- tips form basic to advanced - drbl -...
TRANSCRIPT
Easy backup & restore with Clonezilla
- Tips form Basic to Advanced
Ceasar Sun, Steven Shiau, Thomas Tsai
http://drbl.org , http://clonezilla.org/
OSC 2016 Kyoto
Time: 4:15 pm (7/29)
Location: 1 号館, 4F Room CQ3, 2016
2
Outline Introduction to Clonezilla
– Features
– Updates since 2015 Fall
Tips from basic to advanced– Boot parameters
– Automation
– Security
– Light weight Server solution
Q&A
3
Outline Introduction to Clonezilla
– Features
– Updates since 2015 Fall
Tips from basic to advanced– Boot parameters
– Automation
– Security
– Light weight Server solution
Q&A
4
About us: Free Software Lab• From Taiwan, working for the NPO NCHC
(National Center for High-Performance Computing)
• Developers of the free software DRBL, Clonezilla and more...
• Maintenance of mirror sites:– Linux/packages mirror : http://free.nchc.org.tw – OSM cache server, OSDN mirror in Taiwan, ..
Taiwan image source: wikipedia.org
5
System imaging and cloning - backup
image source: maggiesfarm.anotherdotcom.comwww.compsults.com, and jervisdabreo.com
• Why we need the bare metal recovery / deployment tool ?
7
What is Clonezilla?• A partition and disk imaging/cloning utility similar to
True image® or Ghost® • GPL license• A bare metal recovery tool for
*Logo source: (1) Larry Ewing, Simon Budig and Anja Gerwinski, (2) Apple ,(3) Microsoft, (4) Marshall Kirk McKusick, (5) VMWare (6) Distrowatch.com
*2 *3 *4 *5
VMFSVMFSVMware
ESX/ESXi
*6
*1
8
Clonezilla Features• Free (GPL) Software
• File systems supported: – Ext2/3/4, ReiserFS, Reiser4, XFS, JFS, HFS+, BtrFS, F2FS, UFS,
Minix, VMFS, NILFS2, FAT , exFAT and NTFS
– Supports LVM2
– Support some hardware RAID chips (by kernel) , NVMe device
• Smart copying for supported filesystem. For unsupported file systems sector-to-sector copying is done via dd.
• Boot loader : syslinux, grub 1/2 ; MBR and hidden data (if exist) , uEFI boot
• Serial console
• Unattended mode
• One image restoring to multiple local devices
• Multicast supported in Clonezilla Server Edition (SE)
• The image format is transparent, open and flexible
• Two types of release : server & live
9
Type1 : Server mode
• DRBL live– i.e. Clonezilla Server Edition
• Use for massive deployment : production line in manufactory 、 PC classroom 、 cluster computing deployment 、 ...
10
Type 2 : Live mode• Clonezilla live• Use for :
– Single case 、 personal usage
– Individual purpose
– Collocate with server edition
11
Developers• Steven Shiau
• K. L. Huang
• Ceasar Sun
• Jazz Wang
• Thomas Tsai
• Jean-Francois Nifenecker
• Louie Chen
• Nagappan Alagappan
12
Language file contributors• English (en_US): Dylan Pack.
• German (de_DE): Michael Vinzenz.
• Hungarian (hu_HU): Greg Marki
• Spanish (es_ES): Juan Ramón Martínez and Alex Ibáñez López.
• French (fr_FR): Jean-Francois Nifenecker and Jean Francois Martinez.
• Italian (it_IT): Gianfranco Gentili.
• Japanese (ja_JP): Akira Yoshiyama and Annie Wei.
• Brazilian Portuguese (pt_BR): Marcos Pereira da Silva Cruz.
• Russian (ru_RU): Anton Pryadko and Igor Melnikov.
• Slovak (sk_SK): Ondrej Dzivy Balucha
• Turkish (tr_TR): Ömer YILDIZ
• Simplified Chinese (zh_CN): Zhiqiang Zhang and Liang Qi.
• Traditional Chinese (zh_TW): T. C. Lin.
>>1212 translations >>1212 translations
13
Partners
• The following companies either embed Clonezilla in their products or promote Clonezilla:– Linmin
– eRacks Open Source Systems
– Miracle Linux
14
Updates from 2015 Fall• New support for file system NILFS2 (Log-Structure)
• Support NVMe device cloning
– e.g. /dev/nvme0n1 → /dev/sda
• Support a GPT disk with a special "bios_boot" partition exists in the machine using legacy BIOS.
• By default the image integrity will be checked before restoring.
• Support md5sum/sha1sum/sha256sum/sha512sum checking for all the regular files after restoring or cloning. (testing release, i.e. >= Clonezilla live 2.4.5-26)
• Add “ocs_repository” and “ocs_preload” boot parameters
• New support in Server edition : Ubuntu 16.04 Xenial 、 Fedora 23
15
Clonezilla Users Worldwide
>>13,000,00013,000,000 downloads ; >>1212 translations >>13,000,00013,000,000 downloads ; >>1212 translations
16
Outline Introduction to Clonezilla
– Features
– Updates since 2015 Fall
Tips from basic to advanced– Boot parameters
– Automation
– Security
– Light weight Server solution
Q&A
17
Basic Usage• Server edition:
– Setup in server then run unattended mode in client
• Live edition:– Step by step via Clonezilla live TUI
– [Language]→ [Keyboard layout] → [repository] → [network] (if necessary) → [save/restore] → start to image
19
Boot Parameters Usage• Two sources of parameters for Clonezilla(OCS) live :
– 1) native live system , 2) Clonezilla only
• 1) Native live system : from Debian live-boot and live-config
– locales=zh_TW.UTF-8
– keyboard-layouts=NONE
– Others , ex : ip 、 live-netdev 、 ...
