mirror of
https://github.com/octoleo/restic.git
synced 2024-11-24 05:37:37 +00:00
457 lines
22 KiB
ReStructuredText
457 lines
22 KiB
ReStructuredText
Manual
|
|
======
|
|
|
|
Usage help
|
|
----------
|
|
|
|
Usage help is available:
|
|
|
|
.. code-block:: console
|
|
|
|
$ ./restic --help
|
|
|
|
restic is a backup program which allows saving multiple revisions of files and
|
|
directories in an encrypted repository stored on different backends.
|
|
|
|
Usage:
|
|
restic [command]
|
|
|
|
Available Commands:
|
|
backup Create a new backup of files and/or directories
|
|
cache Operate on local cache directories
|
|
cat Print internal objects to stdout
|
|
check Check the repository for errors
|
|
copy Copy snapshots from one repository to another
|
|
diff Show differences between two snapshots
|
|
dump Print a backed-up file to stdout
|
|
find Find a file, a directory or restic IDs
|
|
forget Remove snapshots from the repository
|
|
generate Generate manual pages and auto-completion files (bash, fish, zsh, powershell)
|
|
help Help about any command
|
|
init Initialize a new repository
|
|
key Manage keys (passwords)
|
|
list List objects in the repository
|
|
ls List files in a snapshot
|
|
migrate Apply migrations
|
|
mount Mount the repository
|
|
prune Remove unneeded data from the repository
|
|
recover Recover data from the repository not referenced by snapshots
|
|
repair Repair the repository
|
|
restore Extract the data from a snapshot
|
|
rewrite Rewrite snapshots to exclude unwanted files
|
|
self-update Update the restic binary
|
|
snapshots List all snapshots
|
|
stats Scan the repository and show basic statistics
|
|
tag Modify tags on snapshots
|
|
unlock Remove locks other processes created
|
|
version Print version information
|
|
|
|
Flags:
|
|
--cacert file file to load root certificates from (default: use system certificates)
|
|
--cache-dir directory set the cache directory. (default: use system default cache directory)
|
|
--cleanup-cache auto remove old cache directories
|
|
--compression mode compression mode (only available for repository format version 2), one of (auto|off|max) (default: $RESTIC_COMPRESSION) (default auto)
|
|
-h, --help help for restic
|
|
--insecure-tls skip TLS certificate verification when connecting to the repository (insecure)
|
|
--json set output mode to JSON for commands that support it
|
|
--key-hint key key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
|
|
--limit-download rate limits downloads to a maximum rate in KiB/s. (default: unlimited)
|
|
--limit-upload rate limits uploads to a maximum rate in KiB/s. (default: unlimited)
|
|
--no-cache do not use a local cache
|
|
--no-lock do not lock the repository, this allows some operations on read-only repositories
|
|
-o, --option key=value set extended option (key=value, can be specified multiple times)
|
|
--pack-size size set target pack size in MiB, created pack files may be larger (default: $RESTIC_PACK_SIZE)
|
|
--password-command command shell command to obtain the repository password from (default: $RESTIC_PASSWORD_COMMAND)
|
|
-p, --password-file file file to read the repository password from (default: $RESTIC_PASSWORD_FILE)
|
|
-q, --quiet do not output comprehensive progress report
|
|
-r, --repo repository repository to backup to or restore from (default: $RESTIC_REPOSITORY)
|
|
--repository-file file file to read the repository location from (default: $RESTIC_REPOSITORY_FILE)
|
|
--retry-lock duration retry to lock the repository if it is already locked, takes a value like 5m or 2h (default: no retries)
|
|
--tls-client-cert file path to a file containing PEM encoded TLS client certificate and private key
|
|
-v, --verbose be verbose (specify multiple times or a level using --verbose=n, max level/times is 2)
|
|
|
|
Use "restic [command] --help" for more information about a command.
|
|
|
|
Similar to programs such as ``git``, restic has a number of
|
|
sub-commands. You can see these commands in the listing above. Each
|
|
sub-command may have own command-line options, and there is a help
|
|
option for each command which lists them, e.g. for the ``backup``
|
|
command:
|
|
|
|
.. code-block:: console
|
|
|
|
$ ./restic backup --help
|
|
|
|
The "backup" command creates a new snapshot and saves the files and directories
|
|
given as the arguments.
