Ensuring data is securely backed up and encrypted is essential for maintaining system integrity. With the goal of creating encrypted backups for various systems, we implemented a solution using Restic, a fast and secure backup program that can work with multiple backends.
Restic and MINIO Setup:
I setup a MINIO server to act as a local S3-compatible storage for Restic backups. I also setup a user on Wasabi, along with a bucket specifically for storing backups. I generated the necessary API keys and bucket policies, see the policy below:
{
"Version": "2012-10-17",
"Id": "bucketPolicy",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::100000269610:user/hrvmg2-restic"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::hrvmg2"
]
}
]
}
Docker Container for Restore
I needed a way to restore so I configured a docker container/ansible script to pull down from github and restore any files to any linux machine.
Scheduled Backups with Ansible:
Backups have been integrated into a daily task schedule. An Ansible role has been created to automate the backup process. The Ansible playbook snippet below demonstrates how backups are handled:
---
- name: Restic Backups
become: true
become_user: root
become_method: sudo
ansible.builtin.shell: restic backup
loop: ['/etc', '/home', '/root', '/var', '/usr/local/bin', '/usr/local/sbin', '/srv', '/opt']
environment:
AWS_ACCESS_KEY_ID: ""
AWS_SECRET_ACCESS_KEY: ""
RESTIC_REPOSITORY: ""
RESTIC_PASSWORD: ""
register: results
async: 10000
poll: 60
- debug:
msg: ""
Four backup types are implemented: daily, weekly, monthly. This ensures comprehensive coverage and multiple restore points. There is also a retention policy to hold on to backups from the last 21 days, the last 6 weeks, and the last 12 months. The backup strategy ensures that essential configurations and files are securely stored and can be restored as needed. This setup helps in maintaining my files in case anything goes sideways and quick recovery in case of data loss or system failures.