Inhaltsverzeichnis
Overview
The following setup can be used for backing up a blockdevice to a remote location with the following constraints:
- the source is a blockdevice
- we do not trust the remote destination
- no downtime for the source
- the backup reflects a consistent state of the source at a specific point in time
The remote backup can be a file or a blockdevice.
Tools
The following tools are used for this purpose:
- cryptsetup: blockdevice encryption
LVM: dynamic volume management with snapshots
bdsync: remote synchronization of blockdevices
Disk layout
The disk layout needs to be planned carefully in order to allow encryption and snapshots.
Simple layout (imperfect)
The following layout is sufficient for all defined requirements except for timely consistency (the blockdevice may change during the course of the transfer).
/dev/sda |
Grub-Boot-Partition |
Raid /dev/md0 |
Raid /dev/md1 |
||
/boot |
PV: lvm-crypto |
||||
: LV: lvm-crypto/root |
: LV: lvm-crypto/swap |
: LV: lvm-crypto/home |
Complex layout (perfect)
The following layout allows consistent synchronization: the encrypted blockdevice is an LVM volume (snapshots are possible).
/dev/sda |
Grub-Boot-Partition |
Raid /dev/md0 |
|||||||
PV: lvm-plain |
|||||||||
LV: lvm-plain/boot |
LV: lvm-plain/crypto-pv |
||||||||
PV: lvm-crypto |
|||||||||
: LV: lvm-crypto/root |
: LV: lvm-crypto/swap |
: LV: lvm-crypto/home |
Workflow
Initialization
copy the blockdevice to a remote location:
dd if=/dev/lvm-plain/crypto-pv | pv | ssh root@target "dd of=/dev/target"
Synchronization
create a snapshot of the encrypted blockdevice:
lvcreate --size 10G --snapshot --name backup-snapshot lvm-plain/crypto-pv
create a bdsync patch between this snapshot and the current remote backup:
bdsync "ssh root@target bdsync --server" /dev/lvm-plain/backup-snapshot /dev/target >bdsync.patch
copy the bdsync patch to the remote location:
scp bdsync.patch root@target: rm bdsync.patch
apply the bdsync patch remotely and remove it afterwards:
ssh root@target "bdsync --patch bdsync.patch && rm bdsync.patch"
remove the snapshot blockdevice:
lvremove lvm-plain/backup-snapshot