Dburdick: /* Create backup */

2009-02-06T20:44:48Z

Create backup

New page

This article will help you to encrypt your existing Fedora 10 installation
=== Where we begin ===
We have the following disk configuration:
<pre>
# fdisk -l /dev/sda

Disk /dev/sda: 40.0 GB, 40000000000 bytes
255 heads, 63 sectors/track, 4863 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000e6cc7

Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 4863 38957625 8e Linux LVM
</pre>

* '''/dev/sda1''' is our '''/boot''' partition
* '''/dev/sda2''' is physical volume for existing volume group '''vg0'''

<pre>
# cat /etc/fstab
/dev/vg0/root / ext3 noatime 1 1
/dev/vg0/tmp /tmp ext2 noatime 1 2
/dev/vg0/home /home ext3 noatime 1 2
/dev/vg0/var /var ext3 noatime 1 2
/dev/vg0/usr /usr ext3 noatime 1 2
LABEL=boot /boot ext2 noatime 1 2
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0
/dev/vg0/swap swap swap defaults 0 0
</pre>

=== Install required packages ===
* dump
* plymouth-system-plugin
* cryptsetup-luks

yum install dump plymouth-system-plugin cryptsetup-luks

=== Create backup ===
Mount your external USB disk, for example, to /mnt and use dump to backup your current installation.
Make two copies, on two different disks, to be sure, '''this is the most important step'''
<pre>
dump -0 -f /mnt/root.dump /
dump -0 -f /mnt/usr.dump /usr
dump -0 -f /mnt/var.dump /var
dump -0 -f /mnt/home.dump /home
</pre>

=== Boot in rescue mode ===
Skip mounting existing installation, we are going to destroy it in the next step
* Make the existing data unrecoverable
shred -v -n 1 -z /dev/sda2

* Create new encrypted physical volume
cryptsetup --verify-passphrase luksFormat --cipher aes-cbc-essiv:sha256 --key-size 256 /dev/sda2
cryptsetup --verbose luksOpen /dev/sda2 cryptpv

* recreate volume group and logical volumes
<pre>
lvm pvcreate /dev/mapper/cryptpv
lvm vgcreate -s 32M vg0 /dev/mapper/cryptpv
lvm lvcreate --size 512 --name root vg0
lvm lvcreate --size 2G --name swap vg0
lvm lvcreate --size 4G --name usr vg0
lvm lvcreate --size 1G --name var vg0
lvm lvcreate --size 1G --name home vg0
lvm lvcreate --size 256 --name tmp vg0
mke2fs -j -L root /dev/vg0/root
mkswap -L swap /dev/vg0/swap
mke2fs -j -L usr /dev/vg0/usr
mke2fs -j -L var /dev/vg0/var
mke2fs -j -L home /dev/vg0/home
mke2fs -L tmp /dev/vg0/tmp
</pre>

* remount backup and root
<pre>
mkdir /tmp/root
mkdir /tmp/mnt
mount /dev/sdb1 /tmp/mnt
mount -t ext3 /dev/vg0/root /tmp/root
</pre>

* restore root
<pre>
cd /tmp/root
restore -r -f /tmp/mnt/root.dump
rm restoresymtable
</pre>

* mount and restore remaining file systems
<pre>
mount -t ext3 -o noatime /dev/vg0/usr /tmp/root/usr
cd /tmp/root/usr
restore -r -f /tmp/mnt/usr.dump
rm restoresymtable
mount -t ext3 -o noatime /dev/vg0/var /tmp/root/var
cd /tmp/root/var
restore -r -f /tmp/mnt/var.dump
rm restoresymtable
mount -t ext3 -o noatime /dev/vg0/home /tmp/root/home
cd /tmp/root/home
restore -r -f /tmp/mnt/home.dump
rm restoresymtable
mount -t ext2 -o noatime /dev/vg0/tmp /tmp/root/tmp
chmod 1777 /tmp/root/tmp
</pre>

* unmount backup, create all device nodes for chrooted environment
<pre>
umount /tmp/mnt
cp -ax /dev/* /tmp/root/dev
mkdir /tmp/root/dev/shm
mount -t proc proc /tmp/root/proc
mount -t sysfs sysfs /tmp/root/sys
</pre>

* chroot into restored system
<pre>
chroot /tmp/root
mount -a
swapon -a
vgcfgbackup
</pre>

* recreate initrd image
cd /boot
mkinitrd -v -f `ls initrd*` `ls /lib/modules`

* force fsck check and selinux relabeling of the new system
touch /.autofsck /.autorelabel

=== You are done ===
exit
reboot

[[Category:Linux]]

Encrypt Fedora - Revision history

Dburdick: /* Create backup */