2013-06-29 21:56:44 +00:00
|
|
|
.. include:: global.rst.inc
|
2013-07-31 18:51:01 +00:00
|
|
|
.. _quickstart:
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
Quick Start
|
|
|
|
===========
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
This chapter will get you started with |project_name|. The first section
|
2013-08-04 20:50:34 +00:00
|
|
|
presents a simple step by step example that uses |project_name| to backup data.
|
2013-07-31 18:51:01 +00:00
|
|
|
The next section continues by showing how backups can be automated.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-11-04 00:51:09 +00:00
|
|
|
Important note about free space
|
|
|
|
-------------------------------
|
|
|
|
|
|
|
|
Before you start creating backups, please make sure that there is **always**
|
|
|
|
a good amount of free space on the filesystem that has your backup repository
|
|
|
|
(and also on ~/.cache). It is hard to tell how much, maybe 1-5%.
|
|
|
|
|
|
|
|
If you run out of disk space, it can be hard or impossible to free space,
|
|
|
|
because |project_name| needs free space to operate - even to delete backup
|
2016-01-17 19:12:23 +00:00
|
|
|
archives. There is a ``--save-space`` option for some commands, but even with
|
2015-12-08 17:22:24 +00:00
|
|
|
that |project_name| will need free space to operate.
|
2015-11-04 00:51:09 +00:00
|
|
|
|
|
|
|
You can use some monitoring process or just include the free space information
|
|
|
|
in your backup log files (you check them regularly anyway, right?).
|
|
|
|
|
|
|
|
Also helpful:
|
|
|
|
|
|
|
|
- create a big file as a "space reserve", that you can delete to free space
|
|
|
|
- if you use LVM: use a LV + a filesystem that you can resize later and have
|
|
|
|
some unallocated PEs you can add to the LV.
|
|
|
|
- consider using quotas
|
|
|
|
- use `prune` regularly
|
|
|
|
|
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
A step by step example
|
|
|
|
----------------------
|
|
|
|
|
2014-02-09 21:15:27 +00:00
|
|
|
1. Before a backup can be made a repository has to be initialized::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg init /path/to/repo
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
2. Backup the ``~/src`` and ``~/Documents`` directories into an archive called
|
2014-04-06 12:03:14 +00:00
|
|
|
*Monday*::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg create /path/to/repo::Monday ~/src ~/Documents
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 12:03:14 +00:00
|
|
|
3. The next day create a new archive called *Tuesday*::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
Print implied output without --info/-v
There are persistent questions why output from options like --list
and --stats doesn't show up. Also, borg currently isn't able to
show *just* the output for a given option (--list, --stats,
--show-rc, --show-version, or --progress), without other INFO level
messages.
The solution is to use more granular loggers, so that messages
specific to a given option goes to a logger designated for that
option. That option-specific logger can then be configured
separately from the regular loggers.
Those option-specific loggers can also be used as a hook in a
BORG_LOGGING_CONF config file to log the --list output to a separate
file, or send --stats output to a network socket where some daemon
could analyze it.
Steps:
- create an option-specific logger for each of the implied output options
- modify the messages specific to each option to go to the correct logger
- if an implied output option is passed, change the option-specific
logger (only) to log at INFO level
- test that root logger messages don't come through option-specific loggers
They shouldn't, per https://docs.python.org/3/howto/logging.html#logging-flow
but test just the same. Particularly test a message that can come from
remote repositories.
