2
2
mirror of https://github.com/octoleo/restic.git synced 2024-11-25 22:27:35 +00:00
Go to file
Michael Pratt fa0be82da8 gs: allow backend creation without storage.buckets.get
If the service account used with restic does not have the
storage.buckets.get permission (in the "Storage Admin" role), Create
cannot use Get to determine if the bucket is accessible.

Rather than always trying to create the bucket on Get error, gracefully
fall back to assuming the bucket is accessible. If it is, restic init
will complete successfully. If it is not, it will fail on a later call.

Here is what init looks like now in different cases.

Service account without "Storage Admin":

Bucket exists and is accessible (this is the case that didn't work
before):

$ ./restic init -r gs:this-bucket-does-exist:/
enter password for new backend:
enter password again:
created restic backend c02e2edb67 at gs:this-bucket-does-exist:/

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

Bucket exists but is not accessible:

$ ./restic init -r gs:this-bucket-does-exist:/
enter password for new backend:
enter password again:
create key in backend at gs:this-bucket-does-exist:/ failed:
service.Objects.Insert: googleapi: Error 403:
my-service-account@myproject.iam.gserviceaccount.com does not have
storage.objects.create access to object this-bucket-exists/keys/0fa714e695c8ecd58cb467cdeb04d36f3b710f883496a90f23cae0315daf0b93., forbidden

Bucket does not exist:

$ ./restic init -r gs:this-bucket-does-not-exist:/
create backend at gs:this-bucket-does-not-exist:/ failed:
service.Buckets.Insert: googleapi: Error 403:
my-service-account@myproject.iam.gserviceaccount.com does not have storage.buckets.create access to bucket this-bucket-does-not-exist., forbidden

Service account with "Storage Admin":

Bucket exists and is accessible: Same

Bucket exists but is not accessible: Same. Previously this would fail
when Create tried to create the bucket. Now it fails when trying to
create the keys.

Bucket does not exist:

$ ./restic init -r gs:this-bucket-does-not-exist:/
enter password for new backend:
enter password again:
created restic backend c3c48b481d at gs:this-bucket-does-not-exist:/

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.
2017-09-25 22:25:51 -07:00
.github Update issue template 2017-08-11 21:36:10 +02:00
cmd/restic prune: Repack mixed pack files 2017-09-24 21:54:53 +02:00
doc gs: allow backend creation without storage.buckets.get 2017-09-25 22:25:51 -07:00
docker install fuse and ca-certificates 2017-06-23 10:38:19 +02:00
internal gs: allow backend creation without storage.buckets.get 2017-09-25 22:25:51 -07:00
vendor Update vendored dependencies 2017-09-21 17:48:45 +02:00
.gitignore Update other files 2017-07-23 14:40:05 +02:00
.hound.yml Enable HoundCI checking for Go 2016-02-05 21:15:46 +01:00
.travis.yml travis: update go versions 2017-09-17 19:02:22 +02:00
appveyor.yml Update Go versions for CI 2017-09-02 09:29:02 +02:00
build.go Upgrade min Go version to 1.8 2017-08-06 21:47:04 +02:00
CHANGELOG.md gs: allow backend creation without storage.buckets.get 2017-09-25 22:25:51 -07:00
CONTRIBUTING.md Correct manpage command 2017-09-11 11:21:44 -07:00
Gopkg.lock Update vendored dependencies 2017-09-21 17:48:45 +02:00
Gopkg.toml Lock simple-scrypt library to master branch 2017-08-05 19:24:56 +02:00
LICENSE LICENSE: Add email address 2014-09-18 21:10:30 +02:00
Makefile test 2017-09-09 16:33:51 +02:00
README.rst Correct URL to forum 2017-08-13 19:47:54 +02:00
run_integration_tests.go CI: Make sure the GCS backend tests run on Travis 2017-08-06 21:47:56 +02:00
VERSION Add VERSION file for 0.7.3 2017-09-20 20:50:07 +02:00

|Documentation| |Build Status| |Build status| |Report Card| |Say Thanks|

Introduction
------------

restic is a backup program that is fast, efficient and secure.

For detailed usage and installation instructions check out the `documentation <https://restic.readthedocs.io/en/latest>`__.

You can ask questions in our `Discourse forum <https://forum.restic.net>`__.

