Following on from getting my DR “off-site” backup available to restore from, from scratch I restored the first machine from that backup, the router (to get DNS and DHCP up and running). After this, I can start deploying other bits.
I began by updating the BIOS and setting options on the box I am going to use for the router, fortunately this updated without any problems using the Windows PE method I ended up with(see that post for the settings I changed too) for the first one.
Booting from recovery media
Next, I booted off a Debian USB install key (I used Debian 11 but the version is largely irrelevant since it is just being used as a platform to do the restore) and told it to boot into rescue mode. Once in a shell, I partitioned the hard disk to match the existing router and mounted the resultant partitions in a known place using standard tools.
Preparing the hard disk
parted /dev/sda mklabel gpt parted /dev/sda mkpart ds9-efi fat32 1 1001 parted /dev/sda toggle 1 esp parted /dev/sda mkpart ds9-boot ext4 1001 5000 parted /dev/sda mkpart ds9-lvm 5000 100% parted /dev/sda toggle 3 lvm pvcreate /dev/sda3 vgcreate ds9 /dev/sda3 lvcreate -L 20G -n home ds9 lvcreate -L 20G -n srv ds9 lvcreate -L 20G -n var ds9 lvcreate -L 15G -n swap ds9 lvcreate -L 10G -n usr ds9 lvcreate -L 5G -n root ds9 lvcreate -L 5G -n tmp ds9
Then formatting the partitions:
# Create filesystems mkfs.fat -F 32 -n ds9-efi /dev/sda1 mkfs.ext4 -L ds9-boot /dev/sda2 mkfs.ext4 -L ds9-home /dev/mapper/ds9-home mkfs.ext4 -L ds9-srv /dev/mapper/ds9-srv mkfs.ext4 -L ds9-var /dev/mapper/ds9-var mkfs.ext4 -L ds9-usr /dev/mapper/ds9-usr mkfs.ext4 -L ds9-root /dev/mapper/ds9-root mkfs.ext4 -L ds9-tmp /dev/mapper/ds9-tmp mkswap -L ds9-swap /dev/mapper/ds9-swap
Mount the formatted devices:
# Mount new devices swapon /dev/mapper/ds9-swap mount /dev/mapper/ds9-root /mnt for volume in /dev/mapper/ds9-* do short_vol=$(basename $volume | sed 's/^[^-]\+-//') if [[ $short_vol != 'swap' ]] && [[ $short_vol != 'root' ]] then mkdir /mnt/$short_vol mount $volume /mnt/$short_vol fi done mkdir /mnt/boot mount /dev/sda2 /mnt/boot mkdir /mnt/boot/efi mount /dev/sda1 /mnt/boot/efi
Restoring the system’s data
On the system with the DR backup attached I downloaded a tar of the latest backup onto a USB drive directly, through BackupPC’s web interface. I did change Firefox’s preferences to “Always ask you where to save files” to stop it putting the archive in
After moving the USB drive to the new computer, I was mounted it and extracted the backup:
## Mount USB drive and extract backup to new device mkdir /media/dr-backup mount /dev/sdc1 /media/dr-backup tar -xf /media/dr-backup/restore_ds9_2022-03-21.tar -C /mnt
I then updated the UUIDs for disks in
lsblk -o name,uuid,partuuid or
ls -l /dev/disk/by-uuid can help find the new ones.
/mnt/etc/network/if-pre-up.d/00-iptables and the files in
/mnt/etc/network/interfaces.d were edited and renamed to match the new system’s interface names (in my case
enp2s0 - the new system isn’t dual-homed so I left the internet interface (
enp4s0) alone for now).
For good measure, I created some missing but necessary mount points (I’m not sure if they will be automagically made if missing on boot but thought better to be safe):
mkdir /mnt/dev /mnt/proc /mnt/sys /mnt/run
umount /mnt/boot/efi umount /mnt/* umount /mnt swapoff /dev/mapper/ds9-swap
Shutdown the box:
After removing all of the USB drives and trying to boot from the internal disk for the first time, I was greeted with
Operating system not found. Rebooting from the Debian install media into rescue mode, again, the installer detected the restored image and after telling it to reinstall grub on the internal disk (
/dev/sda) from the list of rescue options I was able to boot from the restored system. For the next system I will try to refine this part of the process.
I noticed that when bringing up the network interface, the system complained about missing firmware for the new box’s RealTek network card but the interfaces came up so I ignored this for now. It was also complaining about not being able to contact the UPS (since the lab does not have one) - again something I will need to deal with.
Configuring the network switch
After restoring the system, the router’s network interfaces are configured for the VLANs on the main network so the default settings (from resetting the old switch) are no longer enough.
I did add the
telnet package to the live Debian I booted for the restore, fortunately it didn’t have any unmet dependencies. Alternatively, this could have been done with a serial cable directly to the switch.
In configure mode, I started by changing the switch’s configuration and hostname to reflect the home network (excepting the ntp settings - will need to do something about this later):
T1600G-28PS(config)#system-time manual 05/08/2022-10:34:50 T1600G-28PS(config)#system-time dst predefined Europe T1600G-28PS(config)#location "Birmingham UK" T1600G-28PS(config)#hostname lab-switch lab-switch(config)#
I then created the VLANs:
lab-switch(config)#vlan 10 lab-switch(config-vlan)#name Management lab-switch(config-vlan)#exit lab-switch(config)#vlan 20 lab-switch(config-vlan)#name Main-Network lab-switch(config-vlan)#exit lab-switch(config)#vlan 30 lab-switch(config-vlan)#name IoT lab-switch(config-vlan)#exit lab-switch(config)#vlan 31 lab-switch(config-vlan)#name IoT-CCTV lab-switch(config-vlan)#exit lab-switch(config)#vlan 40 lab-switch(config-vlan)#name Guest lab-switch(config-vlan)#exit
Enabled switch to DHCP on management VLAN:
lab-switch(config)#interface vlan 10 lab-switch(config-if)#ip address-alloc dhcp lab-switch(config-if)#exit
Then configure the interface that the box being the router is plugged into:
lab-switch(config)#interface gigabitEthernet 1/0/18 lab-switch(config-if)#description router-ds9 lab-switch(config-if)#switchport acceptable frame tagged lab-switch(config-if)#switchport general allowed vlan 10 tagged lab-switch(config-if)#switchport general allowed vlan 20 tagged lab-switch(config-if)#switchport general allowed vlan 30 tagged lab-switch(config-if)#switchport general allowed vlan 31 tagged lab-switch(config-if)#switchport general allowed vlan 40 tagged lab-switch(config-if)#exit
Finally I configured the office link port onto the main network VLAN and got it to DHCP, to test the router is functioning:
lab-switch(config)#interface gigabitEthernet 1/0/1 lab-switch(config-if)#description office-uplink lab-switch(config-if)#switchport pvid 20 lab-switch(config-if)#switchport general allowed vlan 20 untagged lab-switch(config-if)#no switchport general allowed vlan 1 lab-switch(config-if)#exit
Once configured I saved the configuration:
lab-switch#copy running-config startup-config