If you followed part 3, you should still be in the recovery media environment. You should have restored the GPT table, the EFI system partition and the /boot partition.
If you have not already done so, save the device name of your operating system disk in a variable. To find out the device name of the operating system disk, see part 1. In my case, the operating system disk is /dev/sda.
OSdisk='/dev/sda'
Your partition table should look something like this.
ubuntu@ubuntu:~$ sudo gdisk -l $OSdisk
GPT fdisk (gdisk) version 1.0.9
...
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
...
Number Start (sector) End (sector) Size Code Name
1 2048 2203647 1.0 GiB EF00
2 2203648 6397951 2.0 GiB 8300
ubuntu@ubuntu:~$
There are two partitions (in my case /dev/sda1, /dev/sda2).
The issue with Veeam and LUKS containers
Veeam does not support backing up LUKS containers. Let's take a moment here to consider what this means in practice. Have a look at what is in the backup.
CURRENT SYSTEM │ IN BACKUP
│
Device Restore Size │ Device Size Usage
│
sda 127.0G │ mapper/dm... 123.9G
│ sda 127.0G
│ sda1 1.04G /boot/efi...
│ sda2 2.00G /boot (ext4)
│ ubuntu-vg 123.9G
│ ubuntu-lv 61.96G / (ext4)
Compare this to what the partition table looked like when the backup was made (see part 1), This is the partition table that was created by Ubuntu installer.
Device Start End Sectors Size Type
/dev/sda1 2048 2203647 2201600 1G EFI System
/dev/sda2 2203648 6397951 4194304 2G Linux filesystem
/dev/sda3 6397952 266338270 259940319 123.9G Linux filesystem
Now consider, what should have been backed up according to the backup job settings (see part 1).
/dev/mapper/dm_crypt-0
/dev/sda
/dev/sda
Note that /dev/sda3, the partition that holds the LUKS container, is missing from the backup. This is because Veeam did not back it up. The same would have happend if you had chosen to back up the 'Entire computer' in the backup job settings.
Re-creating LUKS partition
If you recall from the first part, the LUKS container was in the third partition on the disk. It is important, that you do not do this in the Veeam recovery UI. I will explain this later.
List the free space on the disk
veeamuser@veeam-recovery-iso:~$ sudo parted $OSdisk print free
Model: Msft Virtual Disk (scsi)
Disk /dev/sda: 136GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
17.4kB 1049kB 1031kB Free Space
1 1049kB 1128MB 1127MB fat32 boot, esp
2 1128MB 3276MB 2147MB ext4
3276MB 136GB 133GB Free Space
veeamuser@veeam-recovery-iso:~$
The third partition will be created in the free space after the second partition (/boot). Here, it starts at 3276MB. Create the partition for the LUKS container.
veeamuser@veeam-recovery-iso:~$ sudo parted -a optimal $OSdisk mkpart LUKS 3276MB 100%
Information: You may need to update /etc/fstab.
veeamuser@veeam-recovery-iso:~$
The result should like this.
veeamuser@veeam-recovery-iso:~$ sudo parted $OSdisk print
Model: Msft Virtual Disk (scsi)
Disk /dev/sda: 136GB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 1128MB 1127MB fat32 boot, esp
2 1128MB 3276MB 2147MB ext4
3 3276MB 136GB 133GB LUKS
veeamuser@veeam-recovery-iso:~$
Now it is time to re-create the LUKS container.
Re-creating LUKS container
Once again, do not do this in the recovery UI.
Notes on LUKS container sector size
Note the --sector-size parameter below. If you need this, and what it should be will depend on your physical disk. In part 1, I showed how to determine the LUKS sector size of the container that is created by Ubuntu installer. You should aim to re-create the container with the same sector size that it had before the restore. If you don't know what the sector size was before the restore, it gets tricky.
By default, if no --sector-size parameter is supplied, cryptsetup will try to find the optimal sector size, depending on the properties of the physical disk. But this does not always lead to the same result as with the LUKS container that is created by Ubuntu installer. I will go into more details about this in the next part. For now, if you don't know what the sector size of the LUKS container should be, consider your physical disk.
veeamuser@veeam-recovery-iso:~$ sudo gdisk -l $OSdisk | grep physical
Sector size (logical/physical): 512/4096 bytes
veeamuser@veeam-recovery-iso:~$
This is the old 512n, 512e, 4Kn issue. Basically, there are three possibilities.
