Hello everyone,after some years, my qubes backup script became too outdated and doesn't work any more. For writing a new backup script, I have a few questions:
- I only plan to backup the userdata, "home" folder within vms. In recovery, I am fine with reinstalling qubes os itself and all template vms. I wish to take btrfs snapshots of /var/lib/qubes/appvms while some vms are still running. What blockfiles do I need to restore the vms "home" files? I see:
private.img
private-dirty.imng
private.img.123@<timestamp>
Some years ago, it was not possible to mount the "'changes since
vm-start' heap file". Will I lose all filechanges since the vm started,
if I don't siut it down before taking the snapshot, and only backup one
of those files? Will I be able to restore most of my files from the
running vm when copying over all three of these "private" files?
- My idea is to attach all vm blockfiles to a dedicated backup-vm, mount the private.img (or the like) there locally, and rsync its fs content to a remote network location. What would be a good way to efficiently present all dom0 vm blockfiles to that one backup-vm? Attaching all private.img (or the like) blockfiles one-after-another to the backup-vm (seems easy to break)? Or copying them all to one big blockfile in dom0, and attach that blockfile to backup-vm (much overhead)? Or is there any way to attach the appvms folder from dom0 to the backup-vm, instead of attaching blockdevices (folder =! blockdevice)?
Thank you for any hints, Stickstoff I want to keep dom0 secure, so I like block-attach as a tool.Also, I would only attach the data from a read-only btrfs snapshot, to secure the vms a tiny bit more. The backup-vm has no other tasks than sending all data away to a remote backup destination, to keep its attacksurface small~ish. Sensitive data, like passwordsafes, are locally encrypted in their respective VMs before backup. In my scenario, I am more afraid of losing data than being attacked and having lowered qubes' security guards too much, so the top priority is an automated remote backup.
-- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/qubes-users/9fa92ac3-557f-4f58-97a3-83ac6098f2df%40posteo.de.
OpenPGP_signature.asc
Description: OpenPGP digital signature
