Results 1 to 3 of 3

Thread: LVM snapshot on Luks encrypted drive?

  1. #1
    Join Date
    Apr 2012
    Posts
    4

    Default LVM snapshot on Luks encrypted drive?

    Hello,

    I am trying to make a vzdump on a Luks encrypted drive and I always get the

    INFO: mode failure - unable to detect lvm volume group
    INFO: trying 'suspend' mode instead

    failure message.
    I am not 100% sure whether it is actually possible to make a snapshot on an encrypted drive but so far I did not find anything saying that it is impossible.

    My configuration looks as following:

    vgdisplay:

    --- Volume group ---
    VG Name pve
    System ID
    Format lvm2
    Metadata Areas 1
    Metadata Sequence No 8
    VG Access read/write
    VG Status resizable
    MAX LV 0
    Cur LV 4
    Open LV 4
    Max PV 0
    Cur PV 1
    Act PV 1
    VG Size 460.15 GiB
    PE Size 4.00 MiB
    Total PE 117798
    Alloc PE / Size 94599 / 369.53 GiB
    Free PE / Size 23199 / 90.62 GiB
    VG UUID 2uheZe-rjdw-xWMn-ajaB-yaq4-geRl-dv6o2k



    lvdisplay:
    --- Logical volume ---
    LV Name /dev/pve/root
    VG Name pve
    LV UUID kQKKKW-1HuT-kvJj-AKhD-9oFJ-ZjRW-lZVmBZ
    LV Write Access read/write
    LV Status available
    # open 1
    LV Size 9.77 GiB
    Current LE 2500
    Segments 1
    Allocation inherit
    Read ahead sectors auto
    - currently set to 256
    Block device 253:0

    --- Logical volume ---
    LV Name /dev/pve/swap
    VG Name pve
    LV UUID YMx93I-tCR1-1N5A-Bw57-ctbx-Qrib-M2IylQ
    LV Write Access read/write
    LV Status available
    # open 1
    LV Size 9.77 GiB
    Current LE 2500
    Segments 1
    Allocation inherit
    Read ahead sectors auto
    - currently set to 256
    Block device 253:2

    --- Logical volume ---
    LV Name /dev/pve/data
    VG Name pve
    LV UUID eWc5Ay-RTbq-GS2n-RSau-j1i9-HNGi-mdzVGv
    LV Write Access read/write
    LV Status available
    # open 1
    LV Size 150.00 GiB
    Current LE 38399
    Segments 1
    Allocation inherit
    Read ahead sectors auto
    - currently set to 256
    Block device 253:3

    --- Logical volume ---
    LV Name /dev/pve/snap-vm
    VG Name pve
    LV UUID vl3mTC-cP31-acbp-xR1E-IXjU-EKuW-FSwOGN
    LV Write Access read/write
    LV Status available
    # open 1
    LV Size 200.00 GiB
    Current LE 51200
    Segments 1
    Allocation inherit
    Read ahead sectors auto
    - currently set to 256
    Block device 253:7



    df -h:

    Filesystem Size Used Avail Use% Mounted on
    /dev/mapper/pve-root 9.7G 2.1G 7.1G 24% /
    tmpfs 994M 0 994M 0% /lib/init/rw
    udev 984M 248K 984M 1% /dev
    tmpfs 994M 19M 975M 2% /dev/shm
    /dev/sda1 958M 58M 851M 7% /boot
    /dev/fuse 30M 16K 30M 1% /etc/pve
    /dev/mapper/pve-data-crypt
    148G 7.3G 133G 6% /var/lib/vz
    /dev/mapper/pve-snap-crypt
    197G 2.3G 185G 2% /snapshot-vm


    So you see that I am using dm_crypt "after" the LVM so that /dev/mapper/pve-snap-crypt is my encrypted drive that is used later on.



    In the webinterface I have set up a the directory

    /snapshot-vm to be called vm-snapshots

    and to be a storage for backups only.


