如何在Ubuntu 20.04上使用Duplicity进行备份
时间:2020-03-05 15:31:50 来源:igfitidea点击:
如果我们是系统管理员,并且负责管理服务器的备份数据是我们最重要的任务之一。
因此,我们必须有足够的备份工具知识使任务更容易。
Duplicity是一个自由,开源和一个高级命令行备份实用程序,构建在Librsync和Gnupg之上。
它在本地或者远程计算机上生成数字签名,版本化和加密的TAR卷。
Duplicity支持许多用于连接到文件服务器的协议,包括SSH/SCP,Rsync,FTP,Dropbox,Amazon S3,Google文档,Google Drive,本地文件系统,OnedRive,WebDAV等。
在本教程中,我们将向我们展示如何安装和配置重复性以手动执行,并在Ubuntu 20上自动备份。
04服务器。
准备工作
两台运行Ubuntu 20. 04的服务器。
在Duplicity服务器上配置了静态IP地址104. 245. 32. 161,在备用服务器上配置了104. 245. 32. 194。
在您的服务器中配置了root密码。
入门
在开始之前,我们需要将包更新到最新版本。
我们可以使用以下命令更新所有这些命令:
apt-get update -y
更新所有包后,我们还需要在服务器上安装一些必需的依赖项。
我们可以通过运行以下命令来安装所有它们:
apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev -y
一旦安装了所有软件包,就可以继续安装Duplicity。
安装duplicity.
默认情况下,Ubuntu 20中有重复性。
04默认存储库。
我们可以通过运行以下命令来安装它:
apt-get install duplicity -y
安装后,使用以下命令验证已安装的Duplicity版本:
duplicity --version
我们应该看到以下输出:
duplicity 0.8.12
配置SSH密码较少身份验证
接下来,我们需要生成RSA 2048位加密的SSH键,并使用它来安全地使用远程系统进行身份验证,而无需提供密码。
首先,使用以下命令生成RSA键:
ssh-keygen -t rsa -m PEM
将要求我们指定密钥和密码的位置,如下所示:
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:BwKSLtXT+WHhPqhu3MIH07QEb0c5Zh/f0XolMRyQaQE root@ubuntu2004 The key's randomart image is: +---[RSA 3072]----+ | .o.. ..oE.o*++ | | o.+.o.O . + +.o| | o +.*o+ + . +.| |. . =+o.. . o .| | . =.oS . . | | o.o o | | o.+ | | .= o | | ..o | +----[SHA256]-----+
接下来,使用以下命令将生成的RSA键复制到远程备份服务器:
ssh-copy-id [email protected]
将要求我们提供远程服务器密码,如下所示:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
生成GPG键
接下来,我们还需要在将数据传输到远程备份服务器之前生成GPG键来加密数据。
GPG键用于提供另外的安全性和在服务器上传输的数据加密。
我们可以在Duplicity Server上使用以下命令GPG键:
gpg --gen-key
将要求我们在密钥生成过程中提供GPG密钥的密码,如下所示:
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Hitesh Jethva Email address: [email protected] You selected this USER-ID: "Hitesh Jethva <[email protected]>" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key E8A334EB747BAD6A marked as ultimately trusted gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A.rev' public and secret key created and signed. pub rsa3072 2017-07-30 [SC] [expires: 2022-07-30] 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A uid Hitesh Jethva <[email protected]> sub rsa3072 2017-07-30 [E] [expires: 2022-07-30]
上面的命令将生成GPG键并将其保存在/root /。
gnupg /目录。
如果忘记了GPG密钥,可以使用以下命令找到它:
gpg --list-keys
我们应该收到以下输出:
gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-07-30
/root/.gnupg/pubring.kbx
-----------------------
pub rsa3072 2017-07-30 [SC] [expires: 2022-07-30]
6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A
uid [ultimate] Hitesh Jethva <[email protected]>
sub rsa3072 2017-07-30 [E] [expires: 2022-07-30]
创建备份目录
接下来,我们需要在备份服务器上创建一个目录以存储备份。
登录备份服务器并使用以下命令创建备份目录:
mkdir -p /remotebackup/Duplicity/
完成后,我们可以继续下一步。
执行手动备份
此时,安装和配置了重复性。
现在,让我们在Duplicity Server上执行手动备份。
运行以下命令以将名为/etc的目录备份到远程备份服务器(104.245.24.12.194)内部/remotebackup/duplicity /目录:
duplicity /etc/sftp://[email protected]//remotebackup/Duplicity/
我们需要提供GPG密码密码以执行备份操作,如下所示:
Local and Remote metadata are synchronized, no sync needed. Last full backup date: none GnuPG passphrase for decryption: Retype passphrase for decryption to confirm: No signatures found, switching to full backup. --------------[ Backup Statistics ]------------- StartTime 1596110093.56 (Thu May 30 11:54:53 2017) EndTime 1596110095.24 (Thu May 30 11:54:55 2017) ElapsedTime 1.67 (1.67 seconds) SourceFiles 1413 SourceFileSize 2698964 (2.57 MB) NewFiles 1413 NewFileSize 2698964 (2.57 MB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 1413 RawDeltaSize 1857098 (1.77 MB) TotalDestinationSizeChange 493579 (482 KB) Errors 0 ------------------------------------------------
现在,登录远程备份服务器并使用以下命令验证备份:
ls /remotebackup/Duplicity/
我们应该看到以下输出:
duplicity-full.20170730T115821Z.manifest.gpg duplicity-full-signatures.20170730T115821Z.sigtar.gpg duplicity-full.20170730T115821Z.vol1.difftar.gpg
用cron自动备份
我们也可以通过设置Cron作业以指定的时间间隔自动运行它来每日或者每周安排备份。
首先,我们需要在/根目录下创建密码短语文件以自动传递密码短语,而无需交互式提示。
我们可以使用以下命令创建它:
nano /root/.passphrase
添加GPG密码密码,如下所示:
PASSPHRASE="admin"
保存并关闭文件,然后使用以下命令保护文件:
chmod 600 /root/.passphrase
现在,在/etc/cron中创建日常备份脚本。
每日运行的日常/目录:
nano /etc/cron.daily/duplicity.inc
添加以下行:
#!/bin/sh test -x $(which duplicity) || exit 0 . /root/.passphrase export PASSPHRASE $(which duplicity) --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --exclude /var --exclude /home --exclude /swapfile --exclude /proc --exclude /sys --exclude /tmp --exclude /usr/sftp://[email protected]//remotebackup/Duplicity/
完成后保存并关闭文件。
然后,使用以下命令为脚本提供可执行权限:
chmod +x /etc/cron.daily/duplicity.inc
上面的脚本将备份一个除了一些文件夹中的整个根服务器。
现在测试脚本以确保一切正常工作。
/etc/cron.daily/duplicity.inc
我们应该看到以下输出:
Local and Remote metadata are synchronized, no sync needed.
