Using Duplicity for Full Server Backup on Ubuntu 12.04

duplicity is a great full featured backup tool, providing "encrypted bandwidth-efficient backups using the rsync algorithm." I'm choosing it for my backup needs primarily for the follow reasons:

  • Supports a fleet of backup server types, and even a chroot'd SFTP server will work
  • Works with Linux, FreeBSD, and OpenBSD, out of the box
  • Does not require root access on the backup server

To perform full server backups using duplicity on your Ubuntu 12.04 system, simply perform the following.

  • Install duplicity:

    sudo apt-get install duplicity
  • Perform backup (using rsync method):

    $ sudo -H duplicity --no-encryption \
      --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys \
      / rsync://<user>@<host>//<backup-directory>

    You'll need to replace <user>, <host> and <backup-directory> with your backup username, host, and directory, respectively. See the "Full Example" below for more info.

    Output should look something like:

    Import of duplicity.backends.sshbackend Failed: No module named paramiko
    Import of duplicity.backends.giobackend Failed: No module named gio
    Local and Remote metadata are synchronized, no sync needed.
    Last full backup date: none
    No signatures found, switching to full backup.

    If you'd like your backups to be encrypted, simply remove the --no-encryption option and provide a passphrase when prompted. You'll need this same passphrase to restore from a backup. It is a symmetric key. Keep the key very safe; if you lose it, your backups will be useless.

  • Schedule regular backups

    The next step is to set this up in cron, so your backups are done regularly. The following entries in /etc/crontab will perform a full backup once a week, Sunday at midnight, then incremental backups the other 6 days of the week (also at midnight). Additionally, we want to clean up backups that are too old, so we add an additional entry to keep only the latest two full backups (plus incrementals).

    0 0 * * sun     root    duplicity full --no-encryption --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys / rsync://<user>@<host>//<backup-directory>
    0 0 * * 1-6     root    duplicity --no-encryption --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys / rsync://<user>@<host>//<backup-directory>
    0 8 * * sun     root    duplicity remove-all-but-n-full 2 --force rsync://<user>@<host>//<backup-directory>

Full Example for an ARP Networks VPS

At ARP Networks, we provide raw backup space to customers for 10 cents per GB. The example below will illustrate how to do a full backup of your Ubuntu or Debian VPS. Assuming your backup username is johndoe, simply perform the following steps.

  • Add root SSH public key to backup server

    Create an SSH key for root as follows:

    sudo -H ssh-keygen -t rsa -b 2048

    Accept the defaults and choose a good passphrase.

    See the Portal, click on the Backup Space service, and then click the link to submit an SSH key.

  • Install duplicity:

    sudo apt-get install duplicity
  • Perform backup (using rsync method):

    $ sudo -H duplicity --no-encryption \
      --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys \
      / rsync://
 is one of our backup servers. If the Portal lists a different server for you, use that one.

    Additionally, as mentioned above, if you want your backups to be encrypted, remove the --no-encryption option.

  • Schedule regular backups

    Put the following in your /etc/crontab

    0 0 * * sun     root    duplicity full --no-encryption --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys / rsync://
    0 0 * * 1-6     root    duplicity --no-encryption --exclude /mnt --exclude /tmp --exclude /proc --exclude /sys / rsync://
    0 8 * * sun     root    duplicity remove-all-but-n-full 2 --force rsync://

    Note: Please adjust the backup time to your own preference, otherwise many backups may fire off at the exact same time, slowing down the host.

...and that's all there is to it!