Cloning a Debian server
Cloning a server an be necessary for various reasons, e.g. due to hardware failures and upgrades as well as after hacker attacks. Notice that in order to clone a server using the method described below, you need access to the server that you want to clone. Hence, it is a good idea to take the steps described below BEFORE a machine crashes or is compromised.
The cloning consists of four different steps:
- Installing the correct packages
- Cloning the configuration
- Copying all user files
- Loading all application data (databases, mail, etc.)
On the server that you wish to clone, you have get a list of installed packages:
$ dpkg --get-selections > packages_server.txt
The machine on which you want to install the server clone has to be up and ready to receive a Debian fresh installation. Find a Debian installation image and install a minimal system. Get a list of all the packages installed on the new minimal system:
$ dpkg --get-selections > packages_minimal.txt
Now, change all occurances of "install" to "deinstall" on packages_minimal.txt, except hardware specific packages (e.g. for usb keyboards, network devices etc.).
Packages worth keeping from the minimal installation (if they are not present in packages_server.txt):
kernel-image-... iputils-ping hotplug libusb-... module-init-tools
Copy the file containing the package selections for the server (packages_server.txt) to the newly installed system and:
$ cat packages_minimal.txt | dpkg --set-selections $ cat packages_server.txt | dpkg --set-selections
This will selected the packages that were selected on the server you want to clone as well as remove any unwanted packages from the minimal install. In order to actually install the packages run:
And choose "Install". Before confirming the install, check that you do not remove any critical packages (hence, scroll up and read the "To be REMOVED" section). Don't worry too much about the various configuration options as you are likely going to overwrite during the configuation cloning.
Cloning the configuration
cfengine is used to maintain the configuration files for the servers. The reason behind this is that cfengine allows for configuration file changes to be idempotent, flexible and all changes, including removal/out commeting of lines, additions etc. can be done neatly from within a single, high-level script. Thus, all changes done to a configuration file is done through a cfengine script.
Cfengine does in fact do a lot of other things too, but all we use are the "file edit" features.
If the cfengine package is not installed, then:
$ apt-get install cfengine
For more on how to use cfengine's editfiles features, see: Cfengine Manual
And for a couple of small useful examples, see: Cfwiki