In my original post on setting up my off-site backup, my notes on setting up the off-site disks are a bit sparse. With my home-lab now in the mix, I have decided to add another removable disk to the backup rotation so one can be attached to the lab in order to do restores from the live environment’s backups to refresh the lab’s state from live and test bare-metal disaster recovery in the lab. I originally had 2 disks, so one was always “off-site” even during updates to the other - now I will have at least 1 (usually 2) “off-site”, 1 in the lab and up-to 1 (usually 0) being updated. I will keep the newest and oldest off-site and the one in between will be in the lab, rotating them after each time the oldest is refreshed to become the new newest copy.

Prepare the disk

With a brand new USB hard disk, the first step is to partition it. The off-site automation script looks for a partition with a label matching the pattern backuppc-offsite[0-9], so I need to conform to this when creating the partition:

# parted /dev/sdb
GNU Parted 3.2
Using /dev/sdb
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt
Warning: The existing disk label on /dev/sdb will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? Yes
(parted) mkpart
Partition name?  []? backuppc-offsite3
File system type?  [ext2]? ext4
Start? 0%
End? 100%
(parted) quit

Setup encryption

As the offsite disks are encrypted, using a common passphrase, this needs to be setup on the new partition:

# cryptsetup luksFormat /dev/sdb1

This will overwrite data on /dev/sdb1 irrevocably.

Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sdb1:
Verify passphrase:

Using the new disk

The new disk has a different product id to the older pair (2344 vs 231a), breaking my UDEV powered automatic pass-through to BackupPC VM. This was just a case of adding lines to the UDEV configuration for the new id, via my configuration management tool (saltstack) by adding it to my pillar data:

        - vendor: 0x0bc2
          product: 0x231a
        - vendor: 0x0bc2
          product: 0x2344

As the backup disk is cloned to the off-site disk, I did not need to format the new disk - cloning the filesystem will put a filesystem onto the new disk for me. So, all that was needed was to attach it to the VM’s physical host and run my existing make-backuppc-offsite-backup script, unlocking the encryption when prompted.