Fixes #526, #573, #665, #824
2016-05-18 02:59:58 +00:00
|
|
|
$ borg create --stats /path/to/repo::Tuesday ~/src ~/Documents
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
This backup will be a lot quicker and a lot smaller since only new never
|
2014-02-09 21:15:27 +00:00
|
|
|
before seen data is stored. The ``--stats`` option causes |project_name| to
|
|
|
|
output statistics about the newly created archive such as the amount of unique
|
2014-04-06 12:03:14 +00:00
|
|
|
data (not shared with other archives)::
|
|
|
|
|
2016-02-15 20:38:02 +00:00
|
|
|
------------------------------------------------------------------------------
|
2014-04-06 12:03:14 +00:00
|
|
|
Archive name: Tuesday
|
2016-02-15 20:38:02 +00:00
|
|
|
Archive fingerprint: bd31004d58f51ea06ff735d2e5ac49376901b21d58035f8fb05dbf866566e3c2
|
2016-02-16 23:43:05 +00:00
|
|
|
Time (start): Tue, 2016-02-16 18:15:11
|
|
|
|
Time (end): Tue, 2016-02-16 18:15:11
|
|
|
|
|
2016-02-15 20:38:02 +00:00
|
|
|
Duration: 0.19 seconds
|
|
|
|
Number of files: 127
|
|
|
|
------------------------------------------------------------------------------
|
|
|
|
Original size Compressed size Deduplicated size
|
|
|
|
This archive: 4.16 MB 4.17 MB 26.78 kB
|
|
|
|
All archives: 8.33 MB 8.34 MB 4.19 MB
|
|
|
|
|
|
|
|
Unique chunks Total chunks
|
|
|
|
Chunk index: 132 261
|
|
|
|
------------------------------------------------------------------------------
|
2013-07-31 18:51:01 +00:00
|
|
|
|
|
|
|
4. List all archives in the repository::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg list /path/to/repo
|
2016-02-15 20:38:02 +00:00
|
|
|
Monday Mon, 2016-02-15 19:14:44
|
|
|
|
Tuesday Tue, 2016-02-16 19:15:11
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
5. List the contents of the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg list /path/to/repo::Monday
|
2016-02-15 20:38:02 +00:00
|
|
|
drwxr-xr-x user group 0 Mon, 2016-02-15 18:22:30 home/user/Documents
|
|
|
|
-rw-r--r-- user group 7961 Mon, 2016-02-15 18:22:30 home/user/Documents/Important.doc
|
2014-04-06 20:47:22 +00:00
|
|
|
...
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
6. Restore the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg extract /path/to/repo::Monday
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-05 18:24:46 +00:00
|
|
|
7. Recover disk space by manually deleting the *Monday* archive::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg delete /path/to/repo::Monday
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2014-04-06 20:47:22 +00:00
|
|
|
.. Note::
|
2016-02-27 16:22:56 +00:00
|
|
|
Borg is quiet by default (it works on WARNING log level).
|
Print implied output without --info/-v
There are persistent questions why output from options like --list
and --stats doesn't show up. Also, borg currently isn't able to
show *just* the output for a given option (--list, --stats,
--show-rc, --show-version, or --progress), without other INFO level
messages.
The solution is to use more granular loggers, so that messages
specific to a given option goes to a logger designated for that
option. That option-specific logger can then be configured
separately from the regular loggers.
Those option-specific loggers can also be used as a hook in a
BORG_LOGGING_CONF config file to log the --list output to a separate
file, or send --stats output to a network socket where some daemon
could analyze it.
Steps:
- create an option-specific logger for each of the implied output options
- modify the messages specific to each option to go to the correct logger
- if an implied output option is passed, change the option-specific
logger (only) to log at INFO level
- test that root logger messages don't come through option-specific loggers
They shouldn't, per https://docs.python.org/3/howto/logging.html#logging-flow
but test just the same. Particularly test a message that can come from
remote repositories.
Fixes #526, #573, #665, #824
2016-05-18 02:59:58 +00:00
|
|
|
You can use options like ``--progress`` or ``--list`` to get specific
|
|
|
|
reports during command execution. You can also add the ``-v`` (or
|
|
|
|
``--verbose`` or ``--info``) option to adjust the log level to INFO to
|
|
|
|
get other informational messages.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-31 18:51:01 +00:00
|
|
|
Automating backups
|
|
|
|
------------------
|
|
|
|
|
2015-05-14 18:47:08 +00:00
|
|
|
The following example script backs up ``/home`` and ``/var/www`` to a remote
|
|
|
|
server. The script also uses the :ref:`borg_prune` subcommand to maintain a
|
|
|
|
certain number of old archives::
|
2013-07-31 18:51:01 +00:00
|
|
|
|
|
|
|
#!/bin/sh
|
2016-05-07 17:22:48 +00:00
|
|
|
|
|
|
|
# setting this, so the repo does not need to be given on the commandline:
|
|
|
|
export BORG_REPO=username@remoteserver.com:backup
|
|
|
|
|
|
|
|
# setting this, so you won't be asked for your passphrase - make sure the
|
|
|
|
# script has appropriate owner/group and mode, e.g. root.root 600:
|
|
|
|
export BORG_PASSPHRASE=mysecret
|
|
|
|
|
|
|
|
# Backup most important stuff:
|
Print implied output without --info/-v
There are persistent questions why output from options like --list
and --stats doesn't show up. Also, borg currently isn't able to
show *just* the output for a given option (--list, --stats,
--show-rc, --show-version, or --progress), without other INFO level
messages.
