Skip to content

Latest commit

 

History

History
175 lines (121 loc) · 4.99 KB

readme.md

File metadata and controls

175 lines (121 loc) · 4.99 KB

BorgBackup in docker

guide-by-example

logo

Purpose & Overview

Backups.

Borg is an open source deduplicating archiver with compression and encryption.
Written in python with performance critical code implemented in C/Cython.

Highlight of borg is the deduplication, where files are cut in to variable size chunks, and only new chunks are stored. This allows to keep snapshots from several days, weeks and months, while not wasting disk space.

In this setup borg is installed directly on the host system.
A script is created that backs up the entire docker directory and /etc locally.
Cronjob is set to execute this script daily.

The repository is also pruned on each run of the script - old archives are deleted while keeping the ones fitting the retention rules in the script.
One backup per day for last 7 days, last 4 weeks, last 6 months are kept.

Files and directory structure

/home/
└── ~/
    ├── borg/
    │    ├── docker_backup/
    │    ├── borg_backup.sh
    │    └── borg_backup.log
    │
    └── docker/
        ├── container-setup #1
        ├── container-setup #2
        ├── ...
  • docker_backup/ - borg repository directory containg the backups
  • borg_backup.sh - the backup script that adds new archive in to the repository
  • borg_backup.log - log file with the dates of backups

Only borg_backup.sh has to be provided.
Repo directory is created by borg init command and the log file is created on the first run.

The setup

Install BorgBackup

Borg is likely in your linux repositories.

Create a new borg repo

mkdir ~/borg
borg init --encryption=none ~/borg/docker_backup

Note the lack of sudo for initialization, this allows regular user to browse it. But the script should be run as root to have full access.

The backup script

borg_backup.sh

#!/bin/bash

# INITIALIZE THE REPO WITH THE COMMAND:
#   borg init --encryption=none ~/borg/my_backup
# THEN RUN THIS SCRIPT

# -----------------------------------------------

BACKUP_THIS='/home/bastard/docker /etc'
REPOSITORY='/home/bastard/borg/docker_backup'
LOGFILE='/home/bastard/borg/borg_backup.log'

# -----------------------------------------------

NOW=$(date +"%Y-%m-%d | %H:%M | ")
echo "$NOW Starting Backup and Prune" >> $LOGFILE

# CREATES NEW ARCHIVE IN PRESET REPOSITORY

borg create                                     \
    $REPOSITORY::'{now:%s}'                     \
    $BACKUP_THIS                                \
                                                \
    --compression zstd                          \
    --one-file-system                           \
    --exclude-caches                            \
    --exclude-if-present '.nobackup'            \
    --exclude '/home/*/Downloads/'              \

# DELETES ARCHIVES NOT FITTING KEEP-RULES

borg prune -v --list $REPOSITORY                \
    --keep-daily=7                              \
    --keep-weekly=4                             \
    --keep-monthly=6                            \
    --keep-yearly=0                             \

echo "$NOW Done" >> $LOGFILE
echo '------------------------------' >> $LOGFILE

# --- USEFULL SHIT ---

# setup above ignores directories containing '.nobackup' file
# make '.nobackup' imutable using chattr to prevent accidental removal
#   touch .nobackup
#   chattr +i .nobackup

# in the repo folder, to list available backups:
#   borg list .
# to mount one of them:
#   borg mount .::1584472836 ~/temp
# to umount:
#   borg umount ~/temp
# to delete single backup in a repo:
#   borg delete .::1584472836

The script must be executabe - chmod +x borg_backup.sh

Manual run

sudo ./borg_backup.sh

It could ask about Attempting to access a previously unknown unencrypted repository
Answer yes.
If we would initialize the repo with sudo then it would be no issue, but then non root user would not be able to enter the repo directory.

Automatic execution

Previously cron has been used, but decided to try systemd timers.

This is the source.

Accessing the backup files

  • go in to the borg repo
    cd /home/bastard/borg/docker_backup/
  • list the archives
    sudo borg list .
  • choose one by the date, copy its identifier which is epoch time, e.g. 1588986941
  • mount it to some folder
    sudo borg mount .::1588986941 /mnt/temp
  • browse the directory where the archive is mounted and do whatever is needed
  • umount the backup
    sudo borg umount /mnt/temp

Extra info

Test your backups, test your recovery procedure.

Remote backup

Backing up borg repo to a network share or cloud using rclone

To be continued