One S3 backup, encrypted on the fly.
This tool is used at Seantis to create backups stored on various S3 compatible services using a very limited subset of S3 commands.
This is what you need to know:
- Spare should not be used in production yet! Use at your own risk.
- Buckets should be managed by spare exclusively, other files are deleted!
- Each hostname must have a separate bucket for each backed up path.
- Spare stores exactly one copy of your data.
- Files are compressed using LZMA and encrypted on the client using AES-SIV.
- During upload, spare is limited to one core and less than 100MiB of memory.
- Duplicated files are stored only once.
- If you forget your password, you cannot restore your files.
- Spare is meant to be used with configuration management, the cli is minimal.
- Python 3.6.2+ is required.
To install spare:
pip install spare
To set the connection parameters:
export SPARE_ENDPOINT=host export SPARE_ACCESS_KEY=access-key export SPARE_SECRET_KEY=secret-key
To backup a folder:
spare create --password my-password --bucket my-bucket --path /my-path
To restore a backup:
spare restore --password my-password --bucket my-bucket --path /my-path
To verify the backup (downloads everything!):
spare verify --password my-password --bucket my-bucket --path /my-path
During a spare run, the bucket is locked, so other Spare instances know not to touch it. However, it’s possible that a lock persists when Spare crashes.
If that happens, make sure that the host pushing the backup is truly not running any spare processes, then use the unlock command:
To unlock a backup (if locked)
spare unlock –password my-password –bucket my-bucket
If however, you would like to lock a backup to avoid anyone from changing it, run the following command:
spare lock –password my-password –bucket my-bucket
Run the Tests
Spare uses Minio <https://www.minio.io> to run tests against a real object storage server. As a result it can take a bit for the first test run to complete, as Minio is downloaded and stored in the pytest cache directory:
pip install -e '.[test]' py.test
spare is released under the MIT license
Improves handling of SIGINT/SIGTERM.
It should now be safe to kill Spare during backup runs. Spare will still block until the current object is properly uploaded, but it won’t try to finish the snapshot.
The uploaded files might of course be discarded, but the bucket should be unlocked and the uploaded files should either be fully uploaded, or not at all. [href]
- Adds a lock/unlock commands. [href]
- Fixes tests failing on Travis, again. [href]
- Fixes tests failing on Travis. [href]
- Stops showing errors when files go missing during operation. [href]
- Fixes large snapshots getting pruned after creation. [href]
- Fixes tests. [href]
- Delay sigterm handling during backup and restore operations. [href]
- Changes ‘–force’ into a flag. [href]
- Adds the inode to the snapshot identity to ensure that a newly setup host doesn’t overwrite existing backups. [href]
- Adds the ability to exclude files from the backup. [href]
- Increases the download speed during restore operations. [href]
- Shows a warning when a user/group could not be found during restore. [href]
- Lowers the timeouts and retry rates. [href]
- Lowers the number of requests needed to upload data. [href]
- Initial Release. [href]