![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2023-04-10
目錄
- Usage
- File Comparison
- Checkpoint
- 日常維護
- SSH Settings
介紹
Borg is a fork of Attic and maintained by "The Borg collective"
- deduplicating backup (chunks base - id_hash value)
- compressing backup (lz4, zstd, zlib , lzma)
- authenticated encryption (HMAC-SHA256 + ASE256)
- local & client/server mode (ssh + borg serve)
- Borg supports resuming backups (<archive-name>.checkpoint @ 30 min)
- Mountable backups with FUSE
HomePage: https://www.borgbackup.org/
缺點
-
It push backups to remote repositories accessed via ssh
The client uses SSH as a transport to talk to the remote agent(borg serve)) -
Single-threaded
(多 Core CPU 也不能加快壓縮及加密) - Borg 1.2.4: Python >= 3.8
- Compression: lz4, zstd, zlib, lzma or none
- Mountable backups with FUSE
Installation
Install by Package
apt-get install borgbackup
Or
Install by Source (Get least version)
- apt-get install python3-dev python3-virtualenv
- virtualenv --python=python3 borg-env
- source borg-env/bin/activate
- pip install -U pip setuptools wheel
- pip install pkgconfig
- pip install borgbackup
P.S.
# 用 fuse (llfuse, pyfuse3) 時要安 llfuse
pip install llfuse
Check Version
borg --version
borg 1.2.0
Usage
Step 1: 建立儲存 Backup 的 Repo(Folder)
# --make-parent-dirs # create the parent directories if they are missing
# --storage-quota QUOTA # 設定 storage 可用的 Quota. Default: no quota.
# --encryption | -e MODE # repokey | none | keyfile | authenticated
# repokey-blake2| keyfile-blake2 | authenticated-blake2
borg init --encryption=repokey --storage-quota 450G /path/to/repo
* For remote backups the encryption is done locally
* need both RepoKEY AND PASSPHRASE to access this repo !!
=> Encrypt the key with your passphrase (又或者用 BORG_PASSPHRASE environment variable)
repokey & keyfile 加密及認證方式
- AES-CTR-256 for encryption and
- HMAC-SHA256 for authentication
- in an encrypt-then-MAC (EtM) construction
repokey (-e repokey)
Store the encrypted borg key inside the repository directory (in the repo/config)
[repository] ... id = ... key = ...
可以用 "borg key export" 匯出 key
keyfile (-e keyfile)
~/.config/borg/keys/backup_borg
BORG_KEY ID ... KEY ...
authenticated mode
uses no encryption, but authenticates repository contents through the same HMAC-SHA256
Notes
Step 2: 在 repo backup
# --stats # statistics
# --comment COMMENT
# -C | --compression COMPRESSION # Default: lz4. 選項: none | zlib,6 | lzma,6 # 0~9
borg create [--stats] /path/to/repo::Monday ~/Data ~/Doc
* pathnames recorded in files cache are always absolute,
even if you specify source directories with relative pathname
(~/Data -> /root/Data)
* If the directory where you mount a filesystem is different every time,
Borg assumes they are different files.
(/root/Data X /home/Data)
Opts
- --numeric-ids # only store numeric user and group identifiers
- -n, --dry-run
# Backup the root filesystem into an archive named "root-YYYY-MM-DD"
... /path/to/repo::root-{now:%Y-%m-%d}
# Exclude pyc files
... --exclude '*.pyc'
# Backup a raw device
# 4194304 = 4M
... --read-special --chunker-params fixed,4194304
--read-special
open and read block and char device files
--chunker-params PARAMS # Default: buzhash,19,23,21,4095
ALGO, CHUNK_MIN_EXP, CHUNK_MAX_EXP, HASH_MASK_BITS, HASH_WINDOW_SIZE
# Backup a sparse disk image (detect sparse holes in input, supported only by fixed chunker)
... --sparse --chunker-params fixed,4194304
P.S.
--upload-ratelimit RATE
Step 3: 查看 Backup
borg list /path/to/repo
borg list /path/to/repo::Monday
borg info /path/to/repo::Monday # information about the specified archive or repository
Step 4: Restoring File
borg extract
i.e.
borg extract /path/to/repo::Monday
borg mount # FUSE mount
-f, --foreground stay in foreground, do not daemonize
Step 5: Delete 舊 backup
deletes an archive from the repository
* When deleting archives, repository disk space is not freed until you run borg compact
i.e.
