Baudisch system clone

Aus metasec wiki
Version vom 7. Oktober 2011, 08:21 Uhr von Admin (Diskussion | Beiträge) (System rescue Script)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Setup

Aktives System klonen

Alle aktiven Dienste bis auf SSH beenden
Dieses wird über /etc/init.d/* gemacht.
CF Karte formatieren
Die meisten Karten kommen als VFAT formatierte Datenträger. Diese müssen auf EXT3 geändert werden
Entweder über fdisk
oder kompfortabler über cfdisk

(Gesamt)System Sichern

 tar --exclude=/proc/* --exclude=/sys/* --exclude=/sicher/* --exclude=/tmp/* --exclude=/dev/shm/* -cvzf /sicher/name_von_sicherung.tar.gz /

Livekopie abziehen

Es besteht die Möglichkeit ein System quasi live abzuziehen. Dabei wird das Gesamte System vom Hauptdatenträger auf einen zweiten kopiert. Dieses wird am besten mit dem Tool "rsync" gmacht. Wir gehen davon aus, dass das Ziel unter /mnt eingehängt ist. Dabei ist es egal, ob das ein USB Stick oder eine weitere CF Karte ist!

cd /mnt
rsync --exclude=/proc/* --exclude=/mnt/* --exclude=/sys/* --exclude=/sicher/* --exclude=/tmp/* --exclude=/dev/shm/* -av / .

System entpacken

Wir gehen davon aus, dass das Archiv unter /sicher liegt und dass die neue CF Karte unter /mnt/ eingehängt ist

tar -numeric-owner -xvzf /sicher/name_von_sicherung.tar.gz -C /mnt/ziel

Bootloader installieren

grub-install /dev/sdc

Dateisystem UID checken

root@em-master:/# tune2fs -l /dev/sdc
tune2fs 1.41.12 (17-May-2010)
tune2fs: Bad magic number in super-block beim Versuch, /dev/sdc zu öffnen
Kann keinen gültigen Dateisystem-Superblock finden.
root@em-master:/# tune2fs -l /dev/sdc1
tune2fs 1.41.12 (17-May-2010)
Filesystem volume name:   <none>
Last mounted on:          <not available>
Filesystem UUID:          3ca4da71-4e59-40b6-85c6-e3c836b4ae15
Filesystem magic number:  0xEF53
Filesystem revision #:    1 (dynamic)
Filesystem features:      has_journal ext_attr resize_inode dir_index filetype sparse_super large_file
Filesystem flags:         signed_directory_hash
Default mount options:    (none)
Filesystem state:         clean
Errors behavior:          Continue
Filesystem OS type:       Linux
Inode count:              128256
Block count:              512560
Reserved block count:     25628
Free blocks:              194480
Free inodes:              96868
First block:              0
Block size:               4096
Fragment size:            4096
Reserved GDT blocks:      125
Blocks per group:         32768
Fragments per group:      32768
Inodes per group:         8016
Inode blocks per group:   501
Filesystem created:       Sat Oct  1 12:52:34 2011
Last mount time:          Sat Oct  1 12:53:28 2011
Last write time:          Sat Oct  1 14:19:00 2011
Mount count:              1
Maximum mount count:      35
Last checked:             Sat Oct  1 12:52:34 2011
Check interval:           15552000 (6 months)
Next check after:         Thu Mar 29 12:52:34 2012
Reserved blocks uid:      0 (user root)
Reserved blocks gid:      0 (group root)
First inode:              11
Inode size:               256
Required extra isize:     28
Desired extra isize:      28
Journal inode:            8
Default directory hash:   half_md4
Directory Hash Seed:      9444ed0c-209c-494d-adac-c7b5ad5fb535
Journal backup:           inode blocks

Dateisystem UID setzen und System anpassen

Die UID kann beliebig sein.

tune2fs -U 3ca4da71-4e59-40b6-85c6-e3c836b4a666 /dev/sdc1

udev anpassen

rm /sicher/etc/udev/rules.d/70-persistent-net.rules

GRUB Debug

GRUB's normal start-up procedure involves setting the ‘prefix’ environment variable to a value set in the core image by grub-install, setting the ‘root’ variable to match, loading the ‘normal’ module from the prefix, and running the ‘normal’ command (see normal). This command is responsible for reading /boot/grub/grub.cfg, running the menu, and doing all the useful things GRUB is supposed to do.

If, instead, you only get a rescue shell, this usually means that GRUB failed to load the ‘normal’ module for some reason. It may be possible to work around this temporarily: for instance, if the reason for the failure is that ‘prefix’ is wrong (perhaps it refers to the wrong device, or perhaps the path to /boot/grub was not correctly made relative to the device), then you can correct this and enter normal mode manually:

    # Inspect the current prefix (and other preset variables):
    set
    # Find out which devices are available:
    ls
    # Set to the correct value, which might be something like this:
    set prefix=(hd0,1)/grub
    set root=(hd0,1)
    insmod normal
    normal

System rescue Script

#!/bin/bash
#
#       METASEC RESTORE SCRIPT FOR CF MEDIA
#       (c) Lukas Ziaja <lz@metasec.de>
#       v1      01.10.2011
#               Initial Setup
#       v2      05.10.2011
#               added restore dir parameter
#

REST_DIR="/restore"

if [ -z $1 ];then
    echo "Bitte Archivdatei angeben"
    exit
fi

if [ -z $2 ];then
    echo "Bitte Zeildevice angeben"
    exit
fi

echo "Archhiv $1 wird nun auf $2 wiederhergestellt"
echo "!!!DABEI GEHEN ALLE DATEN AUF DEM ZIEL VERLOREN!!!"
echo "bitte \"ja\" eingeben zum weitermachen"

read input
if [ "$input" != "ja" ];then
    echo "Programm wird abgebrochen..."
    exit
fi

echo "Arichv wird nun wiederherstellt...."
echo "Dieser Vorgang wird nun etwas dauern"

# make fs
mkfs.ext3 $2
mkdir -p $REST_DIR
mount $2 $REST_DIR
tar --numeric-owner -xvzf $1 -C $REST_DIR

if [ ! -e $REST_DIR/$2 ];then
    echo "Bitte Zeildevides noch anlegen...."
    read
fi;

fs_id=`tune2fs -l $2|grep "Filesystem UUID"|awk '{print $3}'`
# setting grub data
cp /root/grub.cfg $REST_DIR/boot/grub/
sed -i "s/@@UID@@/$fs_id/g" $REST_DIR/boot/grub/grub.cfg

cp fstab $REST_DIR/etc
sed -i "s/@@UID@@/$fs_id/g" $REST_DIR/etc/fstab

# do some clean ups
rm $REST_DIR/etc/udev/rules.d/70-persistent-net.rules

# write bootloader
cp /root/finish_rebuild.sh $REST_DIR/root/finish_rebuild.sh
chroot $REST_DIR /root/finish_rebuild.sh `echo $2|tr -d 0-9`

umount $REST_DIR

echo "Done!"

finish_rebuild.sh

#!/bin/bash
mount /proc
grub-install $1
umount /proc

fstab

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
proc            /proc           proc    defaults        0       0
# / was on /dev/sda1 during installation
UUID=@@UID@@ /               ext3    nodiratime,noatime,rw,errors=remount-ro,commit=120 0       1
# swap was on /dev/sda5 during installation
# UUID=90a1df6f-2535-43c6-b1aa-c1f3a7399cad none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0
/dev/fd0        /media/floppy0  auto    rw,user,noauto  0       0
tmpfs           /tmp            tmpfs defaults,noatime,mode=1777 0 0
tmpfs           /var/tmp        tmpfs defaults,noatime,mode=1777 0 0

grub.cfg

#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  load_env
fi
set default="0"
if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  insmod vbe
  insmod vga
  insmod video_bochs
  insmod video_cirrus
}

insmod part_msdos
insmod ext2
set root='(hd1,msdos1)'
search --no-floppy --fs-uuid --set @@UID@@
if loadfont /usr/share/grub/unicode.pf2 ; then
  set gfxterm_font="10"
  set gfxmode=240x260
  set gfxpayload=keep
  load_video
  insmod gfxterm
fi
terminal_output gfxterm
insmod part_msdos
insmod ext2
set root='(hd1,msdos1)'
search --no-floppy --fs-uuid --set @@UID@@
set locale_dir=($root)/boot/grub/locale
set lang=en
insmod gettext
set timeout=20
play 480 440 1
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=black/white
set menu_color_highlight=white/red
### END /etc/grub.d/05_debian_theme ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Baudisch SIP NETBOX' --class debian --class gnu-linux --class gnu --class os {
        insmod part_msdos
        insmod ext2
        set root='(hd1,msdos1)'
        search --no-floppy --fs-uuid --set @@UID@@
        echo    'Loading Linux 2.6.39.3 ...'
        linux   /boot/vmlinuz-2.6.39.3 root=/dev/sdb1 ro console=ttyS0,115200 console=tty0
}


### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.



### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###

Weiterführende Links

Allgemeines Vorgehen und Optimierungen beim Umgang mit SSD oder CF Medien http://o-o-s.de/?p=1742