如何在Ubuntu 20.04上使用重复项进行备份
如果您是系统管理员并负责管理服务器,那么备份数据是您最重要的任务之一。因此,您需要对备份工具有充分的了解,才能使工作更加轻松。
Duplicity是一个免费的,开源的高级命令行备份实用程序,建立在librsync和GnuPG的基础上。生成经过数字签名,版本控制和加密的tar卷,以存储在本地或远程计算机上。 Duplicity支持许多用于连接文件服务器的协议,包括ssh / scp,rsync,ftp,DropBox,Amazon S3,Google Docs,Google Drive,本地文件系统,OneDrive,WebDAV等。
本教程将向您展示如何安装和配置Duplicaty,以及如何在Ubuntu 20.04服务器上手动执行和自动执行备份。
前提
•两台运行Ubuntu 20.04的服务器。 •复制服务器配置了静态IP地址104.245.32.161,备份服务器配置了104.245.32.194。 •服务器配置了root密码。
入门
在开始之前,您需要将软件包更新到最新版本。您可以使用以下命令更新它们。
apt-get update -y
更新所有软件包后,还需要在服务器上安装所需的依赖项。您可以通过运行以下命令来安装所有它们。
apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev -y
一旦安装了所有软件包,就可以继续安装Duplicaty。
安装重复项
默认情况下,Ubuntu 20.04的默认存储库中提供Duplicaty。只需运行以下命令即可安装。
apt-get install duplicity -y
安装后,使用以下命令检查安装了哪个版本的Duplicaty:
duplicity --version
显示以下输出。
duplicity 0.8.12
无需验证即可配置SSH密码
然后,您需要生成SSH 2048位加密的SSH密钥,并使用它来对远程系统进行安全身份验证,而无需提供密码。
首先,使用以下命令生成RSA密钥。
ssh-keygen -t rsa -m PEM
系统将提示您指定密钥和密码的位置,如下所示。
Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa Your public key has been saved in /root/.ssh/id_rsa.pub The key fingerprint is: SHA256:BwKSLtXT+WHhPqhu3MIH07QEb0c5Zh/f0XolMRyQaQE [email protected] The key's randomart image is: +---[RSA 3072]----+ | .o.. ..oE.o*++ | | o.+.o.O . + +.o| | o +.*o+ + . +.| |. . =+o.. . o .| | . =.oS . . | | o.o o | | o.+ | | .= o | | ..o | +----[SHA256]-----+
然后,使用以下命令将生成的RSA密钥复制到远程备份服务器。
ssh-copy-id [email protected]
系统将提示您输入远程服务器的密码,如下所示。
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
生成GPG密钥
接下来,您需要生成一个GPG密钥来加密数据,然后再将其传输到远程备份服务器。 GPG密钥用于提供额外的安全性,并对服务器之间传输的数据进行加密。
您可以在Duplicity服务器上使用以下命令来创建GPG密钥。
gpg --gen-key
如下所示,系统将提示您在密钥生成过程中提供GPG密钥的密码。
gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. gpg: directory '/root/.gnupg' created gpg: keybox '/root/.gnupg/pubring.kbx' created Note: Use "gpg --full-generate-key" for a full featured key generation dialog. GnuPG needs to construct a user ID to identify your key. Real name: Hitesh Jethva Email address: [email protected] You selected this USER-ID: "Hitesh Jethva" Change (N)ame, (E)mail, or (O)kay/(Q)uit? O We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. gpg: /root/.gnupg/trustdb.gpg: trustdb created gpg: key E8A334EB747BAD6A marked as ultimately trusted gpg: directory '/root/.gnupg/openpgp-revocs.d' created gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A.rev' public and secret key created and signed. pub rsa3072 2020-07-30 [SC] [expires: 2022-07-30] 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A uid Hitesh Jethva sub rsa3072 2020-07-30 [E] [expires: 2022-07-30]
上面的命令将生成一个GPG密钥并将其保存在/root/.gnupg/目录下。
如果您忘记了GPG密钥,则可以使用以下命令找到它:
gpg --list-keys
显示以下输出。
gpg: checking the trustdb gpg: marginals needed: 3 completes needed: 1 trust model: pgp gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u gpg: next trustdb check due at 2022-07-30 /root/.gnupg/pubring.kbx ------------------------ pub rsa3072 2020-07-30 [SC] [expires: 2022-07-30] 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A uid [ultimate] Hitesh Jethvasub rsa3072 2020-07-30 [E] [expires: 2022-07-30]
创建备份目录
接下来,您需要在备份服务器上创建一个目录来存储备份。
登录到备份服务器,并使用以下命令创建备份目录:
mkdir -p /remotebackup/Duplicity/
完成后,您可以继续下一步。
执行手动备份
此时,已安装并配置了重复项。然后在复制服务器上执行手动备份。
运行以下命令,将名为/ etc的目录备份到/ remotebackup / Duplicity /目录中的远程备份服务器(104.245.32.194)。
duplicity /etc/ sftp://[email protected]//remotebackup/Duplicity/
如下所示,您必须输入GPG密钥密码才能执行备份操作。
