Set up a Clonezilla server under Debian

Clonezilla logo Drbl logo

We will see here how to set up a Clonezilla Server on a Debian.

To do so we will use the DRBL / Clonezilla solution.

So basically DRBL server will give the possibility to our clients to boot on Clonezilla via PXE.

Architecture

Debian server will have tftp, dhcp and nfs services to allow clients to boot via PXE.

Clonezilla Architecture
Deployment server architecture with DRBL and Clonezilla.

Prerequisites and Configuration

Debian logo
  • There are some prerequisites to meet before installing DRBL.
    • ⚠️ Enable PXE boot on all client machines.⚠️
    • Server needs two network interfaces
  • Configuration :
    • Debian : Bullseye 11
    • DRBL : 4.5 (DRBL repository) or 2.32 (official Debian repository)

Network

  • Get the name of your network interfaces :
root@host:~# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:80:a5:be brd ff:ff:ff:ff:ff:ff
    altname enp11s0
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:80:e2:ae brd ff:ff:ff:ff:ff:ff
    altname enp19s0
  • Edit the /etc/network/interfaces file :
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

allow-hotplug ens192
iface ens192 inet static
        address 192.168.1.10
        netmask 255.255.255.0
        gateway 192.168.1.254
        dns-nameservers 80.67.169.40

# The primary network interface
allow-hotplug ens224
iface ens224 inet static
        address 192.168.10.1
        netmask 255.255.255.0
  • Restart to apply configuration :
root@host:~# reboot

Install

  • Install prerequisites packages :
root@host:~# apt-get install rsync gawk gnupg curl

Installing DRBL

There are two ways to do this. First we can use official Debian repository or we can add DRBL repository.

I personnaly recommand to use the DRBL repository in order to have the most recent version of DRBL and Clonezilla, and also because there is less work to do.

But, as I am a gentleman, I will explain both methods here.

Solution 1 - DRBL repository (Recommanded)

Add the DRBL key (see here) :

  • Old method with apt-key :
root@host:~# wget -q https://drbl.org/GPG-KEY-DRBL -O- | apt-key add -
  • New method, as apt-key seems to be deprecated :
root@host:~# curl -s https://drbl.org/GPG-KEY-DRBL | gpg --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/GPG-KEY-DRBL.gpg --import
root@host:~# chmod 644 /etc/apt/trusted.gpg.d/GPG-KEY-DRBL.gpg
  • Add drbl repository to source.list :
root@host:~# echo "deb http://free.nchc.org.tw/drbl-core drbl stable" >> /etc/apt/sources.list
  • Install DRBL package :
root@host:~# apt update
root@host:~# apt-get install drbl
  • Edit /etc/drbl/drbl.conf to enable secure boot compatibility :
# uEFI network secure boot for clients. This is still in testing.
secure_boot_client="yes"
  • Install DRBL server :
Note : We will press the "Enter" key at any question to choose the default value.
root@host:~# drblsrv -i
  • Push config :
Note : Choose the default values except those listed below.
root@host:~# drblpush -i
[…]
The public IP address of this server is NOT found.
Which ethernet port in this server is for public Internet accsess, not for DRBL connection?
Available ethernet ports in this server:
ens192 (192.168.1.10), ens224 (192.168.10.1), 
[ens192] 
[…]
What is the initial number do you want to use in the last set of digits in the IP (i.e. the initial value of d in the IP address a.b.c.d) for DRBL clients connected to this ethernet port ens224.
[1] 10
******************************************************
How many DRBL clients (PC for students) connected to DRBL server's ethernet network interface ens224 ?
Please enter the number: 
[12] 50
[…]
------------------------------------------------------
In the system, there are 3 modes for diskless linux services:
[0] Full DRBL mode, every client has its own NFS based /etc and /var.
[1] DRBL SSI (Single system image) mode, every client uses tmpfs based /etc and /var. In this mode, the loading and necessary disk space of server will be lighter. NOTE! (a) The client machine memory is recommended at least 256 MB. (b) The setting and config files of client will not be saved to the DRBL server! They are just used once and will vanish after the machine shutdowns! Besides, if you modify any file in the template client (located in /tftpboot/nodes), you have to run drbl-gen-ssi-files to create the template tarball in /tftpboot/node_root/drbl_ssi/. (c) If you want to provide some file to overwrite the setting in the template tarball when client boots, check /tftpboot/node_root/drbl_ssi/clients/00_README for more details.
[2] I do NOT want to provide diskless Linux service to client.
Which mode do you prefer?
[0] 2
No diskless Linux for client is the system.
******************************************************
------------------------------------------------------
In the system, there are 4 modes available for clonezilla:
[0] Full Clonezilla mode, every client has its own NFS based /etc and /var.
[1] Clonezilla box mode, every client uses tmpfs based /etc and /var. In this mode, the loading and necessary disk space of server will be lighter than that in Full Clonezilla mode. Note! In Clonezilla box mode, the setting and config files of client will not be saved to the DRBL server! They just use once and will vanish after the machine shutdowns!
[2] I do NOT want clonezilla.
[3] Use Clonezilla live as the OS (Operating System) of clients.
Which mode do you prefer?
[0] 3
Use Clonezilla live as the OS (Operating System) of clients when running Clonezilla job.
******************************************************
******************************************************
What's the Clonezilla live release branch for the clients?
[0]: stable (Debian-based)
[1]: testing (Debian-based)
[2]: alternative stable (Ubuntu-based)
[3]: alternative testing (Ubuntu-based)
If unsure, choose [2]: alternative stable.
[2] 
From Ubuntu 19.10, only amd64 (x86-64) release of Clonezilla live is available.
******************************************************
The CPU arch for clients when running Clonezilla job: amd64
------------------------------------------------------

