Overview

The following setup can be used for backing up a blockdevice to a remote location with the following constraints:

The remote backup can be a file or a blockdevice.

rsync would be the obvious tool for this kind of tasks if it could only handle blockdevices.

Tools

The following tools are used for this purpose:

Build bdsync from source

Bdsync not included in Debian's repository. You need to build it from the source code.

First install the necessary packages:

apt-get install git build-essential libssl-dev

Grap the source code from Github:

git clone https://github.com/TargetHolding/bdsync.git

Change to bdsync directory and build it with a simple make. Atferward copy the files to the right places:

cp bdsync /usr/local/bin/

mkdir /usr/local/man/man1

gzip -c bdsync.1 > /usr/local/man/man1/bdsync.1.gz

Disk layout

The disk layout needs to be planned carefully in order to allow encryption and snapshots.

Simple layout (imperfect)

The following layout is sufficient for all defined requirements except for timely consistency (the blockdevice may change during the course of the transfer).

/dev/sda

Grub-Boot-Partition

Raid /dev/md0

Raid /dev/md1

/boot

PV: lvm-crypto

: LV: lvm-crypto/root

: LV: lvm-crypto/swap

: LV: lvm-crypto/home

Complex layout (perfect)

The following layout allows consistent synchronization: the encrypted blockdevice is an LVM volume (snapshots are possible).

/dev/sda

Grub-Boot-Partition

Raid /dev/md0

PV: lvm-plain

LV: lvm-plain/boot

LV: lvm-plain/crypto-pv

PV: lvm-crypto

: LV: lvm-crypto/root

: LV: lvm-crypto/swap

: LV: lvm-crypto/home

Workflow

Initialization

  1. copy the blockdevice to a remote location:

    dd if=/dev/lvm-plain/crypto-pv | pv | ssh root@target "dd of=/dev/target"

Synchronization

  1. create a snapshot of the encrypted blockdevice:

    lvcreate --size 10G --snapshot --name backup-snapshot lvm-plain/crypto-pv
  2. create a bdsync patch between this snapshot and the current remote backup:

    bdsync "ssh root@target bdsync --server" /dev/lvm-plain/backup-snapshot /dev/target >bdsync.patch
  3. copy the bdsync patch to the remote location:

    scp bdsync.patch root@target:
    rm bdsync.patch
  4. apply the bdsync patch remotely and remove it afterwards:

    ssh root@target "bdsync --patch bdsync.patch && rm bdsync.patch"
  5. remove the snapshot blockdevice:

    lvremove lvm-plain/backup-snapshot

Encrypted Blockdevice Synchronization (zuletzt geändert am 2015-06-14 18:04:39 durch anonym)


Creative Commons Lizenzvertrag
This page is licensed under a Creative Commons Attribution-ShareAlike 2.5 License.