Skip to content
Snippets Groups Projects
Commit 55e9fb60 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

light copyediting

parent 1625b9e5
No related branches found
No related tags found
5 merge requests!315update production,!314update production,!313update production,!312update production,!297Borgbackup
Pipeline #2113 passed
Stage: build
Stage: test
Show whitespace changes
Inline Side-by-side
docs/ops/backup-recovery.rst
+ 13
7
View file @ 55e9fb60
......@@ -119,19 +119,21 @@ Storage Directories
The user ciphertext is backed up using `Borg backup <https://borgbackup.readthedocs.io/>`_ to a separate location - currently a SaaS backup storage service (`borgbase.com <https://borgbase.com>`_).
Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data, and an *SSH key* to authenticate against the backup storage service.
Borg backup uses a *RepoKey* secured by a *passphrase* to encrypt the backup data and an *SSH key* to authenticate against the backup storage service.
Each Borg backup job requires one *backup repository*.
The backups are automatically checked periodically.
SSH keys
````````
Borgbase `recommends creating ed25519 ssh keys with one hundred KDF rounds <https://www.borgbase.com/ssh>`_.
We create one key pair per grid (not per host)::
$ ssh-keygen -f borgbackup-appendonly-staging -t ed25519 -a 100
$ ssh-keygen -f borgbackup-appendonly-production -t ed25519 -a 100
Save the key without a passphrase, and upload the public part to `Borgbase SSH keys <https://www.borgbase.com/ssh>`_.
Save the key without a passphrase and upload the public part to `Borgbase SSH keys <https://www.borgbase.com/ssh>`_.
Passphrase
``````````
......@@ -143,14 +145,15 @@ Make up a passphrase to encrypt our repository key with. Use computer help if yo
Create & initialize the backup repository
`````````````````````````````````````````
Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_, but since our current number of repositories is small, we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_:
Borgbase.com offers a `borgbase.com GraphQL API <https://docs.borgbase.com/api/>`_.
Since our current number of repositories is small we save time by creating the repositories by clicking a few buttons in the `borgbase.com Web Interface <https://www.borgbase.com/repositories>`_:
* Set up one repository per backup job.
* Set the *Repository Name* to the FQDN of the host to be backed up.
* Add the SSH key created earlier as *Append-Only Access* key.
* Leave the other settings at their defaults.
Then, initialize those repositories with our chosen parameters::
Then initialize those repositories with our chosen parameters::
export BORG_PASSCOMMAND="cat borgbackup-passphrase-staging"
export BORG_RSH="ssh -i borgbackup-appendonly-staging"
......@@ -160,12 +163,15 @@ Reliability checks
``````````````````
Borg handles large amounts of data.
Given enough bits, rare, spurious bit flips become a problem.
That is why regular runs of ``borg check`` are recommended (see the `borgbase FAQ <https://docs.borgbase.com/faq/#how-often-should-i-run-borg-check>`_).
Given enough bits rare, spurious bit flips become a problem.
That is why regular runs of ``borg check`` are recommended
(see the `borgbase FAQ <https://docs.borgbase.com/faq/#how-often-should-i-run-borg-check>`_).
Recovery
````````
Borg offers various methods to restore backups.
Very convenient is mounting a backup set using FUSE.
A very convenient method is to mount a backup set using FUSE.
Please consult the restore documentation at `Borgbase <https://docs.borgbase.com/restore/>`_ and `Borg <https://borgbackup.readthedocs.io/en/stable/usage/mount.html>`_.
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment