如何在Ubuntu 20.04上使用重複項進行備份

如果您是系統管理員並負責管理服務器,那麼備份數據是您最重要的任務之一。因此,您需要對備份工具有充分的了解,才能使工作更加輕鬆。

Duplicity是一個免費的,開源的高級命令行備份實用程序,建立在librsync和GnuPG的基礎上。生成經過數字簽名,版本控制和加密的tar卷,以存儲在本地或遠程計算機上。 Duplicity支持許多用於連接文件服務器的協議,包括ssh / scp,rsync,ftp,DropBox,Amazon S3,Google Docs,Google Drive,本地文件系統,OneDrive,WebDAV等。

本教程將向您展示如何安裝和配置Duplicaty,以及如何在Ubuntu 20.04服務器上手動執行和自動執行備份。

前提

•兩台運行Ubuntu 20.04的服務器。 •複製服務器配置了靜態IP地址104.245.32.161,備份服務器配置了104.245.32.194。 •服務器配置了root密碼。

入門

在開始之前,您需要將軟件包更新到最新版本。您可以使用以下命令更新它們。

apt-get update -y

更新所有軟件包後,還需要在服務器上安裝所需的依賴項。您可以通過運行以下命令來安裝所有它們。

apt-get install ncftp python3-paramiko python-pycryptopp lftp python3-boto python3-dev librsync-dev -y

一旦安裝了所有軟件包,就可以繼續安裝Duplicaty。

安裝重複項

默認情況下,Ubuntu 20.04的默認存儲庫中提供Duplicaty。只需運行以下命令即可安裝。

apt-get install duplicity -y

安裝後,使用以下命令檢查安裝了哪個版本的Duplicaty:

duplicity --version

顯示以下輸出。

duplicity 0.8.12

無需驗證即可配置SSH密碼

然後,您需要生成SSH 2048位加密的SSH密鑰,並使用它來對遠程系統進行安全身份驗證,而無需提供密碼。

首先,使用以下命令生成RSA密鑰。

ssh-keygen -t rsa -m PEM

系統將提示您指定密鑰和密碼的位置,如下所示。

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:BwKSLtXT+WHhPqhu3MIH07QEb0c5Zh/f0XolMRyQaQE [email protected]
The key's randomart image is:
+---[RSA 3072]----+
|  .o.. ..oE.o*++ |
|  o.+.o.O . + +.o|
| o   +.*o+ + . +.|
|. .   =+o.. . o .|
| .   =.oS .    . |
|    o.o  o       |
|   o.+           |
|   .= o          |
|   ..o           |
+----[SHA256]-----+

然後,使用以下命令將生成的RSA密鑰複製到遠程備份服務器。

ssh-copy-id [email protected]

系統將提示您輸入遠程服務器的密碼,如下所示。

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

生成GPG密鑰

接下來,您需要生成一個GPG密鑰來加密數據,然後再將其傳輸到遠程備份服務器。 GPG密鑰用於提供額外的安全性,並對服務器之間傳輸的數據進行加密。

您可以在Duplicity服務器上使用以下命令來創建GPG密鑰。

gpg --gen-key

如下所示,系統將提示您在密鑰生成過程中提供GPG密鑰的密碼。

gpg (GnuPG) 2.2.19; Copyright (C) 2019 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
Note: Use "gpg --full-generate-key" for a full featured key generation dialog.

GnuPG needs to construct a user ID to identify your key.

Real name: Hitesh Jethva
Email address: [email protected]
You selected this USER-ID:
    "Hitesh Jethva "

Change (N)ame, (E)mail, or (O)kay/(Q)uit? O
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key E8A334EB747BAD6A marked as ultimately trusted
gpg: directory '/root/.gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/root/.gnupg/openpgp-revocs.d/6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A.rev'
public and secret key created and signed.

pub   rsa3072 2020-07-30 [SC] [expires: 2022-07-30]
      6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A
uid                      Hitesh Jethva 
sub   rsa3072 2020-07-30 [E] [expires: 2022-07-30]

