How to make a complete copy of the disk of the working pfsense?



  • how to make a complete copy of the disk of the working pfsense?



  • There are a number of different options including dd shell command.

    What do you intend to use the copy for?



  • my pfsense is on disk 1 TB and I tried to copy it clonezilla but it takes a very long time. Disk is almost empty - pfsense uses only a few gigabytes, clonezilla copies the entire disk. They tried to make copies of a virtual machine - after restoration of full copies or copy from disk to disk pfsense not boot, requests to remove invalid entries from the fstab. I need to make a fully working copy of the disc with pfsense because if you save the configuration, and then restore it, pulled the new version of a package (openbgpd 0.6 instead of 0.5.6), but not  work BGP. This is a big problem, because it is our main router.



  • @vovanchik:

    my pfsense is on disk 1 TB and I tried to copy it clonezilla but it takes a very long time. Disk is almost empty - pfsense uses only a few gigabytes, clonezilla copies the entire disk.

    Sounds like an image copy.

    @vovanchik:

    They tried to make copies of a virtual machine - after restoration of full copies or copy from disk to disk pfsense not boot, requests to remove invalid entries from the fstab.

    Image copy performed while disk had root partition mounted? If so, the file system was "dirty" and you shouldn't be surprised by such reports.

    @vovanchik:

    I need to make a fully working copy of the disc with pfsense because if you save the configuration, and then restore it, pulled the new version of a package (openbgpd 0.6 instead of 0.5.6), but not  work BGP. This is a big problem, because it is our main router.

    You could install pfSense to a second hard drive and copy the files over from your original drive using tar to preserve file attributes.

    One of my pfSense systems has two 1GB solid state disk modules and I sometimes image copy (using dd) the "live" drive to the other drive (the "backup" drive).

    When I switch the drives over and boot from the backup drive there are usually a few file system errors reported.

    I don't consider this solution would scale to 1TB drives. If you knew what you were doing and were careful about it you could get get by copying less than the whole drive. In a pinch, I would be prepared to take this approach myself but I would be reluctant to suggest it to others due to the ease with which considerable damage could be done and a few iterations might be required to get all the details correct.

    Whatever method you choose you should test the "backup" drive BEFORE you rely on it.

    Maybe you could go something using RAID. For example, mirrored drives. But that is outside my experience.  And perhaps the large size of your drive would require a "long time" to mirror.



  • I understand, thank you. I'll try to RAID 1


  • Rebel Alliance Developer Netgate

    There is also /etc/rc.create_full_backup which makes a compressed tar file of the entire filesystem.

    You can't directly restore that (have to reinstall pfSense, then copy the backup file, and then restore it with /etc/rc.restore_full_backup) but if you need to do it that way, you can.

    For most people and configurations, getting the config.xml file is enough and you don't need to backup more than that. It's faster to reinstall+restore the config (search for PFI on the doc wiki) than it would be to restore a full disk config.

    RAID is a good option for disk redundancy but that doesn't help if you completely lose the system in some way, getting config.xml backups and storing them someplace secure (tape, disk, off-site) along with other backups is a good idea.



  • This is a very interesting opportunity! Thank you. Was not attentive and did not see it in the manual. Thank you very much!



  • @jimp:

    There is also /etc/rc.create_full_backup which makes a compressed tar file of the entire filesystem.

    You can't directly restore that (have to reinstall pfSense, then copy the backup file, and then restore it with /etc/rc.restore_full_backup) but if you need to do it that way, you can.

    For most people and configurations, getting the config.xml file is enough and you don't need to backup more than that. It's faster to reinstall+restore the config (search for PFI on the doc wiki) than it would be to restore a full disk config.

    RAID is a good option for disk redundancy but that doesn't help if you completely lose the system in some way, getting config.xml backups and storing them someplace secure (tape, disk, off-site) along with other backups is a good idea.

    There is no straight-forward method for the same issue with embedded systems, right? The only option is to manipulate the nano image, but this requires a BSD system, correct? Or did I miss something? :-)



  • @jimp:

    There is also /etc/rc.create_full_backup which makes a compressed tar file of the entire filesystem.

    You can't directly restore that (have to reinstall pfSense, then copy the backup file, and then restore it with /etc/rc.restore_full_backup) but if you need to do it that way, you can.

    Luckily pfSense install is only 5 minutes, Jim, so I keep this method in addition to the config backup :P


  • Rebel Alliance Developer Netgate

    @chemlud:

    For most people and configurations, getting the config.xml file is enough and you don't need to backup more than that. It's faster to reinstall+restore the config (search for PFI on the doc wiki) than it would be to restore a full disk config.

    There is no straight-forward method for the same issue with embedded systems, right? The only option is to manipulate the nano image, but this requires a BSD system, correct? Or did I miss something? :-)

    Assuming you're talking about PFI, no, there is no way to do that on NanoBSD. You could mount the card on a FreeBSD box (or another pfSense box) and copy the config over, but for most it's easier to put the card in, boot it up, and then restore the config from the GUI.



  • @vovanchik:

    my pfsense is on disk 1 TB and I tried to copy it clonezilla but it takes a very long time. Disk is almost empty - pfsense uses only a few gigabytes, clonezilla copies the entire disk. They tried to make copies of a virtual machine - after restoration of full copies or copy from disk to disk pfsense not boot, requests to remove invalid entries from the fstab. I need to make a fully working copy of the disc with pfsense because if you save the configuration, and then restore it, pulled the new version of a package (openbgpd 0.6 instead of 0.5.6), but not  work BGP. This is a big problem, because it is our main router.

    @zootie:

    • Create and configure GEOM labels, as described in Labeling Disk Devices. First boot in single user mode, and if using the default partitioning scheme, use these commands
    cat /etc/fstab
    /sbin/glabel label rootfs /dev/ad0s1a
    /sbin/glabel label swap /dev/ad0s1b
    
    • Don't forget to modify your /etc/fstab to use the labels you created in single user mode above


  • @jimp:

    … no, there is no way to do that on NanoBSD. You could mount the card on a FreeBSD box (or another pfSense box) and copy the config over, but for most it's easier to put the card in, boot it up, and then restore the config from the GUI.

    Could you please provide me with the location in the file system to copy the config.xml to? No modifications of the backup file necessary with and w/o RRD data?