Quickstart Guide for Restic and Backblaze B2 Cloud Storage Quickstart Guide for Restic and Backblaze B2 Cloud Storage

Quickstart Guide for Restic and Backblaze B2 Cloud Storage

Mike Farace Mike Farace

Introduction

Restic is an open-source backup tool that works with local storage, NAS devices, or cloud storage (Backblaze B2). It uses snapshots, block-level deduplication, along with complex indexing to allow for quick restores. All this while taking minimal storage space.  One restic repository can be used to contain the snapshots from one host, or multiple, as the host information is stored in the snapshot index also.

 

Installing Restic

Restic can be installed from source code or binaries which can be downloaded from GitHub, or installed using the a local package manager on most operating systems.  While Restic is available on Windows, some features are not available.  

 

This article will focus on the Linux and Mac versions.  

 

Redhat/CentOS

sudo yum install restic fuse

Ubuntu/Debian

sudo apt install restic fuse

Mac

brew install restic

Note about fuse: fuse is needed to be able to mount the snapshot backups, which is one of the restore options.

 

On Mac, use OSXFuse 3.10.6 if you're running Catalina (10.15), otherwise, you can use the current version of OSXFuse (now called MacFuse) if you are on BigSur. 

On Linux s3fuse works just as well as regular fuse, but has components in it to allow you to mount cloud storage buckets compatible with S3, like Backblaze B2.

 

After installation, you can make sure restic is on the latest version by running this command:

restic self-update

Configuring Restic

To simplify the use of restic, it’s best to define the restic environment variables you will need in a file, such as /etc/restic-env.  This will eliminate the need to pass every parameter each time we run restic.  

export B2_ACCOUNT_ID="012x11f5584568299998888zz"
export B2_ACCOUNT_KEY="K012eFG6971Sshi/qrSSS897QC1dBfd"
export RESTIC_REPOSITORY="b2:restic-west02"
export RESTIC_PASSWORD_FILE=/etc/restic-password

Then /etc/restic-password could contain 1 line with the password

mYsEcureP@$$word

Secure the restic files so only root or a user you create can see the files

chown root:root /etc/restic-env
chown root:root /etc/restic-password
chmod 700 /etc/restic-env
chmod 700 /etc/restic-password

 

Initialize the repository (repo)

source ~/restic-env
restic -r b2:restic-west02 init

created restic repository fd5c6a1116 at b2:restic-west02

 

Please note that knowledge of your password is required to access the repository. Losing your password means that your data is

irrecoverably lost.

 

Backing up with Restic

Before we run any Restic commands we need to load the environment variables with this command:

source /etc/restic-env

 

To backup the /usr/local directory

restic -r b2:restic-west02 backup /usr/local
repository fd5c6a11 opened successfully, password is correct
created new cache in /home/administrator/.cache/restic

Example Output. 

Files:               2 new,         0 changed,         0 unmodified
Dirs:                1 new,         0 changed,         0 unmodified

Added to the repo: 19.097 MiB

processed 2 files, 19.096 MiB in 0:01
snapshot 46225328 saved

 

Since we have defined the RESTIC_REPOSITORY variable, we actually don’t need to add -r b2:restic-west02 to our commands.

 

The second backup only backs up changed files, since it uses block-level deduplication.  No changed files yet, so no files backed up.

 

restic backup /usr/local

repository fd5c6a11 opened successfully, password is correct


Files:               0 new,         0 changed,         2 unmodified
Dirs:                0 new,         0 changed,         1 unmodified
Added to the repo: 0 B  


processed 2 files, 19.096 MiB in 0:01
snapshot 2a63bc2c saved

 

Backing up with tags is a useful way to identify your snapshots, identify which hosts they are from, and later prune unneeded snapshots.  In this example, I am backing up a Windows SMB share on my Linux machine.

 

restic --tag Windows backup /mnt/Windows/
repository fd5c6a11 opened successfully, password is correct
no parent snapshot found, will read all files


Files:             165 new,         0 changed,         0 unmodified
Dirs:               46 new,         0 changed,         0 unmodified
Added to the repo: 6.347 GiB


processed 165 files, 10.783 GiB in 3:53
snapshot 1b8e60ee saved

 

 

List all Restic Backups

To see a list of all the snapshots  you have done, with their data and time stamps, as well as optional tags, use the following command:

restic snapshots

repository fd5c6a11 opened successfully, password is correct
ID            Time                     Host             Tags            Paths
----------------------------------------------------------------------
46225328  2021-06-23 07:54:37  restic-mike                  /usr/local
2a63bc2c  2021-06-23 08:18:30  restic-mike                  /usr/local
36754856  2021-06-23 12:20:40  restic-mike                  /usr/local
3d8081cb  2021-06-23 12:21:44  restic-mike                  /usr/local
d0f97fe4  2021-06-23 12:22:16  restic-mike                  /usr/local/src
d1c60d85  2021-06-23 12:28:41  restic-mike                  /usr/local/src
1b8e60ee  2021-06-27 07:14:24  restic-mike  Windows         /mnt/Windows
----------------------------------------------------------------------
7 snapshots

 

 

Restoring from a Restic Backup stored in B2 

 

Method #1: Restoring a snapshot to a directory

To restore a snapshot to a directory, you need to supply the snapshot id, and specify the target directory.  Restic will restore all files from the backup, with their full paths, starting under that directory.

