Duplicity

Last update: December 10 2024

Duplicity

Duplicity — command line interface for backups. Duplicity supports SSH/SCP, FTP, HSI, WebDAV, Tahoe-LAFS and Amazon S3 protocols to connect to a file server, archives and uploads data to a local or remote file server, and encrypts data using a utility GnuPG.

Customize Duplicity⁠

1. Configure access.
2. Install the client.
3. Set up the Duplicity configuration.

Set up access⁠

Access can be configured by a user with role Account Owner or User Administrator.

1. Create a service user с a role with access to object storage. If you are using a user with the Object Storage User role, the container must be configured with the access policy.
2. If you want to connect via S3, give the user an S3 key.

Install the client⁠

Ubuntu

1. Open the terminal.

2. Set Duplicity:

   sudo apt-get install duplicity

3. Install the packages python-swiftclient и librsync:

   sudo apt-get install python-swiftclient
   sudo apt-get install librsync-dev

4. Install the Bazaar version control system and download the swiftbackend:

   sudo apt-get install bzr
   bzr branch lp:~mhu-s/duplicity/swiftbackend

5. Set swiftbackend:

   cd swiftbackend && sudo python dist/setup.py install

set up the Duplicity configuration⁠

Swift

1. Create a script file for the backup:

   export SWIFT_PASSWORD=<password>
   export SWIFT_AUTHVERSION=3
   export SWIFT_TENANTNAME=<project_name>
   export SWIFT_AUTHURL="https://cloud.api.selcloud.ru/identity"
   export SWIFT_REGIONNAME=<pool>
   export SWIFT_USERNAME=<username>
   export SWIFT_USER_DOMAIN_NAME=<account_id>
   export SWIFT_PROJECT_DOMAIN_NAME=<account_id>
   
   duplicity <path> swift://<container_name>
   
   unset SWIFT_PASSWORD
   unset SWIFT_AUTHVERSION
   unset SWIFT_TENANTNAME
   unset SWIFT_AUTHURL
   unset SWIFT_USERNAME

   Specify:

   • <password> — the service user password. If you have forgotten the password, create a new;
   • <project_name> — project name;
   • <pool> — pool where the object storage is located;
   • <username> — service user name;
   • <account_id> — control panel account number, can be viewed in control panels in the upper right-hand corner;
   • <path> — path to the folder on the local machine;
   • <container_name> — container name.

2. Make the file executable:

   chmod +x <file_name>

   Specify <file_name> — name of the script file.

3. Run the script:

   ./<file_name>

4. Enter the code word. The backup will start and statistics will be displayed in the console.

5. Optional: to download an encrypted backup from storage to a local machine:

   5.1 Copy the script from step 1.

   5.2 In the script replace the command duplicity <path> swift://<container_name> on duplicity swift://<container_name> <path>.

   5.3 Save the script in a file named restore.sh.

   5.4 Make the file executable:

   chmod +x restore.sh

   5.5 Run the script:

   ./restore.sh

   5.6 Enter a code word. All files from the backup will be downloaded to the specified directory on the local machine.

S3

1. Make sure the container Virtual-Hosted addressing is enabled.

2. Set boto:

   sudo apt install python3-boto

3. Create a file touch duplicity.conf with the configuration:

   [s3]
   aws_access_key_id = <access_key>
   aws_secret_access_key = <secret_key>
   bucket = <container_name>
   region = <pool>
   endpoint = <s3_domain>
   type = s3
   provider = Other
   env_auth = false

   Specify:

   • <access_key> — field value Access key from S3 key;
   • <secret_key> — field value Secret key from S3 key;
   • <container_name> — container name;
   • <pool> — pool where the object storage is located;
   • <s3_domain> — S3 API domain depends on pool where the object storage is located.

4. Perform archiving:

   duplicity <path> s3://<s3_domain>/<container_name>

   Specify:

   • <path> — path to the folder on the local machine;
   • <container_name> — container name.