Restore backup with restic or decrypt files

vanderlpp · October 23, 2020, 7:57pm

NethServer Version: 7.8
Hi.

I recently had my nethserver’s hd burned. I sent for recovery and found that they were only able to recover 180GB of the more than 500GB that were there. So I’m in a complicated situation. I have the full server backup, however, as it was with RESTIC backup type, I can’t access them directly. They are encrypted.

I’ve been researching and I could see that few are successful in recovering these files … however, I was able to understand by some commands

[root @ docs ~] # / usr / sbin / e-smith / backup-data -b complete_system
Backup: full_system
Backup started at 2020-10-23 15:47:41
Pre backup scripts status: SUCCESS
Fatal: create repository at / mnt / backup-sistema_completo failed: config file already exists

Fatal: wrong password or no key found
Backup failed
Action 'backup-data-restic sistema_completo': FAIL
Backup status: FAIL

it seems that the key / password is missing for the encryption to be undone. the files are still on the HD, and there is a folder called KEYS, where it contains some important information (it seems to me).

{"created":"2019-11-19T10:33:16.020613499-03:00","username":"","hostname":"docs.adv.local","kdf":"scrypt","N":16384,"r":8,"p":1,"salt":"Tb3N8lWM4I9Sdb5TO5e2iSwqF8mbhaCwUqPPQns98jzZyNI+ltmKBGKSV/mGcAt9oA11iYdwGPAMlvCRFGozAw==","data":"ojVni4pBXsYrqg1nP+XG/Q3Nf9NzFDlQU2Wzc1bU0iTTcJ5dCizGNL4RKGiEmIrybnX+XKv0wQ86JF49kGLyAiQj0IgT7lhZ18d1dE2flhjjSN5semlb+CkUnc0Ymgv2vW4Vp+vc5oBDlUHwUSECJOIz86JGIAjJfJvGDA41qs63ndXbRmCfMaJl23jqh1EPqRr/2qC6DIkeSZ2QQiusPg=="}

then, after much breaking my head, I ask:
1 - Is there a place on the nethserver where I put these files so that it can return the data?

2 - What files do I have to restore from this bkp so that the data can be used again?

Thanks in advance for any help …

restore backup with restic or decrypt files.

federico.ballarini · October 23, 2020, 9:06pm

If you don’t have the config backup I think you cannot restore them. In config file there is restic password.
@giacomo please add a tip in doc and Cockpit to remind to backup config with restic.

pike · October 24, 2020, 8:55am

Or automate a “put” of configuration file outside the server.

vanderlpp · October 24, 2020, 2:57pm

it would be good if he always sent it to the email, and that this email is registered at the beginning of the initial configuration.

I understand @federico.ballarini to recover this file in particular …

pike · October 24, 2020, 10:12pm

“Always” not. Maybe… Timely. Once every x weeks… 12?
And that can be sent “on demand” as part of “backup config and send it to the relay”

giacomo · October 25, 2020, 10:02am

This the good and the bad of encryption.

The best approach should be display the encryption key inside the UI and also add a warning in the doc.
This is also why the configuration backup should be downloaded once in a while.

Sadly, it’s not possible to put alongside restock backup into the cloud.

Can you try at least to recover partially the hd and grab the config backup?

I feel sorry for that

dnutan · October 25, 2020, 10:39am

The password for the encryption was placed in /var/lib/nethserver/secrets/restic_*

pike · October 25, 2020, 10:56am

Hint for documentation: a Checklist for create the perfect “disaster recover toolkit”

vanderlpp · October 25, 2020, 12:43pm

180GB of almost 800 that existed was recovered.
I have yet to see these files, to see if at least this one could recover …

but from what they said, it was a Hall recovery. I don’t know what this means … but the recovery was done without the structure of posts and names … that is … unrecognizable names inside any folder … I will have trouble trying to find this backup file configuration …

the tip to show the secret key in the interface is good … since we can prepare ourselves knowing that it is very important … since it is not spoken anywhere in the old interface or in the new (cockpit).

stephdl · November 25, 2020, 3:39pm

vanderlpp · October 13, 2021, 9:13pm

Hello everyone…

After a long time afraid of using the same type of backup on the Nethserver, I did a test today to see how the interface is doing and the options that have changed… And I was pleasantly surprised to learn that we can now see the password for backup encryption. I was very happy. I confess that I even felt a (bad) nostalgia for the time I lost everything… but as I always say, past waters don’t move a mill.

I have already saved the password in a safe place, backed up in other places, and I also sent it to my wife, in case I die in the meantime… I took a screenshot so that there was no doubt about the password as well…

Well… Now I hope you don’t have any problems with that again…