Ghost Image file using FSArchiver for Full-Disk Encrypted OS Drive
by sadarax from LinuxQuestions.org on (#55Z93)
Trying to make a ghost image of my full-disk encrypted Ubuntu OS drive. Normally I've used FSarchiver for years. Great tool. But lately, something strange is happening.
I have full disk encryption enabled on my Ubuntu 20.04 system. I have tried to make an FSarchive file using the 'savefs' method from it. Normally this spits out a neat little .fsa file about 10 GB or less. This time... it just keeps copying data. More and more. I finally stopped the fsarchive process when it created a file that was 55 GB. My entire disk is only using 22 GB, so something is wrong.
I tried using SystemRescueCD and also booting from Ubuntu's 20.04 distro. Both resulted in runaway massive files being copied and I don't know why. I created a virtual-machine installation of Kubuntu 20.04 with full-disk encryption, then booted into SystemRescueCD on that image and tested my steps for making the fsarchive back. No problem. I'm lost why this isn't working.
Here are my steps:
1. Boot into the Linux distro via a bootable USB.
2. Find what the currently booted system lists as my encrypted installed disk device to be. This is typically /dev/sdb5
Code:$ fdisk -l3. Open the encrypted drive.
Code:$ cryptsetup luksOpen /dev/sdb5 MyEncrypted-partition
Enter passphrase for /dev/sdb5:4. Mount the opened encrypted drive.
Code:$ mkdir /media/MyEncrypted-partition
$ mount /dev/mapper/MyEncrypted-partition /media/MyEncrypted-partition/Sometimes I've got an error related to LVM2_membership and this is what I do to solve that.
The error:
Code: mount: unknown filesystem type 'LVM2_member'To fix:
Code:$ apt-get install lvm2[Or when using Gentoo: It's already available, just load the kernel modules ]
Code:$ /sbin/modprobe dm-mod
$ /sbin/lsmod | grep dm_crypt
dm_crypt 11331 1Then I have to run:
Code:$ vgscan
Reading all physical volumes. This may take a while...
Found volume group "vgkubuntu using metadata type lvm2Then:
Code:$ vgchange -ay vgkubuntu
2 logical volume(s) in volume group "vgkubuntu" now activeNow to check what is seen by the system:
Code:$ lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
root vgkubuntu -wi-a----- 460.57g
swap vgkubuntu -wi-a----- 15.89g5. Back on track, now mount that full-disk encrypted OS drive as read-only.
Code:$ mount -o ro /dev/mapper/vgkubuntu--root /media/MyEncrypted-partition/6. Check that it's all there and good...
Code:$ ls /media/MyEncrypted-partition/
bin etc initrd.img.old lost+found opt sbin sys var
boot home lib media proc selinux tmp vmlinuz
dev initrd.img lib64 mnt root srv usr vmlinuz.old7. Create the ghost image of the hard drive
Code:$ fsarchiver -j4 savefs /media/other-drive/filename.fsa /dev/mapper/ubuntu--vg-rootI have tried pointing fsarchiver to the mounted opened-encrypted drive directory instead, using the command below, but I get this error message:
Code:$ fsarchiver -j4 savefs /media/other-drive/filename.fsa /media/MyEncrypted-partition/
oper_save.c#1200,oper_save(): /media/MyEncrypted-partition/ is not a valid block deviceOut of desperation, I tried making a .tar file of the disk contents and it had the same thing with producing something bigger than was currently used on the drive. I do not know what I'm doing wrong. Please help.
I have full disk encryption enabled on my Ubuntu 20.04 system. I have tried to make an FSarchive file using the 'savefs' method from it. Normally this spits out a neat little .fsa file about 10 GB or less. This time... it just keeps copying data. More and more. I finally stopped the fsarchive process when it created a file that was 55 GB. My entire disk is only using 22 GB, so something is wrong.
I tried using SystemRescueCD and also booting from Ubuntu's 20.04 distro. Both resulted in runaway massive files being copied and I don't know why. I created a virtual-machine installation of Kubuntu 20.04 with full-disk encryption, then booted into SystemRescueCD on that image and tested my steps for making the fsarchive back. No problem. I'm lost why this isn't working.
Here are my steps:
1. Boot into the Linux distro via a bootable USB.
2. Find what the currently booted system lists as my encrypted installed disk device to be. This is typically /dev/sdb5
Code:$ fdisk -l3. Open the encrypted drive.
Code:$ cryptsetup luksOpen /dev/sdb5 MyEncrypted-partition
Enter passphrase for /dev/sdb5:4. Mount the opened encrypted drive.
Code:$ mkdir /media/MyEncrypted-partition
$ mount /dev/mapper/MyEncrypted-partition /media/MyEncrypted-partition/Sometimes I've got an error related to LVM2_membership and this is what I do to solve that.
The error:
Code: mount: unknown filesystem type 'LVM2_member'To fix:
Code:$ apt-get install lvm2[Or when using Gentoo: It's already available, just load the kernel modules ]
Code:$ /sbin/modprobe dm-mod
$ /sbin/lsmod | grep dm_crypt
dm_crypt 11331 1Then I have to run:
Code:$ vgscan
Reading all physical volumes. This may take a while...
Found volume group "vgkubuntu using metadata type lvm2Then:
Code:$ vgchange -ay vgkubuntu
2 logical volume(s) in volume group "vgkubuntu" now activeNow to check what is seen by the system:
Code:$ lvs
LV VG Attr LSize Origin Snap% Move Log Copy% Convert
root vgkubuntu -wi-a----- 460.57g
swap vgkubuntu -wi-a----- 15.89g5. Back on track, now mount that full-disk encrypted OS drive as read-only.
Code:$ mount -o ro /dev/mapper/vgkubuntu--root /media/MyEncrypted-partition/6. Check that it's all there and good...
Code:$ ls /media/MyEncrypted-partition/
bin etc initrd.img.old lost+found opt sbin sys var
boot home lib media proc selinux tmp vmlinuz
dev initrd.img lib64 mnt root srv usr vmlinuz.old7. Create the ghost image of the hard drive
Code:$ fsarchiver -j4 savefs /media/other-drive/filename.fsa /dev/mapper/ubuntu--vg-rootI have tried pointing fsarchiver to the mounted opened-encrypted drive directory instead, using the command below, but I get this error message:
Code:$ fsarchiver -j4 savefs /media/other-drive/filename.fsa /media/MyEncrypted-partition/
oper_save.c#1200,oper_save(): /media/MyEncrypted-partition/ is not a valid block deviceOut of desperation, I tried making a .tar file of the disk contents and it had the same thing with producing something bigger than was currently used on the drive. I do not know what I'm doing wrong. Please help.