hammer mirror-copy and mirror-stream run ssh under the hood and does all the hard work for you. See the hammer(8) manual page.
-Matt On Fri, Jan 30, 2015 at 7:59 AM, Antonio Huete Jiménez < [email protected]> wrote: > Hi Konrad, > > The only way that comes to mind in order to achieve that would be using > 'hammer mirror-read' piped to some encryption utility like openssl or gnupg > in order to have on the fly encrypted filesystem PFSes and then transfer > the files to the backup location. > > Something like this: > (Note that this assumes you have a working gpg setup) > > BACKUP: > > # hammer mirror-read /var | gzip -c | gpg --symmetric --cipher-algo AES192 > --output pfs.var.gz.enc > Prescan to break up bulk transfer > Enter passphrase > > Passphrase: > Prescan 1 chunks, total 241 MBytes (253446328) > Please re-enter this passphrase > Passphrase: > Enter passphrase > > Passphrase: > Please re-enter this passphrase > Passphrase: > Mirror-read /var succeeded > > # chmod 400 pfs.var.gz.enc > # ls -tlhr pfs.var.gz.enc > -r-------- 1 root wheel 193M Jan 30 16:46 pfs.var.gz.enc > > RESTORE: > > # gpg --decrypt pfs.var.gz.enc | gunzip -c | hammer -y mirror-write > /pfs/myvar > gpg: AES192 encrypted data > gpg: encrypted with 1 passphrase > PFS slave /pfs/myvar does not exist. Auto create new slave PFS! > Creating PFS #9 succeeded! > /pfs/myvar > sync-beg-tid=0x0000000000000001 > sync-end-tid=0x0000000000000001 > shared-uuid=4eaaa528-512e-11e4-9849-535400b3fa11 > unique-uuid=7729ee0e-a898-11e4-af39-535400b3fa11 > slave > label="" > prune-min=00:00:00 > operating as a SLAVE > snapshots directory defaults to /var/hammer/<pfs> > Source can update synctid to 0x0000000111c45d60 > > There is a way also to do incremental backups but it would be more > complicated. You can have a look at this to grasp the idea: > > http://gitweb.dragonflybsd.org/dragonfly.git/tree/HEAD:/ > tools/tools/hammer-backup > > Cheers, > Antonio Huete > > > > > Quoting Konrad Neuwirth <[email protected]>: > > Hello everyone, >> >> I've read about cryptsetup and device mapper, but this is is not quite >> what I have in mind :-). >> >> I am curious whether there is a way to have a HAMMER filesystem encrypted >> so that I can mirror it to another location, where only the encrypted data >> is stored. But here, locally, of course, I would be interested in using the >> filesystem normally. The benefit would be that I can copy back from the >> encrypted storage and have my filesystem back, yet do not need to trust the >> backup location. >> >> Is there any way to achieve that? >> >> Thank you, >> Konrad >> > > >
