How best to backup/image Linux lvm-dmcrypt encrypted hard disk drive?

[corinthos]

I have a notebook hdd that is encrypted using lvm-dmcrypt to encrypt the entire hdd except a small /boot partition. It's split into 2 partitions, 1 small /boot and 1 big partition that is divided into 6 logical volumes.

I can't use the usual backup solutions, Ghost or Acronis TI, because they don't support encrypted disks. I know Acronis Echo Server for Linux supports hot imaging, which I assume would enable me to imaging my running Linux system and save that image into an external (also encrypted) drive on-the-fly, so no unecrypted data ever hits any platter. Unfortunately, this package costs too much to even consider.

As far as I know, the only other option I can find is something like PartImage that's on a bootable live linux CD, along with cryptsetup and etc., booting into it, unlocking the encrypted partitions, assign them mounting points, and then do partition-by-partition backups copied directly into the encrypted external drive on-the-fly.

Are there any other solutions? And if someone has a system they've come up with that works great that they can share with me, with a step-by-step how-to, that'd be greatly appreciated.

I'd really like to be able to automate it so I'm not manually backing up partition by partition, one at a time. I think partimage works like that or there may be a batch mode as well.
I want to select a disk and click a button and have it image the entire disk and let me save it to my encrypted external drive.

I'm using Debian Etch.

Moved to appropriate forum - Moderator Rubycon

 

[MrColin]

You could try using partimage from a live cd. I think partimage requires the backup target to be unmounted during the process so there won't be any one click action there. http://www.psychocats.net/ubuntu/partimage has a step by step how to.
I've heard of some similar knopix solutions but I dont have a link. I've used partimage successfully in the past to backup and restore windows and ubuntu images.
AFAIK, you might be happier backing up the data as opposed to the image while you are in the encrypted filesystem (mounted and in use) you could probably automate it with an alias or a script.

 

[Nothinman]

Things like Ghost should work fine, they won't be able to read the filesystem so you'll get a full bit-by-bit copy but it'll work.

 

[sourceninja]

I have thought about this a few times, but not much to research it. What I currently do is just tar up my home directory and stick it in a truecrypt container and put that on my network storage. Ubuntu linux (which is what I use) sets up so fast that I feel am image is just overkill. I can have a working system in under an hour this way. Of course if you had a few dozen linux notebooks to deal with then that is a different story. I just have mine.

 

[child of wonder]

Acronis TrueImage works for me.

 

[drag]

I wouldn't bother trying to backup the file system.

what I'd rather do is use rsync or tar (or whatever other type of archiving tool you prefer) and do it on the file and directory level. If you'd like you can do this on a live system, just as long as you watch out for online databases.. but I find it much easier to do with separate boot media.

I'd just mount all the volumes like they would if the system was running, use rsync over ssh, and deposit the entire OS (or actually in my personal stuff, screw the software and OS, I only care about my data that can't be recreated from sucking it down from the internet) on a (optionally encrypted) volume on the server.

To restore you'd have to recreate the partition and logical volume setup, as well as install the bootloader, but that shouldn't be difficult if you remember to document everything ahead of time.

For doing this sort of thing on large numbers I'd make a bootable usb key or nfs network boot, and write scripts to automate the whole thing.

 

[uOpt]

If you want to copy the encrypted raw device dd/cstream should work just fine.

Note, however, that you can only do that safely when the filesystem is temporarily mounted readonly.

In practice I would say it is better to make a dycrypt filesystem on whatever holds the backup and use rsync when both source and destination are mounted.