In this guide we will explore how to backup our local files to remote storage hosted on Civo, a developer-focused cloud. The tool of choice for this is restic, and we will be using Minio to provide object storage.
✅ Follow Civo on Twitter @civocloud
Conceptual overview
An introduction the tools:
Civo offers $250 free credit to new users: Sign up here. This will be enough to run a Medium-sized 3 node cluster.
Restic
Here's a few words on restic from the project homepage:
restic is a program that does backups right. The design goals are: Easy, Fast, Verifiable, Secure, Efficient and Free
restic is free software and licensed under the BSD 2-Clause License and actively developed on GitHub.
Minio
Minio is a drop-in replacement for Amazon S3 (Simple Storage Service) for backing up files, as a storage back-end for tools such as a container registry, or even to host static websites.
Minio describes itself as:
The 100% Open Source, Enterprise-Grade, Amazon S3 Compatible Object Storage
We will use Civo to host Minio on an instance, which will provide a public IP address that our laptop or personal computer can connect to over the Internet to back up files using restic. Restic is a client tool which we will run locally.
Provision your Instance
Log into your Civo dashboard
Create a Medium sized Instance and call it
minio-backup.
Select Ubuntu 18.04 for the Operating System, add your SSH key for login and the default firewall.
Your Instance will be ready in around 45 seconds.
Install Minio server
Log into your Instance using ssh and install the Minio Server.
We will using /mnt/data for Minio's datastore.
$ sudo mkdir -p /mnt/data
$ wget https://dl.min.io/server/minio/release/linux-amd64/minio
$ chmod +x minio
$ sudo mv ./minio /usr/local/bin/minio
Now start the server component with the following:
$ sudo minio server /mnt/data &
You will see your access key and secret key printed on the console, these are required for restic later on, so take a note of them.
Install restic on your client
According to the Installation page for restic, some of the versions available in package management tools are out of date, or running a few revisions behind. For the latest and greatest, use the GitHub releases page.
In this guide we use Restic 0.9.5.
Depending on whether you are using MacOS, Linux or Windows, pick the corresponding binary along with the suffix "amd64" which is the standard architecture of most CPUs.
Run this on your laptop or PC, replacing the full github URL with the release for your operating system:
wget https://github.com/restic/restic/releases/download/v0.9.5/restic_0.9.5_darwin_amd64.bz2
bzip2 -d restic_0.9.5_darwin_amd64.bz2
chmod +x restic_0.9.5_darwin_amd64
sudo install restic_0.9.5_darwin_amd64 /usr/local/bin/restic
If you are on MacOS and get an error about wget not being found, you can install it using Homebrew.
Check that the installation worked:
$ restic version
restic 0.9.5 compiled with go1.12.4 on darwin/amd64
Prepare a repository
According to restic's documentation:
The place where your backups will be saved is called a "repository".
Our repository will be the remote minio server.
Fill out the following on your laptop or PC using the secret and access key from the step where you ran minio server on your Civo Instance:
$ export AWS_ACCESS_KEY_ID=<YOUR-MINIO-ACCESS-KEY-ID>
$ export AWS_SECRET_ACCESS_KEY="<YOUR-MINIO-SECRET-ACCESS-KEY>"
Now set the MINIO_IP using the public IP of the Instance (in this case 185.136.233.182):
$ export MINIO_IP="185.136.233.182"
Now run the command to prepare the repository:
$ restic -r s3:http://$MINIO_IP:9000/restic init
enter password for new repository:
enter password again:
created restic repository 760b0971f4 at s3:http://185.136.233.182:9000/restic
Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
You will be asked to enter a password. Make sure you take a note of it and use something that is considered a strong password.
Note: The bucket name we will use is called
restic, but that can be changed and multiple buckets or repositories can be created for different clients.
A note on automated backups
When running an automated backup, you cannot type in passwords to an interactive prompt. For these instances there are three options available:
- Set the environment variable
RESTIC_PASSWORD - Pass the path to a file containing the password
--password-file - Or pass a command to run which gives the password via stdout
--password-command
Run your first backup
This is a sample backup command:
restic -r s3:http://$MINIO_IP:9000/restic --verbose backup ~/dev
- the
-rflag is used to pass in the repository - the
backupverb synchronises files - the final
~/devcommand is used to specify which files to synchronise into the repository
Let's get some sample files to play with by cloning the restic source code:
$ cd /tmp/
$ git clone https://github.com/restic/restic
$ rm -rf restic/.git
$ find restic/|wc -l
2427 # That's 2.5k files
$ du -h -d 0 restic
46M restic # And around 50MB of code
We can now backup the restic source code to our Civo server.
$ restic -r s3:http://$MINIO_IP:9000/restic --verbose backup ./restic
We need the password again:
open repository
enter password for repository:
repository 760b0971 opened successfully, password is correct
created new cache in /Users/alex/Library/Caches/restic
lock repository
load index files
start scan on [./restic]
start backup on [./restic]
scan finished in 0.350s: 2060 files, 40.671 MiB
Files: 2060 new, 0 changed, 0 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Data Blobs: 2045 new
Tree Blobs: 1 new
Added to the repo: 40.591 MiB
processed 2060 files, 40.671 MiB in 1:06
snapshot 44217521 saved
The total speed depends on your broadband connection and the latency between your Civo Instance and your current location.
