Backups on an encrypted external hard drive

Here I assume you already filled it with random data.

Just one more post documenting my system.. (It might be useful only to myself, who knows).

I have a file /root/key with random numbers (just dd if=/dev/random of=/dev/sdb bs=key_size count=1).

It’s my key file. Losing this file, I lose the data on the external hide drive. The drive is on /dev/sdb. I just did:

cryptsetup luksFormat /dev/sdb /root/key
cryptsetup luksOpen /dev/sdb vault-metal -d /root/key
pvcreate /dev/mapper/vault-metal
vgcreate metal /dev/mapper/vault-metal
lvcreate -L 100G -n home metal
mke2fs -t ext4 /dev/metal/home

If you want to, you may use a passphrase, instead of a key file. Just omit /root/key from the first command, and -d /root/key from the second.

Anyway, now I have /dev/metal/home for mirroring my /home. I want to do backup with rsync, but, since I am not always with the external hd connected, I want it to not try to mount it before I plug it on USB. In fact I don’t want it to mount automatically at all.

I don’t know if /etc/crypttab can help me here, but a shell script will suffice:

#!/bin/bash

if
  cryptsetup luksOpen /dev/sdb vault-metal -d /root/key/metal &&
  vgscan &&
  vgchange -a y metal &&
  mount /dev/metal/home /metal/home
then
  rsync -avh --delete /home/ /metal/home
else
  echo Error\?
fi

I just run it for mounting. (I might need to change it for checking for UUID. Actually, fstab would help here). One for umounting it would be good, too:

#!/bin/bash

if
  umount /metal/home &&
  vgchange -a n metal &&
  cryptsetup luksClose /dev/mapper/vault-metal
then
  echo Ok
else
  echo Error\?
fi

There is some info on rsync here on this wiki, and on the gentoo wiki too. If you are serious about backups you should check the documentation too.

There is some info (and links) on dm-crypt/LUKS and LVM on an earlier post, too.

Also this is the first time ever I use rsync 🙂

Advertisements

About Elias

Some random geek
This entry was posted in Linux and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s