Ajnasz Blog

Restore files from backup with restic

Koszti Lajos

I had a misconfiguration in my nginx deployed with ansible. I couldn't remember what was the correct configuration. I had to restore the /etc/nginx/sites-enabled directory from the backup.

Fortunately or unfortunately I don't need to do this often, so I had to look up how to do it.

I'm using restic to backup my files. I have a systemd timer that runs a backup script every day. I have a backup of my files on an S3 storage.

[Unit]
Description=Restic backup

[Service]
Type=oneshot
User=root

CPUQuota=25%

EnvironmentFile=/root/.restic_env

ExecStartPre=/usr/bin/restic check
ExecStart=/usr/bin/restic backup --verbose /etc
# other directories
ExecStartPost=/usr/bin/restic forget --keep-within 30d

The timer:

cat /etc/systemd/system/restic-backup.timer
[Unit]
Description=Restic backup

[Timer]
OnCalendar=*-*-* 03:00:00
RandomizedDelaySec=0

[Install]
WantedBy=timers.target

The secret credentials are stored in the /root/.restic_env file:

RESTIC_REPOSITORY="..."
RESTIC_PASSWORD=...
# .. other configurations

Restore files from the backup

The steps I had to do as root:

Load the restic environment variables:

I needed to add the export prefix to the variables in the .restic_env file:

export RESTIC_REPOSITORY="..."

Then I could source the file:

. /etc/restic_env

List the snapshots

restic snapshots | grep /etc

Restore the files

For me any of the snapshots would have been fine, because I broke the config just recently, so I chose the latest one. The first column of the restic snaphots command is the ID of the snapshot. Using the ID I could restore the files:

# create a temp folder
mkdir /tmp/restore
# restore the files
restic restore --target /tmp/restore aabbccdd /etc/nginx/sites-enabled

Then I diffed the files to see the differences, but I had too many files to check, so I just copied the files to the original location.

cp -r /tmp/restore/etc/nginx/sites-enabled /etc/nginx

After that I restarted the nginx service and it was all good again.

With the ansible --check --diff I could find what was wrong with the configuration and fixed it.

Hozzászóláshoz a Disqus szolgáltatását használom, korábbi vélemények elovlasásához és új hozzászólás írásához engedélyezd a Disqus-tól származó JavaScripteteket.