Duplicity

Duplicity is a command-line interface for backups. Duplicity supports SSH/SCP, FTP, HSI, WebDAV, Tahoe-LAFS, and Amazon S3 protocols to connect to a file server, archives data, uploads it to a local or remote file server, and encrypts data using the GnuPG utility.

Configure Duplicity

1. Configure S3 access.
2. Install the client.
3. Configure Duplicity settings.

1. Configure S3 access

Access can be configured by the Account Owner or a user with the iam.admin role.

1. Create a service user with a role with access to S3. If you use a service user with the s3.user, object_storage_user, or s3.bucket.user role, an access policy must be configured in the bucket, and its rules must allow access to this user.
2. Issue an S3 key to the user.

2. Install the client

Ubuntu

1. Open the terminal.

2. Install Duplicity:

   sudo apt-get install duplicity

3. Install the python-swiftclient and librsync packages:

   sudo apt-get install python-swiftclient
   sudo apt-get install librsync-dev

4. Install the Bazaar version control system and download swiftbackend:

   sudo apt-get install bzr
   bzr branch lp:~mhu-s/duplicity/swiftbackend

5. Install swiftbackend:

   cd swiftbackend && sudo python dist/setup.py install

3. Configure Duplicity settings

5.1. Copy the script from step 1.

1. Create a file with the backup script:

   export SWIFT_PASSWORD=<password>
   export SWIFT_AUTHVERSION=3
   export SWIFT_TENANTNAME=<project_name>
   export SWIFT_AUTHURL="https://cloud.api.selcloud.ru/identity"
   export SWIFT_REGIONNAME=<pool>
   export SWIFT_USERNAME=<username>
   export SWIFT_USER_DOMAIN_NAME=<account_id>
   export SWIFT_PROJECT_DOMAIN_NAME=<account_id>
   
   duplicity <path> swift://<bucket_name>
   
   unset SWIFT_PASSWORD
   unset SWIFT_AUTHVERSION
   unset SWIFT_TENANTNAME
   unset SWIFT_AUTHURL
   unset SWIFT_USERNAME

   Specify:

   • <password> — service user password. If you forgot the password, create a new one;
   • <project_name> — project name;
   • <pool> — pool where S3 is located;
   • <username> — service user name;
   • <account_id> — Control panel account ID, can be found in the control panel in the upper-right corner;
   • <path> — path to the folder on the local machine;
   • <bucket_name> — bucket name.

2. Make the file executable:

   chmod +x <file_name>

   Specify <file_name> — name of the script file.

3. Run the script:

   ./<file_name>

4. Enter the passphrase. The backup will start, and statistics will be displayed in the console.

5. Optional: to download an encrypted backup from storage to a local machine:

   5.1. Copy the script from step 1.

   5.2. In the script, replace the duplicity <path> swift://<bucket_name> command with duplicity swift://<bucket_name> <path>.

   5.3. Save the script to a file named restore.sh.

   5.4. Make the file executable:

   chmod +x restore.sh

   5.5. Run the script:

   ./restore.sh

   5.6. Enter the passphrase. All files from the backup will be downloaded to the specified directory on the local machine.

S3

1. Make sure that Virtual-Hosted addressing is enabled in the bucket.

2. Install boto:

   sudo apt install python3-boto

3. Create a file touch duplicity.conf with the configuration:

   [s3]
   aws_access_key_id = <access_key>
   aws_secret_access_key = <secret_key>
   bucket = <bucket_name>
   region = <pool>
   endpoint = <s3_domain>
   type = s3
   provider = Other
   env_auth = false

   Specify:

   • <access_key> — value of the Access key field from the S3 key;
   • <secret_key> — value of the Secret key field from the S3 key;
   • <bucket_name> — bucket name;
   • <pool> — pool where S3 is located;
   • <s3_domain> — S3 API domain. The domain depends on the pool where S3 is located.

4. Perform archiving:

   duplicity <path> s3://<s3_domain>/<bucket_name>

   Specify:

   • <path> — path to the folder on the local machine;
   • <bucket_name> — bucket name.