<<TableOfContents()>>

= Overview =
The following setup can be used for backing up a blockdevice to a remote location with the following constraints:
 * the source is a blockdevice
 * we do not trust the remote destination
 * no downtime for the source
 * the backup reflects a consistent state of the source at a specific point in time

The remote backup can be a file or a blockdevice.

''rsync'' would be the obvious tool for this kind of tasks if it could only handle blockdevices.


= Tools =
The following tools are used for this purpose:
 * cryptsetup: blockdevice encryption
 * [[https://sourceware.org/lvm2/|LVM]]: dynamic volume management with snapshots
 * [[https://github.com/TargetHolding/bdsync|bdsync]]: remote synchronization of blockdevices

== Build bdsync from source ==
Bdsync not included in Debian's repository. You need to build it from the source code.

First install the necessary packages:{{{
apt-get install git build-essential libssl-dev}}}

Grap the source code from [[https://github.com/TargetHolding/bdsync|Github]]:{{{
git clone https://github.com/TargetHolding/bdsync.git}}}

Change to bdsync directory and build it with a simple {{{make}}}. Atferward copy the files to the right places:{{{

cp bdsync /usr/local/bin/

mkdir /usr/local/man/man1

gzip -c bdsync.1 > /usr/local/man/man1/bdsync.1.gz}}}

= Disk layout =
The disk layout needs to be planned carefully in order to allow encryption and snapshots.

== Simple layout (imperfect) ==
The following layout is sufficient for all defined requirements except for timely consistency (the blockdevice may change during the course of the transfer).

||<|3 tablestyle="border:none; text-align:center;"> /dev/sda ||<|3 style="background-color: lightgreen;"> Grub-Boot-Partition ||<style="background-color: lightgray;"> Raid /dev/md0 ||<-3 style="background-color: gold;"> Raid /dev/md1 ||
||<|2 style="background-color: aqua;"> /boot ||<-3 style="background-color: blue;"> PV: lvm-crypto ||
||<style="background-color: yellow;"> : LV: lvm-crypto/root ||<style="background-color: olive;"> : LV: lvm-crypto/swap ||<style="background-color: silver;"> : LV: lvm-crypto/home ||

== Complex layout (perfect) ==
The following layout allows consistent synchronization: the encrypted blockdevice is an LVM volume (snapshots are possible).

||<|5 tablestyle="border:none; text-align:center;"> /dev/sda ||<|5 style="background-color: lightgreen;"> Grub-Boot-Partition ||<-4 style="background-color: gold;"> Raid /dev/md0 ||
||<-10 style="background-color: lightblue;"> PV: lvm-plain ||
||<|3 style="background-color: aqua;"> LV: lvm-plain/boot ||<-3 style="background-color: red;"> LV: lvm-plain/crypto-pv ||
||<-3 style="background-color: blue;"> PV: lvm-crypto ||
||<style="background-color: yellow;"> : LV: lvm-crypto/root ||<style="background-color: olive;"> : LV: lvm-crypto/swap ||<style="background-color: silver;"> : LV: lvm-crypto/home ||


= Workflow =
== Initialization ==
 1. copy the blockdevice to a remote location: {{{
dd if=/dev/lvm-plain/crypto-pv | pv | ssh root@target "dd of=/dev/target"
}}}

== Synchronization ==
 1. create a snapshot of the encrypted blockdevice: {{{
lvcreate --size 10G --snapshot --name backup-snapshot lvm-plain/crypto-pv
}}}
 2. create a bdsync patch between this snapshot and the current remote backup: {{{
bdsync "ssh root@target bdsync --server" /dev/lvm-plain/backup-snapshot /dev/target >bdsync.patch
}}}
 3. copy the bdsync patch to the remote location: {{{
scp bdsync.patch root@target:
rm bdsync.patch
}}}
 4. apply the bdsync patch remotely and remove it afterwards: {{{
ssh root@target "bdsync --patch bdsync.patch && rm bdsync.patch"
}}}
 5. remove the snapshot blockdevice: {{{
lvremove lvm-plain/backup-snapshot
}}}