Backup

Contents

  1. Backup
    1. Windows 10
      1. Requirements
      2. Setup
      3. Data Restoration
        1. Restoration of a single file
        2. Custom Restoration
      4. Troubleshooting
    2. GNU/Linux, macOS, other Unix-like operating systems
      1. Backup for data less than ≈200 GB
        1. Common Setup
        2. Automated backups on GNU/Linux
        3. Automated backups on macOS
      2. Backup for data more than ≈200 GB
  2. Instructions for admins
    1. Restoring data from borg
    2. Restoring data from restic
    3. Creating home directories on b.fluid
    4. Attachments

Below, the term ‘back up’ refers to storage of data in such a way, that the state of that data at any given day in the past year can be recovered.
Conversely, ‘mirroring’ or ‘synchronising’ keeps a copy of the current data. Changes to the data in the past are lost.

Windows 10

Requirements

The ssh client must be enabled, see Settings -> "Manage Optional Features" -> "Add a feature" -> "OpenSSH Client" -> "Install".
For earlier Windows versions, install OpenSSH for Windows.

Setup

  1. Create the directory restic-backup in your home directory. (In fact, you may choose any name, and any directory.)

  2. Download the restic backup program from https://github.com/restic/restic/releases/latest. (Scroll down to the very bottom of the page.) Extract the restic_*.exe file from the zip archive and store it in the restic-backup folder.

  3. Rename the restic_*.exe file to restic.exe.

  4. Download the script restic_backup.bat and store it in the directory restic-backup.

  5. Run the script from the command line, i.e., open a Windows Command Shell, navigate to the restic-backup directory (type cd restic-backup) and type restic_backup <yourTUusername>. Here, <yourTUusername> refers to your upTUdate username, examples are tloimer, kcernoho, hkuhlman. You will be asked to confirm a connection, answer with "yes", not only "y". You need to type your upTUdate password. The latter is the password that is accepted by the web mail interface.

  6. Optionally, modify the file exclude.txt in the directory restic-backup. This file contains patterns for files that should be excluded from backup.

  7. To test, again type restic_backup <yourTUusername>. This should create your first backup and take a while, about 4 minutes per 10 GB of data.

  8. Under the Windows System Control, open the Task Scheduler (Aufgabenplanung) and create a task, to run the command %HOMEPATH%\restic-backup\restic_backup yourusername once a day. Replace %HOMEPATH% by the actual path to restic_backup.bat.

The batch file restic_backup.bat is amply commented.
Help for the restic program is available on the command line by typing restic help or at https://restic.readthedocs.io.

Data Restoration

Restoration of a single file

In case the full path to the file is known, and the version of the file in the most recent backup is needed:

  1. open a Windows Command Shell,

  2. copy the following line to the shell, editing
    <user> (your short upTUdate account name, e.g., wjandl),
    <filepath> (the path to the file you want to retrieve, e.g., /C/Users/Werner Jandl/Document/DantecManual.pdf) and
    <target_dir> (the directory where to store the retrieved file to, e.g., C:\Users\Werner Jandl\Desktop) as needed.

If <filepath> or <target_dir> contain spaces, these words must be sourrounded by apostrophes.
The command will ask for the password to the repository. Find the password as RESTIC_PASSWORD in the batch file restic_backup.bat. That file was created when the backup program was installed. 

restic -r sftp:b_backup:/mnt/backup/<user>/<user>.restic restore latest -i "<filepath>" -t "<target_dir>"

As an example, the command
restic -r sftp:b_backup:/mnt/backup/wjandl/wjandl.restic restore latest -i "/C/Users/Werner Jandl/Documents/DantecManual.pdf" -t "C:\Users\Werner Jandl\Desktop"
would restore the file DantecManual.pdf to
C:\Users\Werner Jandl\Desktop\C\Users\Werner Jandl\Documents/DantecManual.pdf

Note: The name b_backup is an alias that was set up by the script restic_backup.bat, see ~/.ssh/config. The alias enables passwordless login into b.fluid.

Custom Restoration

Open a Windows Command Shell. Fore ease of use, set the shell variable REPOSITORY. As above, the commands below will ask for the password to the repository.

Find the identity (ID) of the snapshot which contains the data to restore. A snapshot is a collection of data that existed at a point in time. 

SET REPOSITORY=sftp:b_backup:/mnt/backup/<user>/<user>.restic
restic -r %REPOSITORY% snapshots

The above command prints a table of available snapshots. As an example, see a table of four snapshots below:

The first 8 letters in each line are the ID of a snapshot.

With the ID of the snapshot, list or restore files from that snapshot. The ID ‘latest’ is an alias for the most recent snapshot. 

# list all files in a snapshot (you may want to redirect output to a file, >out)
restic -r %REPOSITORY% ls <ID>
# list files below a given directory <path> (recursively, with the option --recursive)
# example for <path>: "C/Users/Werner Jandl/Desktop"
restic -r %REPOSITORY% ls [--recursive] <ID> <path>

# restore all data from a snapshot to the current directory
# (or the target directory given with the -t option)
restic -r %REPOSITORY% restore [-t /target/dir] <ID>
# restore only the files that match a pattern (-i <pattern>).
# The directory hierarchy will be restored under the target directory.
restic -r %REPOSITORY% restore <ID> -i <pattern>

Troubleshooting

At setup, if an error message regarding permissions of .ssh/config appears, make .ssh/config readable only by the user.

GNU/Linux, macOS, other Unix-like operating systems

Backup for data less than ≈200 GB

Common Setup

bash    # the commands below must be executed in the bash shell
export TU_USER=your_tu_username


export TARGET_HOST=b.fluid.tuwien.ac.at
export TARGET_DIR=$(hostname -s)

# run the backup script once (enter your TU password when asked to do so)
~/bin/sync-to-host ${TU_USER} ${TARGET_HOST} ${TARGET_DIR}

The top of the file sync-to-host contains some comments on how the script works.

