pycryptopp lftp python-boto python-dev librsync-dev
安装duplicity.
我们可以通过运行此命令从存储库包中安装重复性。
$apt install duplicity
让我们在安装后确认重复版本。
$duplicity -V duplicity 0.7.06
创建SSH和GPG键
接下来,我们需要使用SSH密钥来安全地使用远程系统进行身份验证,而无需提供密码。
我们还使用GPG键在将数据传输到备份位置之前加密数据。
这些密钥在服务器之间提供安全的交互。
让我们从root用户生成RSA 2048位加密的SSH密钥,以允许密码登录到备份机器。
$ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:gxdDFAjm6AUSi7LzczlDE1orygCzplmjQCqBFkxJ8Dc root@duplicity-01 The key's randomart image is: +---[RSA 2048]----+ |O=o o. o+. | |o*.= .. | |Ooo E o | |** = + . o | |O.* + . S | |BB + o . . | |=.o = | | o o | | | +----[SHA256]-----+
现在我们将此RSA键复制到远程备份位置。
$ssh-copy-id [email protected] /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '45.55.165.191 (45.55.165.191)' can't be established. ECDSA key fingerprint is SHA256:XhFoQ3/mIsjGH7RfMwH6m0MHbj1B1kR4Sug5vfTQLdU. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
因此,我们可以访问远程备份服务器而不从主机提供密码。
我们需要创建备份目标位置以保存我们的备份。
我在远程备份服务器上创建了一个duplicity文件夹。
$mkdir -p remotebackup/Duplicity
我们的下一步是创建GPG键。
GPG键用于另外的安全性和加密在服务器上传输的数据。
只需运行以下命令即可创建它:
$gpg --gen-key
此命令将创建GPG键并将其保存在/root/.gnupg/文件夹下。
此密钥生成是交互式的,我们需要在过程中选择和响应各种问题。
$gpg --gen-key gpg (GnuPG) 1.4.20; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys Jan be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <[email protected]>" Real name: Saheetha Email address: [email protected] Comment: You selected this USER-ID: "Saheetha <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. gpg: gpg-agent is not available in this session We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. Not enough random bytes available. Please do some other work to give the OS a chance to collect more entropy! (Need 287 more bytes)
此时,我们被要求生成熵。
熵基本上是系统中的不可预测性。
VPS需要熵以创建实际随机的密钥。
如果我们将此消息收到为突出显示的部分,则需要安装"Hasged"包以创建随机随机的键并再次尝试该命令。
$apt-get install haveged
此包可以从默认存储库安装。
安装后,我们需要确保在其配置文件/etc/default/hasged中更新以下设置。
DAEMON_ARGS="-w 1024"
最后,只需确保它配置为启动启动:
$update-rc.d haveged defaults
设置此后,我们可以再次重新启动gpg -gen-key命令,并且它将完成以下过程。
$gpg --gen-key gpg (GnuPG) 1.4.20; Copyright (C) 2014 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? RSA keys Jan be between 1024 and 4096 bits long. What keysize do you want? (2048) Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) Key does not expire at all Is this correct? (y/N) Key is valid for? (0) Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <[email protected]>" Real name: Saheetha Email address: [email protected] Comment: You selected this USER-ID: "Saheetha <[email protected]>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. gpg: gpg-agent is not available in this session We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. +++++ ...+++++ We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .................+++++ ........+++++ gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key F03B3360 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/F03B3360 2015-11-25 Key fingerprint = F262 785A B5E6 25E9 56E7 4484 3354 43D9 F03B 3360 uid Saheetha <[email protected]> sub 2048R/C4D85223 2015-11-25
我们还可以通过运行此命令来获取GPG密钥信息。
$gpg --list-keys /root/.gnupg/pubring.gpg ----------------------- pub 2048R/F03B3360 2015-11-25 uid Saheetha <[email protected]> sub 2048R/C4D85223 2015-11-25
如何使用重复性
让我们通过创建要备份的虚拟文件的文件夹来为我们的重复系统进行初步测试。
我们可以创建一个测试文件夹并创建一些文件备份。
$mkdir Test-DoC
$cd Test-DoC
$touch file{1..100}
现在,我们可以运行此命令备份服务器到远程备份服务器。
