How to back up with Restic to Exoscale Object Storage

Restic

Overview

Restic is a simple and efficient backup program to easily back up your data to an Exoscale SOS Bucket. It’s available for all official Exoscale Templates from Linux, Windows to BSD.

Limitations and Benefits

• One bucket for multiple instances
• Windows VSS Support
• No bare metal restore possible
• No central management possible
• One binary without dependencies
• No scheduler included

Provider Details

Setup

1. Create an S3 Bucket on Exoscale. Restic can use Exoscale SOS as backend to store your backups from multiple instances. The SOS Quick Start Guide gives you more details for using s3cmd or the Exoscale Portal to create a bucket.
2. Create an IAM Key which will give Restic access to the S3 Bucket. We would advice to create a restricted key that only allows access to the bucket. Find more details in our IAM Quick Start Guide.
3. Get Restic either from the official Restic website or directly from Github and install or copy it do your instance.
4. Initialize you Exoscale SOS Bucket with Restic. You need to define a password for your Restic repository. Store your password safely! If you lose it, you won’t be able to access data stored in the repository.

Linux

    export AWS_ACCESS_KEY_ID=<YOUR IAM KEY>
    export AWS_SECRET_ACCESS_KEY=<YOUR SECRET KEY>
    restic -r s3:sos-<BUCKET LOCATION>.exo.io/<BUCKETNAME> init

Windows

    set AWS_ACCESS_KEY_ID=<YOUR IAM KEY>
    set AWS_SECRET_ACCESS_KEY=<YOUR SECRET KEY>
    restic -r s3:sos-<BUCKET LOCATION>.exo.io/<BUCKETNAME> init

Output on Linux (you will get a similar result on Windows)

    [root@vm2backup ~]# export AWS_ACCESS_KEY_ID=EXO35ac0e9ba39cf65XXXXXXXXX
    [root@vm2backup ~]# export AWS_SECRET_ACCESS_KEY=SECRETKEY-XXXXXX
    [root@vm2backup ~]# restic -r s3:sos-de-fra-1.exo.io/restic-de-fra-1 init
    enter password for new repository:
    enter password again:
    created restic repository a94a0d041a at s3:sos-de-fra-1.exo.io/restic-de-fra-1 
    Please note that knowledge of your password is required to access
    the repository. Losing your password means that your data is
    irrecoverably lost.

1. Run some test backup to check if everything works

   [root@vm2backup ~]# restic -r s3:sos-de-fra-1.exo.io/restic-de-fra-1 backup /tmp
   enter password for repository:
   repository 296fefeb opened successfully, password is correct
   no parent snapshot found, will read all files
   
   Files:         122 new,     0 changed,     0 unmodified
   Dirs:          209 new,     0 changed,     0 unmodified
   Added to the repo: 466 B
   
   processed 122 files, 1.791 GiB in 0:06
   snapshot 6557d88b saved
   

2. List all backups (in Restic they are called Snapshots)

   [root@vm2backup restic]# restic -r s3:sos-de-fra-1.exo.io/restic-de-fra-1 snapshots
   enter password for repository:
   repository 296fefeb opened successfully, password is correct
   ID        Time                 Host       Tags        Paths
   -------------------------------------------------------------------------------------------------------------
   6557d88b  2022-05-30 12:46:40  vm2backup              /tmp
   4e188111  2022-05-30 12:50:03  vm2backup              /tmp 
   -------------------------------------------------------------------------------------------------------------
   2 snapshots
   

Restore files

In this example, we are going to restore the whole /tmp from the previous test to /tmp/restore-tmp using the Snapshot ID

    [root@vm2backup ~]# restic -r s3:sos-de-fra-1.exo.io/restic-de-fra-1 restore 6557d88b --target /tmp/restore-tmp                                             
    enter password for repository:
    repository 296fefeb opened successfully, password is correct
    restoring <Snapshot 6557d88b of [/tmp] at 2022-05-30 12:46:40.106028392 +0200 CEST by root@vm2backup> to /                                                 tmp/restore-tmp

1. As mentioned in the first step of the setup you can backup multiple instances to the same Bucket

   C:\Users\Administrator\Downloads>restic backup -r s3:sos-de-fra-1.exo.io/restic-de-fra-1 C:\users\Administrator\Downloads
   repository 296fefeb opened successfully, password is correct
   using parent snapshot 0dc43c19
   
   Files:           0 new,     0 changed,   112 unmodified
   Dirs:            0 new,     0 changed,     9 unmodified
   Added to the repo: 0 B
   
   processed 112 files, 365.439 MiB in 0:22
   snapshot 6b3f4585 saved
   

2. Listing Restic Snapshots again, will show now multiple hosts

   C:\Users\Administrator\Downloads>restic snapshots -r s3:sos-de-fra-1.exo.io/restic-de-fra-1
   repository 296fefeb opened successfully, password is correct
   ID        Time                 Host        Tags        Paths
   ---------------------------------------------------------------------
   6557d88b  2022-05-30 12:46:40  vm2backup              /tmp
   4e188111  2022-05-30 12:50:03  vm2backup              /tmp 
   6b3f4585  2022-05-30 14:05:49  win2backup                                          C:\users\Administrator\Downloads
   ---------------------------------------------------------------------
   3 snapshots
   

You can use the following snippets as baseline to run backups on Linux or Windows instances, please change the values for your Access Key, Secret Key, Restic Repository and your Restic Password.

Password can also be retrieved from an external program using “–password-command” as an option.

Linux

    [root@vm2backup restic]# more .restic_env
    export AWS_ACCESS_KEY_ID="EXO35ac0e9ba39cf65XXXXXXXXX”
    export AWS_SECRET_ACCESS_KEY="SECRETKEY-XXXXXX"
    export RESTIC_REPOSITORY="s3:sos-<BUCKETLOCATION>.exo.io/<BUCKETNAME>”
    export RESTIC_PASSWORD="YourVerySecurePassword"
    [root@vm-9e7977cd-755e-4479-9605-0c2f80fd5254 restic]# more backup.sh
    #!/usr/bin/bash
    if [ -f /root/restic/.restic_env ]
    then
            . /root/restic/.restic_env
    else
            echo "No Restic environment found"
            exit 1
    fi
    /usr/bin/restic backup -q / --exclude="/proc" --exclude="/sys"

Windows

    C:\Users\Administrator\Downloads>more backup.cmd
    @echo off
    set AWS_ACCESS_KEY_ID=EXO35ac0e9ba39cf65XXXXXXXXX
    set AWS_SECRET_ACCESS_KEY=SECRETKEY-XXXXXX
    set RESTIC_REPOSITORY=s3:sos-<BUCKETLOCATION>.exo.io/<BUCKETNAME>
    set RESTIC_PASSWORD= YourVerySecurePassword

    C:\windows\system32\restic backup C:\users\Administrator\Downloads

Restic Housekeeping

Restic includes a housekeeping function to only keep the needed snapshots as defined in the guideline.

    restic forget --prune --keep-hourly 6 --keep-daily 7 --keep-weekly 4 --keep-monthly 12

In this example Restic will keep:

• 6 hourly Snaphosts per Host
• 7 daily Snapshots per Host
• 4 weekly Snapshots per Host
• 12 monthly Snapshots per Host and will remove all other unused data

This command needs to run on one instance only, with a regular (daily) interval.

Additional resources

Restic documentation