Quick start
-----------

Once you've `installed
<https://restic.readthedocs.io/en/latest/installation.html>`__ restic, start
off with creating a repository for your backups:

.. code-block:: console

    $ restic init --repo /tmp/backup
    enter password for new backend:
    enter password again:
    created restic backend 085b3c76b9 at /tmp/backup
    Please note that knowledge of your password is required to access the repository.
    Losing your password means that your data is irrecoverably lost.

and add some data:

.. code-block:: console

    $ restic -r /tmp/backup backup ~/work
    enter password for repository:
    scan [/home/user/work]
    scanned 764 directories, 1816 files in 0:00
    [0:29] 100.00%  54.732 MiB/s  1.582 GiB / 1.582 GiB  2580 / 2580 items  0 errors  ETA 0:00
    duration: 0:29, 54.47MiB/s
    snapshot 40dc1520 saved

Next you can either use ``restic restore`` to restore files or use ``restic
mount`` to mount the repository via fuse and browse the files from previous
snapshots.

For more options check out the `manual guide <https://restic.readthedocs.io/en/latest/manual.html>`__.

Backends
--------

Saving a backup on the same machine is nice but not a real backup strategy.
Therefore, restic supports the following backends for storing backups natively:

- `Local directory <https://restic.readthedocs.io/en/latest/manual.html#local>`__
- `sftp server (via SSH) <https://restic.readthedocs.io/en/latest/manual.html#sftp>`__
- `HTTP REST server <https://restic.readthedocs.io/en/latest/manual.html#rest-server>`__ (`protocol <doc/rest_backend.rst>`__ `rest-server <https://github.com/restic/rest-server>`__)
- `AWS S3 <https://restic.readthedocs.io/en/latest/manual.html#amazon-s3>`__ (either from Amazon or using the `Minio <https://minio.io>`__ server)
- `OpenStack Swift <https://restic.readthedocs.io/en/latest/manual.html#openstack-swift>`__
- `BackBlaze B2 <https://restic.readthedocs.io/en/latest/manual.html#backblaze-b2>`__
- `Microsoft Azure Blob Storage <https://restic.readthedocs.io/en/latest/manual.html#microsoft-azure-blob-storage>`__
- `Google Cloud Storage <https://restic.readthedocs.io/en/latest/manual.html#google-cloud-storage>`__

Design Principles
-----------------

Restic is a program that does backups right and was designed with the
following principles in mind:

-  **Easy:** Doing backups should be a frictionless process, otherwise
   you might be tempted to skip it. Restic should be easy to configure
   and use, so that, in the event of a data loss, you can just restore
   it. Likewise, restoring data should not be complicated.

-  **Fast**: Backing up your data with restic should only be limited by
   your network or hard disk bandwidth so that you can backup your files
   every day. Nobody does backups if it takes too much time. Restoring
   backups should only transfer data that is needed for the files that
   are to be restored, so that this process is also fast.

-  **Verifiable**: Much more important than backup is restore, so restic
   enables you to easily verify that all data can be restored.

-  **Secure**: Restic uses cryptography to guarantee confidentiality and
   integrity of your data. The location the backup data is stored is
   assumed not to be a trusted environment (e.g. a shared space where
   others like system administrators are able to access your backups).
   Restic is built to secure your data against such attackers.

-  **Efficient**: With the growth of data, additional snapshots should
   only take the storage of the actual increment. Even more, duplicate
   data should be de-duplicated before it is actually written to the
   storage back end to save precious backup space.

Reproducible Builds
-------------------

The binaries released with each restic version starting at 0.6.1 are
`reproducible <https://reproducible-builds.org/>`__, which means that you can
easily reproduce a byte identical version from the source code for that
release. Instructions on how to do that are contained in the
`builder repository <https://github.com/restic/builder>`__.

News
----

You can follow the restic project on Twitter `@resticbackup <https://twitter.com/resticbackup>`__ or by subscribing to
the `development blog <https://restic.github.io/blog/>`__.

License
-------

Restic is licensed under "BSD 2-Clause License". You can find the
complete text in ``LICENSE``.

.. |Documentation| image:: https://readthedocs.org/projects/restic/badge/?version=latest
   :target: https://restic.readthedocs.io/en/latest/?badge=latest
.. |Build Status| image:: https://travis-ci.org/restic/restic.svg?branch=master
   :target: https://travis-ci.org/restic/restic
.. |Build status| image:: https://ci.appveyor.com/api/projects/status/nuy4lfbgfbytw92q/branch/master?svg=true
   :target: https://ci.appveyor.com/project/fd0/restic/branch/master
.. |Report Card| image:: https://goreportcard.com/badge/github.com/restic/restic
   :target: https://goreportcard.com/report/github.com/restic/restic
.. |Say Thanks| image:: https://img.shields.io/badge/Say%20Thanks-!-1EAEDB.svg
   :target: https://saythanks.io/to/restic