Overview

The following setup can be used for backing up a blockdevice to a remote location with the following constraints:

• the source is a blockdevice
• we do not trust the remote destination
• no downtime for the source
• the backup reflects a consistent state of the source at a specific point in time

The remote backup can be a file or a blockdevice.

rsync would be the obvious tool for this kind of tasks if it could only handle blockdevices.

Tools

The following tools are used for this purpose:

• cryptsetup: blockdevice encryption

• LVM: dynamic volume management with snapshots

• bdsync: remote synchronization of blockdevices

Disk layout

The disk layout needs to be planned carefully in order to allow encryption and snapshots.

Simple layout (imperfect)

The following layout is sufficient for all defined requirements except for timely consistency (the blockdevice may change during the course of the transfer).

Complex layout (perfect)

The following layout allows consistent synchronization: the encrypted blockdevice is an LVM volume (snapshots are possible).

Workflow

Initialization

1. copy the blockdevice to a remote location:

   dd if=/dev/lvm-plain/crypto-pv | pv | ssh root@target "dd of=/dev/target"

Synchronization

1. create a snapshot of the encrypted blockdevice:

   lvcreate --size 10G --snapshot --name backup-snapshot lvm-plain/crypto-pv

2. create a bdsync patch between this snapshot and the current remote backup:

   bdsync "ssh root@target bdsync --server" /dev/lvm-plain/backup-snapshot /dev/target >bdsync.patch

3. copy the bdsync patch to the remote location:

   scp bdsync.patch root@target:
   rm bdsync.patch

4. apply the bdsync patch remotely and remove it afterwards:

   ssh root@target "bdsync --patch bdsync.patch && rm bdsync.patch"

5. remove the snapshot blockdevice:

   lvremove lvm-plain/backup-snapshot