Full Backup / Clone SSD possible, how?

[crissi]

Hello,
as i have do add a lot of customization like for Unbound, NTOpng / GeoMaps and DNSCrypt
Proxy, i was wondering if i can clone the whole SSD to another SSD (Cold Standby)
in case if a Power Outage happens, or the System complete crash, etc..

Thx!

[cookiemonster]

I have thought about this a little.
The problem with cloning is that if you want to do it when the system is running and the system is not virtualised, then options are fewer. Nothing is already builtin that I am aware of. The main issue is that an OS can't clone itself. It needs something outside of it to clone it.
But then if we're using zfs then there are zfs clone, send > receive, and boot environments to come to some help but is is not cloning.

[crissi]

Thx, yes, system is not virtualized. and possible offline option? install freebsd in virtual box and connect both drives via USB, and use dd?

[tiermutter]

I used cloned SSD as backup a few years ago, worked fine so far.
Now Im cloning my SSD to images which are saved directy via LAN on my NAS. This works also fine, did a restore on another machine (same hardware) a few months ago, worked perfectly.
For sure this backup is done offline, but it just takes me about 10 minutes.

[fabian]

Cold standby is likely not working but hot stand by should work.

Either by using RAID 1 or HAST

https://docs.freebsd.org/en/books/handbook/disks/#disks-hast

[Patrick M. Hausen]

The main issue is that an OS can't clone itself. It needs something outside of it to clone it.

Why should an OS not be able to clone itself? Let's assume our single OPNsense disk device is ada0

• connect console
• boot in single user mode
• connect MBR/FAT32 formatted USB drive
• mount -t msdosfs /dev/da0s1 /mnt
• dd if=/dev/ada0 bs=1m | gzip -c >/mnt/OPNsense-ada0.img.gz
• umount /mnt
• unplug USB drive, reboot

You now have a complete copy of your OPNsense installation in a single compressed image file on that thumbdrive.

HTH,
Patrick

[cookiemonster]

Right but that is not done itself. In your example it was presumably a human connecting the console, booting to single user mode, etc. Unless you tell me how to put that in cron, it is still not itself.

[Patrick M. Hausen]

Right but that is not done itself. In your example it was presumably a human connecting the console, booting to single user mode, etc. Unless you tell me how to put that in cron, it is still not itself.

Right. I interpreted your remark as "definitely needs external tooling" - which it doesn't. But you cannot get a consistent clone from the live running system in regular intervals, correct.

OTOH the OP did ask for a single image copy at some single point in time and not for anything automated. So with my command summary it is perfectly possible to generate an image that can be put back on e.g. a new SSD in a very similar fashion.

@crissi - if that is indeed what you need, you can try the procedure I outlined and if it works for you I will of course also tell you how to write that image back onto an SSD.

[cookiemonster]

OTOH the IP did ask for a single image copy at some single point in time and not for anything automated. So with my command summary it is perfectly possible to generate an image that can be put back on e.g. a new SSD in a very similar fashion.

That is very true too.
I keep wishing freebsd's ufs or zfs had inexpensive tooling available to do what other OSs can. Have a client on the running OS that can take the backups (full, incremental, etc.) and ship it out to network/other storage. But having the option of block level as well as file level.
Veem springs to mind that I use to backup win clients to a ZFS-based storage appliance. I just have scheduled a regular full baremetal image as the belt and braces element of the backups strategy. I can't use if for OPN though :(

[Patrick M. Hausen]

For UFS dump and restore are included, off-system can easily achieved via SSH. Same for ZFS with ZFS snapshots and zfs send|zfs receive. All the tooling is there.

[crissi]

@pmhausen

Thx, image is created , how exactly write back?

[Patrick M. Hausen]

Boot with console connected from OPNsense install USB drive. Don't log in as "installer" but as "root". You now have a live system. If the commands I suggested worked exactly as I wrote, then:

• plug in second USB drive with your image
• mount -t msdosfs /dev/da1s1 /mnt
• gzip -dc /mnt/OPNsense-ada0.img.gz | dd of=/dev/ada0 bs=1m
• shutdown -p now
• remove both USB drives
• power on

[crissi]

thanks a lot, the restore of the image worked, fw is up and running again :)

it would be really great, if there would be the possibility in future to implement this in a script / or plugin, and also have the option to send the image to a shared network folder.

Thank you All for your Help!

[lfirewall1243]

Isnt it faster to reinstall OPNsense completly (done in 5 Minutes) and import the config Backup?

[cookiemonster]

Isnt it faster to reinstall OPNsense completly (done in 5 Minutes) and import the config Backup?

I guess not really if there are any custom-changes in the filesystem, see for instance https://forum.opnsense.org/index.php?topic=25736.0