Secure online backup and restore with Tarsnap

Posted in Tuesday, March 9, 2010 ¬ 21:06h.webmasterComments Off

beastie Data has become a critical part of any environment. In order to be able to restore data in the event of loss or changes, system administrators need to backup data.

When choosing a backup and restore method, it is a good idea to think of reasons and requirements for restores. Typical reasons for restores are written changes to files, accidental deletion of files, failed (crashed) harddisks (storage media), damaged hardware (servers, computers, workstations, laptops), theft of hardware and impound of hardware during search and seizures by authorities (police, tax, court, judge).

Tarsnap is a secure online backup service for BSD, Linux, OS X, Solaris, Cygwin, and can probably be compiled on many other UNIX-like operating systems. The Tarsnap client code provides a flexible and powerful command-line interface which can be used directly or via shell scripts.

Tarsnap was written by Dr. Colin Percival. In January 2004, Colin became a FreeBSD committer and a member of the FreeBSD Security Team; he became the Security Officer for FreeBSD in August 2005, a position which he has held since. Aside from his work as FreeBSD Security Officer, he is probably best known in the FreeBSD community for his work on FreeBSD Update and Portsnap.

This example will install Tarsnap on a FreeBSD operating system.

It is assumed, that the server in question can create a TCP connection to port 9279.

Log in as root on the server in question and perform the following commands, that will install the Tarsnap client.

cd /usr/ports/sysutils/tarsnap && make install clean

Visit the website, create an account and add funds to your account. Perform the following command, that will generate a cryptographic key for encryption of your data.

tarsnap-keygen --keyfile ~/tarsnap.key --user foobar@foobar.com --machine starnix

Store a copy of the key in a safe place. Perform the following commands, that will configure Tarsnap.

cd /usr/local/etc
cp tarsnap.conf.sample tarsnap.conf
nano -w tarsnap.conf

That’s it. Tarsnap is now installed and ready to be tested.

The following commands will test the Tarsnap client and service, create remote archives, list archives on the remote site, restore from an archive on the remote site and delete an archive on the remote site.

tarsnap -c -f 2010-03-08 /usr/home/ann /usr/home/bob
tarsnap -c -f 2010-03-09 /usr/home/ann /usr/home/bob /usr/home/charles
tarsnap --list-archives
tarsnap -x -f 2010-03-08 usr/home/bob
tarsnap -x -f 2010-03-09 usr/home/bob
tarsnap -d -f 2010-03-08

The first archive 2010-03-08 is created and the homes of Ann and Bob is uploaded in compressed and encrypted blocks. The next archive 2010-03-09 is created and only the changes in the homes of Ann and Bob since last archive and the home of Charles is uploaded in compressed encrypted blocks. The list of archives will show the two archives 2010-03-08 and 2010-03-09. The restore of the home of Bob from the first archive 2010-03-08 will restore the home of Bob as it was at that time. The following restore from the archive 2010-03-09 of the home of Bob will restore the home as it was at that time. The restored directory structure is written to the current directory.

The Tarsnap client only upload the absolutely necessary blocks, that is not present on the remote site. The remote site only stores the absolutely necessary blocks, that is needed to restore the archives. No block is stored twice on the remote site even though archives appear to contain the same (doublettes) files.

Estimate the amount of needed time for upload of the initial backup. We recommend using an online transfer calculator, such as the free T1 Shopper Transfer Time/Speed Calculator.

Configure FreeBSD for automatic regular backup. In the following example, FreeBSD will make sure, that the Tarsnap client will be executed every day at 22:37 and create a new archive, that is named after the current date.

nano -w /etc/crontab

37 22 * * * root /usr/local/bin/tarsnap -c --humanize-numbers -f `date +\%Y\%m\%d` /usr/home/ann /usr/home/bob /usr/home/charles

killall -HUP cron

Confirm, that the backup was completed.

tarsnap --list-archives

If you want to see a summery of the amount of data, stored remotely, use the following command.

tarsnap --humanize-numbers --print-stats

If, for some reason, an error about reading of cache directory occurs, then perform the following command to solve the problem.

tarsnap --fsck

If we need to restore one or more files, the Tarsnap client is installed and the key is restored before we can do the actual restore.

cd /usr/ports/sysutils/tarsnap
make install
cd ~
scp starnix.com:tarsnap.key .
tarsnap --keyfile ~/tarsnap.key --list-archives

Print
Procedure, System Management

You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.