Re: Hot-backup a complete Debian install

To: <debian-isp@lists.debian.org>
Subject: Re: Hot-backup a complete Debian install
From: <roman@rs-labs.com>
Date: Wed, 1 Oct 2003 16:56:22 +0200 (CEST)
Message-id: <[🔎] 50607.80.33.231.107.1065020182.squirrel@www.hosting-seguridad.com>
In-reply-to: <[🔎] 691956AB-F416-11D7-85CE-0030656C7FE8@ains.at>
References: <n12knvsddr7ug0aag63o19cg96vdebbrud@4ax.com> <[🔎] 200310011142.h91BgPKC019584@mateo.evolution.com.uy> <[🔎] 31mlnvojm41tlqsk28r0rk5f8fcc955ajm@4ax.com> <[🔎] 691956AB-F416-11D7-85CE-0030656C7FE8@ains.at>

>> Finally, the 3rd stage: if you're going to save the backup files in an
>> "non-trusty" machine, which kind of container / encryption software
>> would you use? This would need to be easily scriptable, for automatize
>> the backup task.

My idea is to use something like BestCrypt:
http://www.jetico.com/linux/

Then you can mount the virtual container, write the dump file/s into it,
unmount and send the virtual container thrught the network. You could use
(non-encrypted) ftp, since the container by itself is already encrypted.
> Hmm .. tricky .. anything that is run by a script .. has the problem
> that if the
> script can be read .. anybody can do what the script does.

No, the point here is that only the destination machine (which is going to
be used as "backup store") is untrusty. Anyway, if a person have root on
the origin machine, he/she doesn't need to "hack" the container files nor
the backup files: he/she can get the files directly from the live system.
> Another option to consider is that those dump files will be big
> (depending on your system)
> Running them through a gpg -e will a) make the machine slow and b) take
>  a LONG time.

Yes, but my former scheme (BestCrypt or similar):
- you save the CPU used to SSL/SSH the transfers over the net (since you
could simply ftp the container).- when you have the container mounted and you're dumping into it the
encryption is made in a realtime way, so perhaps the bottleneck is not CPU
but hard-disk usage (since "dump" util is reading the filesystem in
parallel).- you could use "nice" so the process only uses free CPY cycles.

> I'd be very interested on how to solve this one ..

I have another problem with getting LVM snapshots to work:

linux:~/backup# lvcreate -L592M -s -n backup-ftp /dev/rs/ftp
lvcreate -- WARNING: the snapshot will be automatically disabled once it
gets fulllvcreate -- INFO: using default snapshot chunk size of 64 KB for
"/dev/rs/backup-ftp"lvcreate -- doing automatic backup of "rs"
lvcreate -- logical volume "/dev/rs/backup-ftp" successfully created

linux:~/backup# mount /dev/rs/backup-ftp /mnt
mount: block device /dev/rs/backup-ftp is write-protected, mounting read-only
mount: wrong fs type, bad option, bad superblock on /dev/rs/backup-ftp,
       or too many mounted file systems
linux:~/backup# uname -a
Linux linux 2.4.20-bf2.4 #1 Wed Dec 25 13:17:08 UTC 2002 i686 unknown
linux:~/backup#

I googled a bit and I've read some comments about similar problem. I think
that I'll have to recompile my kernel but I don't know which exact option
would I have to enable, or if this would be the right solution. Any
details which could help me?
-R

Reply to:

References:
- Re: Hot-backup a complete Debian install
  - From: "Alejandro Vartabedian" <avartabedian@evolution.com.uy>
- Re: Hot-backup a complete Debian install
  - From: Roman Medina <roman@rs-labs.com>
- Re: Hot-backup a complete Debian install
  - From: DI Peter Burgstaller <peter.burgstaller@ains.at>

Prev by Date: Re: Hot-backup a complete Debian install
Next by Date: Re: Hot-backup a complete Debian install
Previous by thread: Re: Hot-backup a complete Debian install
Next by thread: Re: Hot-backup a complete Debian install
Index(es):
- Date
- Thread