Backup erstellen:

TODO

  • alle services stoppen ausser sshd
  • lsattr: d-flags checken. mit chattr aendern.
  • xfsdump erstellen.

kernel anpassen:

initramfs

files anlegen: /root/initramfs/init.sh, /root/initramfs/list und /root/initramfs/lvm.conf:

  • /root/initramfs/init.sh
#!/bin/ash
export PATH="/bin:/sbin:/usr/bin:/usr/sbin"
mount -t proc proc /proc
mount -t sysfs sysfs /sys
sysctl -w kernel.panic=10
CMDLINE=`cat /proc/cmdline`

sleep 1

cryptsetup luksOpen /dev/hda2 luks

vgscan
vgchange -ay

echo 1 > /sys/power/suspend2/do_resume

mount -t xfs -o noatime /dev/vg/root /mnt/new

sync
sync

umount /proc
umount /sys
exec switch_root /mnt/new /sbin/init ${CMDLINE}
  • /root/initramfs/list
dir /bin 755 0 0
dir /dev 755 0 0
dir /dev/mapper 700 0 0
dir /proc 755 0 0
dir /sys 755 0 0
dir /mnt 755 0 0
dir /mnt/new 755 0 0
dir /etc 755 0 0
dir /etc/lvm 755 0 0

file /init /root/initramfs/init.sh 755 0 0
file /etc/lvm.conf /root/initramfs/lvm.conf 644 0 0
file /bin/cryptsetup /bin/cryptsetup 755 0 0
file /bin/busybox /bin/busybox 755 0 0
file /bin/lvm /sbin/lvm 755 0 0

nod /dev/console 644 0 0 c 5 1
nod /dev/loop0 644 0 0 b 7 0
nod /dev/hda 660 0 6 b 3 0
nod /dev/hda1 660 0 6 b 3 1
nod /dev/hda2 660 0 6 b 3 2
#nod /dev/tty 666 0 5 c 5 0
slink /dev/tty /dev/console 777 0 0

slink /bin/ash busybox 777 0 0
slink /bin/echo busybox 777 0 0
slink /bin/umount busybox 777 0 0
slink /bin/mount busybox 777 0 0
slink /bin/sysctl busybox 777 0 0
slink /bin/cat busybox 777 0 0
slink /bin/sleep busybox 777 0 0
slink /bin/sysctl busybox 777 0 0
slink /bin/sync busybox 777 0 0
slink /bin/sh busybox 777 0 0
slink /bin/switch_root busybox 777 0 0
slink /bin/vgscan lvm 777 0 0
slink /bin/vgchange lvm 777 0 0
  • /root/initramfs/lvm.conf
filter=["a|^/dev/mapper/luks|", "r/.*/"]

kernel config

use the tuxonice kernel


General setup:

[*] Initial RAM filesystem and RAM disk (initramfs/initrd) support
(/root/initramfs/list) Initramfs source file(s)

Power management options (ACPI, APM):

<*>   Suspend2  --->
      <*>   Swap Allocator
      <*>   Compression support
      <*>   Userspace User Interface support
      (/dev/mapper/vg-swap) Default resume device name
      [*]   Allow Keep Image Mode
      [*]   Replace swsusp by default

Device Drivers -> Block devices:

<*> Loopback device support
<*>   Cryptoloop Support

Device Drivers -> Multi-device support (RAID and LVM):

<*>   Device mapper support
<*>     Crypt target support

Cryptographic options:

<*>   SHA256 digest algorithm
<*>   AES cipher algorithms
<*>   AES cipher algorithms (i586)
<*>   LZF compression algorithm

Partitionierung und Filesysteme erstellen:

  • lifecd mit xfsrestore und cryptsetup-luks booten (z.B gentoo-2007.0 lifeDVD)
  • partitionieren (z.B. mit cfdisk)
/dev/hda1 Boot (100MB)
/dev/hda2 spaetere verschluesselte partition (Rest) - (Type 83/Linux)
  • TODO: ggf. hda2 mit random vollschreiben
dd if=/dev/urandom of=/dev/sda
#(go and take a nap, because this takes a long time to finish)
# if you used /dev/random come back in 100 years
  • mit cryptsetup die verschluesselte Partition erstellen:
cryptsetup luksFormat /dev/hda2 --cipher aes-cbc-essiv:sha256 --key-size 256 --verify-passphrase
  • verschluesselte Partition mounten:
cryptsetup luksOpen /dev/hda2 luks
  • nun lvm Partitionen erstellen:
pvcreate /dev/mapper/luks
vgcreate vg /dev/mapper/luks
vgscan
vgchange -ay
#1Gb swap:
lvcreate -L1G -nswap vg
#60Gb /:
lvcreate -L60G -nroot vg
  • swap und xfs-Filesystem anlegen:
mkswap "/dev/vg/swap"
mkfs.xfs -f "/dev/vg/root"

Backup zurueckspielen:

TODO

ssh user@backuprechner "cat file.xfsdump" | xfsrestore - /dev/XFS_mountpoint
Powered by MediaWiki