BSD Using Tarsnap in FreeBSD to Improve My Offsite Backups


In a recent post I described how I improved the reliability of my file system backups by using the data replication capabilities inherent in the FreeBSD Zettabyte File System (ZFS). In this post I will explore Tarsnap, another tool I recently started to use to perform secure offsite backups of my most important files.

The versions for the software used in this post are as follows:

  • FreeBSD 11.0-RELEASE
  • tarsnap 1.0.37
  • The steps discussed assume that the FreeBSD Ports Collection is installed. If not, you can install it using the following command:

    If the Ports Collection is already installed, make sure to update it:

    Okay, let’s get started. Okay, let’s get started. All commands are issued as the user root. While building the various ports you should accept all default configuration options unless otherwise instructed.

    Create a Tarsnap account

    Before installing Tarsnap I visited the Tarsnap registration page and created an account. Tarsnap operates on a prepaid basis, so you have to add some money to your account before you can start using it. The minimum amount is $5.00. Money will be deducted from your pre-paid amount based on the actual number of bytes stored and bandwidth used (after compression and data deduplication). Tarsnap prices are currently $.25 per Gigabyte per month for storage, and $.25 per byte for bandwidth.

    Install Tarsnap

    After creating an account it was time to install Tarsnap. First I made sure the Ports Collection was up to date:

    Then proceeded with the install, accepting all default configuration options:

    Next, I ran tarsnap-keygen, a utility which registers my machine with the Tarsnap server and generates a key that is used to encrypt and sign the archives that I create. I needed to have the e-mail address and password I used to create my Tarsnap account handy when running this command. In following example I’ve registered a machine with the host name tarsnap-test:

    Note that if I had multiple machines containing files I wished to backup to Tarsnap, I would want create a separate key file for each machine.

    By default tarsnap-keygen will create the key file /root/tarsnap.key. This can be changed by adding the option keyfile to specify a different location and/or key name. In the example above I’ve changed the name of my key file to tarsnap-test.key to help disambiguate keys in case I add additional machines to my Tarsnap account in the future.

    Tarsnap creates the file /usr/local/etc/tarsnap.conf when installed. This config file is read by the tarsnap utility and specifies a number of default options, all of which will be ignored if the options in question are specified at the command line. Since I change the name of default key file, I revised the value for the option keyfile in /usr/local/etc/tarsnap.conf:

    Note that you should store a copy of this key someplace safe. If you lose your Tarsnap key file(s), you will not be able to create new archives or access your archived data.

    Using Tarsnap

    After installing Tarsnap I was ready to create and backup my first archive. Tarsnap commands follow a syntax similar to the venerable tar utility. The -c option creates a new archive containing the specified files. The -f option specifies which file to write the archive to:

    Performing subsequent backups of these files will go faster since Tarsnap’s deduplication feature will avoid sending data which was previously stored.

    If I want to list all archives stored with Tarsnap I can use the following command:

    Adding one or more instance of the -v option to this command will make the output more verbose. For example, if -v is specified one or more times, the creation time of each archive is printed; if it is specified two or more times, the command line with which Tarsnap was invoked to create each archive is also printed.

    If I want to list the files contained within a single archive I can use the following command:

    The -t option is used to print to stdout the files stored in the specified archive; the -v option of course makes the output a little more verbose.

    If I wanted to delete one or more archives I can use the -d option:

    When the time comes to restore one or more files from Tarsnap I have a couple of options. For example, I can recover all files contained in a particular archive using the following command. In this example, I’ve extracted all files contained in the archive backup-20150729 to /tmp where I can recover one of more files:

    Or I can extract just one of the directories in this archive:

    Note here that you must exclude the leading / from the directory you’re restoring from. So in this case, instead of /pool_0/dataset_0/some-directory/, it should be pool_0/dataset_0/backup/some-directory.

    Or regress even further into the archive to recover a single file if desired:

    Finally, if for whatever reason I no longer wish to use Tarsnap on this machine I can invoke the nuke option, which will delete all of the archives stored:

    To make sure you’re really serious, Tarsnap will ask you to type the text “No Tomorrow” when using this command.

    Okay, after getting comfortable with the Tarsnap commands and backing up files manually for a couple of days, I created this ugly little script that creates a daily archive of a specified directory; looks for any archives older than 30 days and deletes them; and, logs its output to the file /home/iceflatline/cronlog:

    I wrote the script to /home/iceflatline/bin/ where I maintain some other scipts and made it executable:

    Then added the following cron job to the crontab under user root. The script runs every day at 0800 local time:

    Well, that’s it. A short post describing my experiences using Tarsnap, an easy, secure and inexpensive solution for performing offsite backups of my most important files.


    Tags: , ,

    3 Responses to “Using Tarsnap in FreeBSD to Improve My Offsite Backups”

    1. Claus Conrad Says:

      There are a couple of similar scripts listed at .

    2. Oclair Says:

      I came across a relatively new FreeBSD port called tarsnap-periodic “Simple way of making tarsnap backups using the periodic system” It appears to based off of zfs-periodic “Scripts to take zfs snapshots with periodic on FreeBSD” Looks promising!

    3. iceflatline Says:

      Oclair, oh very cool! Thanks for passing this along.

    Leave a Reply