This chapter explains how to perform a bare-metal recovery of Linux or Windows running on a standard Intel system. You should be able to use this procedure to recover any other operating system that runs on standard Intel systems. It has been tested with CentOS 4.0.2 (also known as RedHat Enterprise 4), Windows 2000, and Windows XP. (This procedure does not work with Macintosh Intel systems because they are customized for Mac OS. See Chapter 14 for the Mac OS procedure.) The procedure requires only open-source tools.
This chapter is a collaboration between Reed Robins and W. Curtis Preston. Reed is a data protection specialist with GlassHouse Technologies.
This procedure works for a Windows-only system, but it does use a Linux distribution that can run straight from a CD. Windows users will have to run a few Linux commands, but we do our best to keep them simple. If we had found an open-source bare-metal recovery tool that runs on Windows, we would have written a separate chapter for it. Unfortunately, at this writing, that doesn’t exist.
If you’re a Windows user who has never touched Linux, we urge you to at least try the procedures in this chapter before giving up on the idea. If you still find them too difficult, we also cover G4L, which is an open-source product that is similar to the commercial product Ghost. It uses Linux but requires much less interaction with the operating system. Finally, we also mention a few commercial products at the end of the chapter.
Due to the availability of inexpensive disk and the ease of recovery that disk brings to the table, this is an entirely disk-based procedure. You can use a Unix NFS share or a Windows share as a target. Any disk-like target that can be mounted before a backup or restore will work with this procedure. If you’re interested in other disk targets, it would be worthwhile to read through the complete backup and recovery HOWTO on the Linux Documentation Project at http://www.tldp.org/HOWTO. This HOWTO has helpful hints for reducing the amount of information being backed up for a minimal OS restore.
Most system administrators are familiar with the typical bare-metal recovery answer: install a minimal operating system and recover on top of it. However, this procedure presents several problems. It takes too long, you could run into open-file conflicts, and it is difficult to document and recover operating system customizations.
Like the other bare-metal recovery procedures in this book, this procedure does not require a reinstallation of the operating system in order to recover it. It breaks down into six major steps:
Back up the important metadata.
Back up the operating system with a native utility.
Boot from alternate media.
Prepare the new root drive.
Restore the boot block to the new root disk.
Restore the operating system information.
We’ll start with some background and then describe the general aspects of each step. Ultimately, we will provide a detailed procedure for each method described. Before you can choose a backup and recovery method, though, you have some decisions to make, as outlined in the next section.
This chapter spends the next several pages explaining a lot of the theory and manual steps behind a bare-metal recovery of an Intel system. Just like a lot of manuals, the good stuff is at the end. If you want to jump right to the method that applies to you, this section should give you just enough detail to know which section to jump to.
If you’re running Windows and have never typed anything at a Linux prompt, you should probably proceed to the section “Automate Bare-Metal Recovery with G4L.” It describes a menu-driven method of bare-metal recovery. (If you want a menu-driven method, this is the only one we discuss.)
If any of the following apply to you, you must use either G4L or the alt-boot full image method:
If you’re running the Linux Volume Manager (LVM) or other software RAID system
If you’re using an IA64 system
If your partition tables contain references to an extended partition table
If any of the previous conditions apply to you, the following conditions do not apply to you:
For a manual method, see the section “Alt-Boot Full Image Method”; for an automated method, check out the “Automate Bare-Metal Recovery with G4L” section.
If you’re running Linux and want to try to create live bare-metal backups, you should jump right to the section “Live Method” later in this chapter.
If you’re using a dual-boot Linux/Windows system, and you don’t mind a little downtime to get a bare-metal backup, you should probably check out the alt-boot filesystem or alt-boot partition image method. These methods can also be automated using the tool discussed in the section “Automate Bare-Metal Recovery with G4L,” later in this chapter.
Our goal was to perform a bare-metal backup of an Intel system without using commercial tools. To use the procedures we developed, you have to make three decisions:
Will you back up while the system is running (live) or while it is booted from an alternate boot disk?
If using an alternate boot disk, will you back up at the block/image level or the filesystem level?
If backing up at the image level, will you back up the entire drive as one image or as separate partitions?
The first choice to make is whether you will back up your system while it’s running (live) or back it up while it’s booted from alternate media. Backing it up live involves using filesystem-level backup commands to back up the files on your running system.
If you’re running Windows, this choice is already made for you. You need to use
the alternate boot method because, as of this writing, there is no backup format that
can be written in Windows and read in Linux that also supports ACLs. There are rays of
hope, though. We can now easily mount and create NTFS filesystems in Linux, the
mtftar
command can read NTBACKUP
tapes, and the community developing the pax
utility says that pax
is starting
to support ACLs.
