Provisional page: needs checking and expansion!


Here we describe the procedure for taking full backups and restoring them.

Taking a full backup

  1. Connect a disk with USB.
    • If it is not setup you should use the procedure to setup encrypted disk documented elsewhere.
  2. Mount the USB disk on /backupdisk:
    •   # cryptsetup luksOpen /dev/sdX1 sdX1_crypt
        # mount /dev/mapper/sdX1_crypt /backupdisk
  3. Create a directory in /backupdisk with the following naming scheme:
    • <hostname>/<date>/

  4. For each filesystem (/boot, /) do the following:
    •   # cd / && tar cd - --one-file-system <mountpoint> |\
        gpg -r -e > \
    • mountpoint: /boot or /
    • hostname: the name of the host
    • date: the current date in the format YYYY-MM-DD
    • ID: A number (01 for / (root), 02 for /boot)
    • FS: The filesystem name with the / replace by a -
      • For the root filesystem use the name 'root' For example: /backupdisk/hlin/2008-10-03/00_root.tar.gpg and /backupdisk/hlin/2008-10-03/01_boot.tar.gpg and /backupdisk/hlin/2008-10-03/02_var-lib-mysql.tar.gpg

      The keyid used for backups is: 0E1725CF <>

  5. [Optional] Verify the backup (see Verification procedure on next page).
  6. Unmount and disconnect the USB backup disk:
    •   # umount /backupdisk
        # cryptsetup luksClose sdX1_crypt
        # eject /dev/sdX1

To use this procedure you need:

Verifying a full backup

This is best done directly after completion of the offsite backup procedure at the point [Optional] described above.

  1. Insert the USB stick with the private GPG key and mount it read-only on /mnt/keys.
  2. Go to /backupdisk/<hostname>/<date>

  3. Run the following command:
    •   for b in *
          echo Verifying $b ...
          gpg --homedir /mnt/keys/gnupg -d $b | tar tvf - >>/tmp/KLAD
  4. Inspect /tmp/KLAD for any anomalies.
  5. Unmount USB stick with the private GPG key and remove it.
  6. Go to /

Restoring a full backup

In case you use a live CD:

  1. Mount the new disk on /new
    • Use encryption and so on! Mount the filesystems you want (for example /boot on the new disk) on their designated place in /new. (for example: /new/boot)
  2. Mount the backupdisk on /backupdisk
  3. Mount the USB stick with the private GPG key read-only on /mnt/keys
  4. Go to /backupdisk/<hostname>/<date wanted>

  5. Run the following command:
    •   for b in *
          echo Extracting $b ...
          gpg --homedir /mnt/keys/gnupg -d $b | (cd /new && tar xvpf - )
  6. Install grub on the new disk

In order to use this procedure you need: