David Ramsden

Using Duply And rsync For Backups

This guide is based around backing up an entire server. If you don't have root you'll need to adjust the guide. In addition I'm storing the backups locally and from a remote system connect in and use rsync to synchronise the backups. Therefore I can quickly restore a deleted file from the local backups or if things go horrible wrong, reinstall the system and copy the backups from the remote location.

Duply is a frontend for duplicity. Taken from the duplicity website:

“Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.

The duplicity package also includes the rdiffdir utility. Rdiffdir is an extension of librsync's rdiff to directories—it can be used to produce signatures and deltas of directories as well as regular files. These signatures and deltas are in GNU tar format.”

Packages Required

Install the duply package.

Backup

Create an Encryption Key

Backups created using duply will be encrypted. Create an encryption key using GPG, as root. Why root? Because we want to run duply as root from a daily cron job so that it can back everything up.

Take the defaults. These should be DSA and Elgamal for the key type, 2048 key size and an expiration of never. Enter what you like for the real name, comment and email address. For example set a real name of “Backups” and a comment of “Backups from server1”.

When prompted for a passphrase, make sure you enter something you'll remember. Otherwise your backups will be useless! I generated two random passwords and stuck them together, then burnt this to CD and put the CD somewhere safe. If you get stuck at “Not enough random bytes available”, open another session on type a few commands/bash the keyboard.

Once you've entered your passphrase and enough entropy has been generated to create your encryption key, you'll see a line like this:

This is your key. You can retrieve keys using:

Create A Duply Backup Job

Once again, you'll want to do this as root for the reasons stated previously:

This will create the folder /root/.duply/local. Inside this directory is where the conf file, exclusions file, pre/post command files live.

In the conf file you'll want to set the values for GPG_KEY and GPG_PW. Based on the key that was previously created this will look like:

Then you'll want to set a TARGET. For example:

Make sure the path you use exists and ensure you set the appropriate permissions (even though backups will be encrypted).

Set the base directory to backup:

You may also want to tweak MAX_AGE and MAX_FULL_BACKUPS. For example:

This will keep old differential backups for 2 months and keep 2 full backups.

You will also need to exclude some locations from being backed up. Any exclusions should be stored in a file called exclude which should be located in the backup set directory (e.g. /root/.duply/local/) This is a good base to start with:

If you want a pre task that dumps any MySQL databases, create a pre file with the appropriate command:

To run the first backup, use:

Remember that this is backing up to the local server itself, so you probably want to create an automated process to copy them somewhere else. Or if you don't want to even store the backups on the local server just change the TARGET line in the conf file for the backup. There are loads of backends available, such as rsync, FTP and even IMAP.

Automating With cron

Edit the crontab for root:

You want two tasks. One that runs each month to clean up old backups and one that runs to create daily incremental backups:

Restore

To list the backups available:

To restore the entire backup to /tmp/restore:

To restore the latest version of /etc/network/interfaces to /tmp/interfaces:

To restore /etc/network/interfaces to a version from 14 days ago: