Contents x
Restic Integration with Backblaze B2
    • Print
    • Dark
      Light
    Contents

    Restic Integration with Backblaze B2

      • Print
      • Dark
        Light
      Article summary

      Restic is an open-source backup tool that works with local storage, network-attached storage (NAS) devices, and Backblaze B2 Cloud Storage. Restic uses snapshots and block-level deduplication, along with complex indexing to allow for quick restores. All this while taking minimal storage space. You can use one Restic repository to contain the snapshots from one or multiple hosts because the host information is stored in the snapshot index.

      You can configure Restic to back up to Backblaze B2 using the S3-Compatible API.

      For more information about how to use Restic backups including options, creating schedules, and retention periods, click here.

      For a list of all of the Restic environment variables, click here.

      Enable Backblaze B2

      Before you begin: You must have a Backblaze B2 Cloud Storage account. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.

      1. Sign in to the Backblaze web console.
      2. In the user menu in the upper-right corner of the page, select My Settings.
      3. Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
      4. Review the Terms and Conditions, and click OK to accept them. 

      Create a Bucket

      1. Sign in to the Backblaze web console.
      2. In the left navigation menu under B2 Cloud Storage, click Buckets.
      3. Click Create a Bucket.
      4. Enter a name for your bucket. Bucket names must be at least six characters and globally unique.
        A message is displayed if your bucket name is already in use.
      5. Select a privacy setting: Private or Public.
        Note
        You can change a bucket's privacy settings at any time.
        Files that are in a private bucket require authentication to perform an action, for example, downloading.
        Public buckets do not require authentication so you can easily share files. If this is your first time creating a public bucket, complete the following tasks to ensure that you have the correct permissions to create a public bucket:

        1. Verify your email address.
        2. Have a payment history on file, or use the credit card form to pay a small fee that is credited to your account balance.
      6. If applicable, enable a Backblaze B2 server-side encryption key.
      7. Enable Object Lock to restrict a file from being modified or deleted for a specified period of time.
      8. Click Create a Bucket, and copy the value that is in the Endpoint field; you may need this value later.
      9. Click Lifecycle Settings to control how long to keep the files in your new bucket.
      Note
      After you create your bucket, detailed information is displayed including your endpoint URL (for example, s3.us-west-002.backblazeb2.com). Make a note of this URL because you will use it when you define the RESTIC_REPOSITORY variable in another step.

      Create an Application Key

      1. Sign in to the Backblaze web console.
      2. In the left navigation menu under B2 Cloud Storage, click Application Keys.
      3. Click Add a New Application Key, and enter an app key name.
        You cannot search an app key by this name; therefore, app key names are not required to be globally unique. Key names are limited to 100 characters and can contain letters, numbers, and "-", but not I18N characters, such as é, à, and ü.
      4. Select All or select a specific bucket in the Allow Access to Bucket(s) menu.
      5. Optionally, select your access type (Read and Write, Read Only, or Write Only).
      6. Optionally, select Allow List All Bucket Names.
        This option is required for the B2 Native API b2_list_buckets and the S3-Compatible API S3 List Buckets operations.
      7. Optionally, enter a file name prefix to restrict application key access only to files with that prefix.
        Depending on what you selected in step #4, this limits application key access to files with the specified prefix for all buckets or just the selected bucket.
      8. Optionally, enter a positive integer to limit the time, in seconds, before the application key expires.
        The value must be less than 1000 days (in seconds).
      9. Click Create New Key, and note the resulting keyID and applicationKey values.
      Note
      When you create a new app key, the response contains the actual key string, for example N2Zug0evLcHDlh_L0Z0AJhiGGdY. You can always find the keyID on this page, but for security, the applicationKey appears only once. Make sure you copy and securely save this value elsewhere.

      Install Restic

      You can install Restic from source code or binaries that you can download from GitHub. You can also install Restic using a local package manager on most operating systems. However, this article focuses on the Linux and Mac operating systems. Restic is available on Windows, but some features may not be available.

      Filesystem in the userspace (FUSE) is required to mount the snapshot backups, which is one of the restore options. FUSE is installed with many Linux distributions by default. If your installation does not include FUSE, you must install it to enable this restore option.

      1. Install Restic for your operating system.
        • Redhat/CentOS
          sudo yum install restic
        • Ubuntu/Debian
          sudo apt install restic
        • macOS
          brew install restic
      2. Ensure that Restic is on the latest version:
        restic self-update

      Configure Restic

      To simplify the use of Restic, Backblaze recommends that you define the Restic environment variables that you need in a file, such as /etc/restic-env. This eliminates the need to pass every parameter each time you run Restic.

      1. Save the following environment variables to a file.
        export AWS_ACCESS_KEY_ID=<B2_KEY_ID>
export AWS_SECRET_ACCESS_KEY=<B2_ApplicationKey>
export RESTIC_REPOSITORY="s3:s3.us-west-002.backblazeb2.com/s3restic2023"
export RESTIC_PASSWORD_FILE=/etc/restic-password
        The /etc/restic-password can contain one line with the password, for example, mYsEcureP@$$word.
      2. Secure the Restic files so that only root or a user who you create can see the files.
        chown root:root /etc/restic-env
chown root:root /etc/restic-password
chmod 700 /etc/restic-env
chmod 700 /etc/restic-password
      3. Before you run any Restic commands, load the environment variables with the following command. You can add this command to your login profile (for example, ~.bashrc) so that the Restic variables are always defined.
        source /etc/restic-env
      4. Initialize the repository.
        source /etc/restic-env
restic -r s3:s3.us-west-002.backblazeb2.com/s3restic2023 init
        created restic repository 1f669fd85e at s3:s3.us-west-002.backblazeb2.com/s3restic2023

Please note that knowledge of your password is required to access
the repository. Losing your password means that your data is
irrecoverably lost.

      Create a Backup

      The following example shows you how to back up the directory /etc.

      restic -r s3:s3.us-west-002.backblazeb2.com/s3restic2023 \
 backup /etc
      repository 1f669fd8 opened (version 2, compression level auto)
no parent snapshot found, will read all files

Files:         872 new,     0 changed,     0 unmodified
Dirs:          257 new,     0 changed,     0 unmodified
Added to the repository: 3.369 MiB (1.097 MiB stored)

processed 872 files, 2.788 MiB in 0:04
snapshot 20ee6d7b saved

      Since you defined the RESTIC_REPOSITORY variable, you do not need to add -r s3:s3.us-west-002.backblazeb2.com/s3restic2023 to your Restic commands.

      The second backup backs up only the changed files since it uses block-level deduplication. There are no changed files yet, so no files are backed up.

      restic backup /etc
      repository 1f669fd8 opened (version 2, compression level auto)
using parent snapshot 20ee6d7b

Files:           0 new,     0 changed,   872 unmodified
Dirs:            0 new,     0 changed,   257 unmodified
Added to the repository: 0 B   (0 B   stored)

processed 872 files, 2.788 MiB in 0:02
snapshot 17bd5648 saved

      Backing up with tags is a useful way to identify your snapshots, identify which hosts they are from, and later prune unneeded snapshots. In the following example, a Windows server message block (SMB) share is backed up on a Linux machine.

      restic --tag Windows backup /mnt/WindowsData
      repository 1f669fd8 opened (version 2, compression level auto)
no parent snapshot found, will read all files

Files:         388 new,     0 changed,     0 unmodified
Dirs:           20 new,     0 changed,     0 unmodified
Added to the repository: 38.595 GiB (36.520 GiB stored)

processed 388 files, 42.157 GiB in 13:43
snapshot e230caa6 saved

      List all Restic Snapshots (Backups)

      To list of all the snapshots that you have, along with their data and time stamps and optional tags, run the following command:

      restic snapshots
      repository 1f669fd8 opened (version 2, compression level auto)
ID        Time                 Host        Tags        Paths
-----------------------------------------------------------------------
20ee6d7b  2023-07-19 05:59:35  restic-s3               /etc
17bd5648  2023-07-19 06:00:34  restic-s3               /etc
e230caa6  2023-07-19 06:07:16  restic-s3   Windows     /mnt/WindowsData
-----------------------------------------------------------------------

      Restore Files

      There are two methods to restore your files.

      Restore a Snapshot to a Directory

      To restore a snapshot to a directory, supply the snapshot ID and specify the target directory. Restic restores all of the files from the backup, with their full paths, starting under that directory.

      restic restore 20ee6d7b  --target /tmp/restore
      repository 1f669fd8 opened (version 2, compression level auto)
restoring <Snapshot 20ee6d7b of [/etc] at 2023-07-19 05:58:07.145565492 -0700 PDT by root@restic-s3> to /tmp/restore

      Mount and Browse the Snapshot

      Another method to restore files is to mount the snapshot database, browse to the backup that you want, and copy files from the mount point to any destination. 

      1. Create a mount point for the Restic snapshots.
        mkdir /mnt/restic
      2. Mount the snapshots, and browse to them.
        When you run the mount command, start another SSH or terminal session. Alternately, run the mount command in the background by appending the & sign.
        restic mount /mnt/restic &
        ls /mnt/restic
        hosts  ids  snapshots  tags
      3. To browse backups by the host from which they were backed up, the snapshot ID, the date and time stamp, or the tags, Navigate to the directory of the Windows Snapshot using the ID.
        cd /mnt/restic/ids/e230caa6
ls
        mnt
        cd mnt/WindowsData/
pwd
        /mnt/restic/ids/e230caa6/mnt/WindowsData
      4. To copy a PowerShell script (install-choco.ps1) to a TMP file, enter a copy command.
        cp install-choco.ps1 /tmp

      Check Repository Health

      Backblaze recommends that you periodically check the health of your Restic repository.

      restic check
      using temporary cache in /tmp/restic-check-cache-1883231651
repository 1f669fd8 opened (version 2, compression level auto)
created new cache in /tmp/restic-check-cache-1883231651
create exclusive lock for repository
load indexes
check all packs
check snapshots, trees and blobs
[0:00] 100.00%  5 / 5 snapshots
no errors were found
      Was this article helpful?
      Related articles
      What's Next