如何在Ubuntu 20.04上使用重复项进行备份

如果您是系统管理员并负责管理服务器，那么备份数据是您最重要的任务之一。因此，您需要对备份工具有充分的了解，才能使工作更加轻松。

Duplicity是一个免费的，开源的高级命令行备份实用程序，建立在librsync和GnuPG的基础上。生成经过数字签名，版本控制和加密的tar卷，以存储在本地或远程计算机上。 Duplicity支持许多用于连接文件服务器的协议，包括ssh / scp，rsync，ftp，DropBox，Amazon S3，Google Docs，Google Drive，本地文件系统，OneDrive，WebDAV等。

本教程将向您展示如何安装和配置Duplicaty，以及如何在Ubuntu 20.04服务器上手动执行和自动执行备份。

前提

•两台运行Ubuntu 20.04的服务器。 •复制服务器配置了静态IP地址104.245.32.161，备份服务器配置了104.245.32.194。 •服务器配置了root密码。

入门

在开始之前，您需要将软件包更新到最新版本。您可以使用以下命令更新它们。

apt-get update -y

更新所有软件包后，还需要在服务器上安装所需的依赖项。您可以通过运行以下命令来安装所有它们。

apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev -y

一旦安装了所有软件包，就可以继续安装Duplicaty。

安装重复项

默认情况下，Ubuntu 20.04的默认存储库中提供Duplicaty。只需运行以下命令即可安装。

apt-get install duplicity -y

安装后，使用以下命令检查安装了哪个版本的Duplicaty：

duplicity --version

显示以下输出。

duplicity 0.8.12

无需验证即可配置SSH密码

然后，您需要生成SSH 2048位加密的SSH密钥，并使用它来对远程系统进行安全身份验证，而无需提供密码。

首先，使用以下命令生成RSA密钥。

ssh-keygen -t rsa -m PEM

系统将提示您指定密钥和密码的位置，如下所示。

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:BwKSLtXT+WHhPqhu3MIH07QEb0c5Zh/f0XolMRyQaQE [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|  .o.. ..oE.o*++ |
|  o.+.o.O . + +.o|
| o   +.*o+ + . +.|
|. .   =+o.. . o .|
| .   =.oS .    . |
|    o.o  o       |
|   o.+           |
|   .= o          |
|   ..o           |
+----[SHA256]-----+

然后，使用以下命令将生成的RSA密钥复制到远程备份服务器。

ssh-copy-id [email protected]

系统将提示您输入远程服务器的密码，如下所示。

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

生成GPG密钥

接下来，您需要生成一个GPG密钥来加密数据，然后再将其传输到远程备份服务器。 GPG密钥用于提供额外的安全性，并对服务器之间传输的数据进行加密。

您可以在Duplicity服务器上使用以下命令来创建GPG密钥。

gpg --gen-key

如下所示，系统将提示您在密钥生成过程中提供GPG密钥的密码。

gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Hitesh Jethva
Email address: [email protected]
You selected this USER-ID:
    "Hitesh Jethva "

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key E8A334EB747BAD6A marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A.rev'
public and secret key created and signed.

pub   rsa3072 2020-07-30 [SC] [expires: 2022-07-30]
      6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A
uid                      Hitesh Jethva 
sub   rsa3072 2020-07-30 [E] [expires: 2022-07-30]

上面的命令将生成一个GPG密钥并将其保存在/root/.gnupg/目录下。

如果您忘记了GPG密钥，则可以使用以下命令找到它：

gpg --list-keys

显示以下输出。

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-07-30
/root/.gnupg/pubring.kbx
------------------------
pub   rsa3072 2020-07-30 [SC] [expires: 2022-07-30]
      6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A
uid           [ultimate] Hitesh Jethva 
sub   rsa3072 2020-07-30 [E] [expires: 2022-07-30]

创建备份目录

接下来，您需要在备份服务器上创建一个目录来存储备份。

登录到备份服务器，并使用以下命令创建备份目录：

mkdir -p /remotebackup/Duplicity/

完成后，您可以继续下一步。

执行手动备份

此时，已安装并配置了重复项。然后在复制服务器上执行手动备份。

运行以下命令，将名为/ etc的目录备份到/ remotebackup / Duplicity /目录中的远程备份服务器（104.245.32.194）。

duplicity /etc/ sftp://[email protected]//remotebackup/Duplicity/

如下所示，您必须输入GPG密钥密码才能执行备份操作。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
GnuPG passphrase for decryption: 
Retype passphrase for decryption to confirm: 
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1596110093.56 (Thu Jul 30 11:54:53 2020)
EndTime 1596110095.24 (Thu Jul 30 11:54:55 2020)
ElapsedTime 1.67 (1.67 seconds)
SourceFiles 1413
SourceFileSize 2698964 (2.57 MB)
NewFiles 1413
NewFileSize 2698964 (2.57 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 1413
RawDeltaSize 1857098 (1.77 MB)
TotalDestinationSizeChange 493579 (482 KB)
Errors 0
-------------------------------------------------

然后登录到远程备份服务器，并使用以下命令检查备份：

ls /remotebackup/Duplicity/

显示以下输出。

duplicity-full.20200730T115821Z.manifest.gpg      duplicity-full-signatures.20200730T115821Z.sigtar.gpg
duplicity-full.20200730T115821Z.vol1.difftar.gpg

