method for back up data with encrypted drive

    • OMV 5.x (beta)
    • method for back up data with encrypted drive

      Hi,

      I’m in the process setting up OMV5 with SnapRaid and Union FS.
      I read somewhere users use BorgBackup with LuksEncryption for back up data.
      But BorgBackup plugin isn’t available yet.

      what are the suggestions ?

      thanks
      OMV v5.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
    • tinh_x7 wrote:

      I read somewhere users use BorgBackup with LuksEncryption for back up data.
      Borgbackup has an encryption option but it doesn't use Luks.

      tinh_x7 wrote:

      But BorgBackup plugin isn’t available yet.

      what are the suggestions ?
      Wait for the plugin is my first suggestion. It isn't far off. Just haven't had much time lately.
      omv 5.2.3 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.2.1
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • tinh_x7 wrote:

      So if the data drive is encrypted with Luks, can I still use BorgBackup to back up data ?
      As long as the drive is unlocked and the filesystem is mounted. Borg works with files not the filesystem or device it is on.
      omv 5.2.3 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.2.1
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • tinh_x7 wrote:

      How do I encrypt the device if I can't select any data drive from the drop-down menu ?
      LUKS needs a block device not a file system. The plugin only allows you to select a disk without filesystems.

      tinh_x7 wrote:

      Do I need to un mount my hard drives and format them ?
      No. You need to unmount and wipe them. Then add them to LUKS and then put a filesystem on top of the LUKS device.

      tinh_x7 wrote:

      I only want to encrypt some specific folders on the drive, not entire drive.
      LUKS is not what you want then. There is no plugin to do that. You could do that from the client side though.
      omv 5.2.3 usul | 64 bit | 5.3 proxmox kernel | omvextrasorg 5.2.1
      omv-extras.org plugins source code and issue tracker - github

      Please read this before posting a question and this and this for docker questions.
      Please don't PM for support... Too many PMs!
    • Sorry that I ask many questions about this.
      I looked at the performance reviews of fscrypt and Luks, and Luks had better speed and performance.

      I notice some users wrote a script to auto unlock Luks encrypted hdd upon startup.
      Is this recommended instead unlock it manually ?
      OMV v5.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro
    • tinh_x7 wrote:

      I notice some users wrote a script to auto unlock Luks encrypted hdd upon startup.
      That means you need to store the key somewhere.


      tinh_x7 wrote:

      Is this recommended instead unlock it manually ?
      Depends on your use case. When you can accept the above it should be fine.
      I do it for an external backup drive which I store in a place outside of my home. I have the key on my server. When I plugin the USB drive the drive gets decrypted using the key which is stored on the server. In this case I don't mind as the data are stored unencrypted on the server anyway.
      Odroid HC2 - armbian - OMV5.x | Asrock Q1900DC-ITX - Intenso SSD 120GB - OMV5.x
      :!: Backup - Solutions to common problems - OMV setup videos - OMV5 Documentation - user guide :!:
    • There is always performance penalty but as long as the cpu has aes extensions should be fine, shouldnt decrease that dramatically, a standard Hdd is around 150-190MB/s it won’t cap enough to notice the degrade over gbit Ethernet.
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server
    • Hi,

      I just done the encryption process, but upon startup, the drives aren't unable to auto mount.
      forum.openmediavault.org/index…%2Bdev-disk-by#post143926


      I've tried timeout =1 and timeout =2, but no luck.
      By the way, I can't log into OMV web gui at all.

      Source Code

      1. dev/disk/by-label/data1 /srv/dev-disk-by-label-data1 ext4 defaults,nofail,x-systemd.device-timeout=1,user_xattr,noexec,usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0,acl 0 2
      Images
      • 80D1D439-C6BF-42C7-9088-4F35A393B8FE_1_105_c.jpeg

        349.61 kB, 768×1,024, viewed 14 times
      OMV v5.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro

      The post was edited 2 times, last by tinh_x7 ().

    • My current set up is : added passphrases then added Keyfile to the encryption drives.
      Not sure if there still a bug for this method after I read another thread.

      Even though I can’t unlock the drives upon startup, why I can’t access OMV web gui ?

      Edit: after researchings, I found the solution to fix it.
      I've to modified the /etc/crypttab and /etc/fstab accordingly.

      Current /etc/fstab config:

      Source Code

      1. # <file system> <mount point> <type> <options> <dump> <pass>
      2. # / was on /dev/sda1 during installation
      3. UUID=56a66259-f103-4ffd-bc2d-a3c036c2e6bc / ext4 noatime,nodiratime,discard,errors=remount-ro 0 1
      4. # swap was on /dev/sda5 during installation
      5. UUID=fac1e675-5c6a-4878-bf29-9a72c320f9cf none swap sw 0 0
      6. # >>> [openmediavault]
      7. /dev/mapper/sdb1_crypt /media/sdb ext4 defaults 0 2
      8. /dev/mapper/sdc1_crypt /media/sdc ext4 defaults 0 2
      9. /dev/mapper/sdd1_crypt /media/sdd ext4 defaults 0 2
      10. /dev/mapper/sde1_crypt /media/sde ext4 defaults 0 2
      11. /dev/mapper/sdf1_crypt /media/sdf ext4 defaults 0 2
      12. # <<< [openmediavault]
      Display All


      Upon startup, I received errors:


