Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,9 @@ apt-get install pv

# Install pigz to provide the pigz compressors.
apt-get install pigz

# Install gnupg to provide public-key encryption and compression with gpg.
apt-get install gnupg gnupg-agent
```

### Configuring
Expand Down Expand Up @@ -110,6 +113,35 @@ z3 restore the-part-after-the-at-sign
z3 restore the-part-after-the-at-sign --force
```

### Encryption
Encryption of stored objects in S3 is normally provided through AWS Key Management Service (KMS). Alternatively, you can use gnupg for public-key encryption by specifying gpg as a `COMPRESSOR` and the public key to use as `GPG_RECIPIENT`. Note: compression and crypto algorithms used by gpg are derived from the public key preferences for `GPG_RECIPIENT`. Here is a usage example:
```
# inspect the key preferences for z3_backup
# based on preference order, gpg will use AES256 cipher, and ZLIB compression
gpg --edit-key z3_backup

gpg> showpref
[ultimate] (1). z3_backup
Cipher: AES256, AES192, AES, 3DES
Digest: SHA256, SHA384, SHA512, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify

gpg> quit

# the following assumes that you have z3_backup in your gnupg public-key ring
# perform incremental backup the latest snapshot; use gpg compressor
z3 backup --compressor gpg --gpg-recipient z3_backup --dry-run
# after inspectng the commands that would be executed, perform the backup
z3 backup --compressor gpg --gpg-recipient z3_backup

# the following assumes that you have z3_backup in your gnupg private-key ring
# restore a dataset to a certain snapshot
z3 restore the-part-after-the-at-sign --dry-run
# after inspectng the commands that would be executed, perform the restore
z3 restore the-part-after-the-at-sign
```

### Other Commands
Other command line tools are provided.

Expand Down
8 changes: 7 additions & 1 deletion z3/sample.conf
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,10 @@ S3_PREFIX=z3-backup/
FILESYSTEM=pool

# only backup snapshots with this prefix
SNAPSHOT_PREFIX=zfs-auto-snap:daily
SNAPSHOT_PREFIX=zfs-auto-snap:daily

# use gpg for public-key encryption and compression
COMPRESSOR=gpg
# specify the public key to use for encryption, the public key preferences will
# dictate the compression and crypt algorithms used
GPG_RECIPIENT=z3_backup
13 changes: 13 additions & 0 deletions z3/snap.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ def cacheing_wrapper(self, *a, **kwa):
'pigz4': {
'compress': 'pigz -4 --blocksize 4096',
'decompress': 'pigz -d'},
'gpg': {
'compress': 'gpg -e -r {}',
'decompress': 'gpg -d'},
}


Expand Down Expand Up @@ -549,6 +552,11 @@ def parse_args():
choices=(['none'] + sorted(COMPRESSORS.keys())),
help=('Specify the compressor. Defaults to pigz1. '
'Use "none" to disable.'))
backup_parser.add_argument('--gpg-recipient',
dest='gpg_recipient',
default=cfg.get('GPG_RECIPIENT', 'z3_backup'),
help=('The gpg public key to use for encryption.'
' Defaults to z3_backup.'))
backup_parser.add_argument('--parseable', dest='parseable', action='store_true',
help='Machine readable output')
incremental_group = backup_parser.add_mutually_exclusive_group()
Expand Down Expand Up @@ -599,6 +607,11 @@ def main():
compressor = args.compressor
if compressor.lower() == 'none':
compressor = None
if compressor == 'gpg':
compressor_dict = COMPRESSORS.get(compressor)
if compressor_dict is not None:
compress_cmd = compressor_dict['compress'].format(args.gpg_recipient)
compressor_dict['compress'] = compress_cmd

do_backup(bucket, s3_prefix=args.s3_prefix, snapshot_prefix=snapshot_prefix,
filesystem=args.filesystem, full=args.full, snapshot=args.snapshot,
Expand Down