Local and Remote metadata are synchronized, no sync needed. Last full backup date: none GnuPG passphrase for decryption: Retype passphrase for decryption to confirm: No signatures found, switching to full backup. --------------[ Backup Statistics ]-------------- StartTime 1596110093.56 (Thu Jul 30 11:54:53 2020) EndTime 1596110095.24 (Thu Jul 30 11:54:55 2020) ElapsedTime 1.67 (1.67 seconds) SourceFiles 1413 SourceFileSize 2698964 (2.57 MB) NewFiles 1413 NewFileSize 2698964 (2.57 MB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 1413 RawDeltaSize 1857098 (1.77 MB) TotalDestinationSizeChange 493579 (482 KB) Errors 0 -------------------------------------------------
然后登录到远程备份服务器,并使用以下命令检查备份:
ls /remotebackup/Duplicity/
显示以下输出。
duplicity-full.20200730T115821Z.manifest.gpg duplicity-full-signatures.20200730T115821Z.sigtar.gpg duplicity-full.20200730T115821Z.vol1.difftar.gpg
使用Cron自动备份
您还可以通过将Cron作业设置为在指定的时间间隔自动运行来每天或每周安排备份。
首先,您需要在/ root目录下创建一个密码短语文件,以自动传递密码短语而无需解释交互式提示。
您可以使用以下命令创建它。
nano /root/.passphrase
如下所示添加GPG密钥密码。
PASSPHRASE="admin"
保存并关闭文件,并使用以下命令对其进行保护:
chmod 600 /root/.passphrase
然后在/etc/cron.daily/目录中创建每天运行的每日备份脚本。
nano /etc/cron.daily/duplicity.inc
添加以下行。
#!/bin/sh test -x $(which duplicity) || exit 0 . /root/.passphrase export PASSPHRASE $(which duplicity) --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --exclude /var --exclude /home --exclude /swapfile --exclude /proc --exclude /sys --exclude /tmp --exclude /usr / sftp://[email protected]//remotebackup/Duplicity/
完成后保存并关闭文件。然后使用以下命令授予脚本执行权限:
chmod +x /etc/cron.daily/duplicity.inc
上面的脚本将备份整个根服务器,除了一些文件夹。
测试脚本以确保一切正常。
/etc/cron.daily/duplicity.inc
显示以下输出。
Local and Remote metadata are synchronized, no sync needed. Last full backup left a partial set, restarting. Last full backup date: Thu Jul 30 12:06:52 2020 RESTART: The first volume failed to upload before termination. Restart is impossible...starting backup from beginning. Local and Remote metadata are synchronized, no sync needed. Last full backup date: none No signatures found, switching to full backup. --------------[ Backup Statistics ]-------------- StartTime 1596110992.57 (Thu Jul 30 12:09:52 2020) EndTime 1596111062.63 (Thu Jul 30 12:11:02 2020) ElapsedTime 70.06 (1 minute 10.06 seconds) SourceFiles 13313 SourceFileSize 777994890 (742 MB) NewFiles 13313 NewFileSize 777994890 (742 MB) DeletedFiles 0 ChangedFiles 0 ChangedFileSize 0 (0 bytes) ChangedDeltaSize 0 (0 bytes) DeltaEntries 13313 RawDeltaSize 772067520 (736 MB) TotalDestinationSizeChange 318263295 (304 MB) Errors 0 -------------------------------------------------
您可以使用以下命令检查备份状态:
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A collection-status sftp://[email protected]//remotebackup/Duplicity/
显示以下输出。
Last full backup date: Thu Jul 30 12:14:17 2020 Collection Status ----------------- Connecting with backend: BackendWrapper Archive dir: /root/.cache/duplicity/b2af509c9fab82d874aa492a933aaf70 Found 0 secondary backup chains. Found primary backup chain with matching signature chain: ------------------------- Chain start time: Thu Jul 30 12:14:17 2020 Chain end time: Thu Jul 30 12:14:17 2020 Number of contained backup sets: 1 Total number of contained volumes: 2 Type of backup set: Time: Num volumes: Full Thu Jul 30 12:14:17 2020 2 ------------------------- No orphaned or incomplete backup sets found.