$root@duplicity-01:~# duplicity /root/Test-DoC/sftp://[email protected]//remotebackup/Duplicity The authenticity of host '45.55.165.191' can't be established. SSH-RSA key fingerprint is 20:9d:3b:fe:af:df:d1:40:5d:bc:f4:2c:6e:30:54:e0. Are you sure you want to continue connecting (yes/no)? yes Local and Remote metadata are synchronized, no sync needed. Last full backup date: none GnuPG passphrase for decryption: Retype passphrase for decryption to confirm: No signatures found, switching to full backup. --------------[ Backup Statistics ]------------- StartTime 1480059313.48 (Fri Nov 25 07:35:13 2015) EndTime 1480059313.53 (Fri Nov 25 07:35:13 2015) ElapsedTime 0.05 (0.05 seconds) SourceFiles 101 SourceFileSize 4096 (4.00 KB) NewFiles 101 NewFileSize 4096 (4.00 KB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 101 RawDeltaSize 0 (0 bytes) TotalDestinationSizeChange 1029 (1.00 KB) Errors 0 ------------------------------------------------
我们可以通过登录到我们的远程服务器确认备份。
root@duplicity-02:/remotebackup/Duplicity# ll total 20 drwxr-xr-x 2 root root 4096 Nov 25 07:35 ./ drwxr-xr-x 3 root root 4096 Nov 25 07:11 ../ -rw-r--r-- 1 root root 438 Nov 25 07:35 duplicity-full.20151125T073505Z.manifest.gpg -rw-r--r-- 1 root root 1029 Nov 25 07:35 duplicity-full.20151125T073505Z.vol1.difftar.gpg -rw-r--r-- 1 root root 1596 Nov 25 07:35 duplicity-full-signatures.20151125T073505Z.sigtar.gpg
预计这些文件将包含备份信息。
由于它只是测试文件,我们可以删除整个文件。
创建整个服务器备份
让我们创建第一个服务器备份。
我们正在创建一个完整的根服务器备份,除了一些像/proc,/sys和/tmp的文件夹。
其中我们需要使用先前生成的GPG PUB密钥和释放来保护和加密我们的数据。
这是备份创建的一般语法。
duplicity --encrypt-key Pub-key_from_GPG --exclude files_to_exclude --include files_to_include path_to_back_up sftp://root@remotebackupHostname//remotebackup/duplicity
我运行此命令备份我的服务器。
root@duplicity-01:~# PASSPHRASE="docker" duplicity --encrypt-key F03B3360 --exclude /proc --exclude /sys --exclude /tmp /sftp://[email protected]//remotebackup/Duplicity/ Local and Remote metadata are synchronized, no sync needed. Last full backup date: none No signatures found, switching to full backup. --------------[ Backup Statistics ]------------- StartTime 1480143194.50 (Sat Nov 26 06:53:14 2015) EndTime 1480143304.84 (Sat Nov 26 06:55:04 2015) ElapsedTime 110.34 (1 minute 50.34 seconds) SourceFiles 69101 SourceFileSize 885736795 (845 MB) NewFiles 69101 NewFileSize 885736795 (845 MB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 69101 RawDeltaSize 847552198 (808 MB) TotalDestinationSizeChange 345904578 (330 MB) Errors 0 ------------------------------------------------
完成此备份过程需要一些时间。
因为这是我们第一次运行备份,所以重复性将创建一个完整的备份。
Duplicity将数据的块划分为卷以简化文件传输。
root@duplicity-02:/remotebackup/Duplicity# ll total 354864 drwxr-xr-x 2 root root 4096 Nov 26 06:55 ./ drwxr-xr-x 3 root root 4096 Nov 25 07:11 ../ -rw-r--r-- 1 root root 303666 Nov 26 06:55 duplicity-full.20151126T065314Z.manifest.gpg -rw-r--r-- 1 root root 26241374 Nov 26 06:54 duplicity-full.20151126T065314Z.vol10.difftar.gpg -rw-r--r-- 1 root root 26192752 Nov 26 06:54 duplicity-full.20151126T065314Z.vol11.difftar.gpg -rw-r--r-- 1 root root 26206134 Nov 26 06:54 duplicity-full.20151126T065314Z.vol12.difftar.gpg -rw-r--r-- 1 root root 26196266 Nov 26 06:54 duplicity-full.20151126T065314Z.vol13.difftar.gpg -rw-r--r-- 1 root root 4999361 Nov 26 06:55 duplicity-full.20151126T065314Z.vol14.difftar.gpg -rw-r--r-- 1 root root 26256306 Nov 26 06:53 duplicity-full.20151126T065314Z.vol1.difftar.gpg -rw-r--r-- 1 root root 26216804 Nov 26 06:53 duplicity-full.20151126T065314Z.vol2.difftar.gpg -rw-r--r-- 1 root root 26198345 Nov 26 06:53 duplicity-full.20151126T065314Z.vol3.difftar.gpg -rw-r--r-- 1 root root 26197666 Nov 26 06:53 duplicity-full.20151126T065314Z.vol4.difftar.gpg -rw-r--r-- 1 root root 26237799 Nov 26 06:53 duplicity-full.20151126T065314Z.vol5.difftar.gpg -rw-r--r-- 1 root root 26218126 Nov 26 06:53 duplicity-full.20151126T065314Z.vol6.difftar.gpg -rw-r--r-- 1 root root 26252966 Nov 26 06:53 duplicity-full.20151126T065314Z.vol7.difftar.gpg -rw-r--r-- 1 root root 26234136 Nov 26 06:54 duplicity-full.20151126T065314Z.vol8.difftar.gpg -rw-r--r-- 1 root root 26256543 Nov 26 06:54 duplicity-full.20151126T065314Z.vol9.difftar.gpg -rw-r--r-- 1 root root 17136137 Nov 26 06:55 duplicity-full-signatures.20151126T065314Z.sigtar.gpg