|
|
|
|
EXIT STATUS
|
|
===========
|
|
|
|
Exit status is 0 if the command was successful.
|
|
Exit status is 1 if there was a fatal error (no snapshot created).
|
|
Exit status is 3 if some source data could not be read (incomplete snapshot created).
|
|
|
|
Usage:
|
|
restic backup [flags] [FILE/DIR] ...
|
|
|
|
Flags:
|
|
-n, --dry-run do not upload or write any data, just show what would be done
|
|
-e, --exclude pattern exclude a pattern (can be specified multiple times)
|
|
--exclude-caches excludes cache directories that are marked with a CACHEDIR.TAG file. See https://bford.info/cachedir/ for the Cache Directory Tagging Standard
|
|
--exclude-file file read exclude patterns from a file (can be specified multiple times)
|
|
--exclude-if-present filename[:header] takes filename[:header], exclude contents of directories containing filename (except filename itself) if header of that file is as provided (can be specified multiple times)
|
|
--exclude-larger-than size max size of the files to be backed up (allowed suffixes: k/K, m/M, g/G, t/T)
|
|
--files-from file read the files to backup from file (can be combined with file args; can be specified multiple times)
|
|
--files-from-raw file read the files to backup from file (can be combined with file args; can be specified multiple times)
|
|
--files-from-verbatim file read the files to backup from file (can be combined with file args; can be specified multiple times)
|
|
-f, --force force re-reading the target files/directories (overrides the "parent" flag)
|
|
-g, --group-by group group snapshots by host, paths and/or tags, separated by comma (disable grouping with '') (default host,paths)
|
|
-h, --help help for backup
|
|
-H, --host hostname set the hostname for the snapshot manually. To prevent an expensive rescan use the "parent" flag
|
|
--iexclude pattern same as --exclude pattern but ignores the casing of filenames
|
|
--iexclude-file file same as --exclude-file but ignores casing of filenames in patterns
|
|
--ignore-ctime ignore ctime changes when checking for modified files
|
|
--ignore-inode ignore inode number and ctime changes when checking for modified files
|
|
--no-scan do not run scanner to estimate size of backup
|
|
-x, --one-file-system exclude other file systems, don't cross filesystem boundaries and subvolumes
|
|
--parent snapshot use this parent snapshot (default: latest snapshot in the group determined by --group-by and not newer than the timestamp determined by --time)
|
|
--read-concurrency n read n files concurrently (default: $RESTIC_READ_CONCURRENCY or 2)
|
|
--stdin read backup from stdin
|
|
--stdin-filename filename filename to use when reading from stdin (default "stdin")
|
|
--tag tags add tags for the new snapshot in the format `tag[,tag,...]` (can be specified multiple times) (default [])
|
|
--time time time of the backup (ex. '2012-11-01 22:08:41') (default: now)
|
|
--use-fs-snapshot use filesystem snapshot where possible (currently only Windows VSS)
|
|
--with-atime store the atime for all files and directories
|
|
|
|
Global Flags:
|
|
--cacert file file to load root certificates from (default: use system certificates)
|
|
--cache-dir directory set the cache directory. (default: use system default cache directory)
|
|
--cleanup-cache auto remove old cache directories
|
|
--compression mode compression mode (only available for repository format version 2), one of (auto|off|max) (default: $RESTIC_COMPRESSION) (default auto)
|
|
--insecure-tls skip TLS certificate verification when connecting to the repository (insecure)
|
|
--json set output mode to JSON for commands that support it
|
|
--key-hint key key ID of key to try decrypting first (default: $RESTIC_KEY_HINT)
|
|
--limit-download rate limits downloads to a maximum rate in KiB/s. (default: unlimited)
|
|
--limit-upload rate limits uploads to a maximum rate in KiB/s. (default: unlimited)
|
|
--no-cache do not use a local cache
|
|
--no-lock do not lock the repository, this allows some operations on read-only repositories
|
|
-o, --option key=value set extended option (key=value, can be specified multiple times)
|
|
--pack-size size set target pack size in MiB, created pack files may be larger (default: $RESTIC_PACK_SIZE)
|
|
--password-command command shell command to obtain the repository password from (default: $RESTIC_PASSWORD_COMMAND)
|
|
-p, --password-file file file to read the repository password from (default: $RESTIC_PASSWORD_FILE)
|
|
-q, --quiet do not output comprehensive progress report
|
|
-r, --repo repository repository to backup to or restore from (default: $RESTIC_REPOSITORY)
|
|
--repository-file file file to read the repository location from (default: $RESTIC_REPOSITORY_FILE)
|
|
--retry-lock duration retry to lock the repository if it is already locked, takes a value like 5m or 2h (default: no retries)
|
|
--tls-client-cert file path to a file containing PEM encoded TLS client certificate and private key
|
|
-v, --verbose be verbose (specify multiple times or a level using --verbose=n, max level/times is 2)
|
|
|
|
Subcommands that support showing progress information such as ``backup``,
|
|
``restore``, ``check`` and ``prune`` will do so unless the quiet flag ``-q``
|
|
or ``--quiet`` is set. When running from a non-interactive console progress
|
|
reporting is disabled by default to not fill your logs. For interactive and
|
|
non-interactive consoles the environment variable ``RESTIC_PROGRESS_FPS`` can
|
|
be used to control the frequency of progress reporting. Use for example
|
|
``0.016666`` to only update the progress once per minute.