# -n, --dry-run do not change repository
borg delete /path/to/repo::Monday
GLOB
# -a GLOB, --glob-archives GLOB only consider archive names matching the glob.
... --glob-archives '*-2023-03-*' ...
Other Opts
-n, --dry-run do not change repository
--cache-only delete only the local cache for the given repository
File Comparison
This comparison can operate in different modes as given by --files-cache:
- ctime,size,inode (default)
- mtime,size,inode (default behaviour of borg versions older than 1.1.0rc4)
- rechunk,ctime (all files are considered modified - rechunk, cache ctime)
- rechunk,mtime (all files are considered modified - rechunk, cache mtime)
- disabled (disable the files cache, all files considered modified - rechunk)
* inode number: better safety, but often unstable on network filesystems
ctime v.s. mtime
ctime: it can't be set from userspace
mtime: it can be arbitrarily set from userspace
(to set mtime back to the same value it had before a content change happened)
Checkpoint
<archive-name>.checkpoint (Default: 每 30 分鐘一次)
This checkpoint archive is a valid archive, but it is only a partial backup
the checkpointing mechanism creates hidden, partial files in an archive,
so that checkpoints even work while a big file is being processed.
<filename>.borg_part_<N>
日常維護
Check
# --verify-data perform a full integrity verification (decrypting and decompressing) of data
# (as opposed to checking the CRC32 of the segment)
borg check [--verify-data] [REPOSITORY_OR_ARCHIVE]
* If checking a remote repo via ssh:, the repo check is executed on the server without causing significant network traffic
# To set a default for the repo URL
export BORG_REPO='ssh://user@host:port/path/to/repo'
Compacting & prune
compact - compacting the segment files in the repo
* compact does not need a key (invoke it from the client / server)
# A segment is compacted if the amount of saved space is above the % value
# --threshold 10 (Default)
borg compact [--progress] /path/to/repo
prune - deleting all archives not matching any of the specified retention options
* space is not freed until you run borg compact
# --keep-within INTERVAL to keep all archives within this time interval
borg prune --keep-within 7d REPO
# --keep-daily D to keep the latest backup on each day
borg prune --keep-within 7 REPO
* recommended to always run prune -v --list --dry-run ... first
* The default of prune is to apply to all archives in the repository
config
# reserve some space in Borg itself (recommend)
borg config /path/to/repo additional_free_space 2G
Key
borg key change-passphrase [REPOSITORY]
borg key export [--paper | --qr-html] /path/to/repo > encrypted-key-backup
import
* For repositories using the repokey encryption the key is saved in the repository in the config file.
borg key import [REPOSITORY] [PATH]
If the BORG_KEY_FILE environment variable is set and non-empty, borg key import creates or overwrites that file
* If a key file is found in $BORG_KEYS_DIR, borg key import overwrites it.
SSH Settings
Key Settings
.ssh/authorized_keys
command="borg serve ...",restrict ssh-rsa <key used for backup management> <key host> command="borg serve --restrict-to-repository /home/<user>/repository",restrict ssh-rsa <key> <key host> command="borg serve --append-only ...",restrict ssh-rsa <key used for not-always-trustable backup clients> <key host> command="export BORG_XXX=value; borg serve [...]",restrict ssh-rsa ...
--restrict-to-path PATH
to allow the client access to several directories.
Can be specified multiple times
Access to all sub-directories is granted implicitly
PATH doesn't need to directly point to a repository
--restrict-to-repository PATH
restrict repository access. Only the repository located at PATH s accessible.
Can be specified multiple times
--append-only
Append-only mode => forbid compaction
Borg will never overwrite or delete committed data
borg config /path/to/repo append_only 1
--storage-quota QUOTA
Default: 0 (disable the quota)
SSH Config Settings
~/.ssh/config # Client
Host X.X.X
ServerAliveInterval 10
ServerAliveCountMax 6/etc/ssh/sshd_config # Server
ClientAliveInterval 10 ClientAliveCountMax 6