在一个新鲜的液滴上,我的配置创建了15个卷,该卷被转移到远程系统。
由于我们在备份服务器上为我的服务器提供了完整的备份,因此下一个备份将是一个增量备份。
这些更快,需要更少的数据传输时间。
只需运行此命令,我们甚至可以强制另一个完整的备份。
$PASSPHRASE="docker" duplicity full --encrypt-key F03B3360 --exclude /proc --exclude /sys --exclude /tmp /sftp://[email protected]//remotebackup/Duplicity/
安排我们的备份
现在,我们可以通过设置备份脚本自动运行,学习如何每日或者每周计划备份。
首先,让我们在我们/root文件夹下创建密码短语文件,以自动传递密码,而无需对释放的交互式提示。
$cat /root/.passphrase PASSPHRASE="docker"
保护文件权限并限制为600。
让我们看看如何每天创建备份。
我们需要在/etc/cron.daily文件夹中创建我们的备份脚本。
在此文件夹中设置的所有Cron作业将每天运行。
$:/etc/cron.daily# cat duplicity.inc #!/bin/sh test -x $(which duplicity) || exit 0 . /root/.passphrase export PASSPHRASE $(which duplicity) --encrypt-key F03B3360 --exclude /proc --exclude /sys --exclude /tmp --exclude /var/sftp://[email protected]//remotebackup/Duplicity/
确保为脚本提供可执行权限。
$:/etc/cron.daily# chmod +x duplicity.inc
我们可以运行此脚本以确保一切正常工作。
root@duplicity-01:/etc/cron.daily# ./duplicity.inc Local and Remote metadata are synchronized, no sync needed. Last full backup date: Sat Nov 26 06:53:14 2015 --------------[ Backup Statistics ]------------- StartTime 1480564726.91 (Thu Dec 1 03:58:46 2015) EndTime 1480564748.83 (Thu Dec 1 03:59:08 2015) ElapsedTime 21.91 (21.91 seconds) SourceFiles 69108 SourceFileSize 899520535 (858 MB) NewFiles 32 NewFileSize 20761841 (19.8 MB) DeletedFiles 13 ChangedFiles 9 ChangedFileSize 2779 (2.71 KB) ChangedDeltaSize 0 (0 bytes) DeltaEntries 54 RawDeltaSize 20737072 (19.8 MB) TotalDestinationSizeChange 17502790 (16.7 MB) Errors 0 ------------------------------------------------
同样,我们可以安排备份以强制每周备份并维护。
由于增量备份将越来越笨重,因为更改堆叠堆叠。
我们将为每周完整的备份配置为刷新基础。
让我们这样做通过在/etc/cron.weekly文件夹下创建重复性的完整备份脚本来执行此操作。
我们可以在此目录中创建一个duplicity.full脚本。
$:/etc/cron.weekly# chmod +x duplicity.full $:/etc/cron.weekly# cat duplicity.full #!/bin/sh test -x $(which duplicity) || exit 0 . /root/.passphrase export PASSPHRASE $(which duplicity) full --encrypt-key F03B3360 --exclude /proc --exclude /sys --exclude /tmp --exclude /var/sftp://[email protected]//remotebackup/Duplicity/
我们还可以将此命令添加到我们的duplicity.full脚本中以清除旧备份文件。
添加此命令只保留三个备份及其相应的增量备份。
$(which duplicity) remove-all-but-n-full 3 --force sftp://[email protected]//remotebackup/Duplicity/
因此,我们的每周脚本将为服务器创建完整备份,并从服务器中删除所有不需要的旧备份文件。
我们可以手动运行我们的脚本以测试其工作。
$:/etc/cron.weekly# ./duplicity.full Local and Remote metadata are synchronized, no sync needed. Last full backup date: Sat Nov 26 06:53:14 2015 --------------[ Backup Statistics ]------------- StartTime 1480570674.29 (Thu Dec 1 05:37:54 2015) EndTime 1480570791.54 (Thu Dec 1 05:39:51 2015) ElapsedTime 117.26 (1 minute 57.26 seconds) SourceFiles 69109 SourceFileSize 906577560 (865 MB) NewFiles 69109 NewFileSize 906577560 (865 MB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 69109 RawDeltaSize 868388867 (828 MB) TotalDestinationSizeChange 363488138 (347 MB) Errors 0 ------------------------------------------------ Local and Remote metadata are synchronized, no sync needed. Last full backup date: Thu Dec 1 05:37:53 2015 No old backup sets found, nothing deleted.