上面的命令將生成一個GPG密鑰並將其保存在/root/.gnupg/目錄下。

如果您忘記了GPG密鑰,則可以使用以下命令找到它:

gpg --list-keys

顯示以下輸出。

gpg: checking the trustdb
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: next trustdb check due at 2022-07-30
/root/.gnupg/pubring.kbx
------------------------
pub   rsa3072 2020-07-30 [SC] [expires: 2022-07-30]
      6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A
uid           [ultimate] Hitesh Jethva 
sub   rsa3072 2020-07-30 [E] [expires: 2022-07-30]

創建備份目錄

接下來,您需要在備份服務器上創建一個目錄來存儲備份。

登錄到備份服務器,並使用以下命令創建備份目錄:

mkdir -p /remotebackup/Duplicity/

完成後,您可以繼續下一步。

執行手動備份

此時,已安裝並配置了重複項。然後在複製服務器上執行手動備份。

運行以下命令,將名為/ etc的目錄備份到/ remotebackup / Duplicity /目錄中的遠程備份服務器(104.245.32.194)。

duplicity /etc/ sftp://[email protected]//remotebackup/Duplicity/

如下所示,您必須輸入GPG密鑰密碼才能執行備份操作。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
GnuPG passphrase for decryption: 
Retype passphrase for decryption to confirm: 
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1596110093.56 (Thu Jul 30 11:54:53 2020)
EndTime 1596110095.24 (Thu Jul 30 11:54:55 2020)
ElapsedTime 1.67 (1.67 seconds)
SourceFiles 1413
SourceFileSize 2698964 (2.57 MB)
NewFiles 1413
NewFileSize 2698964 (2.57 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 1413
RawDeltaSize 1857098 (1.77 MB)
TotalDestinationSizeChange 493579 (482 KB)
Errors 0
-------------------------------------------------

然後登錄到遠程備份服務器,並使用以下命令檢查備份:

ls /remotebackup/Duplicity/

顯示以下輸出。

duplicity-full.20200730T115821Z.manifest.gpg      duplicity-full-signatures.20200730T115821Z.sigtar.gpg
duplicity-full.20200730T115821Z.vol1.difftar.gpg

使用Cron自動備份

您還可以通過將Cron作業設置為在指定的時間間隔自動運行來每天或每周安排備份。

首先,您需要在/ root目錄下創建一個密碼短語文件,以自動傳遞密碼短語而無需解釋交互式提示。

您可以使用以下命令創建它。

nano /root/.passphrase

如下所示添加GPG密鑰密碼。

PASSPHRASE="admin"

保存並關閉文件,並使用以下命令對其進行保護:

chmod 600 /root/.passphrase

然後在/etc/cron.daily/目錄中創建每天運行的每日備份腳本。

nano /etc/cron.daily/duplicity.inc

添加以下行。

#!/bin/sh

test -x $(which duplicity) || exit 0
. /root/.passphrase

export PASSPHRASE
$(which duplicity) --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --exclude /var --exclude /home --exclude /swapfile --exclude /proc --exclude /sys --exclude /tmp --exclude /usr / sftp://[email protected]//remotebackup/Duplicity/

完成後保存並關閉文件。然後使用以下命令授予腳本執行權限:

chmod +x /etc/cron.daily/duplicity.inc

上面的腳本將備份整個根服務器,除了一些文件夾。

測試腳本以確保一切正常。

/etc/cron.daily/duplicity.inc

顯示以下輸出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup left a partial set, restarting.
Last full backup date: Thu Jul 30 12:06:52 2020
RESTART: The first volume failed to upload before termination.
         Restart is impossible...starting backup from beginning.
Local and Remote metadata are synchronized, no sync needed.
Last full backup date: none
No signatures found, switching to full backup.
--------------[ Backup Statistics ]--------------
StartTime 1596110992.57 (Thu Jul 30 12:09:52 2020)
EndTime 1596111062.63 (Thu Jul 30 12:11:02 2020)
ElapsedTime 70.06 (1 minute 10.06 seconds)
SourceFiles 13313
SourceFileSize 777994890 (742 MB)
NewFiles 13313
NewFileSize 777994890 (742 MB)
DeletedFiles 0
ChangedFiles 0
ChangedFileSize 0 (0 bytes)
ChangedDeltaSize 0 (0 bytes)
DeltaEntries 13313
RawDeltaSize 772067520 (736 MB)
TotalDestinationSizeChange 318263295 (304 MB)
Errors 0
-------------------------------------------------

您可以使用以下命令檢查備份狀態:

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A collection-status  sftp://[email protected]//remotebackup/Duplicity/

顯示以下輸出。

Last full backup date: Thu Jul 30 12:14:17 2020
Collection Status
-----------------
Connecting with backend: BackendWrapper
Archive dir: /root/.cache/duplicity/b2af509c9fab82d874aa492a933aaf70

Found 0 secondary backup chains.

