Encrypted backup using BackupPC, LVM and cryptsetup

I do offsite backups using BackupPC. The amount of data increases constantly so I need to add occasionally hard disks. Additionally I want the data to be encrypted, at least after powering off the system that is running the BackupPC application. So I decided to use logical volume management (LVM) and block device encryption (cryptsetup). The following steps were needed (on Ubuntu Feisty):

  • pvcreate /dev/sdb1 Before you can use any physical volume with LVM you have to initialize it. Allways initalize a partition, never the whole disk (even if the disk has only one partition). LVM has no problems with the whole disk, but other partitioning tools will think that this disk is not in use (because it appears to be not partitioned).
  • vgcreate backuppcvg /dev/sdb1 I created a volume group called "backuppcvg" which will contain all my logical volumes (actually only one for now). The volume group consists for now only of sdb1.
  • lvcreate -L 233.75G -nbackuplv backupvg Now I create a logical volume called "backuplv" in the volume group "backuppcvg". I use all available space in this volume group.
  • cryptsetup create cryptobackup /dev/mapper/backuppcvg/backuplv Now I setup the encryption for the logical volume "/dev/mapper/backuppcvg/backuplv", which I just created. Data written to the device "/dev/mapper/cryptobackup" goes first thru the encryption module and the encrypted data is written to the device "/dev/mapper/backuppcvg/backuplv" (that's called device mapping).
  • mkfs.ext3 /dev/mapper/cryptobackup Now I format the device "/dev/mapper/cryptobackup" with the ext3 file system
  • mount /dev/mapper/cryptobackup /var/lib/backuppc Now I mount the volume for use with BackupPC

If I want to increase the available space for backups, I need to add a physical disk. That's done as follows:

  • pvcreate /dev/sdc1
  • vgextend backuppcvg /dev/sdc1
  • /etc/init.d/backuppc stop
  • umount /dev/mapper/cryptobackup
  • cryptsetup remove cryptobackup
  • lvextend -L345.54G /dev/backuppcvg/backuplv Here I increase the size of the logical volume to a final size of 345.54 GB. It is important that you cannot reverse this step if you do not now the blocksize as the shrink command accepts only the new (smaller) size in blocks! So before doing this you should figure out how many blocks the old logical volume comprises!
  • cryptsetup create cryptobackup /dev/mapper/backuppcvolumegroup-backuplv
  • e2fsck -f /dev/mapper/cryptobackup Check whether the filesystem is consistent and ready for expansion
  • resize2fs /dev/mapper/cryptobackup Resize the ext3 filesystem. If you don't give any size it will use all available space of the underlying device
  • mount /dev/mapper/cryptobackup /var/lib/backuppc Mount the new larger logical volume