Abstract:

preface

In Ali cloud developer forum as a moderator for 3 years, I have seen a lot of server files lost because of the wrong operation, forget to renew the loss of server poisoning because there is no backup at ordinary times. All because the service was not backed up.

And the backup of this kind of thing on the one hand is usually all reluctant, but when it is really anxious to backup the new the better. Backup can effectively help us solve such attacks as horse hanging and encryption extortion, believe that May 20, 17 eternal Blue we still remember it.

Backup should not be a random place for storage, backup should also ensure high reliability and low cost, at this time the use of some cloud vendors to provide open storage has very high reliability, like Ali Cloud can achieve 99.99999999% data reliability, and the cost is definitely much lower than the snapshot. Ali cloud also happens to provide a very convenient server backup tool, let’s introduce it.

introduce

Alicloud-duplicity is an open source backup tool that supports OSS storage on top of Duplicity. Alicloud-duplicity supports all duplicity commands and parameters. Duplicity is an open source backup tool that uses LibrSync to support incremental backups, save local storage, and encrypt data using GnuPG. Duplicity easily backs up data to local, shared, and cloud storage.

Alicloud-duplicity allows full and incremental backups to be encrypted and uploaded to OSS.

Demand & Gain

Products to be used:

  1. Any (including non-Aliyun) server /ECS/ lightweight application server (install any Linux distribution image) 2. Ali Cloud OSS products

In this article you will learn:

  1. The use of OSS
  2. Easy and convenient OSS server backup operations
  3. Ali Cloud access control (RAM) operation

The installation

Recommended operating systems: Ubuntu and Debian

1. Install system dependencies

apt update && apt install librsync-dev python-pip python-dev git -yCopy the code

Install the py dependency

pip install oss2 fasteners configparser setuptoolsCopy the code

Three, installation procedures

mkdir -p /root/src/
cd /root/src/
git clone https://github.com/aliyun/alicloud-duplicity.git
cd alicloud-duplicity
python setup.py installCopy the code

Four, validation,

Run the command to see if the version number is displayed:

alicloud-duplicity -VCopy the code

Set up the

OSS setting

First, we need to open OSS

2. Then create an OSS Bucket in the same region as ali Cloud ECS.

The storage type is low frequency access, and the read and write permissions are private. Because backup will not be frequently accessed, so you can choose lower cost low frequency access, our partition certainly do not want others to access, naturally is private

Access control (RAM) to create a user for OSS, be sure to record AccessKeyID and AccessKeySecret

5. Click Policy Management and then Click New Authorization Policy

6. Click the blank template, enter the authorization policy name, and enter the policy content as follows:

{
  "Statement": [{"Action": "oss:*"."Effect": "Allow"."Resource": [
        "acs:oss:*:*:mf8-oss-back"."acs:oss:*:*:mf8-oss-back/*"]}],"Version": "1"
}Copy the code

Since my OSS Bucket is MF8-OSS-back, So acs: OSS :*:*: mf8-OSs-back “, and “acs: OSS :*:*:mf8-oss-back/*” followed by mf8-OSs-back you can change your own OSS Bucket name

Then click New Authorization Policy to save the Settings

7. Authorize the user

Choose the authorization policy we just created

Server Settings

Creating a Configuration File

Run:

Cat >> ~/.alicloud. CFG << EOF [OSS] endpoint = THE oss access endpoint access_key_id = AccessKeyID access_key_secret = The AccessKeySecret EOF that I just savedCopy the code

The OSS access EndPoint can be seen in the Bucket details page:

If the VPC is used, use the VPC Intranet. If the classic Intranet is used, the Intranet speed is faster and the traffic charge is not required.

Such as:

cat >> ~/.alicloud.cfg << EOF 
[oss]
endpoint = http://oss-cn-shanghai-internal.aliyuncs.com
access_key_id = LTZIWWWMF8BIZxJI
access_key_secret = 9rm1Q5nlpyz155WWWMF8BIZDAW1DSn
EOFCopy the code

Creating environment variables

Run:

exportALICLOUD_OSS_ENDPOINT= The OSS access EndPointexportALICLOUD_ACCESS_KEY_ID= AccessKeyID ALICLOUD_ACCESS_KEY_SECRET= AccessKeySecretCopy the code

use

Finally can start happy use!

usage

The backup

  • Full amount of backup

    alicloud-duplicity full /etc oss://bucket-name/keyfolder/Copy the code

  • Incremental backup

    alicloud-duplicity incr /etc oss://bucket-name/keyfolder/Copy the code

  • Automatically select the backup type

    alicloud-duplicity /etc oss://bucket-name/keyfolder/  
alicloud-duplicity --full-if-older-than 7D /etc oss://bucket-name/keyfolder/  Use --full-if-older-than to specify a full backup interval for critical data.Copy the code

  • Regular backup

    Using ` crontab-e'Set the script timedBackup. sh to be executed at 3am every day, and write' 0 3 _/1_ * timedBackup. sh '. The contents of the timedbackup.sh script are as follows:Copy the code
    alicloud-duplicity --full-if-older-than 7D /etc oss://bucket-name/keyfolder/Copy the code

  • Backing up multiple Directories

    alicloud-duplicity --include /etc --include /home/aliyun --exclude '* *' / oss://bucket-name/keyfolder/Copy the code

restore

  • Restore folder

    alicloud-duplicity restore oss://bucket-name/keyfolder/ /home/tmp/Copy the code

  • Restoring a specific file

    alicloud-duplicity --file-to-restore file1 oss://bucket-name/keyfolder/ /home/tmp/Copy the code

other

  • The backup directory list is displayed

    alicloud-duplicity list-current-files oss://bucket-name/keyfolder/Copy the code

  • Viewing backup Status

    alicloud-duplicity collection-status oss://bucket-name/keyfolder/Copy the code

demo

For example, IF I want to back up all images in /root/images/ to OSS, then RUN:

alicloud-duplicity full /root/images/ oss://mf8-oss-back/images/*Copy the code

Oss ://mf8-oss-back mf8-oss-back is the oss Bucket name, /images/ is the OSS Bucket name.

And then a paragraph comes out:

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
GnuPG passphrase: 
Retype passphrase to confirm:Copy the code

You are required to input the password to encrypt this backup, because even if you backup to your own OSS, you should still need a encryption to ensure security, in case your mobile phone lost ali Cloud account was logged in.

The backup content is then returned:

-- -- -- -- -- -- -- -- -- -- -- -- -- -- [Backup Statistics] -- -- -- -- -- -- -- -- -- -- -- -- -- -- StartTime 1510751741.34 (15 21:15:41 Wed Nov 2017) EndTime 1510751741.35 (Wed Nov 15 21:15:41 2017) ElapsedTime 0.01 (0.01 seconds) SourceFiles 12 SourceFileSize 104550 (102 KB) NewFiles 12 NewFileSize 104550 (102 KB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 100454 bytes) DeltaEntries 12 RawDeltaSize (98.1 KB) TotalDestinationSizeChange 61719 Errors 0 (60.3 KB) -------------------------------------------------Copy the code

We can see the backup file in the OSS file management office:

Three are the encrypted files.

Then we will restore it to see if the backup is successful:

alicloud-duplicity restore oss://mf8-oss-back/images/ /root/restore/images/Copy the code

You can see the restored files in /root/restore/images/.