[Storage] Restic backup data to AliCloud Object Storage Service (OSS) encrypted and safely

Posted on 2020-12-05 Edited on 2024-09-12 In Cloud Native , Cloud Computing , Storage , AliCloud Object Storage Service (OSS) Views: Word count in article: 4.4k Reading time ≈ 4 mins.

Restic + AliCloud Object Storage Service (OSS)

Restic

Restic is a modern backup program that can back up your files encrypted and safely:

from Linux, BSD, Mac and Windows
to many different storage types, including self-hosted and online services
easily, being a single executable that you can run without a server or complex setup
effectively, only transferring the parts that actually changed in the files you back up
securely, by careful use of cryptography in every part of the process
verifiably, enabling you to make sure that your files can be restored when needed
freely - restic is entirely free to use and completely open source

AliCloud Object Storage Service (OSS)

AliCloud Object Storage Service (OSS) is a secure, cost-effective, and high-durability cloud storage service provided by Alibaba Cloud. It enables you to store large amounts of data in the cloud. OSS can provide 99.9999999999% (twelve 9’s) data durability (designed for) and 99.995% service availability.

See OSS (Object Storage Service): Encrypted and Secure Cloud Storage Service - Alibaba Cloud - https://www.alibabacloud.com/product/oss to learn more about OSS.

Prerequsites

Your must have a Alibaba Cloud account with Access Key.

Aliyun Account and Access Key

Alibaba Cloud Document Center: Find the Documentation for Your Needs - Alibaba Cloud

Before you purchase and use Alibaba Cloud products and services, you must have an Alibaba Cloud account. And then configure the account.
Create an AccessKey - General Reference| Alibaba Cloud Documentation Center

An AccessKey is equivalent to a logon password, but they are used in different scenarios. AccessKeys are used to directly call APIs, while logon passwords are used to log on to the console. You must create an AccessKey only if you must call APIs.

Installation

If you are using macOS, you can install restic using the homebrew package manager:

# macOS
$ brew install restic

# Install osxfuse to mount for File system integration. See [osxfuse — Homebrew Formulae - https://formulae.brew.sh/cask/osxfuse](https://formulae.brew.sh/cask/osxfuse)
$ brew install --cask osxfuse

You can learn how to install Restic from Installation — restic 0.12.0 documentation - https://restic.readthedocs.io/en/stable/020_installation.html.

Configuaration

Remember to replace the < > content with your prefered values.

$ export AWS_ACCESS_KEY_ID=<Your Aliyun ACCESS KEY>
$ export AWS_SECRET_ACCESS_KEY=<Your Aliyun SECRET ACCESS KEY>

$ export RESTIC_REPOSITORY="s3:https://oss-cn-shanghai.aliyuncs.com/<Your Bucket Name>"

Usage

Initialize

First initialize the repository.

1	$ restic init

Backup

Backup your local folder to the repository.

1	$ restic backup <Your Local Folder>

Snapshot

Show snapshot list.

1	$ restic snapshots

Show content within the special snapshot.

1	$ restic ls <Your Snapshot ID>

Mount

Mount the repository into you local mounting folder.

1	$ restic mount <Your Local Mounting Folder>

Mounting repositories via FUSE is only possible on Linux, macOS and FreeBSD. On Linux, the fuse kernel module needs to be loaded and the fusermount command needs to be in the PATH. On macOS, you need FUSE for macOS Home - macFUSE - https://osxfuse.github.io/. On FreeBSD, you may need to install FUSE and load the kernel module (kldload fuse).

Restoring from backup

Restoring from a snapshot

Restoring a snapshot is as easy as it sounds, just use the following command to restore the contents of the latest snapshot to :

1	$ restic restore <Your Snapshot ID> --target <Your Local Restoring Folder>

Restore using mount

See above Mount

Removing backup snapshots

In order to remove the snapshot of repository, use the forget command and specify the snapshot ID on the command line:

1	$ restic forget <Your Snapshot ID>

But the data that was referenced by files in this snapshot is still stored in the repository. To cleanup unreferenced data, the prune command must be run:

1	$ restic prune

You can automate this two-step process by using the --prune switch to forget:

1	$ restic forget --keep-last 1 --prune

Encryption

The key command allows you to set multiple access keys or passwords per repository. In fact, you can use the list, add, remove, and passwd (changes a password) sub-commands to manage these keys very precisely:

$ restic key list

$ restic key add

$ restic key remove

$ restic key passwd

FAQs

failed: client.BucketExists: Please use virtual hosted style to access.

The restic 0.9.6 has this issue with AliCloud Object Storage Service (OSS).

You can upgrade restic to the lastest version(0.12.0+).

$ restic self-update

$ restic version
restic 0.12.0 compiled with go1.15.8 on linux/amd64

References

[1] Restic 备份数据到阿里云 OSS - https://it.ismy.fun/2018/04/22/restic-backup-to-aliyun-oss/

[2] restic · Backups done right! - https://restic.net/

[3] Home - macFUSE - https://osxfuse.github.io/

[4] OSS (Object Storage Service): Encrypted and Secure Cloud Storage Service - Alibaba Cloud - https://www.alibabacloud.com/product/oss

[5] osxfuse — Homebrew Formulae - https://formulae.brew.sh/cask/osxfuse

[6] The Missing Package Manager for macOS (or Linux) — Homebrew - https://brew.sh/