Solution 2 - official Debian repository

Install prerequisites packages

From Debian repository drbl package fails to automaticaly install nfs, dhcp etc… so we have to install them manually.
  • Install nfs server :
root@host:~# apt update
root@host:~# apt install nfs-kernel-server
  • Install dhcp server :
root@host:~# apt install isc-dhcp-server
  • Install tftp server :
root@host:~# apt install tftpd-hpa
  • Install other necessary packages :
root@host:~# apt install iptables syslinux-common pxelinux grub-efi-amd64 grub-efi-ia32-bin

Install and configure DRBL

  • Install DRBL package :
root@host:~# apt install drbl
  • Edit /etc/drbl/drbl.conf to enable secure boot compatibility :
# uEFI network secure boot for clients. This is still in testing.
secure_boot_client="yes"
  • Install DRBL server :
Note : We will press the "Enter" key at any question to choose the default value.
root@host:~# drblsrv -i
  • Push config :
Note : Choose the default options except those listed below.
root@host:~# drblpush -i
[…]
The public IP address of this server is NOT found.
Which ethernet port in this server is for public Internet accsess, not for DRBL connection?
Available ethernet ports in this server:
ens192 (192.168.1.10), ens224 (192.168.10.1), 
[ens192] 
[…]
What is the initial number do you want to use in the last set of digits in the IP (i.e. the initial value of d in the IP address a.b.c.d) for DRBL clients connected to this ethernet port ens224.
[1] 10
******************************************************
How many DRBL clients (PC for students) connected to DRBL server's ethernet network interface ens224 ?
Please enter the number: 
[12] 50
[…]
------------------------------------------------------
In the system, there are 3 modes for diskless linux services:
[0] Full DRBL mode, every client has its own NFS based /etc and /var.
[1] DRBL SSI (Single system image) mode, every client uses tmpfs based /etc and /var. In this mode, the loading and necessary disk space of server will be lighter. NOTE! (a) The client machine memory is recommended at least 256 MB. (b) The setting and config files of client will not be saved to the DRBL server! They are just used once and will vanish after the machine shutdowns! Besides, if you modify any file in the template client (located in /tftpboot/nodes), you have to run drbl-gen-ssi-files to create the template tarball in /tftpboot/node_root/drbl_ssi/. (c) If you want to provide some file to overwrite the setting in the template tarball when client boots, check /tftpboot/node_root/drbl_ssi/clients/00_README for more details.
[2] I do NOT want to provide diskless Linux service to client.
Which mode do you prefer?
[0] 2
No diskless Linux for client is the system.
******************************************************
------------------------------------------------------
In the system, there are 4 modes available for clonezilla:
[0] Full Clonezilla mode, every client has its own NFS based /etc and /var.
