| |
For security reasons, some of us with the Linux Unified Key Setup (LUKS) for the home or virtual hard disk dedicated server (VPS) on encrypted; these hard drive capacity will soon increase to tens or GB hundreds of GB. So, we enjoy security LUKS devices at the same time, you might start thinking a viable remote backup solution. To secure offsite backup, we need solutions in the data block level encrypted LUKS device operation, rather than in an unencrypted file system level operations. So in the end, we find ourselves in such a situation: Whenever we want to back up, which is necessary to transmit the whole LUKS device data (for example, assume 200GB). This is clearly not feasible. So, how do we deal with this problem?
The solution Road: Bdsync
Excellent open source tools at this time, a named Bdysnc (thanks to Rolf Fokkens) would be able to come in handy. As the name suggests, Bdsync can be synchronized "block device" through the network. On the fast synchronization purposes, Bdsync can generate and compare MD5 checksum in the local / remote block device, only data synchronization differences. Rsync can complete the task in the file system level, rather Bdsync can complete the task at block device level. It can also be run with natural encrypted LUKS device interaction. Really nice!
Use Bdsync, the first backup will copy the entire block devices LUKS inside data to a remote host, it takes a long time to complete. However, after this initial backup is complete, if we build some new files on LUKS device, the second time the backup will be done quickly, because we only need to copy the changed data blocks. This time the classic incremental backup played a role!
To install Linux on the Bdsync
Bdsync not included in the Linux distribution version of the standard software repository. Thus, you need to build it from source. Use the following instructions for a particular release, and will Bdsync reference manual pages installed on your system.
On Debian, Ubuntu or Linux Mint
$ Sudo apt-get install git gcc libssl-dev
$ Git clone https://github.com/TargetHolding/bdsync.git $ cd bdsync
$ Make
$ Sudo cp bdsync / usr / local / sbin
$ Sudo mkdir -p / usr / local / man / man1
$ Sudo sh -c 'gzip -c bdsync.1> /usr/local/man/man1/bdsync.1.gz'
On Fedora or CentOS / RHEL
$ Sudo yum install git gcc openssl-devel
$ Git clone https://github.com/TargetHolding/bdsync.git $ cd bdsync
$ Make
$ Sudo cp bdsync / usr / local / sbin
$ Sudo mkdir -p / usr / local / man / man1
$ Sudo sh -c 'gzip -c bdsync.1> /usr/local/man/man1/bdsync.1.gz'
For LUKS encrypted device to perform incremental backups offsite
I assume you've LUKS encrypted block device configured to backup sources (such as / dev / LOCDEV), also assumes that you have a remote host, the content source device will be backed up (for example, / dev / REMDEV) on the host.
You need access to the root account on both systems, and set up SSH access without a password in order to access a remote host from the local host. Finally, you also need to Bdsync installed on two hosts.
Want to start on the local host for remote backup process, we execute the following command as root account:
# Bdsync "ssh root @ remote_host bdsync --server" / dev / LOCDEV / dev / REMDEV | gzip> /some_local_path/DEV.bdsync.gz
It should be some explanation. Bdsync client will root identity with a remote host account to establish a SSH connection and using --server option to perform Bdsync client software. Explain, / dev / LOCDEV is the source on the local host LUKS block device, and / dev / REMDEV target is a block device on a remote host. They should be / dev / sda (for the entire disk) or / dev / sda2 (for a partition). The output of local Bdsync client then outputs to gzip, gzip local host Construction DEV.bdsync.gz (so-called binary patch file).
After the first time you run the above command, it takes a very long time, depending on your Internet / Ethernet speed and / dev / LOCDEV size. Remember: your two block device (/ dev / LOCDEV and / dev / REMDEV) must be the same size.
The next step is to generate patch files copied from the local host to the remote host. One way is to use scp:
# Scp /some_local_path/DEV.bdsync.gz root @ remote_host: / remote_path
The last step is, execute the following command on a remote host, it will patch file to / dev / REMDEV:
# Gzip -d
I recommend that you use does not contain any important data partitions do some small tests, then use Bdsync to handle the actual data. Only you fully understand the whole process before they can begin the actual backup data.
Conclusion
In conclusion, we describe how to use Bdsync LUKS to perform an incremental backup device. And rsync, as each time a backup, just to a small part of the data, not the entire data LUKS device copied to remote backup site, which saves bandwidth and backup time. Rest assured, all data protected by SSH or SCP, another device itself is encrypted by LUKS. It is also possible to improve this program: You can run bdsync using special user (not root). We can also bdsync for any block device, such as LVM or RAID disk, the other is still very easy to set Bdsync, so that the local disk backup to a USB drive. As you can see, its application prospect is unlimited! |
|
|
|