The biggest advantage to backing up your system live is that it does not require downtime for the backup. Depending on your operating system, though, there may be issues with open files or system configuration databases. If it’s important that you back up your system live, just make sure you test the procedure well to make sure that you’ve dealt with all the issues specific to your operating system and platform.
If you cannot take your system down for an occasional bare-metal backup, and you can’t make the live backup method work for you, read the section “Commercial Solutions” at the end of this chapter.
If you cannot take your system down for an occasional bare-metal backup, the other option is to back up your system while it is booted from an alternate boot disk, such as a LiveCD Linux distribution, during backup. (A LiveCD is a Linux distribution designed to give you a fully functional Linux operating system by simply booting from a CD.) The alt-boot method, as this is called, also offers a number of advantages, such as not having to worry about filesystem formats. It does this by backing up at the block (or image) level, which is not possible when backing up live. It’s only disadvantage is that it requires your system to be unavailable during the entire backup. This shouldn’t be a problem for home users and some small businesses, but others may find this limitation unacceptable.
We use the terms live and alt-boot as shorthand for these two backup options.
If you’re using the alt-boot method, you can access your data as filesystems or
raw disk devices.
If you back up the data using the raw disk
device (for example, /dev/hda or /dev/hda1), we say that you’re backing up at the image
level. The other option is to back up the data as filesystems by mounting them and
using a tool such as tar
. (You cannot perform a
filesystem backup and restore of NTFS partitions.)
We’ll use the terms image or filesystem as shorthand for these two backup options.
Backing up at the image level gives you the advantage of not having to care about the operating system that’s using the drive. As long as you back up all the bytes that are on the hard drive and restore them back to the same partition, everything will work fine. This is how we can easily back up a Windows system using Linux.
The biggest disadvantage of image-level backups is that they back up every byte on the drive whether it’s being used or not. If you’ve got a 10 GB partition, you’re going to get a 10 GB backup, even if there’s only 1 GB of files on that partition. (Compression should help get rid of those empty blocks but will probably lengthen the backup time.) Another disadvantage of image-level backups is that they are all-or-nothing. You cannot restore individual files from an image-level backup.
If you’re using the alt-boot method and have decided to back up at the image level, you have another decision to make. Will you back up the operating system drive as one large image (/dev/hda) or as separate partitions (/dev/hda1, /dev/hda2, and so on)? In order to back up at the partition level, you need to have multiple partitions on your hard drive. Read the sidebar “Partition Your OS Drive” later in this chapter.
We’ll use the terms full or partition as shorthand terms for these two backup options.
Backing up the entire OS drive as one large partition has one major advantage: recovery is incredibly simple. You don’t have to worry about repartitioning the hard drive for recovery, and you don’t have to worry about the boot block (the master boot record, or MBR). Just back up the entire drive as one large image, and you’re done.
The disadvantage of this method is the size of today’s hard drives. If you back up the entire hard drive as one image, you may need to create a single image that’s hundreds of gigabytes—or even a terabyte. Wow! Besides the space required to store such an image, backing up hundreds of gigabytes with one backup command could take an extremely long time—and your system is down the entire time.
The other method would be to create multiple partitions and back up each partition
separately. This allows you to use the bare-metal procedure only for the partitions
that contain the operating system, and use filesystem backup techniques (such as
Amanda, BackupPC, Bacula, rsnapshot
, and rdiff-backup
) for the rest of the system. It also allows
you to run backups of all partitions simultaneously, speeding up the whole
process.
There are disadvantages to the partition method when compared to the full disk method, all of which are about complexity. You’ll need to understand more about how your drive is partitioned, and you’ll need to worry about backing up and recovering the partition table and MBR. When you partition your hard drive for recovery, you have to create partitions of the right size to recover to. If you make them too small, the recovery won’t work; if you make them too large, you’ll be wasting disk.
The three decisions just described translate into four backup methods. Using the shorthand terms described earlier, those methods are alt-boot full image, alt-boot partition image, alt-boot filesystem, and live.
This method consists of booting to a LiveCD and creating an image of the entire OS disk. This is the simplest of all the tasks and the one that works for the most people, but it requires enough downtime to back up the entire OS drive—and enough space to hold that backup.
This is similar to the alt-boot full image method, but you make an image of just the partitions you need to back up. This method can save a lot of time and space if your hard drive is properly partitioned, but it requires downtime and a more extensive knowledge of your hard drive contents.