- 512n (logical/physical: 512/512 bytes)
In this case, it would be best, to set the sector size to 512 and cryptsetup should do this by default, if no --sector-size parameter is supplied. I did not test what Ubuntu installer uses in this case. - 512e (logical/physical: 512/4096 bytes)
Here, Ubuntu installer will use a sector/block size of 4096 for all partitions. (ESP, here: /dev/sda1, /boot, here: /dev/sda2, LUKS here: /dev/sda3). But cryptsetup will default to 512 which is why it is necessary to set --sector-size=4096 if you want to re-create the LUKS container exactly as it was before the restore. - 4Kn (logical/physical: 4096 /4096 bytes)
I have not tested this, but presumably, Ubuntu installer will also default to 4096 and cryptsetup will also default to 4096. You can also set --sector-size=4096.
Once you know, what sector size you need, proceed to create the LUKS container.
Re-creating LUKS container
Note, that ${OSdisk}3 in my case is /dev/sda3. If the partition start and end are not both aligned to the sector size, this will fail. More about that in the next part.
veeamuser@veeam-recovery-iso:~$ sudo cryptsetup luksFormat --sector-size=4096 ${OSdisk}3
WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda3:
Verify passphrase:
veeamuser@veeam-recovery-iso:~$
Once the LUKS container is created, return to the recovery UI.
Restoring LVM and root file system
Enter recovery UI. On Ubuntu live based recovery media, enter
sudo veeamconfig recoveryui
On generic or custom Veeam recovery media, enter
sudo veeam
Choose 'Restore volumes'
Select your backup just as you did in part 3.
You will now be notifed that a crypto device was found. This is the LUKS container you just created.
Found 1 crypto devices. Do you want to decrypt them all?
[Yes] [No]
Choose yes and enter the password.
In the overview, it should now look like this. There should be the third partition (here: sda3) and the opened LUKS container (here: luks-c0...).
CURRENT SYSTEM │ IN BACKUP
│
Device Restore Size │ Device Size Usage
│
sda 127.0G │ mapper/dm... 123.9G
sda1 1.04G │ sda 127.0G
sda2 2.00G │ sda1 1.04G /boot/efi...
sda3 123.9G │ sda2 2.00G /boot (ext4)
luks-a6... 123.9G │ ubuntu-vg 123.9G
│ ubuntu-lv 61.96G / (ext4)
In 'CURRENT SYSTEM', select the LUKS container (here: luks-c0...). Map it to mapper/dm_crypt-0 by choosing 'Restore from' and selecting mapper/dm_crypt-0. If this works, skip the next step and move on to restoring LVM and root file system.
Only, if you get 'The device is too small'
If you get an error 'The device is too small' perhaps because you are restoring to different hardware, no problem. Proceed by manually creating the LVM.
'The device is too small': manually creating the LVM
In 'CURRENT SYSTEM', select the LUKS container (here: luks-c0...). Select 'Create a new volume group'.
Choose the name 'ubuntu-vg' as this is what Ubuntu installer uses.
Map ubuntu-lv into 'ubuntu-vg'. Proceed as shown below.
Proceed with restoring LVM and root file system
Whether you were able to map the two crypto mapper devices, or you had to manually re-create the LVM, it should now look like this.
CURRENT SYSTEM │ IN BACKUP
│
Device Restore Size │ Device Size Usage
│
sda 127.0G │ mapper/dm... 123.9G
sda1 1.04G │ sda 127.0G
sda2 2.00G │ sda1 1.04G /boot/efi...
sda3 123.9G │ sda2 2.00G /boot (ext4)
luks-a6... 123.9G │ ubuntu-vg 123.9G
ubuntu-vg 123.9G │ ubuntu-lv 61.96G / (ext4)
ubuntu-lv ubuntu--v... 61.96G │
free 61.96G │
Proceed with the restore. Output will be slightly different, if you had to manually re-create the LVM.
RECOVERY SUMMARY
1. Add dm-0 (dm) to ubuntu-vg group
2. Create ubuntu-lv volume on ubuntu-vg group
3. Restore ubuntu-vg/ubuntu-lv (dm) to ubuntu-vg/ubuntu-lv (dm)
Restore 100% Status: Success
Time Action Duration
08:42:55 Job started at 2023-01-23 08:42:55 UTC
08:42:57 Starting volume restore
08:45:09 Waiting for backup infrastructure res... 00:00:02
08:45:11 Applying changes to disks configuration 00:00:00
08:45:11 ubuntu--vg-ubuntu--lv restored 62 GB ... 00:01:03
08:46:14 Processing finished at 2023-01-23 08:...
Even though all data, partitions, volumes, etc, have been restored, do not reboot because the system will not boot. Exit to shell and proceed with the next part.
No comments:
Post a Comment