2

Although my overall objectives is to do something on Amazon Web Services (AWS), my specific question is agnostic to AWS.

Background

My objective is to use Packer to create an Amazon Machine Image (AMI) with several different paths mounted to different filesystems to improve security. E.g. /tmp should be mounted to a filesystem with the noexec option.

The fact that I want to create an automated process for making an AMI means that I can't execute re-mounting commands in the instance itself, so I am instead using the Packer amazon-chroot builder. This means I run an EC2 Instance, and run Packer from that EC2 Instance. Packer will then mount an EBS Volume taken from an EBS Snapshot used with a "source AMI". I now need to perform some operations on the mounted EBS Volume.

My Question

One of my first steps is to take a complete backup of of the block device mounted to /mnt/ebs.

According to the excellent presentation at this exact part https://youtu.be/8h_Y-L1Q8xI?t=13m47s, the speaker recommends doing this by first unmounting the device and then using tar.

He repeats this order of operations later in the presentation. My specific question is: how can I create a tar backup of the contents of a device if it's not mounted in the first place? Also, is the point of unmounting it first to guarantee that it's in a consistent state, that no further writes occur during backup, or something else?

As an aside, I can't seem to unmount the device without the umount -l option, despite checking for busy processes using fuser or lsof but I'll leave those details to another question.

Note that I am using Amazon Linux, which is similar to CentOS but doesn't use systemd.

Improve this question

1 Answer 1

Reset to default
1

No, it is not possible to back up an un-mounted filesystem with tar.

Tar is expecting to back up files, but as you suspected, with the filesystem unmounted, the files are unavailable to tar.

Notice that the presenter states:

...first we unmount everything that Packer just mounted for us...

He didn't state what Packer mounted, but take a close look at that screenshot of the script: it excludes various mount points, such as /proc and /dev. That means something is in fact mounted; I'm assuming it's a fake root with the pseudo filesystems bind-mounted.

The ideal way to create a tar-based backup is to mount the filesystem read-only. The purpose is to maintain the integrity of the filesystem while the backup is in progress; You don't want changes being made during the backup process.

It seems like you can take a snapshot of the EBS volume in question, mount it elsewhere as read-only, and then create your tar archive from there.

Improve this answer
2
  • Very helpful! The second-to-last paragraph exactly answered my question. Thank you! Commented Feb 10, 2017 at 3:07
  • surely if I captured a disk image (dd if=/dev/sda of=/intermediate-storage/sda.img) i could then create a tar archive containing the sda image, I'd like to do this without the intermediate storage device, there's no flag in tar to treat block devices like normal files? Commented Jan 26, 2021 at 21:13

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.