      Source Code

      1. Dec 2 21:13:27 omv rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="2651" x-info="https://www.rsyslog.com"] rsyslogd was HUPed
      2. Dec 2 21:13:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data1' not mounted
      3. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' unable to read filesystem '/srv/dev-disk-by-label-data1' state
      4. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' trying to restart
      5. Dec 2 21:13:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data1' status failed (1) -- /srv/dev-disk-by-label-data1 is not a mountpoint
      6. Dec 2 21:13:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data2' not mounted
      7. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' unable to read filesystem '/srv/dev-disk-by-label-data2' state
      8. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' trying to restart
      9. Dec 2 21:13:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data2' status failed (1) -- /srv/dev-disk-by-label-data2 is not a mountpoint
      10. Dec 2 21:13:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity1' not mounted
      11. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' unable to read filesystem '/srv/dev-disk-by-label-parity1' state
      12. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' trying to restart
      13. Dec 2 21:13:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity1' status failed (1) -- /srv/dev-disk-by-label-parity1 is not a mountpoint
      14. Dec 2 21:13:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity2' not mounted
      15. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' unable to read filesystem '/srv/dev-disk-by-label-parity2' state
      16. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' trying to restart
      17. Dec 2 21:13:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity2' status failed (1) -- /srv/dev-disk-by-label-parity2 is not a mountpoint
      18. Dec 2 21:13:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data3' not mounted
      19. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' unable to read filesystem '/srv/dev-disk-by-label-data3' state
      20. Dec 2 21:13:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' trying to restart
      21. Dec 2 21:13:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data3' status failed (1) -- /srv/dev-disk-by-label-data3 is not a mountpoint
      22. Dec 2 21:14:23 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data1' not mounted
      23. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' unable to read filesystem '/srv/dev-disk-by-label-data1' state
      24. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' trying to restart
      25. Dec 2 21:14:23 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data1' status failed (1) -- /srv/dev-disk-by-label-data1 is not a mountpoint
      26. Dec 2 21:14:23 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data2' not mounted
      27. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' unable to read filesystem '/srv/dev-disk-by-label-data2' state
      28. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' trying to restart
      29. Dec 2 21:14:23 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data2' status failed (1) -- /srv/dev-disk-by-label-data2 is not a mountpoint
      30. Dec 2 21:14:23 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity1' not mounted
      31. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' unable to read filesystem '/srv/dev-disk-by-label-parity1' state
      32. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' trying to restart
      33. Dec 2 21:14:23 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity1' status failed (1) -- /srv/dev-disk-by-label-parity1 is not a mountpoint
      34. Dec 2 21:14:23 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity2' not mounted
      35. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' unable to read filesystem '/srv/dev-disk-by-label-parity2' state
      36. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' trying to restart
      37. Dec 2 21:14:23 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity2' status failed (1) -- /srv/dev-disk-by-label-parity2 is not a mountpoint
      38. Dec 2 21:14:23 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data3' not mounted
      39. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' unable to read filesystem '/srv/dev-disk-by-label-data3' state
      40. Dec 2 21:14:23 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' trying to restart
      41. Dec 2 21:14:23 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data3' status failed (1) -- /srv/dev-disk-by-label-data3 is not a mountpoint
      42. Dec 2 21:14:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data1' not mounted
      43. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' unable to read filesystem '/srv/dev-disk-by-label-data1' state
      44. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data1' trying to restart
      45. Dec 2 21:14:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data1' status failed (1) -- /srv/dev-disk-by-label-data1 is not a mountpoint
      46. Dec 2 21:14:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data2' not mounted
      47. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' unable to read filesystem '/srv/dev-disk-by-label-data2' state
      48. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data2' trying to restart
      49. Dec 2 21:14:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data2' status failed (1) -- /srv/dev-disk-by-label-data2 is not a mountpoint
      50. Dec 2 21:14:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity1' not mounted
      51. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' unable to read filesystem '/srv/dev-disk-by-label-parity1' state
      52. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity1' trying to restart
      53. Dec 2 21:14:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity1' status failed (1) -- /srv/dev-disk-by-label-parity1 is not a mountpoint
      54. Dec 2 21:14:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-parity2' not mounted
      55. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' unable to read filesystem '/srv/dev-disk-by-label-parity2' state
      56. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-parity2' trying to restart
      57. Dec 2 21:14:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-parity2' status failed (1) -- /srv/dev-disk-by-label-parity2 is not a mountpoint
      58. Dec 2 21:14:53 omv monit[2740]: Filesystem '/srv/dev-disk-by-label-data3' not mounted
      59. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' unable to read filesystem '/srv/dev-disk-by-label-data3' state
      60. Dec 2 21:14:53 omv monit[2740]: 'filesystem_srv_dev-disk-by-label-data3' trying to restart
      61. Dec 2 21:14:53 omv monit[2740]: 'mountpoint_srv_dev-disk-by-label-data3' status failed (1) -- /srv/dev-disk-by-label-data3 is not a mountpoint
      62. Dec 2 21:15:01 omv CRON[3493]: (root) CMD (/usr/sbin/omv-mkrrdgraph >/dev/null 2>&1)
      63. Dec 2 21:15:02 omv /omv-mkrrdgraph: Failed to build graph (plugin=disk, period=hour): [Errno 2] No such file or directory: '/var/lib/openmediavault/rrd/disk-octets-disk/by-label/data1-hour.png'
      64. Dec 2 21:15:02 omv /omv-mkrrdgraph: Failed to build graph (plugin=disk, period=day): [Errno 2] No such file or directory: '/var/lib/openmediavault/rrd/disk-octets-disk/by-label/data1-day.png'
      Display All
      OMV v5.0
      Asus Z97-A/3.1; i3-4370
      32GB RAM Corsair Vengeance Pro

      The post was edited 1 time, last by tinh_x7 ().