[1] Clonezilla box mode, every client uses tmpfs based /etc and /var. In this mode, the loading and necessary disk space of server will be lighter than that in Full Clonezilla mode. Note! In Clonezilla box mode, the setting and config files of client will not be saved to the DRBL server! They just use once and will vanish after the machine shutdowns!
[2] I do NOT want clonezilla.
[3] Use Clonezilla live as the OS (Operating System) of clients.
Which mode do you prefer?
[0] 3
Use Clonezilla live as the OS (Operating System) of clients when running Clonezilla job.
******************************************************
******************************************************
What's the Clonezilla live release branch for the clients?
[0]: stable (Debian-based)
[1]: testing (Debian-based)
[2]: alternative stable (Ubuntu-based)
[3]: alternative testing (Ubuntu-based)
If unsure, choose [2]: alternative stable.
[2] 
******************************************************
What's the CPU arch for the clients when running Clonezilla job with Clonezilla live?
[0]: i386
[1]: amd64
If unsure, choose i386.
[0] 1
Note : ⚠️If like me, you have a ipv6 address assigned to your wan interface, the dhcp service may fail to start with the messa "Failed to start service isc-dhcp-server !!!". To solve this problem, edit the /etc/dhcp/dhcpd.conf file and delete the line "option domain-name-servers". Then restart with drbl-all-service start command.⚠️

Fix UEFI and BIOS configuration files

No matter the method used to install DRBL, the boot configuration files must be modified, otherwise it will not be possible to boot Clonezilla.

Set UEFI boot menu

  • Edit /tftpboot/nbi_img/grub/grub.cfg file :
# Created by gen-grub-efi-nb-menu! Do NOT edit unless you know what you are doing! 
set default=clonezilla-se-client
set timeout_style=menu
set timeout=10
set hidden_timeout_quiet=false
set graphic_bg=yes
# tftpd_opt can be tftpd_opt=tftp or tftpd_opt="tftp,$tftp_server_ip", e.g., tftpd_opt=tftp,192.168.66.254
set tftpd_opt=tftp
# "run_load_netboot" is the flag to avoid load_netboot to be run more than once.
#
function load_netboot {
  set prefix=($tftpd_opt)/grub
  echo "Grub CPU and platform: $grub_cpu, $grub_platform"
  echo 'Network status: '
  net_ls_cards
  net_ls_addr
  net_ls_routes
  # sleep 5
}
#
function load_gfxterm {
  set gfxmode=auto
  insmod efi_gop
  insmod efi_uga
  insmod gfxterm
  terminal_output gfxterm
}

load_netboot

# Somehow the grub2 from CentOS 7 will look for unicode.pf2.pf2 if using "loadfont unicode.pf2". While in Debian/Ubuntu it's OK to use "loadfont unicode.pf2".
if [ x"${graphic_bg}" = xyes ]; then
  if loadfont unicode; then
    load_gfxterm
  elif loadfont unicode.pf2; then
    load_gfxterm
  fi
fi
if background_image drblwp.png; then
  set color_normal=black/black
  set color_highlight=magenta/black
else
  set color_normal=cyan/blue
  set color_highlight=white/blue
fi
# Decide if the commands: linux/initrd (default) or linuxefi/initrdefi
set linux_cmd=linux
set initrd_cmd=initrd
export linux_cmd initrd_cmd
if [ "${grub_cpu}" = "x86_64" -o "${grub_cpu}" = "i386" ];then
  set linux_cmd=linuxefi
  set initrd_cmd=initrdefi
fi

