On Wed, 27 Sep 2023, Jean-Marc Saffroy wrote:
So I prefer to manage available raw (un-encrypted) space with LVM.
Now, I also need to do backups of /home, and that's why I want
snapshots. But that first layer of LVM would only show a snapshot of
an encrypted volume, and the backup job shouldn't have the passphrase
to decrypt the volume.
Which is why I'm trying to find a way of doing snaphots of an "opened"
LUKS volume: this way, the backup job can do its job without requiring
a passphrase.
Besides LVM on LUKS on LVM which you already tried, consider using
a filesystem that supports snapshots. I use btrfs, and snapshots work
beautifully, and if you use "btrfs send" you can even do differential
backups. Btrfs is COW, so snaps share all blocks not touched.
Pipe the output of btrfs send directly to your backup process/server
running "btrfs receive". Note, this requires the backup server to have
btrfs. If it doesn't, then just use rsync from the snapshot directory
to the backup server like a typical unix backup solution. (E.g. my vm
host uses XFS on the backup drives, so it uses rsync.)
In simple tests, I could make it work, with dmsetup on LUKS on LVM,
and also (after I sent my original email) with LVM on LUKS on LVM.
_______________________________________________
linux-lvm mailing list
linux-lvm@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-lvm
read the LVM HOW-TO at http://tldp.org/HOWTO/LVM-HOWTO/