This method consists of booting to a LiveCD such as Knoppix and then
using filesystem-aware utilities to back up the hard drives. tar
and cpio
are
available in Knoppix. This can save you a lot of space if your
filesystems aren’t very full, but it’s the most complicated of all the tasks and
still requires downtime.
If you’re going to use the alt-boot filesystem or live backup method, you need
to use utilities that are available in the LiveCD that you’re using. We’ve chosen
Knoppix because of its popularity and great device support. Knoppix also gives you a
wide variety of utilities: tar
, cpio
, dd
, and
ntfsclone
are all available. (ntfsclone
, also available in Knoppix, is really an image
utility, but it is NTFS filesystem-aware, so it enables you to back up only the part
of the image that contains files.)
If you’re running Linux and are not running LVM, software RAID, or using an IA64, you can back up the operating system while it is being used, then use alternate boot media just for the restore. You can use whichever filesystem level backup utility you wish. Remember that this method does not easily support dual-boot systems because they don’t have a common filesystem. It also won’t support Windows-only users because the commands that they use to back up their system won’t be available from the media used for restore. However, if you can’t take your system down for an occasional OS-level backup, this may be your preferred method. (With a dual-boot system, you can back up your Windows partitions while you’re booted into Linux, of course.)
All the examples in this chapter use the directory /backups as the backup target. This can be an NFS- or CIFS-mount or a
local removable hard drive. The drive must be writable as root, so add the option
-o rw,root
to any NFS shares.
Later in this chapter, you’ll find specific procedures for each of the four methods we’ve described. This next section takes a closer look at the six general steps involved in our bare-metal backup and recovery process.
The first data that you need to save is the metadata. Metadata is the data about that data, that is, the information about how the system is physically configured. In this case, it’s how the operating system disk is partitioned. This information is not typically included in a normal backup. Making a copy of the MBR and partition table is a way to maintain this information in a format that can be used to recreate the root disk partition.
The MBR and partition table are contained in the first 512 bytes of your hard drive. An MBR has three parts: the boot block is stored in the first 446 bytes, the paritition table is stored in the next 64 bytes, and the boot code signature takes up the remaining 2 bytes.
If you’re running Linux, FreeBSD, Solaris x86, or any other Unix-like operating system, you can easily back up your important metadata live.
If you are using Linux LVM, software RAID, extended partitions, or IA64 systems, you need to use the alt-boot full image method, which allows you to skip this step.
To save the disk partition information, run these commands:
#fdisk -l >/backups/fdisk.txt
#cp /etc/fstab /backups/fstab.txt
To back up the MBR and partition table, run the following command. It creates a backup to a file called /backups/mbr.
# dd if=/dev/hda of=/backups/mbr bs=512 count=1
This can be used later to restore the MBR and the partition table.
Unfortunately, there are no Windows equivalents to the commands just shown. You have two choices. If you use the alt-boot full image method, you can skip this step. If you want to use the alt-boot partition image method, save this information before backing up your partitions.
After booting into Knoppix, you are automatically logged in as user knoppix
. This example assumes you are booting into a DHCP
environment and have an NFS server called nfsserver with a share
called /data08/curtis. Obviously, you need to substitute the
appropriate values for your environment. In addition, if you’re using a USB drive for
this procedure, you need to mount it instead of the NFS drive. Run these commands to
proceed:
$su -
#mkdir /backups
While Knoppix is booted from read-only media, it’s an entire OS running from RAM, so you can indeed make directories or even install software into this RAM environment. Of course, everything goes away when you reboot.
Now run one of the following two commands depending on whether you are running NFS or SAMBA:
#mount nfsserver:/data08/curtis /backups
#mount -t smbfs -o username=administrator,password=
PASSWORD
//servername/share /backups
Finally, save the partition information:
#fdisk -l >/backups/fdisk.txt
#dd if=/dev/hda of=/backups/mbr bs=512 count=1
This procedure assumes you are not using Windows dynamic disks for your operating system drive.
If you are going to restore the operating system without reinstalling it, you need to use a utility that is always available.
If you’re using the live method, you’ll want to use tar
or cpio
. tar
is easily the most popular choice here because it’s more portable
than cpio
. If you’re going to use the alt-boot
filesystem method, you need to understand the filesystem types, mount the filesystems,
then use tar
or cpio
to back them up. If you’re going to use the alt-boot full image or
alt-boot partition image methods, you need to use dd
.
If you’re going to back up a Windows system using the alt-boot full image or
alt-boot partition image methods, you’ll need to use dd
. We’ll cover the syntax that you’ll need to know. If you’re going to
use the alt-boot filesystem method, you’ll need to use the ntfsclone
utility that’s available on the Knoppix CD. ntfsclone
efficiently clones (or copies) an NTFS
filesystem to a file, copying only the used data. (Unused blocks are represented by
zeros in a sparse file, so they don’t take up space.)
