Preparation of destination

cryptsetup open --type plain -d /dev/urandom /dev/<block-device> tmp1
dd if=/dev/zero of=/dev/mapper/tmp1 bs=4M status=progress
cryptsetup close tmp1
fdisk /dev/vda
sfdisk -d /dev/vda | sfdisk /dev/vdb
kpartx -u /dev/vdb
# fdisk -l /dev/vda
Disk /dev/vda: 25 GiB, 26843545600 bytes, 52428800 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x3aa0055a

Device     Boot   Start      End  Sectors  Size Id Type
/dev/vda1  *       2048  1366015  1363968  666M 83 Linux
/dev/vda2       1366016  3463167  2097152    1G 82 Linux swap / Solaris
/dev/vda3       3463168 52428799 48965632 23.4G 83 Linu
cryptsetup benchmark
cryptsetup --debug --type luks2 luksFormat --label=VPS /dev/vda3
or
cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --iter-time 2000 --hash sha256 --use-urandom --verify-passphrase luksFormat /dev/vda3
cryptsetup --debug open --allow-discards --persistent /dev/vda3 dysk
apt update && apt -y install btrfs-tools rsync vim-tiny
mkfs.ext4 -m 1 /dev/vda1
mkfs.btrfs /dev/mapper/dysk
mount -o compress=zstd /dev/mapper/dysk /mnt
mkdir .ssh
vi .ssh/authorized_keys
chmod og-wrx .ssh

Copying

Sending side:

apt autoremove
journalctl --vacuum-size=1M
btrfs subvolume snapshot -r / /bionio
btrfs send /bionio | ssh -C root@1.1.1.1 btrfs receive /mnt
...
btrfs sub delete /bionio
rsync -az --numeric-ids /boot/ root@1.1.1.1:/mnt/boot

Receiving side:

btrfs property set -ts /mnt/bionio ro false
mv /mnt/bionio /mnt/@
umount /mnt
mount -o compress=zstd,subvol=@ /dev/mapper/dysk /mnt
mount /dev/vda1 /mnt/boot

Changing ssh host keys

mount --rbind /dev  /mnt/dev
mount --rbind /proc /mnt/proc
mount --rbind /sys  /mnt/sys
chroot /mnt /bin/bash --login

vim /etc/hostname
rm /etc/ssh/ssh_host_*
dpkg-reconfigure openssh-server

blkid
vim /etc/crypttab
vim /etc/fstab

Finish booting

vim /etc/initramfs-tools/initramfs.conf
grub-install /dev/vda
update-initramfs -u
update-grub

Networking

ip a
ip r
rm -f /etc/tinc/mesz/rsa_key.priv
rm -rf /etc/tinc/mesz/hosts/*
apt purge icinga2
rm -rf /etc/icinga2
rm -rf /var/lib/icinga2
rm -f /etc/collectd/collectd.conf
systemctl disable shorewall
systemctl disable tinc

Netplan

vim /etc/netplan/eth0.yaml
vim /etc/netplan/siec.yaml
rm -f /run/netplan/*
netplan generate

Classis

# apt install ifupdown
# vim /etc/network/interfaces

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
        address 
        netmask 255.255.255.0
        gateway 
        dns-nameservers 9.9.9.10
iface eth0 inet6 static
        address 
        netmask 64
        gateway ::1

# Primary internal net
auto siec
iface siec inet static
        address 10.0.0.1
        netmask 255.0.0.0
        # hwaddress ether 0a:47:c4:59:4b:76
        # WE DO NOT WANT TO CONNECT ANY EXISTING PORTS
        bridge_ports none
        bridge_stp on
        bridge_maxwait 0

iface siec inet6 static
        address fd40:9160:898a:8e1a:10:0:0:1
        netmask 64
        autoconf 0

After

head$ ansible-playbook -l xxx ansible/playbooks/shorewall.yml
head$ ansible-playbook -l xxx ansible/playbooks/collectd.yml
head$ ansible-playbook -l xxx ansible/playbooks/icinga2-client.yml -vvvv
  • faq/cloning.txt
  • Last modified: 6 months ago
  • by Dr Serge Victor