On Wed, 27 Sep 2023, Jean-Marc Saffroy wrote:
So I prefer to manage available raw (un-encrypted) space with LVM. Now, I also need to do backups of /home, and that's why I want snapshots. But that first layer of LVM would only show a snapshot of an encrypted volume, and the backup job shouldn't have the passphrase to decrypt the volume. Which is why I'm trying to find a way of doing snaphots of an "opened" LUKS volume: this way, the backup job can do its job without requiring a passphrase.
Besides LVM on LUKS on LVM which you already tried, consider using a filesystem that supports snapshots. I use btrfs, and snapshots work beautifully, and if you use "btrfs send" you can even do differential backups. Btrfs is COW, so snaps share all blocks not touched. Pipe the output of btrfs send directly to your backup process/server running "btrfs receive". Note, this requires the backup server to have btrfs. If it doesn't, then just use rsync from the snapshot directory to the backup server like a typical unix backup solution. (E.g. my vm host uses XFS on the backup drives, so it uses rsync.)
In simple tests, I could make it work, with dmsetup on LUKS on LVM, and also (after I sent my original email) with LVM on LUKS on LVM.
_______________________________________________ linux-lvm mailing list linux-lvm@xxxxxxxxxx https://listman.redhat.com/mailman/listinfo/linux-lvm read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/