You can’t back up a Windows system using the live method. While you can easily
download a Windows version of tar
, and tar
is available on the Knoppix CD, tar
does not preserve Windows ACLs.
In order to easily recover your operating system, you need a limited root shell, which you get when you boot into Knoppix.
Once you boot into Knoppix, you can perform the rest of this procedure from a fully functional root shell.
The boot block is a special part of the disk that loads the operating system by its
“bootstraps,” hence the name. It contains just enough executable code to locate and load
the kernel. On the Intel platform, this boot block is referred to as the master boot
record, and you can restore it with dd
, using the
backup we created in the previous step.
If you are using the alt-boot full image method, you can skip this step because the MBR is included in your image.
If you previously backed up the MBR and partition table using dd
, as explained earlier, you can now use dd
to restore the MBR and partition table by running the
following command. Since the file /backups/mbr
contains the MBR, partition table, and MBR signature, restoring this file to the hard
drive partitions it just like the one you backed up and makes it bootable. Once this is
done, you’re ready to restore the operating system.
# dd if=/backups/mbr of=/dev/hda bs=512 count=1
In order to get Knoppix to recognize without a reboot that we had recovered the MBR,
we found it necessary to actually run fdisk
/dev/hda
and then choose w
to write the partition to disk. A reboot works as well but takes
longer.
The steps in the previous section restore both the MBR and the partition table, so there’s no need to repartition the drive. All the partitions will already be created for you.
If you’re using the live or alt-boot filesystem methods, you can also restore from a smaller drive to a larger drive. Additionally, you can rearrange partitions as you see fit.
If you’re using either the live or alt-boot filesystem methods, you now need to
create filesystems on the drive using the mkfs
command. You need the backed up fstab
file to know
which filesystem types each partition is supposed to have.
If you’re using the alt-boot full image or alt-boot partition image methods, you don’t need to worry about formatting the drive; it happens automatically when you restore from the image.
If you’re using the alt-boot full image or alt-boot partition image methods, you
don’t need to worry about formatting the drive; it happens automatically when you
restore from the image. If you’re using the alt-boot filesystem method, the drive is
automatically formatted when you restore using ntfsclone
.
First, you must have access to the backed-up data. Our examples use an NFS directory. You may have to do one of the following:
Mount a ZIP or Jaz drive as a filesystem.
Install a second hard drive of equal or greater size.
Load network and NFS drivers, configure your network interface, and mount an NFS filesystem.
Load network and SMB/CIFS drivers, configure your network interface, and mount an SMB/CIFS filesystem.
Our example backups were sent to an NFS filesystem. The drivers and tools that were needed to do this are all available on Knoppix.
The following sections provide procedures for each of the four methods we’ve discussed: alt-boot full image, alt-boot partition image, alt-boot filesystem, and live. The procedures are based on a few assumptions, which are explained here:
We assume for our examples that your environment has a DHCP server supplying IP addresses so that you do not need to choose an IP address and configure the interface each time you boot into Knoppix. If DHCP is not available, you need to manually configure your IP address. To do this, run the following commands:
$su -
#ifconfig eth0
ipaddress
up
#route add default gw
ipaddress-of-gateway
You then need to use IP addresses to communicate with other machines, or enter a
valid IP address of a DNS server into the /etc/resolv.conf file (in the form of nameserver
ipaddress-of-dns-server
.)
We assume for our examples that you have an NFS server in your environment with sufficient space to store the data on your server. If you’d like to back up your data to a Windows share instead, you can use this command:
#mount -t smbfs -o username=administrator,password=
PASSWORD
//servername/share /backups
This example is the simplest of all the procedures, making it the most likely procedure for Windows users who are not familiar with Linux. This method requires the the system to be offline (booted into Knoppix), and it works regardless of what operating system you’re using. It does require the system to be down and requires enough space for a copy of the entire root drive.
Use the following steps to create a bare-metal backup of your system.
This method does not require this step because the metadata is backed up and restored when you back up the entire hard disk as one image.
First, place the Knoppix CD into the drive and reboot, booting you into Knoppix.
By default, Knoppix starts KDE (a windowing environment) as user
knoppix. After switching to the root user (which has no
password initially), create a mount point, and mount an NFS directory as /backups
:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
You can back up the entire disk using dd
to a
file in the NFS directory. This command specifies to back up the root hard drive
(/dev/hda) to a file called /backups/hda.dd.
