2013-06-29 21:56:44 +00:00
|
|
|
.. include:: global.rst.inc
|
2013-07-31 18:51:01 +00:00
|
|
|
.. _quickstart:
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
Quick Start
|
|
|
|
===========
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
This chapter will get you started with |project_name|. The first section
|
2013-08-04 20:50:34 +00:00
|
|
|
presents a simple step by step example that uses |project_name| to backup data.
|
2013-07-31 18:51:01 +00:00
|
|
|
The next section continues by showing how backups can be automated.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
A step by step example
|
|
|
|
----------------------
|
|
|
|
|
2014-02-09 21:15:27 +00:00
|
|
|
1. Before a backup can be made a repository has to be initialized::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
$ attic init /somewhere/my-repository.attic
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
2. Backup the ``~/src`` and ``~/Documents`` directories into an archive called
|
2014-04-06 12:03:14 +00:00
|
|
|
*Monday*::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 20:47:22 +00:00
|
|
|
$ attic create /somwhere/my-repository.attic::Monday ~/src ~/Documents
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 12:03:14 +00:00
|
|
|
3. The next day create a new archive called *Tuesday*::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 20:47:22 +00:00
|
|
|
$ attic create --stats /somwhere/my-repository.attic::Tuesday ~/src ~/Documents
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
This backup will be a lot quicker and a lot smaller since only new never
|
2014-02-09 21:15:27 +00:00
|
|
|
before seen data is stored. The ``--stats`` option causes |project_name| to
|
|
|
|
output statistics about the newly created archive such as the amount of unique
|
2014-04-06 12:03:14 +00:00
|
|
|
data (not shared with other archives)::
|
|
|
|
|
|
|
|
Archive name: Tuesday
|
|
|
|
Archive fingerprint: 387a5e3f9b0e792e91ce87134b0f4bfe17677d9248cb5337f3fbf3a8e157942a
|
2014-04-06 20:47:22 +00:00
|
|
|
Start time: Tue Mar 25 12:00:10 2014
|
|
|
|
End time: Tue Mar 25 12:00:10 2014
|
2014-04-06 12:03:14 +00:00
|
|
|
Duration: 0.08 seconds
|
|
|
|
Number of files: 358
|
|
|
|
Original size Compressed size Deduplicated size
|
|
|
|
This archive: 57.16 MB 46.78 MB 151.67 kB
|
|
|
|
All archives: 114.02 MB 93.46 MB 44.81 MB
|
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
|
|
|
|
4. List all archives in the repository::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
$ attic list /somewhere/my-repository.attic
|
2014-04-06 20:47:22 +00:00
|
|
|
Monday Mon Mar 24 11:59:35 2014
|
|
|
|
Tuesday Tue Mar 25 12:00:10 2014
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
5. List the contents of the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
$ attic list /somewhere/my-repository.attic::Monday
|
2014-04-06 20:47:22 +00:00
|
|
|
drwxr-xr-x user group 0 Jan 06 15:22 home/user/Documents
|
|
|
|
-rw-r--r-- user group 7961 Nov 17 2012 home/user/Documents/Important.doc
|
|
|
|
...
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
6. Restore the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 20:47:22 +00:00
|
|
|
$ attic extract /somwhere/my-repository.attic::Monday
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
7. Recover disk space by manually deleting the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
$ attic delete /somwhere/my-backup.attic::Monday
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 20:47:22 +00:00
|
|
|
.. Note::
|
|
|
|
Attic is quiet by default. Add the ``-v`` or ``--verbose`` option to
|
|
|
|
get progress reporting during command execution.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
Automating backups
|
|
|
|
------------------
|
|
|
|
|
2014-02-09 21:15:27 +00:00
|
|
|
The following example script backs up ``/home`` and
|
2013-07-31 18:51:01 +00:00
|
|
|
``/var/www`` to a remote server. The script also uses the
|
2013-08-04 20:50:34 +00:00
|
|
|
:ref:`attic_prune` subcommand to maintain a certain number
|
2013-07-31 18:51:01 +00:00
|
|
|
of old archives::
|
|
|
|
|
|
|
|
#!/bin/sh
|
2014-04-05 18:24:46 +00:00
|
|
|
REPOSITORY=username@remoteserver.com:repository.attic
|
2013-07-31 18:51:01 +00:00
|
|
|
|
|
|
|
# Backup all of /home and /var/www except a few
|
|
|
|
# excluded directories
|
|
|
|
attic create --stats \
|
|
|
|
$REPOSITORY::hostname-`date +%Y-%m-%d` \
|
|
|
|
/home \
|
|
|
|
/var/www \
|
|
|
|
--exclude /home/*/.cache \
|
|
|
|
--exclude /home/Ben/Music/Justin\ Bieber \
|
2014-02-09 21:15:27 +00:00
|
|
|
--exclude '*.pyc'