The solution is to use more granular loggers, so that messages
specific to a given option goes to a logger designated for that
option. That option-specific logger can then be configured
separately from the regular loggers.
Those option-specific loggers can also be used as a hook in a
BORG_LOGGING_CONF config file to log the --list output to a separate
file, or send --stats output to a network socket where some daemon
could analyze it.
Steps:
- create an option-specific logger for each of the implied output options
- modify the messages specific to each option to go to the correct logger
- if an implied output option is passed, change the option-specific
logger (only) to log at INFO level
- test that root logger messages don't come through option-specific loggers
They shouldn't, per https://docs.python.org/3/howto/logging.html#logging-flow
but test just the same. Particularly test a message that can come from
remote repositories.
Fixes #526, #573, #665, #824
2016-05-18 02:59:58 +00:00
|
|
|
borg create --stats -C lz4 ::`hostname`-`date +%Y-%m-%d` \
|
2016-05-07 17:22:48 +00:00
|
|
|
/etc \
|
|
|
|
/home \
|
|
|
|
/var \
|
|
|
|
--exclude '/home/*/.cache' \
|
2014-02-09 21:15:27 +00:00
|
|
|
--exclude '*.pyc'
|
2013-07-31 18:51:01 +00:00
|
|
|
|
2015-10-03 12:12:16 +00:00
|
|
|
# Use the `prune` subcommand to maintain 7 daily, 4 weekly and 6 monthly
|
2016-05-07 17:22:48 +00:00
|
|
|
# archives of THIS machine. Using --prefix is very important to
|
2015-10-03 12:12:16 +00:00
|
|
|
# limit prune's operation to this machine's archives and not apply to
|
|
|
|
# other machine's archives also.
|
2016-05-07 17:22:48 +00:00
|
|
|
borg prune -v --prefix `hostname`- \
|
2015-10-03 12:12:16 +00:00
|
|
|
--keep-daily=7 --keep-weekly=4 --keep-monthly=6
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-08-10 18:36:21 +00:00
|
|
|
.. backup_compression:
|
|
|
|
|
|
|
|
Backup compression
|
|
|
|
------------------
|
|
|
|
|
|
|
|
Default is no compression, but we support different methods with high speed
|
|
|
|
or high compression:
|
|
|
|
|
2016-02-27 16:22:56 +00:00
|
|
|
If you have a fast repo storage and you want some compression: ::
|
2015-08-10 18:36:21 +00:00
|
|
|
|
2016-04-15 01:38:43 +00:00
|
|
|
$ borg create --compression lz4 /path/to/repo::arch ~
|
2015-08-10 18:36:21 +00:00
|
|
|
|
2016-02-27 16:22:56 +00:00
|
|
|
If you have a less fast repo storage and you want a bit more compression (N=0..9,
|
2015-10-13 14:31:25 +00:00
|
|
|
0 means no compression, 9 means high compression): ::
|
2015-08-10 18:36:21 +00:00
|
|
|
|
2016-04-15 01:38:43 +00:00
|
|
|
$ borg create --compression zlib,N /path/to/repo::arch ~
|
2015-08-10 18:36:21 +00:00
|
|
|
|
2015-08-15 13:45:15 +00:00
|
|
|
If you have a very slow repo storage and you want high compression (N=0..9, 0 means
|
2015-10-13 14:31:25 +00:00
|
|
|
low compression, 9 means high compression): ::
|
2015-08-10 18:36:21 +00:00
|
|
|
|
2016-04-15 01:38:43 +00:00
|
|
|
$ borg create --compression lzma,N /path/to/repo::arch ~
|
2015-08-10 18:36:21 +00:00
|
|
|
|
|
|
|
You'll need to experiment a bit to find the best compression for your use case.
|
|
|
|
Keep an eye on CPU load and throughput.
|
|
|
|
|
2013-06-29 21:56:44 +00:00
|
|
|
.. _encrypted_repos:
|
|
|
|
|
|
|
|
Repository encryption
|
|
|
|
---------------------
|
|
|
|
|
2015-12-19 13:30:05 +00:00
|
|
|
Repository encryption can be enabled or disabled at repository creation time
|
|
|
|
(the default is enabled, with `repokey` method)::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-12-19 13:30:05 +00:00
|
|
|
$ borg init --encryption=none|repokey|keyfile PATH
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2013-07-03 20:38:07 +00:00
|
|
|
When repository encryption is enabled all data is encrypted using 256-bit AES_
|
|
|
|
encryption and the integrity and authenticity is verified using `HMAC-SHA256`_.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-12-01 23:48:08 +00:00
|
|
|
All data is encrypted on the client before being written to the repository. This
|
|
|
|
means that an attacker who manages to compromise the host containing an
|
2016-02-27 16:22:56 +00:00
|
|
|
encrypted archive will not be able to access any of the data, even while the backup
|
2015-12-01 23:48:08 +00:00
|
|
|
is being made.
