Copy an LUKS encrypted volume from a Virtual Machine to a Linode?
I am trying to do as the subject line suggests. A similar question was answered recently, here:
https://www.linode.com/community/questions/16930/migrate-debian-93-virtualbox-vm-to-linode
Mine differs mainly in that my virtual machine has been full-disk LUKS encrypted. I would like to maintain this encryption after uploading the virtual machine's image to Linode. Therefore, transferring files via rsync (as in the answer above) is out of the question.
Is it possible to transfer such a virtual machine to a Linode? The transfer would have to take place at the BLOCK DEVICE LEVEL, and Linode would have to provide some kind of interface for the virtual hardware's boot loader, in order to input the LUKS passphrase.
I do not require a step-by-step guide or anything but would be very grateful to receive assurance of feasibility and a brief explanation. Thank you for your time.
1 Reply
Hello,
This should be feasible. I've done some digging and per our guide on LUKS Volumes, you can use this type of encryption, however the passphrase will need to be entered manually at each boot. This can be done via the LiSH Console.
It seems to me that the best way to accomplish the actual copy would be to follow the steps in our guide on Copying a Disk Over SSH. Because this guide utilizes the 'dd' command, the copy will happen at the block level.
Basically, you'll want to just follow the guide on Copying a Disk Over SSH, which will have you run a command similar to:
ssh user@ip.address "dd if=/dev/sda" | dd of=/path/to/image.img
This will copy your virtual machine's drive to your local machine. Substitute '/dev/sda' for whatever your VM's drive is called. The command then needs to be reversed to write the image to your Linode:
dd if=/path/to/image.img | ssh user@linode.ip.address "dd of=/dev/sda"
This time you probably want to leave '/dev/sda' as it is, since that is the default location for a Linode's main drive.
There are more steps to this process, as the drive needs to be mounted, the system needs to be in Rescue Mode to copy/write the image to/from the drives, etc but the guide will walk you through them. I've included those two commands as they are the ones that will actually copy and write the image for you.