使用Cron自动备份

您还可以通过将Cron作业设置为在指定的时间间隔自动运行来每天或每周安排备份。

首先，您需要在/ root目录下创建一个密码短语文件，以自动传递密码短语而无需解释交互式提示。

您可以使用以下命令创建它。

nano /root/.passphrase

如下所示添加GPG密钥密码。

PASSPHRASE="admin"

保存并关闭文件，并使用以下命令对其进行保护：

chmod 600 /root/.passphrase

然后在/etc/cron.daily/目录中创建每天运行的每日备份脚本。

nano /etc/cron.daily/duplicity.inc

添加以下行。

#!/bin/sh

test -x $(which duplicity) || exit 0
. /root/.passphrase

export PASSPHRASE
$(which duplicity) --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --exclude /var --exclude /home --exclude /swapfile --exclude /proc --exclude /sys --exclude /tmp --exclude /usr / sftp://[email protected]//remotebackup/Duplicity/

完成后保存并关闭文件。然后使用以下命令授予脚本执行权限：

chmod +x /etc/cron.daily/duplicity.inc

上面的脚本将备份整个根服务器，除了一些文件夹。

测试脚本以确保一切正常。

/etc/cron.daily/duplicity.inc

显示以下输出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup left a partial set, restarting.
Last full backup date: Thu Jul 30 12:06:52 2020
RESTART: The first volume failed to upload before termination.
         Restart is impossible...starting backup from beginning.
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1596110992.57 (Thu Jul 30 12:09:52 2020)
EndTime 1596111062.63 (Thu Jul 30 12:11:02 2020)
ElapsedTime 70.06 (1 minute 10.06 seconds)
SourceFiles 13313
SourceFileSize 777994890 (742 MB)
NewFiles 13313
NewFileSize 777994890 (742 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 13313
RawDeltaSize 772067520 (736 MB)
TotalDestinationSizeChange 318263295 (304 MB)
Errors 0
-------------------------------------------------

您可以使用以下命令检查备份状态：

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A collection-status  sftp://[email protected]//remotebackup/Duplicity/

显示以下输出。

Last full backup date: Thu Jul 30 12:14:17 2020
Collection Status
-----------------
Connecting with backend: BackendWrapper
Archive dir: /root/.cache/duplicity/b2af509c9fab82d874aa492a933aaf70

Found 0 secondary backup chains.

Found primary backup chain with matching signature chain:
-------------------------
Chain start time: Thu Jul 30 12:14:17 2020
Chain end time: Thu Jul 30 12:14:17 2020
Number of contained backup sets: 1
Total number of contained volumes: 2
 Type of backup set:                            Time:      Num volumes:
                Full         Thu Jul 30 12:14:17 2020                 2
-------------------------
No orphaned or incomplete backup sets found.

要获得完整备份，请运行以下命令：

PASSPHRASE="admin" duplicity full  --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 3 --force sftp://[email protected]//remotebackup/Duplicity/

您还可以使用选项remove-all-but-n-full删除旧的备份文件。例如，如果要删除不再需要的所有旧备份文件，并仅保留两个备份及其对应的增量备份，请运行以下命令：

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 2 --force  sftp://[email protected]//remotebackup/Duplicity/

恢复备份

您还可以轻松地从远程备份服务器还原文件和目录。您可以使用–file-to-restore选项还原文件和目录。

在运行还原过程之前，可以使用以下命令列出备份服务器上的所有可用文件和目录。

duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A list-current-files  sftp://[email protected]//remotebackup/Duplicity/ | less

显示以下输出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Thu Jul 30 12:14:17 2020
Thu Jul 30 12:04:04 2020 .
Thu May 14 03:28:54 2020 bin
Thu May 14 03:35:45 2020 boot
Mon Apr 20 16:33:49 2020 boot/System.map-5.4.0-26-generic
Wed Apr 29 13:34:16 2020 boot/System.map-5.4.0-29-generic
Mon Apr 20 16:33:49 2020 boot/config-5.4.0-26-generic
Wed Apr 29 13:34:16 2020 boot/config-5.4.0-29-generic
Thu May 14 03:37:26 2020 boot/grub
Thu May 14 03:31:36 2020 boot/grub/fonts
Thu May 14 03:31:36 2020 boot/grub/fonts/unicode.pf2
Thu May 14 03:31:29 2020 boot/grub/gfxblacklist.txt
Thu May 14 03:37:26 2020 boot/grub/grub.cfg
Wed Jul 29 10:05:41 2020 boot/grub/grubenv
Thu May 14 03:31:37 2020 boot/grub/i386-pc
Thu May 14 03:31:36 2020 boot/grub/i386-pc/915resolution.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/acpi.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/adler32.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/affs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/afs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/ahci.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/all_video.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/aout.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/archelp.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/at_keyboard.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/ata.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/backtrace.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bfs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/biosdisk.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap_scale.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/blocklist.mod
Thu May 14 03:31:37 2020 boot/grub/i386-pc/boot.img
Thu May 14 03:31:36 2020 boot/grub/i386-pc/boot.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bsd.mod
Thu May 14 03:31:35 2020 boot/grub/i386-pc/bswap_test.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/btrfs.mod

现在，运行以下命令将名为“ opt”的目录从备份服务器还原到/ opt目录。

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --file-to-restore opt sftp://[email protected]//remotebackup/Duplicity/ /opt

成功完成还原过程后，您将看到以下输出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Thu Jul 30 12:14:17 2020

结论

在上面的教程中，您学习了如何使用Duplicaty在Ubuntu 20.04服务器上备份和还原文件和目录。您还学习了如何通过计划Cron中的备份过程来自动运行备份过程。希望本文能帮助您节省很多时间。