|
|
|
|
Additionally, on Unix systems if ``restic`` receives a SIGUSR1 signal the
|
|
current progress will be written to the standard output so you can check up
|
|
on the status at will.
|
|
|
|
Setting the `RESTIC_PROGRESS_FPS` environment variable or sending a `SIGUSR1`
|
|
signal prints a status report even when `--quiet` was specified.
|
|
|
|
Manage tags
|
|
-----------
|
|
|
|
Managing tags on snapshots is done with the ``tag`` command. The
|
|
existing set of tags can be replaced completely, tags can be added or
|
|
removed. The result is directly visible in the ``snapshots`` command.
|
|
|
|
Let's say we want to tag snapshot ``590c8fc8`` with the tags ``NL`` and
|
|
``CH`` and remove all other tags that may be present, the following
|
|
command does that:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo tag --set NL --set CH 590c8fc8
|
|
create exclusive lock for repository
|
|
modified tags on 1 snapshots
|
|
|
|
Note the snapshot ID has changed, so between each change we need to look up the
|
|
new ID of the snapshot. But there is an even better way - the ``tag`` command
|
|
accepts a filter using the ``--tag`` option, so we can filter snapshots based
|
|
on the tag we just added. This way we can add and remove tags incrementally:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo tag --tag NL --remove CH
|
|
create exclusive lock for repository
|
|
modified tags on 1 snapshots
|
|
|
|
$ restic -r /srv/restic-repo tag --tag NL --add UK
|
|
create exclusive lock for repository
|
|
modified tags on 1 snapshots
|
|
|
|
$ restic -r /srv/restic-repo tag --tag NL --remove NL
|
|
create exclusive lock for repository
|
|
modified tags on 1 snapshots
|
|
|
|
$ restic -r /srv/restic-repo tag --tag NL --add SOMETHING
|
|
no snapshots were modified
|
|
|
|
To operate on untagged snapshots only, specify the empty string ``''`` as the
|
|
filter value to ``--tag``. The following command will add the tag ``OTHER``
|
|
to all untagged snapshots:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo tag --tag '' --add OTHER
|
|
|
|
Under the hood
|
|
--------------
|
|
|
|
Browse repository objects
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Internally, a repository stores data of several different types
|
|
described in the `design
|
|
documentation <https://github.com/restic/restic/blob/master/doc/design.rst>`__.
|
|
You can ``list`` objects such as blobs, packs, index, snapshots, keys or
|
|
locks with the following command:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo list snapshots
|
|
d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c
|
|
|
|
The ``find`` command searches for a given
|
|
`pattern <https://pkg.go.dev/path/filepath#Match>`__ in the
|
|
repository.
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r backup find test.txt
|
|
debug log file restic.log
|
|
debug enabled
|
|
enter password for repository:
|
|
found 1 matching entries in snapshot 196bc5760c909a7681647949e80e5448e276521489558525680acf1bd428af36
|
|
-rw-r--r-- 501 20 5 2015-08-26 14:09:57 +0200 CEST path/to/test.txt
|
|
|
|
The ``cat`` command allows you to display the JSON representation of the
|
|
objects or their raw content.
