Restoring the router from DR backup

Following on from getting my DR “off-site” backup available to restore from, from scratch I restored the first machine from that backup, the router (to get DNS and DHCP up and running). After this, I can start deploying other bits.

Preparation

I began by updating the BIOS and setting options on the box I am going to use for the router, fortunately this updated without any problems using the Windows PE method I ended up with(see that post for the settings I changed too) for the first one.

Booting from recovery media

Next, I booted off a Debian USB install key (I used Debian 11 but the version is largely irrelevant since it is just being used as a platform to do the restore) and told it to boot into rescue mode. Once in a shell, I partitioned the hard disk to match the existing router and mounted the resultant partitions in a known place using standard tools.

Preparing the hard disk

Firstly, partitioning:

parted /dev/sda mklabel gpt
parted /dev/sda mkpart ds9-efi fat32 1 1001
parted /dev/sda toggle 1 esp
parted /dev/sda mkpart ds9-boot ext4 1001 5000
parted /dev/sda mkpart ds9-lvm 5000 100%
parted /dev/sda toggle 3 lvm
pvcreate /dev/sda3
vgcreate ds9 /dev/sda3
lvcreate -L 20G -n home ds9
lvcreate -L 20G -n srv ds9
lvcreate -L 20G -n var ds9
lvcreate -L 15G -n swap ds9
lvcreate -L 10G -n usr ds9
lvcreate -L 5G -n root ds9
lvcreate -L 5G -n tmp ds9

Then formatting the partitions:

# Create filesystems
mkfs.fat -F 32 -n ds9-efi /dev/sda1
mkfs.ext4 -L ds9-boot /dev/sda2
mkfs.ext4 -L ds9-home /dev/mapper/ds9-home
mkfs.ext4 -L ds9-srv /dev/mapper/ds9-srv
mkfs.ext4 -L ds9-var /dev/mapper/ds9-var
mkfs.ext4 -L ds9-usr /dev/mapper/ds9-usr
mkfs.ext4 -L ds9-root /dev/mapper/ds9-root
mkfs.ext4 -L ds9-tmp /dev/mapper/ds9-tmp
mkswap -L ds9-swap /dev/mapper/ds9-swap

Mount the formatted devices:

# Mount new devices
swapon /dev/mapper/ds9-swap
mount /dev/mapper/ds9-root /mnt
for volume in /dev/mapper/ds9-*
do
    short_vol=$(basename $volume | sed 's/^[^-]\+-//')
    if [[ $short_vol != 'swap' ]] && [[ $short_vol != 'root' ]]
    then
        mkdir /mnt/$short_vol
        mount $volume /mnt/$short_vol
    fi
done
mkdir /mnt/boot
mount /dev/sda2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

Restoring the system’s data

On the system with the DR backup attached I downloaded a tar of the latest backup onto a USB drive directly, through BackupPC’s web interface. I did change Firefox’s preferences to “Always ask you where to save files” to stop it putting the archive in ~/Downloads.

After moving the USB drive to the new computer, I was mounted it and extracted the backup:

## Mount USB drive and extract backup to new device
mkdir /media/dr-backup
mount /dev/sdc1 /media/dr-backup
tar -xf /media/dr-backup/restore_ds9_2022-03-21.tar -C /mnt

I then updated the UUIDs for disks in /mnt/etc/fstab, /mnt/boot/efi/EFI/debian/grub.cfg and /mnt/boot/grub/grub.cfg - lsblk -o name,uuid,partuuid or ls -l /dev/disk/by-uuid can help find the new ones.

/mnt/etc/default/isc-dhcp-server, /mnt/etc/network/if-pre-up.d/00-iptables and the files in /mnt/etc/network/interfaces.d were edited and renamed to match the new system’s interface names (in my case enp3s0 became enp2s0 - the new system isn’t dual-homed so I left the internet interface (enp4s0) alone for now).

For good measure, I created some missing but necessary mount points (I’m not sure if they will be automagically made if missing on boot but thought better to be safe):

mkdir /mnt/dev /mnt/proc /mnt/sys /mnt/run

Unmount everything:

umount /mnt/boot/efi
umount /mnt/*
umount /mnt
swapoff /dev/mapper/ds9-swap

Shutdown the box:

poweroff

Post recovery

After removing all of the USB drives and trying to boot from the internal disk for the first time, I was greeted with Operating system not found. Rebooting from the Debian install media into rescue mode, again, the installer detected the restored image and after telling it to reinstall grub on the internal disk (/dev/sda) from the list of rescue options I was able to boot from the restored system. For the next system I will try to refine this part of the process.

I noticed that when bringing up the network interface, the system complained about missing firmware for the new box’s RealTek network card but the interfaces came up so I ignored this for now. It was also complaining about not being able to contact the UPS (since the lab does not have one) - again something I will need to deal with.

Configuring the network switch

After restoring the system, the router’s network interfaces are configured for the VLANs on the main network so the default settings (from resetting the old switch) are no longer enough.

I did add the telnet package to the live Debian I booted for the restore, fortunately it didn’t have any unmet dependencies. Alternatively, this could have been done with a serial cable directly to the switch.

In configure mode, I started by changing the switch’s configuration and hostname to reflect the home network (excepting the ntp settings - will need to do something about this later):

T1600G-28PS(config)#system-time manual 05/08/2022-10:34:50
T1600G-28PS(config)#system-time dst predefined Europe
T1600G-28PS(config)#location "Birmingham UK"
T1600G-28PS(config)#hostname lab-switch
lab-switch(config)#

I then created the VLANs:

lab-switch(config)#vlan 10
lab-switch(config-vlan)#name Management
lab-switch(config-vlan)#exit
lab-switch(config)#vlan 20
lab-switch(config-vlan)#name Main-Network
lab-switch(config-vlan)#exit
lab-switch(config)#vlan 30
lab-switch(config-vlan)#name IoT
lab-switch(config-vlan)#exit
lab-switch(config)#vlan 31
lab-switch(config-vlan)#name IoT-CCTV
lab-switch(config-vlan)#exit
lab-switch(config)#vlan 40
lab-switch(config-vlan)#name Guest
lab-switch(config-vlan)#exit

Enabled switch to DHCP on management VLAN:

lab-switch(config)#interface vlan 10
lab-switch(config-if)#ip address-alloc dhcp
lab-switch(config-if)#exit

Then configure the interface that the box being the router is plugged into:

lab-switch(config)#interface gigabitEthernet 1/0/18
lab-switch(config-if)#description router-ds9
lab-switch(config-if)#switchport acceptable frame tagged
lab-switch(config-if)#switchport general allowed vlan 10 tagged
lab-switch(config-if)#switchport general allowed vlan 20 tagged
lab-switch(config-if)#switchport general allowed vlan 30 tagged
lab-switch(config-if)#switchport general allowed vlan 31 tagged
lab-switch(config-if)#switchport general allowed vlan 40 tagged
lab-switch(config-if)#exit

Finally I configured the office link port onto the main network VLAN and got it to DHCP, to test the router is functioning:

lab-switch(config)#interface gigabitEthernet 1/0/1
lab-switch(config-if)#description office-uplink
lab-switch(config-if)#switchport pvid 20
lab-switch(config-if)#switchport general allowed vlan 20 untagged
lab-switch(config-if)#no switchport general allowed vlan 1
lab-switch(config-if)#exit

Once configured I saved the configuration:

lab-switch#copy running-config startup-config