要获得完整备份,请运行以下命令:
PASSPHRASE="admin" duplicity full --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 3 --force sftp://[email protected]//remotebackup/Duplicity/
您还可以使用选项remove-all-but-n-full删除旧的备份文件。例如,如果要删除不再需要的所有旧备份文件,并仅保留两个备份及其对应的增量备份,请运行以下命令:
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 2 --force sftp://[email protected]//remotebackup/Duplicity/
恢复备份
您还可以轻松地从远程备份服务器还原文件和目录。您可以使用–file-to-restore选项还原文件和目录。
在运行还原过程之前,可以使用以下命令列出备份服务器上的所有可用文件和目录。
duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A list-current-files sftp://[email protected]//remotebackup/Duplicity/ | less
显示以下输出。
Local and Remote metadata are synchronized, no sync needed. Last full backup date: Thu Jul 30 12:14:17 2020 Thu Jul 30 12:04:04 2020 . Thu May 14 03:28:54 2020 bin Thu May 14 03:35:45 2020 boot Mon Apr 20 16:33:49 2020 boot/System.map-5.4.0-26-generic Wed Apr 29 13:34:16 2020 boot/System.map-5.4.0-29-generic Mon Apr 20 16:33:49 2020 boot/config-5.4.0-26-generic Wed Apr 29 13:34:16 2020 boot/config-5.4.0-29-generic Thu May 14 03:37:26 2020 boot/grub Thu May 14 03:31:36 2020 boot/grub/fonts Thu May 14 03:31:36 2020 boot/grub/fonts/unicode.pf2 Thu May 14 03:31:29 2020 boot/grub/gfxblacklist.txt Thu May 14 03:37:26 2020 boot/grub/grub.cfg Wed Jul 29 10:05:41 2020 boot/grub/grubenv Thu May 14 03:31:37 2020 boot/grub/i386-pc Thu May 14 03:31:36 2020 boot/grub/i386-pc/915resolution.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/acpi.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/adler32.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/affs.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/afs.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/ahci.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/all_video.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/aout.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/archelp.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/at_keyboard.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/ata.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/backtrace.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/bfs.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/biosdisk.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap_scale.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/blocklist.mod Thu May 14 03:31:37 2020 boot/grub/i386-pc/boot.img Thu May 14 03:31:36 2020 boot/grub/i386-pc/boot.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/bsd.mod Thu May 14 03:31:35 2020 boot/grub/i386-pc/bswap_test.mod Thu May 14 03:31:36 2020 boot/grub/i386-pc/btrfs.mod
现在,运行以下命令将名为“ opt”的目录从备份服务器还原到/ opt目录。
PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --file-to-restore opt sftp://[email protected]//remotebackup/Duplicity/ /opt
成功完成还原过程后,您将看到以下输出。
Local and Remote metadata are synchronized, no sync needed. Last full backup date: Thu Jul 30 12:14:17 2020
结论
在上面的教程中,您学习了如何使用Duplicaty在Ubuntu 20.04服务器上备份和还原文件和目录。您还学习了如何通过计划Cron中的备份过程来自动运行备份过程。希望本文能帮助您节省很多时间。