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo cat snapshot d369ccc7d126594950bf74f0a348d5d98d9e99f3215082eb69bf02dc9b3e464c
|
|
enter password for repository:
|
|
{
|
|
"time": "2015-08-12T12:52:44.091448856+02:00",
|
|
"tree": "05cec17e8d3349f402576d02576a2971fc0d9f9776ce2f441c7010849c4ff5af",
|
|
"paths": [
|
|
"/home/user/work"
|
|
],
|
|
"hostname": "kasimir",
|
|
"username": "username",
|
|
"uid": 501,
|
|
"gid": 20
|
|
}
|
|
|
|
Metadata handling
|
|
~~~~~~~~~~~~~~~~~
|
|
|
|
Restic saves and restores most default attributes, including extended attributes like ACLs.
|
|
Information about holes in a sparse file is not stored explicitly, that is during a backup
|
|
the zero bytes in a hole are deduplicated and compressed like any other data backed up.
|
|
Instead, the restore command optionally creates holes in files by detecting and replacing
|
|
long runs of zeros, in filesystems that support sparse files.
|
|
|
|
The following metadata is handled by restic:
|
|
|
|
- Name
|
|
- Type
|
|
- Mode
|
|
- ModTime
|
|
- AccessTime
|
|
- ChangeTime
|
|
- UID
|
|
- GID
|
|
- User
|
|
- Group
|
|
- Inode
|
|
- Size
|
|
- Links
|
|
- LinkTarget
|
|
- Device
|
|
- Content
|
|
- Subtree
|
|
- ExtendedAttributes
|
|
|
|
|
|
Getting information about repository data
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Use the ``stats`` command to count up stats about the data in the repository.
|
|
There are different counting modes available using the ``--mode`` flag,
|
|
depending on what you want to calculate. The default is the restore size, or
|
|
the size required to restore the files:
|
|
|
|
- ``restore-size`` (default) counts the size of the restored files.
|
|
- ``files-by-contents`` counts the total size of unique files as given by their
|
|
contents. This can be useful since a file is considered unique only if it has
|
|
unique contents. Keep in mind that a small change to a large file (even when the
|
|
file name/path hasn't changed) will cause them to look like different files, thus
|
|
essentially causing the whole size of the file to be counted twice.
|
|
- ``raw-data`` counts the size of the blobs in the repository, regardless of how many
|
|
files reference them. This tells you how much restic has reduced all your original
|
|
data down to (either for a single snapshot or across all your backups), and compared
|
|
to the size given by the restore-size mode, can tell you how much deduplication is
|
|
helping you.
|
|
- ``blobs-per-file`` is kind of a mix between files-by-contents and raw-data modes;
|
|
it is useful for knowing how much value your backup is providing you in terms of unique
|
|
data stored by file. Like files-by-contents, it is resilient to file renames/moves.
|
|
Unlike files-by-contents, it does not balloon to high values when large files have
|
|
small edits, as long as the file path stayed the same. Unlike raw-data, this mode
|
|
DOES consider how many files point to each blob such that the more files a blob is
|
|
referenced by, the more it counts toward the size.
|
|
|
|
For example, to calculate how much space would be
|
|
required to restore the latest snapshot (from any host that made it):
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic stats latest
|
|
password is correct
|
|
Total File Count: 10538
|
|
Total Size: 37.824 GiB
|
|
|
|
If multiple hosts are backing up to the repository, the latest snapshot may not
|
|
be the one you want. You can specify the latest snapshot from only a specific
|
|
host by using the ``--host`` flag:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic stats --host myserver latest
|
|
password is correct
|
|
Total File Count: 21766
|
|
Total Size: 481.783 GiB
|
|
|
|
There we see that it would take 482 GiB of disk space to restore the latest
|
|
snapshot from "myserver".
|
|
|
|
In case you have multiple backups running from the same host so can also use
|
|
``--tag`` and ``--path`` to be more specific about which snapshots you
|
|
are looking for.
|
|
|
|
But how much space does that snapshot take on disk? In other words, how much
|
|
has restic's deduplication helped? We can check:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic stats --host myserver --mode raw-data latest
|
|
password is correct
|
|
Total Blob Count: 340847
|
|
Total Size: 458.663 GiB
|
|
|
|
Comparing this size to the previous command, we see that restic has saved
|
|
about 23 GiB of space with deduplication.