Found primary backup chain with matching signature chain:
-------------------------
Chain start time: Thu Jul 30 12:14:17 2020
Chain end time: Thu Jul 30 12:14:17 2020
Number of contained backup sets: 1
Total number of contained volumes: 2
 Type of backup set:                            Time:      Num volumes:
                Full         Thu Jul 30 12:14:17 2020                 2
-------------------------
No orphaned or incomplete backup sets found.

要獲得完整備份,請運行以下命令:

PASSPHRASE="admin" duplicity full  --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 3 --force sftp://[email protected]//remotebackup/Duplicity/

您還可以使用選項remove-all-but-n-full刪除舊的備份文件。例如,如果要刪除不再需要的所有舊備份文件,並僅保留兩個備份及其對應的增量備份,請運行以下命令:

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A remove-all-but-n-full 2 --force  sftp://[email protected]//remotebackup/Duplicity/

恢復備份

您還可以輕鬆地從遠程備份服務器還原文件和目錄。您可以使用–file-to-restore選項還原文件和目錄。

在運行還原過程之前,可以使用以下命令列出備份服務器上的所有可用文件和目錄。

duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A list-current-files  sftp://[email protected]//remotebackup/Duplicity/ | less

顯示以下輸出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Thu Jul 30 12:14:17 2020
Thu Jul 30 12:04:04 2020 .
Thu May 14 03:28:54 2020 bin
Thu May 14 03:35:45 2020 boot
Mon Apr 20 16:33:49 2020 boot/System.map-5.4.0-26-generic
Wed Apr 29 13:34:16 2020 boot/System.map-5.4.0-29-generic
Mon Apr 20 16:33:49 2020 boot/config-5.4.0-26-generic
Wed Apr 29 13:34:16 2020 boot/config-5.4.0-29-generic
Thu May 14 03:37:26 2020 boot/grub
Thu May 14 03:31:36 2020 boot/grub/fonts
Thu May 14 03:31:36 2020 boot/grub/fonts/unicode.pf2
Thu May 14 03:31:29 2020 boot/grub/gfxblacklist.txt
Thu May 14 03:37:26 2020 boot/grub/grub.cfg
Wed Jul 29 10:05:41 2020 boot/grub/grubenv
Thu May 14 03:31:37 2020 boot/grub/i386-pc
Thu May 14 03:31:36 2020 boot/grub/i386-pc/915resolution.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/acpi.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/adler32.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/affs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/afs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/ahci.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/all_video.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/aout.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/archelp.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/at_keyboard.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/ata.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/backtrace.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bfs.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/biosdisk.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bitmap_scale.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/blocklist.mod
Thu May 14 03:31:37 2020 boot/grub/i386-pc/boot.img
Thu May 14 03:31:36 2020 boot/grub/i386-pc/boot.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/bsd.mod
Thu May 14 03:31:35 2020 boot/grub/i386-pc/bswap_test.mod
Thu May 14 03:31:36 2020 boot/grub/i386-pc/btrfs.mod

現在,運行以下命令將名為“ opt”的目錄從備份服務器還原到/ opt目錄。

PASSPHRASE="admin" duplicity --encrypt-key 6683A9D4720C5895BF7A7AE9E8A334EB747BAD6A --file-to-restore opt sftp://[email protected]//remotebackup/Duplicity/ /opt

成功完成還原過程後,您將看到以下輸出。

Local and Remote metadata are synchronized, no sync needed.
Last full backup date: Thu Jul 30 12:14:17 2020

結論

在上面的教程中,您學習了如何使用Duplicaty在Ubuntu 20.04服務器上備份和還原文件和目錄。您還學習了如何通過計劃Cron中的備份過程來自動運行備份過程。希望本文能幫助您節省很多時間。

Sidebar