# dd if=/dev/hda of=/backups/hda.dd
Alternatively, if you want to save space, you could run this command. Depending on where your bottleneck is, this may speed up or slow down the backup.
# dd if=/dev/hda |gzip –c > /backups/hda.dd.gz
Use the following steps to recover your system from bare metal.
The first step in recovering this system is to place the Knoppix CD into the CD drive and boot the system. As before, open a terminal window, and switch to the root user, and then mount your NFS directory:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
This step is accomplished when you perform the dd
of the entire disk.
This step is accomplished when you perform the dd
of the entire disk.
To restore the entire disk, run this command:
# dd if=/backups/hda.dd of=/dev/hda
If you used the compress
command during backup,
you should use this command to restore instead. Depending on where your bottleneck is,
this may speed up or slow down the restore.
# gzip –dc /backups/hda.dd.gz|dd of=/dev/had
All you have to do now is remove the Knoppix CD and reboot the system. Your system should be fully operational. Wasn’t that easy?
This example uses dd
to back up and recover a
complete system at the partition level. It requires the system to be offline (booted into
Knoppix), and it works regardless of your operating system. It’s slightly more complex
than the alt-boot full image method and still requires the system to be down during a
backup, but it can be faster if your disk is partitioned correctly. You can save a lot of
space and time if you partition your hard disk so that one partition contains the
operating system and applications, and then apply this procedure only to that partition.
(You would back up the other partitions with regular filesystem backup tools.)
Use the following steps to create a bare-metal backup of your system.
Back up the MBR by running the following command:
# dd if=/dev/hda of=/backups/mbr bs=512 count =1
Place the Knoppix CD into the drive and reboot into Knoppix. By default, Knoppix starts KDE (a windowing environment) as user knoppix. After switching to the root user (which has no password initially), create a mount point and mount an NFS directory as /backups:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
You then back up the operating system to the NFS directory using dd
. You can find which partitions you need and back up
just those partitions using these commands:
#fdisk -l
Disk /dev/hda: 41.1 GB, 41174138880 bytes 255 heads, 63 sectors/track, 5005 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Device Boot Start End Blocks Id System /dev/hda1 * 1 13 104391 83 Linux /dev/hda2 14 4874 39045982+ 83 Linux /dev/hda3 4875 5005 1052257+ 82 Linux swap / Solaris #dd if=/dev/hda1 of=/backups/hda1.dd
#dd if=/dev/hda2 of=/backups/hda2.dd
In our example, we did not back up /dev/hda3 because it is the swap partition and has no data.
Alternatively, you can also use compression. Depending on where your bottlenecks are, this may speed things up or slow them down.
#dd if=/dev/hda1| gzip –c > of=/backups/hda1.dd.gz
#dd if=/dev/hda2| gzip –c > of=/backups/hda2.dd.gz
You can place an &
(ampersand) at the end
to allow the backups to occur simultaneously by placing them in the background.
However, this requires you to monitor those processes to ensure that they complete
before you reboot.
Use the following steps to recover your system from bare metal.
The first step in recovering this system is to place the Knoppix CD into the CD drive and boot up the system. A check of the partition table at this point shows the following:
# fdisk -l
Disk /dev/hda: 41.1 GB, 41174138880 bytes
16 heads, 63 sectors/track, 79780 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Disk /dev/hda doesn't contain a valid partition table
As before, open a terminal window and switch to the root user, then mount your NFS directory:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
For restoring by partition, you need to restore the MBR and partition table and then restore each partition. You can restore the MBR and partition table by running the following command:
# dd if=/backups/mbr of=/dev/hda bs=512 count =1
In order to get Knoppix to recognize without a reboot that we had recovered the
MBR, we found it was necessary to actually run fdisk
/dev/hda
and then choose w
to write the partition to disk. A reboot works as well but takes
longer.
You are now ready to actually restore the operating system. Use dd
in the reverse order that you used to back up the
operating system:
#dd if=/backups/hda1.dd of=/dev/hda1
#dd if=/backups/hda2.dd of=/dev/hda2
If you used the compression option in the backup, you should use these commands:
#gzip –dc /backups/hda1.dd.gz |dd of=/dev/hda1
#gzip –dc /backups/hda2.dd.gz |dd of=/dev/hda2
Again, we knew that there was nothing of value in /dev/hda3.
You can place an &
at the end to allow the
restores to occur simultaneously by placing them in the background. However, this
requires you to monitor those processes to ensure that they complete before you
reboot.
All you have to do now is remove the Knoppix CD and reboot.