|
2013-07-31 18:51:01 +00:00
|
|
|
|
|
|
|
# Use the `prune` subcommand to maintain 7 daily, 4 weekly
|
|
|
|
# and 6 monthly archives.
|
2014-02-19 21:46:15 +00:00
|
|
|
attic prune -v $REPOSITORY --keep-daily=7 --keep-weekly=4 --keep-monthly=6
|
2013-06-29 21:56:44 +00:00
|
|
|
|
|
|
|
.. _encrypted_repos:
|
|
|
|
|
|
|
|
Repository encryption
|
|
|
|
---------------------
|
|
|
|
|
2014-02-09 21:15:27 +00:00
|
|
|
Repository encryption is enabled at repository creation time::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-08-10 11:02:20 +00:00
|
|
|
$ attic init --encryption=passphrase|keyfile PATH
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-03 20:38:07 +00:00
|
|
|
When repository encryption is enabled all data is encrypted using 256-bit AES_
|
|
|
|
encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 12:03:14 +00:00
|
|
|
All data is encrypted before being written to the repository. This means that
|
|
|
|
an attacker that manages to compromise the host containing an encrypted
|
|
|
|
archive will not be able to access any of the data.
|
|
|
|
|
2013-06-29 21:56:44 +00:00
|
|
|
|project_name| supports two different methods to derive the AES and HMAC keys.
|
|
|
|
|
|
|
|
Passphrase based encryption
|
|
|
|
This method uses a user supplied passphrase to derive the keys using the
|
2014-04-06 12:03:14 +00:00
|
|
|
PBKDF2_ key derivation function. This method is convenient to use since
|
|
|
|
there is no key file to keep track of and secure as long as a *strong*
|
|
|
|
passphrase is used.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-30 19:51:21 +00:00
|
|
|
.. Note::
|
|
|
|
For automated backups the passphrase can be specified using the
|
|
|
|
`ATTIC_PASSPHRASE` environment variable.
|
|
|
|
|
2013-06-29 21:56:44 +00:00
|
|
|
Key file based encryption
|
2013-07-03 20:38:07 +00:00
|
|
|
This method generates random keys at repository initialization time that
|
2013-07-08 21:38:27 +00:00
|
|
|
are stored in a password protected file in the ``~/.attic/keys/`` directory.
|
2014-04-06 12:03:14 +00:00
|
|
|
The key file is a printable text file. This method is secure and suitable
|
|
|
|
for automated backups.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
|
|
|
.. Note::
|
|
|
|
The repository data is totally inaccessible without the key file
|
|
|
|
so it must be kept **safe**.
|
|
|
|
|
|
|
|
|
|
|
|
.. _remote_repos:
|
|
|
|
|
|
|
|
Remote repositories
|
|
|
|
-------------------
|
|
|
|
|
2014-02-04 02:26:36 +00:00
|
|
|
|project_name| can initialize and access repositories on remote hosts if the
|
|
|
|
host is accessible using SSH. This is fastest and easiest when |project_name|
|
|
|
|
is installed on the remote host, in which case the following syntax is used::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-08 21:38:27 +00:00
|
|
|
$ attic init user@hostname:repository.attic
|
2013-06-29 21:56:44 +00:00
|
|
|
|
|
|
|
or::
|
|
|
|
|
2013-07-08 21:38:27 +00:00
|
|
|
$ attic init ssh://user@hostname:port/repository.attic
|
2014-02-04 02:26:36 +00:00
|
|
|
|
|
|
|
If it is not possible to install |project_name| on the remote host,
|
|
|
|
it is still possible to use the remote host to store a repository by
|
|
|
|
mounting the remote filesystem, for example, using sshfs::
|
|
|
|
|
|
|
|
$ sshfs user@hostname:/path/to/folder /tmp/mymountpoint
|
|
|
|
$ attic init /tmp/mymountpoint/repository.attic
|
|
|
|
$ fusermount -u /tmp/mymountpoint
|
2014-02-09 21:15:27 +00:00
|
|
|
|
|
|
|
However, be aware that sshfs doesn't fully implement POSIX locks, so
|
|
|
|
you must be sure to not have two processes trying to access the same
|
|
|
|
repository at the same time.
|