backup my laptop securely – crashplan | Performance Magic

Ramblings from a Sysadmin

April 1, 2013

backup my laptop securely – crashplan

I need to backup my laptop. Previously when using a Mac, I had a hard drive sitting in my office and would plug it in every morning and Time Machine would do it’s thing.

A recent tweet by @rackerhacker said he was using crashplan, so I thought I would give it a go.

Crashplan is pretty good if you pay for it. I am not so concerned about the ‘cloud’ storage, but would like incremental backups taken more often, so I could find files at previous dates and/or times, but that is not the major reason for me to have backups. It is in case my laptop gets stolen, or the SSD decides to go bad.

Once I was happy that Crashplan would suffice as a backup tool I needed to work out how to have my Ubuntu install safely mount and unmount my backup drive (spinning rust) automatically when resuming/suspending, so it was seamless for me. I also want this drive encrypted which added a little extra to the mix.

I added a file to /etc/pm/sleep.d/ called 00_backup_vol and added the following to it.

#!/bin/bash

case "$1" in
  thaw|resume)
    sleep 2
    if [ -b /dev/sdb1 ]; then
      logger -t "00_backup_vol" -i "checking uuid"
      eval `blkid -s UUID /dev/sdb1 | awk -F: '{print $2}'`
      if [ "20dcb381-fc39-4612-84c4-914d6c8d885a" == "${UUID}" ]; then
        mkdir -p /media/5b66af72-3e34-4f88-bc2f-d0cb51be319e
        logger -t "00_backup_vol" -i "opening luks volume"
        cryptsetup --key-file /etc/ssl/private/backups_key luksOpen /dev/sdb1 backups
        logger -t "00_backup_vol" -i "mounting disk"
        mount /dev/mapper/backups /media/5b66af72-3e34-4f88-bc2f-d0cb51be319e
        logger -t "00_backup_vol" -i "restarting crashplan"
        /etc/init.d/crashplan restart
      fi
    fi
  ;;
  hibernate|suspend)
    /etc/init.d/crashplan stop
    umount /media/5b66af72-3e34-4f88-bc2f-d0cb51be319e
    cryptsetup luksClose backups
    exit 0
  ;;
  *) exit 1
  ;;
esac

While the suspend portion of the code isn’t very interesting, and basically just unmounts the drive, I’ll quickly walk you through what the resume portion does.

All the way through we log interesting events so that we can debug if necessary.

I then check if the /dev/sdb1 exists, and then check the UUID is the one we expect. If it isn’t, then we won’t do anything, and we can leave this up to the GUI/automount tools to deal with it.

Moving on to making the directory, just in case it has disappeared. We then open the encrypted drive. I keep a copy of this key in another location so that I can open the backup drive if the main drive dies.

Mounting the drive and restarting/starting Crashplan are the last steps. I stop Crashplan, as it will write to the directory if it exists which is not what I want to happen. I also make sure Crashplan doesn’t start on boot.

The only annoying thing about this setup, is the popup dialogue I get on my desktop asking for the key. I have figured out a way to blacklist drives yet. Trying to be too useful 🙂

© Greg Cockburn