This example uses tar
to back up and recover the
system at
the partition level,
which allows the system to be online. The procedure was tested on a Linux system.
We did not test this on a Windows system because we
could not identify a single utility available in Windows and Knoppix that preserves ACLs.
Your experience may be different.
Use the following steps to create a bare-metal backup of your system.
Back up the MBR by running the following command:
# dd if=/dev/hda of=/backups/mbr bs=512 count=1
Create a mount point, and mount a NFS directory as /backups:
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
You can use whatever method you like to back up the operating system at this
point. For this example, we chose tar
. Our example
has one partition mounted as /boot, and the rest
of the OS on /.
#cd /boot
#tar cf /backups/boot.tar .
#cd /
#tar cf /backups/system.tar --exclude /mnt --exclude /proc --exclude /boot --exclude /backups .
Alternatively, you could use compression. This may speed up or slow down the backup, depending on where the bottleneck is.
#cd /boot
#tar cfz /backups/boot.tar.gz .
#cd /
#tar cfz /backups/system.tar.gz --exclude /mnt --exclude /proc --exclude /boot --exclude /backups .
Use the following steps to recover your system from bare metal.
The first step in recovering this system is to place the Knoppix CD into the CD drive and boot up the system. A check of the partition table at this point shows the following:
# fdisk -l
Disk /dev/hda: 41.1 GB, 41174138880 bytes
16 heads, 63 sectors/track, 79780 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Disk /dev/hda doesn't contain a valid partition table
As before, open a terminal window and switch to the root user, then mount your NFS directory:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
For restoring by partition, you need to restore the MBR and partition table and then restore each partition. Restore the MBR and partition table by running the following command:
# dd if=/backups/mbr of=/dev/hda bs=512 count =1
In order to get Knoppix to recognize without a reboot that we had recovered the
MBR, we found it was necessary to actually run fdisk
/dev/hda
and then choose w
to write the
partition to disk. A reboot works as well but takes longer.
You also need to prepare the partitions for a filesystem restore. If the fstab backup shows they were ext2 filesystems, run the following commands. (Obviously, this part varies based on the types of filesystems you’re using.)
#mkfs –t ext2 /dev/hda1 -L /boot
#mkfs –t ext2 /dev/hda2 -L /
You are now ready to restore the operating system. Mount the partitions:
#mount /dev/hda1
#mount /dev/hda2
Knoppix, by default, creates a mount point for each partition it sees, so you
should already have /mnt/hda1 and /mnt/hda2 available, and the command mount
/dev/hda1
mounts that partition to /mnt/hda1. If you don’t, you need to create them
first.
cd
to the location of the new root filesystem
and run the restore commands.
#cd /mnt/hda1
#tar xpkf /backups/boot.tar
#cd /mnt/hda2
#tar xpkf /backups/system.tar
Or, if you chose compression, run these commands:
#cd /mnt/hda1
#tar xpkfz /backups/boot.tar.gz
#cd /mnt/hda2
#tar xpkfz /backups/system.tar.gz
All you need to do now is eject the Knoppix CD and reboot.
This example uses tar
to back up and recover Linux
partitions and ntsfclone
to back up and recover Windows
partitions. This requires the system to be offline (booted into Knoppix). This process
should work with Linux and any Windows version that uses NTFS.
Use the following steps to create a bare-metal backup of your system.
Back up the MBR by running the following command:
# dd if=/dev/hda of=/backups/mbr bs=512 count =1
This procedure also requires you to know which partitions are which format,
especially the Windows partitions. You should record this data by backing up the
output of fdisk -l
, backing up the fstab file, and making a text file that contains any
additional necessary information.
In our example, /dev/hda1 is /boot, /dev/hda2 is /, and /dev/hda3 is the Windows partition.
Insert the Knoppix CD, boot into Knoppix, and open up a terminal window. Knoppix, by default, starts up KDE (a windowing environment) as user knoppix. You then need to switch to the root user (which has no password initially).
knoppix@0[knoppix]$ su -
The first thing you have to do for this procedure to work is to mount an NFS
directory as /backups
:
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
You then need to mount the various partitions as filesystems.
#mount /dev/hda1
#mount /dev/hda2
You can use whatever method you like to back up the operating system at this
point. For this example, we chose tar
for the Linux
partitions and ntfsclone
for the Windows partition.
While you could use tar
on the Windows partition as
well, we felt that ntfsclone
was more likely to
preserve any Windows ACLs.
Our example has one partition mounted as /boot, and the rest of the OS on /:
#cd /mnt/hda1
#tar cf /backups/boot.tar .