|
|
|
|
Which mode you use depends on your exact use case. Some modes are more useful
|
|
across all snapshots, while others make more sense on just a single snapshot,
|
|
depending on what you're trying to calculate.
|
|
|
|
|
|
Scripting
|
|
---------
|
|
|
|
Restic supports the output of some commands in JSON format, the JSON
|
|
data can then be processed by other programs (e.g.
|
|
`jq <https://stedolan.github.io/jq/>`__). The following example
|
|
lists all snapshots as JSON and uses ``jq`` to pretty-print the result:
|
|
|
|
.. code-block:: console
|
|
|
|
$ restic -r /srv/restic-repo snapshots --json | jq .
|
|
[
|
|
{
|
|
"time": "2017-03-11T09:57:43.26630619+01:00",
|
|
"tree": "bf25241679533df554fc0fd0ae6dbb9dcf1859a13f2bc9dd4543c354eff6c464",
|
|
"paths": [
|
|
"/home/work/doc"
|
|
],
|
|
"hostname": "kasimir",
|
|
"username": "fd0",
|
|
"uid": 1000,
|
|
"gid": 100,
|
|
"id": "bbeed6d28159aa384d1ccc6fa0b540644b1b9599b162d2972acda86b1b80f89e"
|
|
},
|
|
{
|
|
"time": "2017-03-11T09:58:57.541446938+01:00",
|
|
"tree": "7f8c95d3420baaac28dc51609796ae0e0ecfb4862b609a9f38ffaf7ae2d758da",
|
|
"paths": [
|
|
"/home/user/shared"
|
|
],
|
|
"hostname": "kasimir",
|
|
"username": "fd0",
|
|
"uid": 1000,
|
|
"gid": 100,
|
|
"id": "b157d91c16f0ba56801ece3a708dfc53791fe2a97e827090d6ed9a69a6ebdca0"
|
|
}
|
|
]
|
|
|
|
.. _temporary_files:
|
|
|
|
Temporary files
|
|
---------------
|
|
|
|
During some operations (e.g. ``backup`` and ``prune``) restic uses
|
|
temporary files to store data. These files will, by default, be saved to
|
|
the system's temporary directory, on Linux this is usually located in
|
|
``/tmp/``. The environment variable ``TMPDIR`` can be used to specify a
|
|
different directory, e.g. to use the directory ``/var/tmp/restic-tmp``
|
|
instead of the default, set the environment variable like this:
|
|
|
|
.. code-block:: console
|
|
|
|
$ export TMPDIR=/var/tmp/restic-tmp
|
|
$ restic -r /srv/restic-repo backup ~/work
|
|
|
|
|
|
.. _caching:
|
|
|
|
Caching
|
|
-------
|
|
|
|
Restic keeps a cache with some files from the repository on the local machine.
|
|
This allows faster operations, since meta data does not need to be loaded from
|
|
a remote repository. The cache is automatically created, usually in an
|
|
OS-specific cache folder:
|
|
|
|
* Linux/other: ``$XDG_CACHE_HOME/restic``, or ``~/.cache/restic`` if
|
|
``XDG_CACHE_HOME`` is not set
|
|
* macOS: ``~/Library/Caches/restic``
|
|
* Windows: ``%LOCALAPPDATA%/restic``
|
|
|
|
If the relevant environment variables are not set, restic exits with an error
|
|
message.
|
|
|
|
The command line parameter ``--cache-dir`` or the environment variable
|
|
``$RESTIC_CACHE_DIR`` can be used to override the default cache location. The
|
|
parameter ``--no-cache`` disables the cache entirely. In this case, all data
|
|
is loaded from the repository.
|
|
|
|
If a cache location is explicitly specified, then the ``check`` command will use
|
|
that location to store its temporary cache. See :ref:`checking-integrity` for
|
|
more details.
|
|
|
|
The cache is ephemeral: When a file cannot be read from the cache, it is loaded
|
|
from the repository.
|
|
|
|
Within the cache directory, there's a sub directory for each repository the
|
|
cache was used with. Restic updates the timestamps of a repository directory each
|
|
time it is used, so by looking at the timestamps of the sub directories of the
|
|
cache directory it can decide which sub directories are old and probably not
|
|
needed any more. You can either remove these directories manually, or run a
|
|
restic command with the ``--cleanup-cache`` flag.
|