Encrypted Volume and File System v2.2 Administrator Guide (777846-001, April 2014)
10. Merge the backup volume back with the original LVM volume using the lvmerge command.
For example:
# lvmerge /dev/vg01/lvol5backup /dev/vg01/lvol5
Example
In the following example, the administrator splits the /dev/vg01/lvol5 mirror volume and
creates the /dev/vg01/lvol5backup volume. The target is the EVS volume/dev/evfs/vg01/
lvol6. The dd command receives cleartext from the source EVS volume and the target EVS volume
encrypts the data.
# lvsplit –s backup /dev/vg01/lvol5 (LVM creates the /dev/vg01/lvol5backup volume.)
# evfsvol map /dev/vg01/lvol5backup
# evfsvol check -r /dev/evfs/vg01/lvol5backup
# evfsvol enable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase.)
# evfsvol display /dev/evfs/vg01/lvol6 (Verify that the target EVFS volume is enabled)
# dd bs=64k if=/dev/evfs/vg01/lvol5backup of=/dev/evfs/vg01/lvol6
# evfsvol disable -k mykey /dev/evfs/vg01/lvol5backup (evfsvol prompts for
a passphrase if there is no stored passphrase)
# evfsadm unmap /dev/evfs/vg01/lvol5backup
# lvmerge /dev/vg01/lvol5backup /dev/vg01/lvol5
Creating encrypted backup media on a second EVS volume using a file utility (LVM mirrored
volumes)
If you have LVM mirrored volumes, use the following procedure to perform online encrypted backups
to a second (target) EVS volume using a file-based backup utility, such as tar or cp.
To use this backup procedure, you must have the appropriate file permissions to access the EVS
volume device file and meet at least one of the following criteria:
• You are the volume owner.
• You are an authorized user for the volume.
• A stored passphrase exists for one of the volume's user key pairs, and you know the key ID
for the key pair.
CAUTION: You must enable encryption and decryption on both the source volume and target
volume. This requirement causes the backup utility to receive cleartext data from the source EVS
volume, and causes EVFS to encrypt the data when writing it to the target EVS volume.
Do not back up data from a volume with EVFS encryption and decryption disabled to a volume
with EVFS encryption and decryption enabled. If you do, the data is encrypted twice.
1. Configure the mirror, if you have not already done so. Create the mirror copy using the
lvcreate –m or lvextend –m command. Configure EVFS on the LVM volume using the
evfsadm map and evfsvol create commands. Enable the EVS volume using the evfsvol
enable command, and migrate data to the EVS volume, if necessary.
2. Split the mirrored LVM volume into two logical volumes using the lvsplit command. In the
following example, the mirror LVM volume device file is /dev/vg01/lvol5 and the –s
backup option creates a backup mirror volume name using the suffix backup (/dev/vg01/
lvol5backup):
# lvsplit –s backup /dev/vg01/lvol5
Logical volume "/dev/vg01/lvol5backup" has been successfully created
with character device "/dev/vg01/rlvol5backup".
Logical volume "/dev/vg01/lvol5" has been successfully split.
Volume Group configuration has been saved in /etc/lvmconf/vg01.conf
3. Map the backup volume to EVFS. For example:
# evfsvol map /dev/vg01/lvol5backup
This creates the device files /dev/evfs/vg01/lvol5backup and /dev/evfs/vg01/
rlvol5backup.
84 Backing up and restoring data on EVS volumes