INDEPTH
WWW.LINUXJOURNAL.COM / AUGUST 2012 / 107
profiting through rounding. This means your account balance is tracked to 18 decimal places. This is not just “pay by the drink” cloud pricing—it’s practically
“pay by the atom”. Some users find that a small deposit lasts them months or years.
Important Flexibility
One of Tarsnap’s best features is how easy it is to script. The ability to put a tarsnap cf command into a shell script makes use in cron jobs very straightforward, which encourages unattended, automated backups—the best kind.
Crucially, Tarsnap also supports a division of responsibilities. You can use the tarsnap-keymgmt tool to create keyfiles with limited authority. You may have one keyfile that lives on your server with permission to create archives, but not the authority to delete them. A master key with full privileges could be kept off-site, so that if attackers were to compromise your server, they would be unable to destroy your backups.
Using Tarsnap
To get started with Tarsnap, register at tarsnap.com, deposit some funds into your account, and download the client.
The client is available only as source, but the straightforward ./configure
; make install process is very easy.
The client is supported on all major
Linux distributions (as well as BSD-based systems). Take a quick peek at the download page to make sure you have the required operating system packages, as some of the development packages are not installed in typical Linux configurations.
If you are using a firewall, be aware that Tarsnap communicates via TCP on port 9279.
There are only two critical
configuration items: the location of your keyfile and the location of your Tarsnap cache. Both are set in /usr/
local/etc/tarsnap.conf. A tarsnap.conf.
example is provided, and you probably can just copy the example as is. It defines your Tarsnap key as /root/
tarsnap.key and your cache directory as /usr/local/tarsnap-cache, which will be created if it doesn’t exist.
The cachedir is a small state-tracking directory that lets Tarsnap keep track of backups.
Next, register your machine as follows. In this case, I’m setting up Tarsnap service for a machine called helicarrier. The e-mail address and password are the ones I used when I signed up for service with Tarsnap:
# tarsnap-keygen --keyfile /root/tarsnap.key ➥--user [email protected] --machine helicarrier Enter tarsnap account password:
#
I have a directory I’d like to back up
INDEPTH
with Tarsnap:
# ls -l /docs total 2092
-rw-rw---- 1 andrew 1833222 Jun 14 16:38 2011 Tax Return.pdf -rw--- 1 andrew 48568 Jun 14 16:41 andrew_passwords.psafe3 -rw--- 1 tina 14271 Jun 14 16:42 tina_passwords.psafe3 -rw-rw-r-- 1 andrew 48128 Jun 14 16:41 vacation_hotels.doc -rw-rw-r-- 1 andrew 46014 Jun 14 16:35 vacation_notes.doc -rw-rw-r-- 1 andrew 134959 Jun 14 16:44 vacation_reservation.pdf
To back up, I just tell Tarsnap what name I want to call my archive (“docs.20120701” in this case) and which directory to back up. There’s no requirement to use a date string in the archive name, but it makes versioning straightforward, as you’ll see:
# tarsnap cf docs.20120701 /docs
tarsnap: Removing leading '/' from member names
Total size Compressed size
All archives 2132325 1815898
(unique data) 2132325 1815898
This archive 2132325 1815898
New data 2132325 1815898
In my tarsnap.conf, I enabled the print-stats directive, which gives the account report shown. Note the compression, which reduces storage costs and improves cryptographic security. The “compressed size” of the “unique data” shows how much data is actually stored at Tarsnap, and you pay only for the compressed size. The next day, I back up docs again to “docs.20120702”. If I haven’t made many changes, the backup will proceed very quickly and use little additional space: # tarsnap cf docs.20120702 /docs tarsnap: Removing leading '/' from member names Total size Compressed size All archives 4264650 3631796
(unique data) 2132770 1816935
This archive 2132325 1815898
New data 445 1037
As you can see, although the amount of data for “all archives” has grown, the actual amount of “unique data” has barely increased. Tarsnap is smart enough to avoid backing up data that has not changed. Now let’s list the archives Tarsnap has stored: # tarsnap --list-archives docs.20120701 docs.20120702 To demonstrate Tarsnap’s smart approach to storage further, I will delete the oldest backup: # tarsnap df docs.20120701 Total size Compressed size All archives 2132325 1815898
(unique data) 2132325 1815898
This archive 2132325 1815898
Deleted data 445 1037
The “all archives” number has
dropped because now I have only one
INDEPTH
WWW.LINUXJOURNAL.COM / AUGUST 2012 / 109
archive, but the “unique data” has not changed much because it is still retaining all files necessary to satisfy my “docs.20120702” archive. If I list it, I can see my data is still there:
# tarsnap tvf docs.20120702
drwxrwxr-x 0 andrew 0 Jun 14 20:52 docs/
-rw--- 0 andrew 48568 Jun 14 16:41 docs/andrew_passwords.psafe3 -rw-rw-r-- 0 andrew 46014 Jun 14 16:35 docs/vacation_notes.doc -rw-rw-r-- 0 andrew 134959 Jun 14 16:44 docs/vacation_reservation.pdf -rw-rw-r-- 0 andrew 48128 Jun 14 16:41 docs/vacation_hotels.doc -rw--- 0 tina 14271 Jun 14 16:42 docs/tina_passwords.psafe3 -rw-rw---- 0 andrew 1833222 Jun 14 16:38 docs/2011 Tax Return.pdf
I use a date string for convenient versioning, but I could just as easily use any naming convention for the archive, such as “docs.1”, “docs.2” and so on.
For my personal backups, I have a cron job that invokes Tarsnap nightly with a date-string-named archive:
tarsnap cf docs.`date '%+Y%m%d'` /docs
If I have a local calamity and want to restore that data, it is just another simple Tarsnap command to get my files back. Note that like traditional tar, Tarsnap removes the leading slash so all files are restored relative to the
current working directory:
# cd /
# rm -rf docs
# tarsnap xvf docs.20120702 x docs/
x docs/andrew_passwords.psafe3 x docs/vacation_notes.doc
x docs/vacation_reservation.pdf x docs/vacation_hotels.doc
x docs/tina_passwords.psafe3 x docs/2011 Tax Return.pdf
Tips
If you want to run Tarsnap as a
nonroot user, create a .tarsnaprc file in your home directory. The syntax is identical to the tarsnap.conf discussed above. For example:
$ cat ~/tarsnap.conf
cachedir /home/andrew/tarsnap-cache keyfile /home/andrew/tarsnap.key print-stats
If you have other services or users contending for your Internet connection, use --maxbw-rate to specify a maximum bytes per second that Tarsnap will be allowed to use.
The print-stats command gives