Backup PFSense install
-
It recently occurred to me that my PFSense box is entirely based on a USB drive. Meaning if that USB drive goes bad, I lose my connection to the outside world until I can get another USB drive, install PFSense on it and get my config files back.
But then it occurred to me that I have a USB drive I'm not using….why not install PFSense on one of them so it's ready to go? After that, an even more simple approach occured.
TL;DR
Could I just "dd" my working PFSense drive USB drive onto a backup? Or does that not work for some reason?Also, feel free to share if you have another backup method!
-
What about just downloading the config from the GUI and applying to a fresh install you can make on a second usb drive?
-
Gold subscription brings you auto-config-backup.
Non-affiliated here, but it's as easy as it can get, all you need to remember is your subscription login ;D -
Doesn't the fresh install require the system used for the OS installation?
I would prefer not to have my network down like that….
As for the gold subscription, maybe one day...but it seems like overkill just to avoid an OS installation.
-
If it's a regular backup scenario you're after, you can try running the script I mention in this post: https://forum.pfsense.org/index.php?topic=100123.msg558116#msg558116. A simple ftp job run via cron. You just need to restore it to a fresh pfSense installation on a separate system you have sitting as a cold standby.
-
I was thinking of a one-time (not regular) backup, but that's an interesting thought….perhaps another post :p
And sadly, I don't have an entire system waiting to be used as cold storage. This is just on the assumption that the USB drive dies. If it's something else in the system, I'll need to find some spare parts or cannibalize another system...but that's a different problem.
I'm just trying to make sure that having a USB drive die doesn't mean I'm offline as reinstall PFSense (and, more importantly) look up how to do it.
-
PFsense has quite a small footprint, so you could always choose a short period of time (midnight on a Sunday, perhaps) to take your USB disk out and clone it to a second one. You can then keep the second one as a spare. Not sure whether you'd get everything using 'dd' from a live system, but assuming you have a second USB port to plug a second drive into, you could give it a try. Just plug in the second drive and see what you get when you try a disk clone.
-
Not sure whether you'd get everything using 'dd' from a live system
That's exactly what I'm wondering. Sounds like I'll hafta try it this weekend. Also sounds like the worst case is that I just take the machine down for an hour (or whatever) and run the installation to make a backup.
-
You can dd from one disk to another. Generally easier and faster to just reinstall and restore the config.
-
Generally easier and faster to just reinstall and restore the config.
Really? That seems counter-intuitive!
-
The installer only copies over the bits it needs. dd'ing from disk to disk will copy every single bit of the disk, which is usually much slower. If you just want to make a backup of a running system, then you probably don't care how long it takes, and dd is probably easier.
-
dd on a running system is an absolutely horrible idea… If you do a sector-by-sector copy and something meanwhile writes in there, guess what you'll get instead of the original file contents. I completely fail to see how doing similar nonsense is a good idea, or even "easier" than restoring config.xml. WTF really.
This could be used as a desperate attempt to offload as much data as possible on a system with failing HDD (where it's pretty likely that won't be detected any more after reboot), but not for producing backups. Really, that's why things like volume shadow copy/LVM/ZFS etc. snapshots have been invented. You need the data in a consistent state!
-
Doktornotor (love the name btw) just to be clear, this is a one time thing…not a regular backup. Obviously for those I'd just export the config file.
So the consensus (that I'm seeing) seems to be that it should/does work, but really isn't much easier and probably slower than doing a full installation.
-
Working with the beaglebone I noticed they TAR the host OS and then extract it over to eMMC.
https://github.com/freebsd/crochet/blob/master/board/BeagleBone/overlay/root/copy-to-emmc.sh
-
I know this is a crazy necro post, but I WISH I knew about this when I was posting:
GEOM Mirrors.
This is a way to have multiple USB drives act as mirrors (like RAID 1, at least at a high level, probably very different in the details). All you have to do is have more than 1 USB drive in when you start the installation& PFSense installer automagically offers the option. If one goes missing, it's super easy to replace & repair it!
Anyway, if anyone stumbles across my question I expect they will find this solution useful as it SHOULD make sure you have more than one USB drive for failure. And no, this doesn't replace backing up your config file as well!
edited for spelling.
-
Wow what an old thread.
Disclaimer: I have no idea how valid any of what I'm about to say is. It is mostly just based on my limited observation and even more limited knowledge of the subject. It may be utter nonsense.
-
I've been running full install pfSense on USB flash drives for a number of years. With RAM disk enabled, and backup schedule for RRD at 9 hours, and DHCP leases 7 hours.
-
The USB flash drives seem to last about a year before starting to go bad.
-
They seem to start exhibiting file corruption. Though one went sudden total failure (probably a critical block went bad). Inaccessible/Undetectable. Could even detect and use it in a PC.
-
Not sure if the wear-leveling of USB flash drives is effective and able to detect and mark bad blocks within the active file system.
-
Two possibility mitigation techniques.
- When a file is noticed to be corrupted. Don't delete it or edit it. Rename it. Then restore a good copy of the file. This may keep the bad blocks out of service so they don't become available for other write cycles.
- Re-install to recreate the file system from scratch so the bad blocks can maybe be detected and marked.
- Bare minimum fail safe: Have handy, 1) installation media, 2) a good USB flash drive, 3) recent config backup.
-