• 2) Clonezilla only
– ocs_prerun 、 ocs_postrun 、 ocs_live_run
– ocs_live_extra_param (only when ocs_live_run=ocs-live-restore)
– ocs_debug 、 echo_ocs_prerun 、 echo_ocs_postrun
– ocs_live_batch="no"
– ocs_repository : define image repository for Clonezilla
– ocs_preload : to fetch files into Clonezilla environment
20
Sample : Automatic Save
• Save disk into web DAV storage • Pre-seed configuration in the boot parameters, e.g:
– locales=en_US.UTF-8
– keyboard-layouts=NONE
– ocs_prerun1=”dhclient -v eth0”
– ocs_prerun2=”ocs-tune-conf-for-webdav”
– ocs_repository="http://192.168.100.180/share"
– ocs_live_run=”ocs-sr -q2 -j2 -z1p -enc -p true savedisk myimg sda
21
Security Issue
• Three phase of security we should consider– Issue 1: How to make sure the delivered OS is secure ?
• Especially when the OS is from Internet , ex: cloud service
– Issue 2 : How to make sure the clone data transmission is secure ?
• Especially data transfer via Internet– Issue 3: How to make sure the clone data is secure ?
• Especially with privacy data• Storage in cloud environement
22
Solution in Clonezilla
• Issue 1 : – Use checksum file + GPG signature for Clonezilla boot
files :
• vmlinuz 、 initrd.img 、 filesystem.squashfs• Still cooking…
• Issue 2 :– Support to use secure data channel : sshfs 、 webDAV
over SSL
• Issue 3:– Support to encrypt with pass-phrase in clone data
24
Files in the encrypted image dir-rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 blkdev.list
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 blkid.list
-rw-r--r-- 1 www-data www-data 16K Feb 20 21:29 clonezilla-img
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 dev-fs.list
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 disk
-rw-r--r-- 1 www-data www-data 141 Feb 20 21:29 ecryptfs.info
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 parts
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 sda-chs.sf
-rw-r--r-- 1 www-data www-data 1.1M Feb 20 21:27 sda-hidden-data-after-mbr
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 sda-mbr
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 sda-pt.parted
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 sda-pt.parted.compact
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 sda-pt.sf
-rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aaa
-rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aab
-rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aac
-rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aad
-rw-r--r-- 1 www-data www-data 73M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aae
-rw-r--r-- 1 www-data www-data 760K Feb 20 21:29 sda5.ext4-ptcl-img.gz.aaa
-rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 swappt-sda6.info
The only plain textfile in the image dir,Others are encrypted
.# This image was saved with ecryptfsdisk_of_img="sda"parts_of_img="sda1 sda5"time_of_img="2016-0220-1329"disks_size_all_of_img="_8590MB"
AES is not currently known tobe susceptible to knownplaintextattacks.
Volume size reset by ocstuneconfforwebdav
25
Outline Introduction to Clonezilla
– Features
– Updates since 2015 Fall
Tips from basic to advanced– Boot parameters
– Automation
– Security
– Light weight Server solution
Q&A
26
More Advanced Usage
• If possible to put Cloneizlla service into commercial network communications device, ex: home switch 、 enterprise router …、 .
• Easy to use automatic clone/deploy service in home or office for family or business company using.
• Light weight Server solution
– Basic idea : Put Clonezilla live into network device
*photo source: produect office web site
27
Embedded Clonezilla server with Wireless Router• Hardware: ASUS RT-N56U Wireless
Router
• Spec– CPU: Ralink RT3662 500MHz (MIPS)
– Flash: 8MB
– RAM: 128MB DDR 32bit
– Wireless: 802.11 a/b/g/n Dual-band up to 300Mbps
– Ethernet: 1 x WAN / 4 x LAN Gigabit port
– USB: 2 x 2.0
• Goal– To be a Clonezilla service embedded device by
PXE
28
Cus
tom
ized
imag
eb
ased
OS
Trimmed down OS with clone service
Service Framework
IPDHCP
pxe/etherboot
kernel/initrdTFTP
NFS filesystem
pxe/etherboot192.168.1.*
Router client nodesswitch
192.168.1.*
filesystem.squashfs + ramdisk > aufs for / Kernel/initrd – boot up
Clonezilla packagespackagespackagespackages
29
Customized Steps on Asus RouterStep 0: • Prepare a USB storage (flash or hard drive), at least 128M and create two
folders “partimag” and “tftpboot/{nbi_img,node_root}” at root directory
Step 1: Update firmware:• ASUS RT-N56U custom firmware
– http://code.google.com/p/rt-n56u/
• Setup basic environment
Step 2: Configure and adjust services• Configure TFTP, NFS
• Patch for TFTP service
Step 3: Prepare PXE booting for Clonezilla service• Generate necessary files for PXE booting
• Custom PXE menu for Clonezilla usage
Step 4: PXE boot
• Here you go….
`
31
More
• What can it serve ?– Home user
– PC classroom in school
– Automatic deploy system in company
– OEM produce line
– … more
• More details– Please visit our booth : Clonezilla
32
Our booth• Clonezilla
[ 運用管理 ]• Location:
– [1 号館 / アトリウム ]
• More detail for:– Other projects
– Demonstrations
– Instructions
– Others ....
We are here !!