#cd /mnt/hda2
#tar cf /backups/system.tar --exclude /mnt --exclude /boot --exclude /backups .
Alternatively, you could also use compression. This may speed up or slow down the backup, depending on where the bottleneck is.
#cd /mnt/hda1
#tar cfz /backups/boot.tar.gz .
#cd /mnt/hda2
#tar cfz /backups/system.tar.gz --exclude /mnt --exclude /proc --exclude
/boot --exclude /backups .
Now you need to back up the Windows partition. ntfsclone
is not a filesystem utility per se because it does not back up
on the file level. It’s really an image backup utility that understands NTFS
filesystems.
# ntfsclone --save-image --output /backups/ntfs-clone.img /dev/hda3
Use the following steps to recover your system from bare metal.
The first step in recovering this system is to place the Knoppix CD into the CD drive and boot the system. A check of the partition table at this point shows the following:
# fdisk -l
Disk /dev/hda: 41.1 GB, 41174138880 bytes
16 heads, 63 sectors/track, 79780 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
Disk /dev/hda doesn't contain a valid partition table
As before, open a terminal window and switch to the root user, then mount your NFS directory:
knoppix@0[knoppix]$su -
#mkdir /backups
#mount nfsserver:/data08/curtis /backups
See the previous section “Assumptions” if either DHCP or NFS isn’t available.
For restoring by partition, you need to restore the MBR and partition table and then restore each partition. You can restore the MBR and partition table by running the following command:
# dd if=/backups/mbr of=/dev/hda bs=512 count =1
In order to get Knoppix to recognize without a reboot that we had recovered the
MBR, we found it was necessary to actually run fdisk
/dev/hda
and then choose w
to write the
partition to disk. A reboot works as well but takes longer.
You also need to prepare the partitions for a filesystem restore. Since our fstab backup showed that /dev/hda1 and /dev/hda2 were ext2 filesystems, run the following commands:
#mkfs –t ext2 /dev/hda1 -L /boot
#mkfs –t ext2 /dev/hda2 -L /
You do not need to prepare the NTFS partition; it’s restored with the ntfsclone
command.
You are now ready to actually restore the operating system. We use tar
to restore the Linux partitions and ntfsclone
to restore the Windows partition. You need to
mount the partitions:
#mount /dev/hda1
#mount /dev/hda2
Now cd
to the location of the new root
filesystem and run the restore commands:
#cd /mnt/hda1
#tar xpkf /backups/boot.tar
#cd /mnt/hda2
#tar xpkf /backups/system.tar
Or, if you chose compression, run these commands:
#cd /mnt/hda1
#tar xpkfz /backups/boot.tar.gz
#cd /mnt/hda2
#tar xpkfz /backups/system.tar.gz
Now you need to restore the Windows partition that’s on /dev/hda3. Use the ntfsclone
utility
to do that:
# ntfsclone --restore-image /backups/ntfs-clone.img --overwrite /dev/hda3
All you need to do now is eject the Knoppix CD and reboot.
Now that we’ve discussed how to back up machines using a Linux boot disk, there is an
easier solution that some users may find to their liking. G4L is a bootable CD-ROM that
provides a menu-based system that automates making all the alternate-boot bare-metal
backups we covered earlier. G4L is a freeware tool currently based on a 2.6 Linux kernel.
It includes dd
, ntfsclone
, and tar
but does not include
mount
, so backups to another host are done using
FTP.
G4L is an abbreviation for Ghost 4 Linux, but do not confuse it with another project by that name. G4L does not use Norton Ghost and uses the term ghost only in a generic sense; it was used long before Norton created its brand. The other project that you will find if you search the Internet for the phrase “Ghost4Linux” uses a network boot of Linux to run a simulated DOS environment that can run some versions of Norton Ghost. That is not how G4L works; it is its own complete utility.
G4L is much easier to use than the method outlined in this chapter. For most users,
no Linux knowledge is needed. Since FTP is a much more efficient way to transfer data
than NFS or CIFS, it is typically 20 to 30 percent faster. Because G4L uses FTP,
Windows-only environments can easily set up an IIS FTP server to store the backup
images. G4L can automatically compress the backup in stream, using light to heavy
compression to improve backup speed. It also provides easy disk-to-disk duplication
support. It supports SAN devices and can be used to do disk-to-disk backups. G4L also
includes the dd_rhelp
and dd_rescue
utilities to recover a disk with bad sectors. G4L runs as a
Microsoft Virtual PC Machine, so you can test it out in a safe environment.
