I have several machines which I want to be exactly identical. It is the first time I am trying to clone machines and I searched on the internet and found many people archive and extract their disks using some tools, using dd, and I also found someone using tar. I read about different tools. I tried g4u, a tool for hard disk image cloning, but it didn't boot. Now, I am more familiar with tar and I created an archive of the whole file system of one machine using tar (tar -czvlps sameowner atimepreserv -f machine.tgz /) and I extracted this tar on other machines (tar -xslpzf machine.tgz). I did this with machines booted on CDs, mounting the drives and copying over network.
When I reboot I see the new machines with hostname as expected, I try login with the old password combinations, however I get "permission denied" and I am thrown back to login. When I try ssh to a new machine I get "unable to get valid context." Permissions and files should be exactly the same on the new machine (and look as if they were, although I didn't do any extensive comparisons).
Now before I try other stuff or go into long search of the problem, I am suspecting that I miss something and I want to ask people who have done this before. Am I making some stupid mistake? I suppose that tar and dd are more or less doing the same thing, or is there any forcing argument for using dd instead. Any help appreciated.
Are the machines using DHCP to get their network addresses? If not, I can see where there might be a problem.
Also, if you clone the machines, you're also cloning their SSH private keys. This would cause a problem. (Unless your SSH rc scripts generate their keys on first boot and you remembered to clone the system and remove the original keys).
Also your tar command might not handle: sockets, devices, named pipes. You should check to see if devices were correctly carried over.
Finally, did you overwrite the boot sector so that it can find the new kernel? This is OS dependent.
I am administrating DHCP on a head node together with a central /etc/hosts.
You are right about ssh private keys, however this is not my problem. I need to login from just one machine (head node) to the clones and this remote login seems to work with the new machines (because the private key of my head node corresponds to the (identical) public key on my clones. However: (example)
head# ssh clone5
Unable to get valid context for root
Last login: Tue Oct 14 19:45:14 2008
Connection to 192.168.1.5 closed.
I am going to check now sockets, devices, and named pipes (together with the tar options). And... yes, good point, I am not sure about /boot neither, I'll check that also.
Okay, the other thing about "Context" is it is used in conjunction with selinux. So check your grub file to make sure selinux isn't enabled at boot time. OR you should be able to run "selinuxenabled && echo yes". If you get nothing, the it's not selinux.
I found one error, which with permissions. Tar by default maps the user ids to the system where you compress and extract, respectively. On cloning over network I did not take care of this. You can tell tar explicitely by the --numeric-owner option to conserve the original mapping.
I found a howto that described a more elegant way to clone systems using rsync (importantly with the numeric-ids option):
node2> rsync -Saq --numeric-ids --exclude=/proc --exclude=/sys --exclude=/dev
-e 'ssh -c blowfish' node1:/ /mnt/hd
where node2 is the new machine, node1, the machine from where we want to clone.
However this neither worked. ;(
I did this after booting node2 from CD, mounting file system starting /mnt/hd with subdirectories mirrowing node1 filesystem. This implied that /boot on node2 and node1 has same permissions... I don't get it.
I then tried dd with piping to and from netcat, respectively on machine to clone from and machine to clone to, as described in a second howto from same site. It is the first time I heard of netcat (nc) which is a very cool program, a kind of pipe over the network.
On node1 you run:
dd if=/dev/hda conv=sync,noerror bs=64k | nc -l 5000
On node2 you run:
nc 192.168.1.1 5000 | dd of=/dev/hda bs=64k
where 192.168.1.1 is the ip of node1.
This took a lot of time (it said 158GB read/written), but it worked!