Gentoo

Duplicity and Rackspace Cloud Files

unocode_pnz3cj

I have a client that needs to do large backups off site. Originally we were managing that with a offsite Linux server and dirvish, but it’s apparent that disk and bandwidth is going to be an ongoing issue. I wanted to look at other possibilities.

I have a client that needs to do large backups off site. Originally we were managing that with a offsite Linux server and dirvish, but it’s apparent that disk and bandwidth is going to be an ongoing issue. I wanted to look at other possibilities.

I’ve already been using Rackspace Cloud Servers and backing up disc images to Cloud Files, and thought this might be the ticket. After doing some research, this will be the direction I’ll be going. To backup to Cloud Files, I need to install the Rackspace Cloud Files library to the client server, and to install duplicity. Duplicity uses rsync libs to generate the images and exclude new versions of files, etc. Also, it uses GPG to encrypt the images. Since the files will be at Cloud Files I wanted to lock things down. Having GPG encryption with passphrase is great option.

First thing, was to get the Cloud libraries:


cd /usr/local/src/
git clone git://github.com/rackspace/python-cloudfiles
cd python-cloudfiles
chmod 755 setup.py
./setup.py install

Next to emerge duplicity


emerge -v duplicity

You’ll need to grab your username and API key from Rackspace

For my initial tests, I wrote simple bash scripts to make the push and pull. I’ll probably write a different script down the road for logging, etc.

Push root directory:


#/bin/bash
CLOUD_CONTAINER="backup"
export CLOUDFILES_USERNAME=user
export CLOUDFILES_APIKEY=apikey
export PASSPHRASE=passphrase
options="--exclude-other-filesystems --exclude /tmp --exclude /dev --exclude /proc"
duplicity $options / cf+http://${CLOUD_CONTAINER}
unset PASSPHRASE
unset CLOUDFILES_APIKEY

Push a specific directory (excludes need to be found in that directory or the above command will break)


#/bin/bash
CLOUD_CONTAINER="backup"
export CLOUDFILES_USERNAME=user
export CLOUDFILES_APIKEY=apikey
export PASSPHRASE=passphrase
options="--exclude-other-filesystems"
duplicity $options /path/to/files/ cf+http://${CLOUD_CONTAINER}
unset PASSPHRASE
unset CLOUDFILES_APIKEY

Restoring a container:


#/bin/bash
CLOUD_CONTAINER="backup"
export CLOUDFILES_USERNAME=user
export CLOUDFILES_APIKEY=apikey
export PASSPHRASE=passphrase
duplicity cf+http://${CLOUD_CONTAINER} /path/to/restore
unset PASSPHRASE
unset CLOUDFILES_APIKEY

Verify a container:


#/bin/bash
CLOUD_CONTAINER="backup"
export CLOUDFILES_USERNAME=user
export CLOUDFILES_APIKEY=apikey
export PASSPHRASE=passphrase
duplicity verify cf+http://${CLOUD_CONTAINER} /path/to/restore
unset PASSPHRASE
unset CLOUDFILES_APIKEY

I’m still doing various tests before committing to this solution, but as of right now, it seems like a very good option.

I found this great resource to help get started as well