Attic
"The holy grail of backup software"
Thomas Waldmann @ easterhegg 2015 (updated)
Attic Feature Set (1)
- simple & fast
- deduplication
- compression
-
authenticated encryption
-
easy pruning of old backups
-
simple backend (k/v, fs, via ssh)
Attic Feature Set (2)
-
FOSS (BSD license)
-
good docs
-
good platform / arch support
-
xattr / acl support
-
FUSE support ("mount a backup")
Attic Code
- 91% Python3 + Cython
(high-level code, glue code) - 9% C
(performance critical stuff) - only ~6000 LOC total
- few dependencies
- unit tests, CI
Attic Security
-
Signatures / Authentication
no undetected corruption/tampering
-
Encryption / Confidentiality
only you have access to your data
-
FOSS in Python
review possible, no buffer overflows
Attic Safety
-
Robustness
(by append-only design, transactions)
-
Checkpoints
every 5 minutes (between files)
-
msgpack with "limited" Unpacker
(no memory DoS)
Attic Crypto Keys
-
client-side meta+data encryption
-
separate keys for sep. concerns
-
passphrase pbkdf2 100k rounds
-
Keys:
- none
- passphrase-only
- passphrase protected keyfile
Attic Crypto Cipher/MAC
-
AEAD, Encrypt-then-MAC
- AES256-GCM / GHASH
- AES256-CTR + HMAC-SHAxxx
-
Counter / IV deterministic, never repeats
-
uses OpenSSL
- Intel/AMD: AES-NI, PCLMULQDQ
Attic Compression
-
Python stdlib:
- zlib (medium fast)
-
lzma (slow, high compression)
-
blosc library:
-
multithreaded, highly optimized
- "faster than memcpy"
- lz4 (superfast, reasonable compression)
-
lz4hc (very fast, "high compression")
-
zlib (faster than the implementation from stdlib)
-
Attic Deduplication (1)
-
No problem with:
- VM images (sparse file support)
- disk images
- renamed huge directories/trees
- inner deduplication of data set
- historical deduplication
- deduplication between different machines
Attic Deduplication (2)
-
Content defined chunking:
- "buzhash" rolling hash
- cut data when hash has specific bit pattern,
yields chunks with 2^nbits target size - seeded, to avoid fingerprinting chunk lenghts
-
Store chunks under id into store:
- id = HASH(chunk)
- id = MAC(mac_key, chunk)
Attic, the present
-
Works, but beta - be careful! Be more careful with code from git.
-
attic 0.14 from 2014-12-17
-
don't use anything older!
-
esp. no msgpack < 0.4.6!
Attic - Code Repos
-
official repo: jborg/attic
-
unofficial repo: attic/merge:
-
master == same as official stuff
-
merge == conservative merges
-
merge-all == merge + more
-
Attic, the future
-
bus-factor++, fork?
-
improve scalability / reliability / security
-
pull backups? backup-only mode?
-
better logging / exception handling
-
more backends? http / ftp / aws / google / ...
-
other platforms / architectures
-
<you name it>
Attic - we need help!
-
test scalability / reliability / security
-
file bugs
-
file feature requests
-
improve docs
-
contribute code
-
spread the word
-
create dist packages
Attic - Links
-
attic-backup.org (original)
-
github.com/attic/merge (unofficial)
-
#attic on chat.freenode.net
Questions / Feedback?
-
Just grab me, I am here all days!
-
Thomas J Waldmann @ twitter
Attic - Demo / Workshop
I'll show a developer installation / recent code.
If too complicated, just try something like:
Or use the binary packages from:
https://attic-backup.org/downloads/releases/0.14/
apt-get install attic
Attic - Installation Preps
# Debian / Ubuntu
# Python 3.x (>= 3.2) + Headers, Py Package Installer
apt-get install python3.4-dev python3.4 python3-pip
# we need OpenSSL + Headers for Crypto
apt-get install libssl-dev openssl
# ACL support Headers + Library
apt-get install libacl1-dev libacl1
# if you do not have gcc / make / etc. yet
apt-get install build-essential
# optional: lowlevel FUSE py binding - to mount backup archives
apt-get install python3-llfuse fuse
# optional: for unit testing
apt-get install fakeroot
Attic - system wide install
# A) system-wide install with pip, latest original release:
sudo pip install attic
# note: maybe you have to use pip3 to get the python3 pip
Attic - dev install from git
# B) isolated install, latest attic/merge git repo code:
mkdir attic ; cd attic
git clone https://github.com/attic/merge.git attic
# note: use branch "merge" for conservative changes
cd attic
git checkout merge-all # latest / most features
apt-get install python-virtualenv
virtualenv --python=python3 ../attic-env
source ../attic-env/bin/activate # always before using!
# install attic + dependencies into virtualenv
pip install cython # compile .pyx -> .c
pip install tox # optional, for running unit tests
pip install -e .
# check your install
fakeroot -u tox
attic init / create
# initialize a repository:
attic init /tmp/attic
# create a "first" archive inside this repo:
attic create /tmp/attic::first ~/Desktop
# create a "second" archive, more verbose:
attic create --progress --stats /tmp/attic::second ~/Desktop
# even more verbose:
attic create -v --stats /tmp/attic::third ~/Desktop
attic list / extract / check
# list repo / archive contents:
attic list /tmp/attic
attic list /tmp/attic::first
# extract ("restore") from an archive to cwd:
mkdir test ; cd test
attic extract /tmp/attic::third
# simulate extraction (good test):
attic extract -v --dry-run /tmp/attic::third
# check consistency of repo:
attic check /tmp/attic
attic info / delete / help
# info about repo:
attic info /tmp/attic
# delete archive:
attic delete /tmp/attic::first
# delete repo:
attic delete /tmp/attic
attic - crypto/compression
# options, options, options, ...
attic init --help
# create a encrypted, compressed repo:
# 21 = lz4 level 1 = very fast, for fast repo storage
attic init -e keyfile -c 21 /tmp/attic-enc
# create a encrypted, compressed repo:
# 69 = zlib level 9 = a lot slower, for slow repo storage
attic init -e keyfile -c 69 /tmp/attic-enc
# ... (same as before, but you need to give passphrase)
attic - remote via ssh
# connect to remote attic via ssh:
# remote attic needs to be compatible with local
attic init ssh://user@host:22/mnt/backup/attic
attic create ssh://user@host:22/mnt/backup/attic::first ~
# also possible: using sshfs or other locally mounted
# network filesystems, but be careful: locks, perf.
Attic - Links
-
attic-backup.org (original)
-
github.com/attic/merge (unofficial)
-
#attic on chat.freenode.net
Questions / Feedback?
-
Just grab me, I am here all days at easterhegg!
-
Thomas J Waldmann @ twitter
Attic
By Thomas Waldmann
Attic
- 3,536