|
2014-04-06 12:03:14 +00:00
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
|project_name| supports different methods to store the AES and HMAC keys.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
``repokey`` mode
|
|
|
|
The key is stored inside the repository (in its "config" file).
|
|
|
|
Use this mode if you trust in your good passphrase giving you enough
|
2015-12-01 23:48:08 +00:00
|
|
|
protection. The repository server never sees the plaintext key.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
``keyfile`` mode
|
2016-01-28 22:15:49 +00:00
|
|
|
The key is stored on your local disk (in ``~/.config/borg/keys/``).
|
2015-08-29 01:39:53 +00:00
|
|
|
Use this mode if you want "passphrase and having-the-key" security.
|
2013-07-30 19:51:21 +00:00
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
In both modes, the key is stored in encrypted form and can be only decrypted
|
|
|
|
by providing the correct passphrase.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
For automated backups the passphrase can be specified using the
|
|
|
|
`BORG_PASSPHRASE` environment variable.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2015-10-19 20:25:24 +00:00
|
|
|
.. note:: Be careful about how you set that environment, see
|
|
|
|
:ref:`this note about password environments <password_env>`
|
|
|
|
for more information.
|
2015-10-19 15:29:22 +00:00
|
|
|
|
2016-02-27 16:22:56 +00:00
|
|
|
.. warning:: The repository data is totally inaccessible without the key
|
|
|
|
and the key passphrase.
|
|
|
|
|
2015-08-29 01:39:53 +00:00
|
|
|
Make a backup copy of the key file (``keyfile`` mode) or repo config
|
|
|
|
file (``repokey`` mode) and keep it at a safe place, so you still have
|
2016-02-27 16:22:56 +00:00
|
|
|
the key in case it gets corrupted or lost. Also keep your passphrase
|
|
|
|
at a safe place.
|
|
|
|
|
|
|
|
The backup that is encrypted with that key/passphrase won't help you
|
|
|
|
with that, of course.
|
2013-06-29 21:56:44 +00:00
|
|
|
|
|
|
|
.. _remote_repos:
|
|
|
|
|
|
|
|
Remote repositories
|
|
|
|
-------------------
|
|
|
|
|
2014-02-04 02:26:36 +00:00
|
|
|
|project_name| can initialize and access repositories on remote hosts if the
|
|
|
|
host is accessible using SSH. This is fastest and easiest when |project_name|
|
|
|
|
is installed on the remote host, in which case the following syntax is used::
|
2013-06-29 21:56:44 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg init user@hostname:/path/to/repo
|
2013-06-29 21:56:44 +00:00
|
|
|
|
|
|
|
or::
|
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ borg init ssh://user@hostname:port//path/to/repo
|
2014-02-04 02:26:36 +00:00
|
|
|
|
2015-05-14 15:36:53 +00:00
|
|
|
Remote operations over SSH can be automated with SSH keys. You can restrict the
|
|
|
|
use of the SSH keypair by prepending a forced command to the SSH public key in
|
2016-02-01 02:22:02 +00:00
|
|
|
the remote server's `authorized_keys` file. This example will start |project_name|
|
|
|
|
in server mode and limit it to a specific filesystem path::
|
2015-05-14 15:36:53 +00:00
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
command="borg serve --restrict-to-path /path/to/repo",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding,no-user-rc ssh-rsa AAAAB3[...]
|
2015-05-14 15:36:53 +00:00
|
|
|
|
|
|
|
If it is not possible to install |project_name| on the remote host,
|
2014-02-04 02:26:36 +00:00
|
|
|
it is still possible to use the remote host to store a repository by
|
|
|
|
mounting the remote filesystem, for example, using sshfs::
|
|
|
|
|
2016-04-15 01:35:37 +00:00
|
|
|
$ sshfs user@hostname:/path/to /path/to
|
|
|
|
$ borg init /path/to/repo
|
|
|
|
$ fusermount -u /path/to
|