Duplicity

Duplicity

Duplicity — command line interface for backups. Duplicity supports SSH/SCP, FTP, HSI, WebDAV, Tahoe-LAFS and Amazon S3 protocols to connect to a file server, archives and uploads data to a local or remote file server, and encrypts data using the utility GnuPG.

Customize Duplicity⁠

1. Configure access.
2. Install the client.
3. Set up the Duplicity configuration.

1. Set up access⁠

Access can be configured by a user with the Account Owner or User Administrator role.

1. Create a service user с role with access to the object store.If you are using a user with the Object Storage User role, the container must have a configured access policy.
2. If you want to connect via S3, issue an S3 key to the user.

2. Install the client⁠

Ubuntu

1. Open the terminal.

2. Set Duplicity:

   sudo apt-get install duplicity

3. Install the python-swiftclient and librsync packages:

   sudo apt-get install python-swiftclient
   sudo apt-get install librsync-dev

4. Install the Bazaar version control system and download swiftbackend:

   sudo apt-get install bzr
   bzr branch lp:~mhu-s/duplicity/swiftbackend

5. Install swiftbackend:

   cd swiftbackend && sudo python dist/setup.py install

3. Set up the Duplicity configuration⁠

Swift

1. Create a script file for the backup:

   export SWIFT_PASSWORD=<password>
   export SWIFT_AUTHVERSION=3
   export SWIFT_TENANTNAME=<project_name>
   export SWIFT_AUTHURL="https://cloud.api.selcloud.ru/identity"
   export SWIFT_REGIONNAME=<pool>
   export SWIFT_USERNAME=<username>
   export SWIFT_USER_DOMAIN_NAME=<account_id>
   export SWIFT_PROJECT_DOMAIN_NAME=<account_id>
   
   duplicity <path> swift://<container_name>
   
   unset SWIFT_PASSWORD
   unset SWIFT_AUTHVERSION
   unset SWIFT_TENANTNAME
   unset SWIFT_AUTHURL
   unset SWIFT_USERNAME

   Specify:

   • <password> — service user password. If you have forgotten your password, create a new one;
   • <project_name> — project name;
   • <pool> — pool in which the object storage is located;
   • <username> — the name of the service user;
   • <account_id> — control panel account number, can be viewed in control panel in the upper right corner;
   • <path> — path to the folder on the local machine;
   • <container_name> — container name.

2. Make the file executable:

   chmod +x <file_name>

   Specify <file_name> — the name of the file with the script.

3. Run the script:

   ./<file_name>

4. Enter the code word. The backup will start and statistics will be displayed in the console.

5. Optional: to download an encrypted backup from storage to a local machine:

   5.1 Copy the script from step 1.

   5.2. In the script, replace the command duplicity <path> swift://<container_name> with duplicity swift://<container_name> <path>.

   5.3 Save the script in a file named restore.sh.

   5.4 Make the file executable:

   chmod +x restore.sh

   5.5 Run the script:

   ./restore.sh

   5.6 Enter a code word. All files from the backup will be downloaded to the specified directory on the local machine.

S3

1. Make sure Virtual-Hosted addressing is enabled in the container.

2. Set boto:

   sudo apt install python3-boto

3. Create a touch duplicity.conf file with the configuration:

   [s3]
   aws_access_key_id = <access_key>
   aws_secret_access_key = <secret_key>
   bucket = <container_name>
   region = <pool>
   endpoint = <s3_domain>
   type = s3
   provider = Other
   env_auth = false

   Specify:

   • <access_key> — field value Access key from S3 key;
   • <secret_key> — field value Secret key from S3 key;
   • <container_name> — container name;
   • <pool> — pool where the object storage is located;
   • <s3_domain> — S3 API domain depends on pool in which the object storage is located.

4. Perform archiving:

   duplicity <path> s3://<s3_domain>/<container_name>

   Specify:

   • <path> — path to the folder on the local machine;
   • <container_name> — container name.