G4L does have some limitations. Since it is a Linux-based imaging solution, it may not have driver support for some hardware. It can only do backups over the network using FTP. It does not currently support NFS or SMB/CIFS mounts. Even though it is simple and fairly intuitive, its documentation is currently not as good as it could be. Hopefully, that will improve.
Setting up G4L is very
easy. Since you are backing up using FTP, you need an FTP server. This can be done
easily using IIS, war-ftpd
, or any other FTP server
that you like. You need to create a username and password, and give that user permission
to upload. You also need to create a directory large enough to hold the backups. You
should test the FTP server by connecting from a desktop and uploading a file to the
upload directory.
Next, you need to download the G4L ISO image and burn a CD of it. The G4L project page is http://sourceforge.net/projects/g4l. Once you have downloaded the image, you can burn it using a CD writing software package.
With the bootable G4L CD, you are ready to boot and back up a server. Insert the CD in a system and boot from it. The CD boots to a license and informational screen; once you press Enter to agree, you boot to a command line.
To start G4L, simply run the g4l
command at the
prompt:
bash-3.00# g4l
This displays the main menu. Here, you can choose Raw Mode or File Mode. The Raw
Mode option is the one to use for most backups. File Mode requires you to set up a
special server running partimaged
. Don’t worry,
though; you can still do filesystem backups using ntfsclone
in Raw Mode.
Raw Mode offers three choices: Network Use, Local Use, and Click’ n’ Clone. Choose the Network Use option. The Local Use option allows you to perform a raw backup or restore of a drive, or partition to a file on another drive. The Click’ n’ Clone option allows you to clone one disk to another.
Selecting the Network Use option displays a menu with 16 options. Don’t panic; in most cases, you’ll need only 3 to run a backup.
G4L defaults to using eth0 and DHCP to set network settings. These defaults are
suitable for most environments, but if you need to change them, you can. The first
option, A:
Pick
Device
, allows us to select a different Ethernet
adapter. Option
B:
Config
Device
allows you to set an IP address for that
Ethernet device.
You must set options D:
Config
FTP
, E:
Config
useridpass
, and F:
Config
Filename
before performing a backup or restore.
D:
Config
FTP
is the setting for the FTP server that you are
backing up to. E:
Config
useridpass
is the user ID and password for the FTP
server. (You enter username:password
.) F:
Config
Filename
specifies the name for the backup.
Additionally, if the directory on the FTP server you are backing up to is not
/img, set P:
Path
to
Image
Directory
. You can also set the compression
algorithm. G:
Toggle
Compression
allows you to select None
, GZip
, Lzop
, or BZip2
compression. Without getting into a battle royal over which compression method is best,
lzop
produces the fastest backups. Most users
should use lzop
because the backup will be smaller
and run faster on most modern Pentium I or later machines.
With those settings, you can now choose how and what to back up. H:
Backup
allows you to select a drive or partition to
back up. Once you select the partition or drive and click OK, the backup runs.
Similarly, selecting I:
Restore
restores the raw backup from FTP. If you want
to perform a filesystem backup, select N:
NTFSCLONE
Backup
and then select from the available NTFS
partitions. O:
NTFSCLONE
Restore
allows you to restore an NTFS partition
backup.
After making or restoring a backup you can see the summary performance data by
selecting the T:
Display
Time
option.
It is also possible to customize G4L for your
environment. The easiest way to do this is to use a Linux development environment. You
can set the menus to have different defaults by mounting the ISO image as a loopback
device and editing the config files before you burn the CD. You can set the defaults in
the G4L file itself by changing the variables netzip
,
server
, useridpass
, netimagename
, device
, and ftppath
. The
variables reflect in order the compression used, the FTP server IP address, the username
and password for the FTP server, the default backup filename, the Ethernet device, and
the FTP upload directory. You can also perform other customizations to the menus to
remove choices that are not relevant to your environment.
Aside from the free methods described in this chapter, there are a number of inexpensive commercial bare-metal recovery tools. Many of the enterprise-level backup products also provide bare-metal recovery capabilities. Here are some inexpensive (starting at $99) bare-metal recovery tools for Windows:
Acronis (http://www.acronis.com) |
Ghost (http://www.symantec.com) |
Paragon (www.drive-backup.com) |
Winternals (http://www.winternals.com) |
Ghost keeps snapshots of critical system files, allowing you to roll back to a known good configuration as long as your hard disk is functional. We found only one inexpensive tool for bare-metal recovery of Linux systems: Storix (http://www.storix.com). For a product that starts at $99, the number of recovery options it offers is incredible.
BackupCentral.com has a wiki page for every chapter in this book. Read or contribute updated information about this chapter at http://www.backupcentral.com.