Automated backups on GNU/Linux

In order to set up a cron job for automated client backups on GNU/Linux systems, please copy and paste the following lines into the same terminal as above. Set SYNC_CMD according to the path where you saved the sync-to-host script: 

export SYNC_CMD="${HOME}/bin/sync-to-host ${TU_USER} ${TARGET_HOST} ${TARGET_DIR}"
export SYNC_TIME="$((RANDOM % 60)) * * * *"
export CRON_ENTRY="${SYNC_TIME} ${SYNC_CMD}"
crontab -l 2>/dev/null | { cat; echo "${CRON_ENTRY}"; } | crontab -

Automated backups on macOS

In order to set up a launchd job for automated client backups on macOS systems, please copy and paste the following lines into a terminal: 

#!/bin/bash
export BASENAME=at.ac.tuwien.fluid.b_backup-${USER}
export PLIST_PATH=${HOME}/Library/LaunchAgents/${BASENAME}.plist
cat > ${PLIST_PATH} <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>${BASENAME}</string>

  <key>ProgramArguments</key>
  <array>
    <string>${HOME}/bin/sync-to-host</string>
    <string>${TU_USER}</string>
    <string>${TARGET_HOST}</string>
    <string>${TARGET_DIR}</string>
  </array>

  <key>RunAtLoad</key><true/>
  <key>StartInterval</key><integer>3600</integer>
</dict>
</plist>
EOF
launchctl load ${PLIST_PATH}

Backup for data more than ≈200 GB

The borg backup program is used to back up the data from the client machine.

  1. Install the borg backup program. Under ubuntu or debian, on the command line type sudo apt install borgbackup.

  2. Download the script borg-user-backup.

  3. Make the script executable, run it and follow the instructions. Comments in the script describe what is done.
  4. Store the script at a convenient location and create a cron-job to invoke it once a day.

For a default setup, after step (ii) above,

The setup script will ask for your password, see the comments in borg-user-backup. A bash shell is required. 

bash
TU_USER=myusername
SOURCE_DIRS="/home/myname/dir1 /home/myname/dir2 /usr/local"
chmod +x ~/bin/borg-user-backup
~/bin/borg-user-backup $TU_USER b.fluid.tuwien.ac.at "$SOURCE_DIRS"
crontab -l 2>/dev/null | { cat; echo -n "$((RANDOM % 60)) $((RANDOM % 7 + 10)) * * * "
echo "$HOME/bin/borg-user-backup $TU_USER b.fluid.tuwien.ac.at $SOURCE_DIRS"
  } | crontab -

Instructions for admins

Restoring data from borg

In order to restore data from a backup, backups can be made accessible as a (pseudo-) file system. Users can then access their data using an SFTP or SSH client (e.g. Nautilus on GNU/Linux, Cyberduck on macOS and WinSCP on Windows).

For example, in order to expose backup data from b.fluid to the user oswat, the following commands might be used: 

export BACKUP_REPO=/mnt/backup/b/home/oswat.borg
export RESTORE_DIR=/mnt/restore/oswat-$(date -Idate)
mkdir ${RESTORE_DIR}
borg mount -o default_permissions,allow_other --strip-components 2 ${BACKUP_REPO} ${RESTORE_DIR}
# --strip-components 2    strip the usually existing '/home/userdir' path components
ls ${RESTORE_DIR}

In the example above, all snapshots created at different times are available in the first directory below /mnt/restore/oswat-$(date -I date).

Note: Unmount as soon as users have restored their data. Otherwise, backups are not possible while the virtual file system is mounted. 

umount ${RESTORE_DIR}

Alternatively, the entire data, as present at a given date, can be restored. E.g., again for the user oswat on b, 

# List available backups
borg list --short /mnt/backup/b/home/oswat.borg
# extract all data contained in one of the listed backups to /mnt/restore/oswat
mkdir /mnt/restore/oswat; cd /mnt/restore/oswat
borg extract --strip-components 2 --umask 022 /mnt/backup/b/home/oswat.borg::2022-02-06_05:52 [path]
# --strip-components 2:   strip home/oswat from the restored path
# --umask 022             otherwise, directories might be not searchable
# [path]                  path might be omitted, or, e.g.: home/oswat/machine/home/oswat/dir_in_home

To mount a backup repository to s15, from which it was created, as root on s15 do 

mkdir /mnt/restore
borg mount -o default_permissions,allow_other --strip-components 2 s15-root@b.fluid.tuwien.ac.at:home/oswat.borg /mnt/restore

Restoring data from restic

From the restic-repository, a pseudo file-system can be generated as well. This pseudo filesystem exposes the entire data in the repository. For example, for the user kcernoho: 

export RESTORE_DIR=/home/kcerneho/restore.cache
mkdir $(RESTORE_DIR}
RESTIC_PASSWORD=… restic mount -r /mnt/backup/kcernoho/kcernoho.restic --snapshot-template "2006-01-02_15" ${RESTORE_DIR}
# probably, use --allow-other?
# Unmount after restore
umount ${RESTORE_DIR}

Creating home directories on b.fluid

mkdir /home/tu_user
chown tu_user:E322 /home/tu_user
install -m 644 -o tu_user -g E322  /etc/skel/.??* /home/tu_user/

Attachments

The attachments to this page were copied from b:/home/oswat/backup-scripts/. A crontab entry for oswat@b once a day calls a script that checks whether the attachments to this page are identical to the files in b:/home/oswat/backup-scripts/. The latter is a git-worktree, clones exist in b:/opt/borgscripts, s15:/opt/borgscripts and s16:/opt/borgscripts.