Can I combine LUKS and LVM to achieve encryption and snapshots?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello LVM experts,

I am trying to create a volume with the following properties:
- the volume can be resized
- the volume is encrypted
- the volume can be snapshotted (for online backups)

So I thought I'd create the volume with LVM, encrypt it with LUKS, and snapshot it with LVM. However, LVM doesn't want to snapshot the unencrypted LUKS volume, as it is not an actual logical volume known to LVM (and I am not keen on snapshotting the encrypted volume, as that means the backup process would need the passphrase to mount the encrypted snapshot).

Is there a good way to achieve this with LUKS and LVM, or should I look elsewhere?

I have two ideas but I don't know if they are safe or practical:
- I could try running LVM (snapshots) on top of LUKS (encryption) itself on top of LVM (resize)
- or I could try working with dmsetup to fill the gap between LUKS and LVM

I did simple tests with dmsetup, and that *seems* to work, however I am not sure at all if that would be robust. An outline of my test:
- create an LVM volume (lvcreate) from a larger volume group
- make it a LUKS volume (cryptsetup lukfsFormat)
- "open" the LUKS volume (cryptsetup open)
- create a snapshot-origin volume from the open LUKS volume (dmsetup create)
- mount that as my active volume
- every time I want to do a backup:
  create a temporary snapshot volume from the origin, mount it, run the backup, unmount it, delete it

Thoughts?

Cheers,
JM
_______________________________________________
linux-lvm mailing list
linux-lvm@xxxxxxxxxx
https://listman.redhat.com/mailman/listinfo/linux-lvm
read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/

[Index of Archives]     [Gluster Users]     [Kernel Development]     [Linux Clusters]     [Device Mapper]     [Security]     [Bugtraq]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]

  Powered by Linux