    INFO: starting new backup job: vzdump 101 --mode snapshot --compress lzo --storage vm-snapshots
    INFO: Starting Backup of VM 101 (qemu)
    INFO: status = running
    INFO: mode failure - unable to detect lvm volume group
    INFO: trying 'suspend' mode instead
    INFO: backup mode: suspend
    INFO: ionice priority: 7
    INFO: suspend vm
    INFO: creating archive '/snapshot-vm/dump/vzdump-qemu-101-2012_04_15-19_54_35.tar.lzo'
    INFO: adding '/snapshot-vm/dump/vzdump-qemu-101-2012_04_15-19_54_35.tmp/qemu-server.conf' to archive ('qemu-server.conf')
    INFO: adding '/var/lib/vz/images/101/vm-101-disk-2.raw' to archive ('vm-disk-virtio0.raw')
    INFO: Total bytes written: 53687093760 (200.00 MiB/s)
    INFO: archive file size: 522MB
    INFO: resume vm
    INFO: vm is online again after 258 seconds
    INFO: Finished Backup of VM 101 (00:04:18)
    INFO: Backup job finished successfully
    TASK OK




    Any more information needed to help me? And any hints that I could try? I already tried the "LC_ALL=C" and I also tried it on my test machine where everything worked out alright (no encryption on my test machine).

    Thank you for helping me!

    Jörg

    PS:

    cat /proc/mounts

    none /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
    none /proc proc rw,nosuid,nodev,noexec,relatime 0 0
    none /dev devtmpfs rw,relatime,size=1007112k,nr_inodes=251778,mode=75 5 0 0
    none /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode= 000 0 0
    /dev/mapper/pve-root / ext3 rw,relatime,errors=remount-ro,barrier=0,data=ordered 0 0
    tmpfs /lib/init/rw tmpfs rw,nosuid,relatime,mode=755 0 0
    tmpfs /dev/shm tmpfs rw,nosuid,nodev,relatime 0 0
    /dev/sda1 /boot ext3 rw,relatime,errors=remount-ro,barrier=0,data=ordered 0 0
    fusectl /sys/fs/fuse/connections fusectl rw,relatime 0 0
    /dev/fuse /etc/pve fuse rw,nosuid,nodev,relatime,user_id=0,group_id=0,defa ult_permissions,allow_other 0 0
    beancounter /proc/vz/beancounter cgroup rw,relatime,blkio,name=beancounter 0 0
    container /proc/vz/container cgroup rw,relatime,freezer,devices,name=container 0 0
    fairsched /proc/vz/fairsched cgroup rw,relatime,cpuacct,cpu,cpuset,name=fairsched 0 0
    /dev/mapper/pve-data-crypt /var/lib/vz ext3 rw,relatime,errors=continue,barrier=0,data=ordered 0 0
    /dev/mapper/pve-snap-crypt /snapshot-vm ext3 rw,relatime,errors=continue,barrier=0,data=ordered 0 0



    pveversion --verbose

    pve-manager: 2.0-59 (pve-manager/2.0/18400f07)
    running kernel: 2.6.32-11-pve
    proxmox-ve-2.6.32: 2.0-66
    pve-kernel-2.6.32-11-pve: 2.6.32-66
    lvm2: 2.02.88-2pve2
    clvm: 2.02.88-2pve2
    corosync-pve: 1.4.3-1
    openais-pve: 1.1.4-2
    libqb: 0.10.1-2
    redhat-cluster-pve: 3.1.8-3
    resource-agents-pve: 3.9.2-3
    fence-agents-pve: 3.1.7-2
    pve-cluster: 1.0-26
    qemu-server: 2.0-38
    pve-firmware: 1.0-15
    libpve-common-perl: 1.0-26
    libpve-access-control: 1.0-18
    libpve-storage-perl: 2.0-17
    vncterm: 1.0-2
    vzctl: 3.0.30-2pve2
    vzprocps: not correctly installed
    vzquota: 3.0.12-3
    pve-qemu-kvm: 1.0-9
    ksm-control-daemon: 1.1-1
    Last edited by jm1; 04-15-2012 at 11:40 PM.

  2. #2
    Join Date
    Apr 2005
    Location
    Austria
    Posts
    12,205

    Default Re: LVM snapshot on Luks encrypted drive?

    I guess it is impossible to mount an encrypted device without correct credentials?

  3. #3
    Join Date
    Apr 2012
    Posts
    4

    Default Re: LVM snapshot on Luks encrypted drive?

    So I changed my setup the following way and it works perfect!

    /dev/sdX1 --> Luks mapper /dev/mapper/encrypted --> /LVM /dev/mapper/pve-data

    Therefore the LVM does not know that it is located on an encrypted volume and works exactly the same as with an ordinary hd partition.

    Snapshots etc. work just fine and everything is now running for weeks.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •