Easy backup & restore with Clonezilla - Tips form Basic to Advanced
Ceasar Sun, Steven Shiau, Thomas Tsai http://drbl.org , http://clonezilla.org/ OSC 2016 Kyoto Time: 4:15 pm (7/29) Location: 1 号館, 4F Room C
Q3, 2016 Outline Introduction to Clonezilla – Features – Updates since 2015 Fall Tips from basic to advanced – Boot parameters – Automation – Security – Light weight Server solution Q&A
2 Outline Introduction to Clonezilla – Features – Updates since 2015 Fall Tips from basic to advanced – Boot parameters – Automation – Security – Light weight Server solution Q&A
3 About us: Free Software Lab • From Taiwan, working for the NPO NCHC (National Center for High-Performance Computing) • Developers of the free software DRBL, Clonezilla and more... • Maintenance of mirror sites: – Linux/packages mirror : http://free.nchc.org.tw – OSM cache server, OSDN mirror in Taiwan, ..
Taiwan image source: wikipedia.org
4 System imaging and cloning - backup • Why we need the bare metal recovery / deployment tool ?
image source: maggiesfarm.anotherdotcom.com www.compsults.com, and jervisdabreo.com
5 Massive system deployment
• PC classroom • Cluster computing • Massive bootable usb flash
6 What is Clonezilla? • A partition and disk imaging/cloning utility similar to True image® or Ghost® • GPL license • A bare metal recovery tool for VMFSVMFS VMware ESX/ESXi *1 *2 *3 *4 *5
*Logo*6 source: (1) Larry Ewing, Simon Budig and Anja Gerwinski, (2) Apple ,(3) Microsoft, (4) Marshall Kirk McKusick, (5) VMWare (6) Distrowatch.com
7 Clonezilla Features • Free (GPL) Software • File systems supported: – Ext2/3/4, ReiserFS, Reiser4, XFS, JFS, HFS+, BtrFS, F2FS, UFS, Minix, VMFS, NILFS2, FAT , exFAT and NTFS – Supports LVM2 – Support some hardware RAID chips (by kernel) , NVMe device • Smart copying for supported filesystem. For unsupported file systems sector-to-sector copying is done via dd. • Boot loader : syslinux, grub 1/2 ; MBR and hidden data (if exist) , uEFI boot • Serial console • Unattended mode • One image restoring to multiple local devices • Multicast supported in Clonezilla Server Edition (SE) • The image format is transparent, open and flexible • Two types of release : server & live 8 Type1 : Server mode
• DRBL live – i.e. Clonezilla Server Edition • Use for massive deployment : production line in manufactory 、 PC classroom 、 cluster computing deployment 、 ...
9 Type 2 : Live mode • Clonezilla live • Use for : – Single case 、 personal usage – Individual purpose – Collocate with server edition
10 Developers
• Steven Shiau • K. L. Huang • Ceasar Sun • Jazz Wang • Thomas Tsai • Jean-Francois Nifenecker • Louie Chen • Nagappan Alagappan
11 Language file contributors
• English (en_US): Dylan Pack. • German (de_DE): Michael Vinzenz. • Hungarian (hu_HU): Greg Marki • Spanish (es_ES): Juan Ramón Martínez and Alex Ibáñez López. • French (fr_FR): Jean-Francois Nifenecker and Jean Francois Martinez. • Italian (it_IT): Gianfranco Gentili. • Japanese (ja_JP): Akira Yoshiyama and Annie Wei. • Brazilian Portuguese (pt_BR): Marcos Pereira da Silva Cruz. • Russian (ru_RU): Anton Pryadko and Igor Melnikov. • Slovak (sk_SK): Ondrej Dzivy Balucha • Turkish (tr_TR): Ömer YILDIZ • Simplified Chinese (zh_CN): Zhiqiang Zhang and Liang Qi. • Traditional Chinese (zh_TW): T. C. Lin.
>>>>12121212 translationstranslations
12 Partners
• The following companies either embed Clonezilla in their products or promote Clonezilla: – Linmin
– eRacks Open Source Systems
– Miracle Linux
13 Updates from 2015 Fall
• New support for file system NILFS2 (Log-Structure) • Support NVMe device cloning – e.g. /dev/nvme0n1 → /dev/sda • Support a GPT disk with a special "bios_boot" partition exists in the machine using legacy BIOS. • By default the image integrity will be checked before restoring. • Support md5sum/sha1sum/sha256sum/sha512sum checking for all the regular files after restoring or cloning. (testing release, i.e. >= Clonezilla live 2.4.5-26) • Add “ocs_repository” and “ocs_preload” boot parameters • New support in Server edition : Ubuntu 16.04 Xenial 、 Fedora 23
14 Clonezilla Users Worldwide
>>>>13,000,00013,000,00013,000,00013,000,000 downloadsdownloads ;; >>>>12121212 translationstranslations 15 Outline
Introduction to Clonezilla – Features – Updates since 2015 Fall Tips from basic to advanced – Boot parameters – Automation – Security – Light weight Server solution Q&A
16 Basic Usage • Server edition: – Setup in server then run unattended mode in client • Live edition: – Step by step via Clonezilla live TUI – [Language]→ [Keyboard layout] → [repository] → [network] (if necessary) → [save/restore] → start to image
17 Boot parameters • Clonezilla support to use boot parameters to customize clone process
18 Boot Parameters Usage
• Two sources of parameters for Clonezilla(OCS) live : – 1) native live system , 2) Clonezilla only • 1) Native live system : from Debian live-boot and live-config – locales=zh_TW.UTF-8 – keyboard-layouts=NONE – Others , ex : ip 、 live-netdev 、 ... • 2) Clonezilla only – ocs_prerun 、 ocs_postrun 、 ocs_live_run – ocs_live_extra_param (only when ocs_live_run=ocs-live-restore) – ocs_debug 、 echo_ocs_prerun 、 echo_ocs_postrun – ocs_live_batch="no" – ocs_repository : define image repository for Clonezilla – ocs_preload : to fetch files into Clonezilla environment