Last full backup left a partial set, restarting.
Last full backup date: Thu May 30 12:06:52 2017
RESTART: The first volume failed to upload before termination.
Restart is impossible...starting backup from beginning.
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]-------------
StartTime 1596110992.57 (Thu May 30 12:09:52 2017)
EndTime 1596111062.63 (Thu May 30 12:11:02 2017)
ElapsedTime 70.06 (1 minute 10.06 seconds)
SourceFiles 13313
SourceFileSize 777994890 (742 MB)
NewFiles 13313
NewFileSize 777994890 (742 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 13313
RawDeltaSize 772067520 (736 MB)
TotalDestinationSizeChange 318263295 (304 MB)
Errors 0
------------------------------------------------
我们现在可以使用以下命令查看备份的状态:
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A collection-status sftp://[email protected]//remotebackup/Duplicity/
我们应该收到以下输出:
Last full backup date: Thu May 30 12:14:17 2017
Collection Status
----------------
Connecting with backend: BackendWrapper
Archive dir: /root/.cache/duplicity/b2af509c9fab82d874aa492a933aaf70
Found 0 secondary backup chains.
Found primary backup chain with matching signature chain:
------------------------
Chain start time: Thu May 30 12:14:17 2017
Chain end time: Thu May 30 12:14:17 2017
Number of contained backup sets: 1
Total number of contained volumes: 2
Type of backup set: Time: Num volumes:
Full Thu May 30 12:14:17 2017 2
------------------------
No orphaned or incomplete backup sets found.
如果要拍摄完整备份,请运行以下命令:
PASSPHRASE="admin" duplicity full --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 3 --force sftp://[email protected]//remotebackup/Duplicity/
我们还可以使用删除 - 全部删除删除旧备份文件。
例如,如果要删除所有不需要的旧备份文件并仅保留2个备份及其相应的增量备份,请运行以下命令:
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 2 --force sftp://[email protected]//remotebackup/Duplicity/
恢复备份
我们还可以轻松恢复远程备份服务器的文件和目录。
我们可以使用--file to-restore选项来还原文件和目录。
在执行恢复过程之前,我们可以使用以下命令列出备份服务器上的所有可用文件和目录:
duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A list-current-files sftp://[email protected]//remotebackup/Duplicity/| less
我们应该看到以下输出:
Local and Remote metadata are synchronized, no sync needed. Last full backup date: Thu May 30 12:14:17 2017 Thu May 30 12:04:04 2017 . Thu Jan 14 03:28:54 2017 bin Thu Jan 14 03:35:45 2017 boot Mon Apr 20 16:33:49 2017 boot/System.map-5.4.0-26-generic Wed Apr 29 13:34:16 2017 boot/System.map-5.4.0-29-generic Mon Apr 20 16:33:49 2017 boot/config-5.4.0-26-generic Wed Apr 29 13:34:16 2017 boot/config-5.4.0-29-generic Thu Jan 14 03:37:26 2017 boot/grub Thu Jan 14 03:31:36 2017 boot/grub/fonts Thu Jan 14 03:31:36 2017 boot/grub/fonts/unicode.pf2 Thu Jan 14 03:31:29 2017 boot/grub/gfxblacklist.txt Thu Jan 14 03:37:26 2017 boot/grub/grub.cfg Wed May 29 10:05:41 2017 boot/grub/grubenv Thu Jan 14 03:31:37 2017 boot/grub/i386-pc Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/915resolution.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/acpi.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/adler32.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/affs.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/afs.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/ahci.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/all_video.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/aout.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/archelp.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/at_keyboard.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/ata.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/backtrace.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/bfs.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/biosdisk.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/bitmap.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/bitmap_scale.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/blocklist.mod Thu Jan 14 03:31:37 2017 boot/grub/i386-pc/boot.img Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/boot.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/bsd.mod Thu Jan 14 03:31:35 2017 boot/grub/i386-pc/bswap_test.mod Thu Jan 14 03:31:36 2017 boot/grub/i386-pc/btrfs.mod
现在,通过运行以下命令,恢复从备份服务器命名为"opt"的目录:
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --file-to-restore opt sftp://[email protected]//remotebackup/Duplicity//opt
我们恢复过程已成功完成,我们应该看到以下输出:
Local and Remote metadata are synchronized, no sync needed. Last full backup date: Thu May 30 12:14:17 2017
