Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate bdsync inside of heads to parallelize disk cloning (client/server block by block device copy through SSH) #594

Closed
tlaurion opened this issue Jul 18, 2019 · 1 comment
Closed

Integrate bdsync inside of heads to parallelize disk cloning (client/server block by block device copy through SSH) #594

tlaurion opened this issue Jul 18, 2019 · 1 comment

Comments

@tlaurion
Copy link
Collaborator

tlaurion commented Jul 18, 2019
edited
Loading

Inclusion of this project in Heads would permit parallelized, block by block, local disk cloning of disks of the same size (cloning encrypted disks) through the network (dropbear).

For OEMs/Organizations, this would greatly facilitate deployments of disk images and make the curently most time consuming and manual part of his job completely unattended.

Actual status of Heads:

  • Calling network recovery init script uses board exported IP address, if present, and launches a root accessible SSH server through dropbear.

Modifications thought needed to make it functional:

  • inclusion of bdsync inside of Heads
  • additition of two commands in .ash_history, setting both client and server command templates to first export IP addresse, then call the network init script, then call differenciated client/server bdsync commands, actually cloning server disk to local disk unattended and network based.

An OEM/Organizatiom could then easily deploy a single provisioned laptop/server/workstation disk to multiple machines (with exact same SSD drive size) with an OEM created image, already preconfigured to launch OEM reownership wizard on next boot (/boot/oem file present), leveraging the heaviest OEM job part, being to manually clone the image from an external disk to local disk. That process would be replaced to simply connect reflashed hardware to a switch, power on both devices, launch Heads recovery and hit the up arrow key until client/server bdsync template command is found, modify IP address in it and hit enter. Cloning happens. Move to next device, select client bdsync template, hit enter. Move to next. Repeat for the number of devices to prepare, slowing down the process to network/SSD saturation/dropbear current sever limitations (maybe it won't work because of dropbear.... Or bdsync limitations.)

The actual cloning takes around an hour ( 250Gb SSD on the X230 with a dock station connected SSD drive) through clonezilla and is completely manual.

The OEM Re-Ownership Wizard then takes another 45 minutes to make each hardware unique and tamper evident prior to shipping to the client.

The user receiving the hardware goes through the same process to own the TPM, Librem Key, reencrypt LUKS containers, sign boot configurations and device a TPM released Disk Unlock Key (See #551 for OEM Re-Ownership Wizard implementation)

To be tested.
@tlaurion
Copy link
Collaborator Author

tlaurion commented Aug 15, 2019
edited
Loading

Actually, booting clonezilla from iso in server/client for multicast usage does the trick without integrating new binaries nor libraries.

https://www.clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/11_lite_server

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tlaurion