Thursday, July 2, 2015

Recipe for setting up backups with tarsnap (OpenBSD 5.7)

Tarsnap is a wicked smart backup service. (The author started studying math at university at age 13!) It only saves the deltas since your last backup, which means you can always do a full backup but you use much less space. Tarsnap (somehow) stores enough info that it makes every backup act like a full backup; for example, even if you delete all previous backups the last one will still be a full.

It provides you a simple command-line client (which makes it easy to script in cron), is secure (Hi, NSA!) and costs a bit more than the base Amazon S3 service it uses to store your files.

For the canonical directions, see http://www.tarsnap.com/gettingstarted.html.

Create tarsnap account and install client

  1. Create your account: https://www.tarsnap.com/register.cgi
  2. Click on the link in the "Tarsnap registration confirmation" email
  3. Compile the tarsnap client (you must compile) 
    # ftp https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz
# tar xzvf tarsnap-autoconf-1.0.35.tgz
# cd tarsnap-autoconf-1.0.35
# ./configure 
...
# make all install clean
  4. Login to your account at https://www.tarsnap.com/manage.cgi, then add money:
    • Click "Add funds to your account" link
    • Enter a payment amount of $5 (he shows account balances to 18 decimal places ... in one day, my balance went from $5.000000000000000000 to $4.986442789553223132. :)
    • Enter a credit card or use PayPal.
    • In a few minutes, you will get a "Tarsnap payment processed" confirmation email.

Create tarsnap key and make your first backup

Note: KEEP YOUR TARSNAP KEY. If you lose it, you cannot get your backed up data. Yes, that is correct.

What I did was encrypt it using my keybase.io account and then copied that encrypted file around to a bunch of different places.

  1. $ tarsnap-keygen --keyfile /root/tarsnap.key --user mkbucc@gexample.com --machine office
  2. (From another host ...) 
    $ scp office:/root/tarsnap.key .
$ brew install keybase
$ keybase login
Your keybase username or email: markb
Your keybase login passphrase: ***********************************
run scrypt [----------------------------------]
info: Made directory '/Users/mark/.cache/keybase'
info: Updated file: /Users/mark/.cache/keybase/session.json
info: Updated file: /Users/mark/.config/keybase/config.json
info: Creating temporary keyring dir: /Users/mark/.cache/keybase/tmp_keyrings
$ keybase encrypt markb tarsnap.key
$ scp tarsnap.key.asc 
$ cp tarsnap.key.asc ~/Documents
$ keybase logout
info: Removing file: /Users/mark/.cache/keybase/session.json
$
  3. Ok, back on server ... create the first backup. 
    # mkdir /var/cache/tarsnap
# cat > /usr/local/bin/backup
#! /bin/sh -e

/usr/local/bin/tarsnap --keyfile /root/tarsnap.key  --cachedir /var/cache/tarsnap -c  -f $(hostname)-$(date +%s) /home
^D
$ chmod +x  /usr/local/bin/backup
$ backup
... wait, first one takes a while ...
$ du -sh /var/cache/tarsnap
196K    /var/cache/tarsnap
$
  4. Wrapper script to list backups. 
    $ cat > /usr/local/bin/backuplist
#! /bin/sh -e

/usr/local/bin/tarsnap --keyfile /root/tarsnap.key --list-archives | sort
^D
$ chmod +x /usr/local/bin/backuplist
# backuplist 
office-1435712869
#
  5. Finally, add to daily cron job 
    # cat >> /etc/daily.local
#! /bin/sh

/usr/local/bin/backup
^D
#

It took me longer to write up this blog entry than it did to set this up. Literally.

Enjoy!

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)