restic restore 1b8e60ee --target /tmp/restore
repository fd5c6a11 opened successfully, password is correct
restoring <Snapshot 1b8e60ee of [/mnt/Windows] at 2021-06-27 07:14:24.279449009 -0700 PDT by administrator@restic-mike> to /tmp/restore

 

Method #2: Mount and browse the snapshot

Another method to restore files, is to mount the snapshot database, browse to the backup you want, and copy files from the mount point to any destination you like.  To do this, we first need to create a mount point for the restic snapshots.

mkdir /mnt/restic

 

Then we can mount the snapshots and browse them.  When you run the mount command,  you will need to start another ssh or terminal session, or you can run the mount command in the background by appending the & sign.

restic mount /mnt/restic &
ls

hosts ids  snapshots  tags

 

You can browse backups by the host they were backed up from, the snapshot id, the date/time stamp, or the tags. Go into the directory of the Windows Snapshot using the ID

cd /mnt/restic/ids/1b8e60ee
ls

mnt


cd mnt/Windows

pwd

/mnt/restic/ids/1b8e60ee/mnt/Windows

 

 

Running Restic in Docker

To install the official Restic docker container, use this command:

docker pull restic/restic:latest

 

Prepare for your first Restic backup

Create an environment file, such as /etc/restic_env, and define the following Restic variables.

  • RESTIC_DATA
    • Your data directory in the Docker image that will be mapped to your local directory you want to back up
  • RESTIC_REPOSITORY=b2:’bucket-name’
  • RESTIC_PASSWORD
    • Your Restic repository password
  • B2_ACCOUNT_ID
  • B2_ACCOUNT_KEY

 

Example:

RESTIC_DATA=/data

RESTIC_REPOSITORY=b2:restic-002

RESTIC_PASSWORD=test

B2_ACCOUNT_ID=e8g010ff983a

B2_ACCOUNT_KEY=09108d3ggacedba91823be5a3dd21eb6e6e336604d

 

Creating a local data directory

 

Create a local data directory to store your data to be backed up, or use an existing directory in the docker command below.  Just substitute  “$HOME/restic-data” with whatever directory you want to back up.

mkdir $HOME/restic-data

 

Docker Flags Used Explained

--rm          Automatically remove the container when it exits

-t            Allocate a pseudo-TTY

-i            Keep STDIN open even if not attached

--entrypoint  Overwrite the default ENTRYPOINT of the image

--env-file   Define the environment variable file to use

-v            This will mount the local directory to a directory in docker.

 

Initialize the Restic repository

Before the first backup, the repository (repo) needs to be initialized to create the structure needed for all the backup files.

docker run --rm -ti  --env-file=/etc/restic-env   \

-v $HOME/restic-data:/data restic/restic init

 

Backup local data to the repo

To back up the local $HOME/restic-data, use the following command .

docker run --rm -ti --env-file=/etc/restic-env  \

-v $HOME/restic-data:/data     restic/restic backup /data



repository 15827d78 opened successfully, password is correct

created new cache in /root/.cache/restic

no parent snapshot found, will read all files




Files:     165 new, 0 changed, 0 unmodified

Dirs:       46 new, 0 changed, 0 unmodified

Added to the repo: 6.346 GiB

 

List files in the latest backup

To list all files in the latest backup, use the below command.  This can be a lengthy list, so use with caution.

docker run --rm -ti    --env-file=/etc/restic-env   \

-v $HOME/restic-data:/data     restic/restic ls -l latest

 

List all snapshots

To see a list of all the snapshots  you have done, with their data and time stamps, as well as optional tags, use this command:

docker run --rm -ti  --env-file=/etc/restic-env \

-v $HOME/restic-data:/data  restic/restic  snapshots

 

Restore a backup

To restore a snapshot to a directory, you need to supply the snapshot id and specify the target directory.  Restic will restore all files from the backup, with their full paths, starting under that directory.

docker run --rm -ti  --env-file=/etc/restic-env \

-v $HOME/restic-data:/data -v $HOME/restic-restore:/restore  \

restic/restic  restore 5d1487e5 --target /restore




repository 15827d78 opened successfully, password is correct

created new cache in /root/.cache/restic

restoring <Snapshot 5d1487e5 of [/data] at 2021-07-01 15:11:37.568367623 +0000 UTC by root@e1701517be05> to /restore

 

You can also tell Restic to restore the latest backup using this command:

docker run --rm -ti  --env-file=/etc/restic-env \

-v $HOME/restic-data:/data -v $HOME/restic-restore:/restore  \

restic/restic  restore latest --target /restore



Check the health of the repository

Checking the health of your Restic repository periodically is a good idea. From the Manual “The "check" command tests the repository for errors and reports any errors it finds. It can also be used to read all data and therefore simulate a restore.

By default, the "check" command will always load all data directly from the repository and not use a local cache.”.

docker run --rm -ti  --env-file=/etc/restic-env  \

-v $HOME/restic-data:/data  restic/restic check

 

Additional Resources

Video: How to use Restic backups

Goes more in-depth on Restic options, creating schedules, retention periods, etc.

https://youtu.be/5DjNjqLuLSs

 

List of all Restic environment variables

https://restic.readthedocs.io/en/latest/040_backup.html?highlight=variables#environment-variables