Restic is a fast, efficient, free and open source backup application that secures your data with AES-256 encryption. Restic also utilizes deduplication to help conserve backup space. Additionally, Restic is compatible with most major cloud providers. This tutorial walks through installing Restic on Fedora and setting up backups to a cloud storage provider (in this example, BackBlaze B2 Cloud storage).
Although you can compile restic from source or download it from the release page, there’s a helpful COPR for this utility. The Fedora Magazine covered this COPR in one of our previous articles. Do note that COPR provided software isn’t supported by Fedora infrastructure or signed by the project.
To enable the COPR for restic, run these commands:
sudo dnf copr enable copart/restic sudo dnf install restic
Test your installation by typing the following command. If you see the help screen as output, you are ready to go.
Preparing a new repository
Restic refers to your backup as a repository and can make backups to any B2 bucket on your Backblaze account. First, setup the following environment variables using your B2 credentials. These can also be set in any backup script you may create.
export B2_ACCOUNT_ID=<MY_ACCOUNT_ID> export B2_ACCOUNT_KEY=<MY_SECRET_ACCOUNT_KEY>
Create the repository by initializing it. If the bucket doesn’t already exist, restic automatically creates it. A prompt appears for you to type a password for the repository. Do not lose this password because your data is irrecoverable without it.
restic -r b2:bucketname:/ init
$ restic -r b2:g534fbucket:/ init enter password for new backend: enter password again: created restic backend 93702e3c5f at b2:g534fbucket:/ Please note that knowledge of your password is required to access the repository. Losing your password means that your data is irrecoverably lost.
Now it’s time to backup some data. Backups are called snapshots. Run the following command and enter the repository password when prompted.
restic -r b2:bucketname:/ backup files_to_backup
$ restic -r b2:g534fbucket:/ backup Documents/ enter password for repository: scan [/home/curt/Documents] scanned 1 directories, 3 files in 0:00 [0:04] 0B/s 0B / 0B 4 / 4 items 0 errors ETA 0:00 duration: 0:04, 0.00MiB/s snapshot d864c465 saved
Restoring from backups
Now that you’ve backed up some files, it’s time to make sure you know how to restore them. To get a list of all of your backup snapshots, use this command:
restic -r b2:bucketname:/ snapshots
$ restic -r b2:g534fbucket:/ snapshots enter password for repository: ID Date Host Tags Directory ---------------------------------------------------------------------- d864c465 2018-03-27 15:20:42 client /home/curt/Documents
To restore an entire snapshot, run a command like this:
restic -r b2:bucketname:/ restore snapshotID --target restoreDirectory
$ restic -r b2:g534fbucket:/ restore d864c465 --target ~ enter password for repository: restoring <Snapshot d864c465 of [/home/curt/Documents] at 2018-03-27 15:20:42.833131988 -0400 EDT by curt@client> to /home/curt
If the directory still exists on your system, be sure to specify a different location for the restoreDirectory. For example:
restic -r b2:g534fbucket:/ restore d864c465 --target /tmp
To restore an individual file, run a command like this:
$ restic -r b2:g534fbucket:/restore snapshotID --target restoreDirectory --include filename
$ restic -r b2:g534fbucket:/ restore d864c465 --target /tmp --include file1.txt enter password for repository: restoring <Snapshot d864c465 of [/home/curt/Documents] at 2018-03-27 15:20:42.833131988 -0400 EDT by curt@client> to /tmp
Photo by Samuel Zeller on Unsplash.
So, using export command, I have will have to put my account’s password in clear text? I will be stored in the bash history, as well as in backup scripts. Isn’t there a more secure way of doing that?
Moreover, it doesn’t work. I get a
Where can I get support?
I’ll take a closer look for you when I’m back in the office this evening. You can also create a password file with limited permissions that can be called within a bash script . The password is not stored on Backblaze either.
You can also create a password file with limited permissions that can be called within a bash script if you do not want to type the repository password. Also keep in mind that Backblaze does not store the password on their servers.
The error message you are getting sounds like you didn’t export your Backblaze account ID and key.
The account ID and key are NOT the same thing as the repository password that you create.
To get your account ID and key, you need to log into your Backblaze B2 account and then click on “Buckets”. On that screen you will see the following:
Show Account ID and Application Key
When you click on that link, you’ll see your account ID and key that you will need to export.
Let me know if that helps !
Another question. Does the command line tool work in combination with Two-Factor Verification?
If you are referring to the Backblaze two-way authentication, that is for accessing your account on the website, not for your buckets.
What are the advantages against duplicity (http://duplicity.nongnu.org/)?
I’ll write up a comparison for you when I’m back in the office this evening
For one thing, restic is statically compiled, so it can be deployed as a single binary, without having to deal with dependencies. Restic can also do fuse mounts, not sure if duplicity does this. Restic is easy to use on windows, mac, linux. There may be other advantages as well.
Oh yeah, and future versions of restic will use rclone (https://rclone.org/) which will expand access to an even larger number of cloud providers. There are betas with rclone support at beta.restic.net
Brad and Curt, thanks for additional information!
I don’t see any advantages against DeDup/duplicity, which is available with the Fedora default repositories.
One of the advantages that I’ve seen myself, is restic also supports backing up to Azure cloud storage. Duplicity is suppose to support it but I’ve never gotten it to work.
For me, the main advantage is that restic uses a block-based model for storing data whereas duplicity uses full backup plus deltas model. The recommended way to use duplicity is to make a full backup and then do partial backups off of that. Periodically, you should make a new full backup to limit the size of the partials. With restic, data is broken down into blocks with information about which blocks to glue together to restore snapshots. New snapshots are just more blocks, so there is no notion of full vs. partial backup. If you are backing up to a cloud storage provider, saving the time and bandwidth costs of doing periodic full backups is significant.
If you are looking for a GUI, you could also try backintime that’s in the official repo. It is based on Qt4.
dnf install backintime
Or a snapshot is based on Qt5 (backintime-qt):
dnf copr enable raphgro/backintime-qt
dnf install backintime-qt
For encryption, you can optionally use ssh. Filesystem can be encrypted as well, it is recommended to use the internal tools of your system (cryptsetup/luks, btrfs).
There is one interesting page which gives some ideas: https://github.com/gilbertchen/benchmarking. It compares Duplicity, BorgBackup, Restic and Duplicacy.
Compared to other three, Duplicity backup lasts longest and utilizes CPU quite heavily. It does not support modern features such as data deduplication and you have to trade-off full vs incremental backup. That’s just my two cents, I have little knowledge about backup.
I would seriously consider Restic after it supports compression. It is a planned feature on their list: https://github.com/restic/restic/issues/21. There is quite a lengthy discussion with concerns as how compression might possibly compromise encryption in some cases.
Seeing as how COPR provided software isn’t supported by Fedora, I don’t think I would install anything from there. Granted, I realize Fedora IS a literal “proving ground” for lots of packages and applications that, eventually make their way into a Red Hat Linux environment, but on the premise that I use Fedora as my daily driver for both my desktop and laptops, I’m not willing to risk anything unforeseeable happening to my machines. So….sorry, I’ll have to take a pass on this.
If you’re concerned about installing software from COPR, you can always grab the pre-compiled binary from restic without having to actually install anything. You simply just run the binary .
Backups of this sort are too complex for many users. Encryption is cool but there is a risk you might forget.
I prefer to use a straight file copy from my computer to my NAS, using Beyond Compare. I know which files are backed up, and restoring is easy.