19 Sample : Automatic Save
• Save disk into web DAV storage • Pre-seed configuration in the boot parameters, e.g: – locales=en_US.UTF-8 – keyboard-layouts=NONE – ocs_prerun1=”dhclient -v eth0” – ocs_prerun2=”ocs-tune-conf-for-webdav” – ocs_repository="http://192.168.100.180/share" – ocs_live_run=”ocs-sr -q2 -j2 -z1p -enc -p true savedisk myimg sda
20 Security Issue
• Three phase of security we should consider – Issue 1: How to make sure the delivered OS is secure ? • Especially when the OS is from Internet , ex: cloud service – Issue 2 : How to make sure the clone data transmission is secure ? • Especially data transfer via Internet – Issue 3: How to make sure the clone data is secure ? • Especially with privacy data • Storage in cloud environement
21 Solution in Clonezilla
• Issue 1 : – Use checksum file + GPG signature for Clonezilla boot files : • vmlinuz 、 initrd.img 、 filesystem.squashfs • Still cooking… • Issue 2 : – Support to use secure data channel : sshfs 、 webDAV over SSL • Issue 3: – Support to encrypt with pass-phrase in clone data
22 Screenshot
WebDAV authorization
passphrase for encryption
23 Files in the encrypted image dir The only plain text -rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 blkdev.list -rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 blkid.list file in the image dir, -rw-r--r-- 1 www-data www-data 16K Feb 20 21:29 clonezilla-img Others are encrypted -rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 dev-fs.list -rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 disk # This image was. saved with ecryptfs -rw-r--r-- 1 www-data www-data 141 Feb 20 21:29 ecryptfs.info disk_of_img="sda" parts_of_img="sda1 sda5" -rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 parts time_of_img="2016-0220-1329" -rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 sda-chs.sf disks_size_all_of_img="_8590MB" -rw-r--r-- 1 www-data www-data 1.1M Feb 20 21:27 sda-hidden-data-after-mbr -rw-r--r-- 1 www-data www-data 12K Feb 20 21:27 sda-mbr -rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 sda-pt.parted -rw-r--r-- 1 www-data www-data 12K Feb 20 21:29 sda-pt.parted.compact -rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 sda-pt.sf -rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aaa Volume size reset by -rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aab -rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aac ocstuneconfforwebdav -rw-r--r-- 1 www-data www-data 95M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aad -rw-r--r-- 1 www-data www-data 73M Feb 20 21:29 sda1.ext4-ptcl-img.gz.aae -rw-r--r-- 1 www-data www-data 760K Feb 20 21:29 sda5.ext4-ptcl-img.gz.aaa AES is not currently known to -rw-r--r-- 1 www-data www-data 12K Feb 20 21:28 swappt-sda6.info be susceptible to knownplaintext attacks.
24 Outline
Introduction to Clonezilla – Features – Updates since 2015 Fall Tips from basic to advanced – Boot parameters – Automation – Security – Light weight Server solution Q&A
25 More Advanced Usage
• If possible to put Cloneizlla service into commercial network communications device, ex: home switch 、 enterprise router 、… . • Easy to use automatic clone/deploy service in home or office for family or business company using. • Light weight Server solution – Basic idea : Put Clonezilla live into network device
*photo source: produect office web site
26 Embedded Clonezilla server with Wireless Router • Hardware: ASUS RT-N56U Wireless Router • Spec – CPU: Ralink RT3662 500MHz (MIPS) – Flash: 8MB – RAM: 128MB DDR 32bit – Wireless: 802.11 a/b/g/n Dual-band up to 300Mbps – Ethernet: 1 x WAN / 4 x LAN Gigabit port – USB: 2 x 2.0 • Goal – To be a Clonezilla service embedded device by PXE
27 Service Framework
Router switch client nodes IP pxe/etherboot pxe/etherboot e g
a DHCP 192.168.1.* 192.168.1.* m S i
O
d Trimmed down OS with clone service e d kernel/initrd z e i s TFTP packages a packages Clonezilla m packagespackages b o t s
u filesystem filesystem.squashfs + ramdisk > aufs for /
C NFS Kernel/initrd – boot up
28 Customized Steps on Asus Router Step 0: • Prepare a USB storage (flash or hard drive), at least 128M and create two folders “partimag” and “tftpboot/{nbi_img,node_root}” at root directory Step 1: Update firmware: • ASUS RT-N56U custom firmware – http://code.google.com/p/rt-n56u/ • Setup basic environment Step 2: Configure and adjust services • Configure TFTP, NFS • Patch for TFTP service ` Step 3: Prepare PXE booting for Clonezilla service • Generate necessary files for PXE booting • Custom PXE menu for Clonezilla usage Step 4: PXE boot • Here you go….
29 Screenshot
30 More
• What can it serve ? – Home user – PC classroom in school – Automatic deploy system in company – OEM produce line – … more • More details – Please visit our booth : Clonezilla
31 Our booth • Clonezilla [ 運用管理 ] • Location: – [1 号館 / アトリウム ] • More detail for: – Other projects – Demonstrations – Instructions – Others ....
We are here !!
32 Reference • Clonezilla: http://clonezilla.org • DRBL: http://drbl.org
33 QuestionsQuestions ??
Great! ?????
34