If we run the backup again, this time we will see it complete almost instantly:
repository 760b0971 opened successfully, password is correct
lock repository
load index files
using parent snapshot 44217521
start scan on [./restic]
start backup on [./restic]
scan finished in 0.337s: 2060 files, 40.671 MiB
Files: 0 new, 0 changed, 2060 unmodified
Dirs: 0 new, 0 changed, 0 unmodified
Data Blobs: 0 new
Tree Blobs: 0 new
Added to the repo: 0 B
processed 2060 files, 40.671 MiB in 0:00
snapshot 39eea727 saved
Restore from your backup
The opposite of backing-up data is recovering it or restoring it. You can recover the above backup by running the following on your local machine: ``` $ mkdir -p /tmp/restic-source
$ restic -r s3:http://$MINIO_IP:9000/restic --verbose restore latest --target /tmp/restic-source
enter password for repository:
repository 760b0971 opened successfully, password is correct
restoring
When running the du utility we can see that the total size is the same as what we pushed up:
$ du -h -d 0 /tmp/restic-source
46M /tmp/restic-source
Restic tracks changes in files, meaning you can restore a specific point in time from the restic tool.
To list specific snapshots, or backup jobs:
restic -r s3:http://$MINIO_IP:9000/restic --verbose snapshots
enter password for repository:
repository 760b0971 opened successfully, password is correct
ID Time Host Tags Paths
------------------------------------------------------------------------
44217521 2019-08-02 09:14:39 space-mini.local /tmp/restic
39eea727 2019-08-02 11:16:32 space-mini.local /tmp/restic
ef8ac197 2019-08-02 16:56:12 space-mini.local /tmp/restic
------------------------------------------------------------------------
3 snapshots
Read more on the official restic site: Restoring from Backup
Taking things further
Now that you can backup your data at any time over the Internet, let's look at how to take things further and what else you need to consider.
Other backup targets
There are a number of backup targets supported such as:
- Local mount, such as a USB HDD
- SFTP - this is an encrypted file transfer which runs over SSH, you can use it with any Civo Instance
- Amazon S3 - a storage bucket hosted on AWS
- REST and HTTP
OpenStack, Azure Blob Storage, Google Cloud Storage and another of other options are also supported.
See also: Preparing a new repository
Backup your backup with snapshots
Your Civo Instance makes 50 GB of SSD-backed storage available, but what if you delete your Instance by accident? Your data would be lost.
Fortunately a feature of the Civo platform is the use of Snapshots. A Snapshot of an Instance is a fast and efficient way to restore your Instance back to a known state. It is an exact replica of the file system of the Instance at a given point in time.
Snapshots can be taken on a manual, or periodic basis using the "Snapshot" button onn the instances page.
For peace of mind, you can select "Automated".
Here's the snapshot I just took:
Turn minio into a service with systemd
We started Minio's server as a simple binary, but if it crashes, it will not restart on its own. Similarly, if we had a power-cycle on the Instance, the server won't restart.
On the Civo Instance in your current directory, let's create a systemd unit file as minio.service with the following contents:
[Unit]
Description=minio
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local/
User=minio-user
Group=minio-user
EnvironmentFile=/etc/default/minio
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
# Let systemd restart this service always
Restart=always
# Specifies the maximum file descriptor number that can be opened by this process
LimitNOFILE=65536
# Disable timeout logic and wait until process is stopped
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
- Now create
/etc/default/miniowith the following contents:
MINIO_VOLUMES="/mnt/data"
MINIO_OPTS=""
MINIO_ACCESS_KEY="<YOUR-MINIO-ACCESS-KEY-ID>"
MINIO_SECRET_KEY="YOUR-MINIO-SECRET-KEY"
Kill the server we started manually.
sudo killall minioCreate a new user
minio-userand give it permissions to the data-store:
$ sudo useradd minio-user
$ sudo chown minio-user -R /mnt/data
- Install the service and start it:
$ sudo cp minio.service /lib/systemd/system/
$ sudo systemctl enable minio.service
$ sudo systemctl start minio.service
Minio will now start automatically when the Instance is powered on.
Turn on TLS for Minio
Whilst restic does use encryption to store data, we should also have encryption enabled at the link level. This can be achieved by turning TLS on for Minio.
See also: Minio How to secure access to MinIO server with TLS
Turn on Erasure Code for Minio
One of the features of Minio, when running in a distributed (clustered) mode, is Erasure Code.
According to the Minio documentation this feature can help mitigate against "bit rot", where one or more bits may get silently corrupted without an error or notification.
See also: Erasure Code Quickstart
Try Amazon S3 and another region
As part of my testing for this guide, I tried backing up the restic code to an S3 bucket on the West Coast of America. This clear has a much longer trip to make and higher latency, but the syntax is almost identical:
In this case the uploads took a similar amount of time, and this is likely due to the upload speed of my broadband connection. The download from Civo's location in the UK is likely to be much quicker.
Need help?
Civo prides itself on being a cloud platform for developers, run by developers who can provide technical support and expert help via our Slack channel. Find out more and Sign up here.
- If you want to find out more about Minio, join the Minio Slack workspace.
Wrapping up
We now have around 50GB of SSD-backed storage that we can back up our local files to from anywhere in the world. We can restart our server at any time thanks to the systemd file, we can get regular snapshots from Civo and we have the option to enable link-level encryption through TLS.
- Find out more about restic FAQ
- Find out What else you can do with Minio
- ✅ Follow Civo on Twitter @civocloud on Twitter
