Pairing Mystic with Myota BucketZero Storage (bZs) ensures secure, resilient backups with advanced security, redundancy, and seamless integration for robust data protection.
Enhance your data protection by pairing Mystic with Myota BucketZero Storage (bZs). This combination provides secure, resilient backups, ensuring your data remains protected against threats, corruption, and loss. With bZs, you benefit from advanced security features, redundancy, and seamless integration with Mystic for a robust backup and recovery solution.
To start locate the Volumes configuration section in your Docker setup, where you can set up the image. Specify the host path that contains the data you want to back up. Then, define the container path where this host path will be mounted inside the container; you'll use this path when executing the backup command. Once you've configured the volume, proceed to fill in the required environment variables, including the command.The Mystic package, when combined with Myota bucketZero Storage (bZs), serves as an advanced backup solution that offers straightforward and efficient commands for managing backup storage. This integration enhances the availability and resilience of your backup data, ensuring that it is both secure and readily accessible.
Pre-requisites
- Myota bucketZero Storage
- Bucket name - will be specified at BZS_BUCKET_NAME
- Endpoint URL - will be specified at BZS_ENDPOINT_URL
- Access key - will be specified at AWS_ACCESS_KEY_ID
- Secret - will be specified at AWS_SECRET_ACCESS_KEY
- Docker host
- or any compatible environment capable of executing Docker containers.
How to Run Mystic as a Container
Executing Mystic as a container is a simple process. Start by pulling the Mystic Docker image, then run it while providing the necessary environment variables to ensure proper configuration.
Mystic is designed as a task-based application, which means that the container automatically stops once the task is complete instead of running continuously as a service. This efficient design allows the Mystic container to use fewer resources. To repeat a backup task, simply restart the previously executed container.
1. Pull the Mystic Image
To pull the container image, the specific steps may differ based on your container host environment, but the process is straightforward. You can locate the Myota Mystic container image at myotainc/mystic.
For instance, when using TrueNAS, you should specify the image repository as myotainc/mystic. This may also be displayed as docker.io/myotainc/mystic.
2. Mount Volume to Container
Next, you will need to configure the mounting of a directory that contains the data you wish to back up to the container. The Docker host offers a feature called Volumes, which allows you to link a directory from the host system to the container.
- Locate the Volumes configuration section in your Docker setup, where you can run the image.
- Specify the host path that contains the data you wish to back up.
- Define the container path where this host path will be mounted inside the container. This container path will be used when you execute the backup command.
- Once you have configured the volume, proceed to set up the necessary environment variables, including the command to be executed.
3. Common Environment Variables
To execute Mystic, you need to configure the following environment variables, which will be accessible when running the Mystic image:
- RESTIC_PASSWORD - The password used to secure your backup data in the repository. It is essential that you remember this password, as it is required for both ongoing backups and data retrieval.
- REPOSITORY -
s3:BZS_ENDPOINT_URL/BZS_BUCKET_NAME/REPO_NAME
BZS_ENDPOINT_URL should omit http(s)://
For example, REPOSITORY value should be
s3:bzs-example-bucket-1.bucketzero.cloud/example-bucket-1/my-backup
- AWS_ACCESS_KEY_ID - Access key for bZs as the repository
- AWS_SECRET_ACCESS_KEY - Access secret for bZs as the repository
4. Run Mystic - commands
You can execute the following commands by specifying them in the COMMAND environment variable.
You might be prompted to specify the command to be executed in the container's CMD configuration.
Do not assign any values to the Container Entrypoint and Container CMD; these fields should remain empty. Instead, ensure that the COMMAND is specified as ENVIRONMENT VARIABLE.
init
This initial execution is designed to establish a repository within the bZs bucket. During this process, the repository will be encrypted using the specified RESTIC_PASSWORD. Please fill in the required values in the provided fields below, and once completed, click Run to initiate the container.
Upon execution, the container will provide log messages that detail the progress and outcome of the operation.
--verbose backup SOURCE_TO_BACKUP
This command initiates a backup of the data located at /mnt/data, which is the directory where the host's data is mounted within the container. Be sure to fill in the corresponding values in the gray boxes below.
The RESTIC_PASSWORD must match the password you used when initializing the repository. Once you've confirmed this, you can proceed by clicking Run to start the container.
Upon execution, the container will generate log messages that provide insights into the progress and results of the operation.
snapshots
This command retrieves a list of backup snapshots stored in your repository. Ensure that you fill in the corresponding values in the gray boxes below. The RESTIC_PASSWORD must match the one you used when initializing the repository. Once everything is set, you can click Run to start.
Upon execution, the container will generate detailed log messages that provide insights into the progress and outcomes of the operation.
forget --keep-daily 7 --prune
This command removes outdated snapshots according to your specified retention policy. The option `--keep-daily 7` retains daily snapshots for the past 7 days and prunes any older ones. You can adjust this parameter to align with your own backup strategy. Please ensure you fill in the corresponding values in the gray boxes below. The `RESTIC_PASSWORD` must match the password you used when initializing the repository. Once you have completed these steps, you can click Run to start the container.
Upon execution, the container will output log messages that provide detailed information about the progress and results of the operation.
restore SNAPSHOT_ID --target /mnt/restore
To restore a snapshot, you will need to provide the corresponding snapshot ID, which can be retrieved using the snapshots command mentioned earlier. Once you have the SNAPSHOT_ID, you can proceed to restore all data to a designated target path. Similar to how you mounted the source data directory at /mnt/data within the container, you will need to mount another directory to serve as the restoration target, such as /mnt/restore. The restored data will be written to /mnt/restore within the container, and this will ultimately be saved to the specified directory on the host system.
Upon execution, the container will display log messages that provide detailed information about the progress and results of the operation.
Repeat backup job - TrueNAS example
You can schedule a cron job to automate your backup process on a daily basis. For more information on how to set this up, please refer to: https://www.truenas.com/docs/scale/24.04/scaletutorials/systemsettings/advanced/managecronjobsscale/.
The Cron Jobs widget located from within the System > Advanced section will initially show "No Cron Jobs configured." Once you add a cron job, it will provide details about the configured cron jobs on your system.
To create a new cron job, click the Add button to access the Add Cron Job configuration screen. If you need to modify an existing cron job, click on the item to open the Edit Cron Job configuration screen, which will be pre-filled with the current settings. Both the Add and Edit Cron Job screens feature the same configuration options for your convenience.
Provide a descriptive name for your backup job to help identify its purpose easily.
Then, specify the complete path to the command or script that you wish to execute in the Command field.
/usr/bin/docker run -v HOST_PATH:/mnt/data -e "RESTIC_PASSWORD=YOUR_PASSWORD" -e "AWS_ACCESS_KEY_ID=BZS_ACCESS_KEY" -e "AWS_SECRET_ACCESS_KEY=BZS_ACCESS_SECRET" -e "REPOSITORY=REPO_VALUE" -e "COMMAND=--verbose backup /mnt/data" --name mystic-backup myotainc/mystic
Set the environment variables in the command.
/usr/bin/docker run -v HOST_PATH:/mnt/data -e "RESTIC_PASSWORD=YOUR_PASSWORD" -e "AWS_ACCESS_KEY_ID=BZS_ACCESS_KEY" -e "AWS_SECRET_ACCESS_KEY=BZS_ACCESS_SECRET" -e "REPOSITORY=REPO_VALUE" -e "COMMAND=--verbose backup /mnt/data" --name mystic-backup myotainc/mystic
Choose a user account from the Run As User dropdown menu to execute the command. Ensure that this user has the necessary permissions to run the specified command or script.
You can either choose a predefined schedule or opt for the Custom option to access advanced scheduling features. Keep in mind that if a cron task is already running, any subsequent scheduled instances of the task will be delayed until the current one finishes.
To suppress standard output (stdout) from the command, enable the Hide Standard Output option. If this option is not selected, TrueNAS will send any standard output generated by the command to the user account associated with the cron job that executed it.
To prevent error messages (stderr) from being displayed, enable the Hide Standard Error option. If this option is not selected, TrueNAS will send any error notifications to the user account associated with the cron job that executed the command.
To activate this cron job, check the Enabled box. If you prefer to disable the cron job without removing it, simply leave the checkbox unchecked.
Click Save.
This marks the successful creation and configuration of Mystic, enabling you to run it as a container. This approach ensures efficient resource usage while providing robust capabilities for backup, restoration, and snapshot management.
Resources
Install Myota Mystic - https://kb.myota.io/installing-myota-mystic