menuentry "Clonezilla-live" --id clonezilla-se-client {
  echo "Enter Clonezilla..."
  echo 'Loading Linux kernel vmlinuz-pxe...'
  #Add live-netdev="eth0" to force eth0 as primary interface and avoid WWAN0 boot priority see : https://sourceforge.net/p/clonezilla/discussion/Help/thread/1f90134ddd/
  $linux_cmd Clonezilla-live-vmlinuz initrd=Clonezilla-live-initrd.img boot=live union=overlay username=user hostname=hirsute config components noswap edd=on nomodeset enforcing=0 locales=en_US.UTF-8 keyboard-layouts=en ocs_live_extra_param= ocs_live_batch=no net.ifnames=0 noeject netboot=nfs nfsroot=192.168.10.1:/tftpboot/node_root/clonezilla-live/ ocs_server="192.168.10.1" ocs_daemonon=\"ssh\" ocs_prerun=\"mount -t nfs 192.168.10.1:/home/partimag /home/partimag/\" ocs_live_run=\"clonezilla -l en_US.UTF-8 -p choose  -k --skip-lite-menu  \"
  echo 'Loading initial ramdisk initrd-pxe.img...'
  $initrd_cmd Clonezilla-live-initrd.img
}

menuentry "Local operating system (if available)" --id local-disk {
  echo "Booting first local disk..."
  # Generate boot menu automatically
  configfile grub/boot-local-efi.cfg
  # If not chainloaded, definitely no uEFI boot loader was found.
  echo "No uEFI boot loader was found!"
  sleep 15
}

menuentry "Reboot" --id reboot {
  echo "System rebooting..."
  reboot
}

menuentry "Shutdown" --id shutdown {
  echo "System shutting down..."
  halt
}

menuentry 'uEFI firmware setup' 'uefi-firmware' {
  echo "Entering uEFI firmware setup..."
  insmod efifwsetup
  fwsetup
}
  • As a result, you should have this screen when booting from clients :
DRBL UEFI boot screen

Set Legacy BIOS boot menu

  • Edit /tftpboot/nbi_img/pxelinux.cfg/default file :
default vesamenu.c32
timeout 100
prompt 0
noescape 1
ENU MARGIN 5
ENU BACKGROUND drblwp.png

# Set the color for unselected menu item and timout message
ENU COLOR UNSEL 7;32;41 #c0000090 #00000000
ENU COLOR TIMEOUT_MSG 7;32;41 #c0000090 #00000000
ENU COLOR TIMEOUT 7;32;41 #c0000090 #00000000
ENU COLOR HELP 7;32;41 #c0000090 #00000000

PATH bios/

say **********************************************
say Welcome to DRBL.
say NCHC Free Software Labs, Taiwan.
say http://drbl.org; http://drbl.nchc.org.tw
say **********************************************

# Allow client to edit boot parameters
ALLOWOPTIONS 1

# simple menu title
ENU TITLE DRBL (http://drbl.org)

label local
  #MENU DEFAULT
  # MENU HIDE
  MENU LABEL Local operating system (if available)
  # MENU PASSWD
  kernel chain.c32
  append hd0
  TEXT HELP
  Boot local OS from first hard disk if it's available
  ENDTEXT

label Clonezilla-live
  MENU DEFAULT
  #MENU HIDE
  MENU LABEL Clonezilla Live
  KERNEL Clonezilla-live-vmlinuz
  #Add live-netdev="eth0" to force eth0 as primary interface and avoid WWAN0 boot priority see : https://sourceforge.net/p/clonezilla/discussion/Help/thread/1f90134ddd/
  APPEND initrd=Clonezilla-live-initrd.img boot=live union=overlay noswap noeject nolocales locales=en_US.UTF-8 keyboard-layouts=en ocs_prerun="mount -t nfs 192.168.10.1:/home/partimag /home/partimag/" vga=788 netboot=nfs nfsroot=192.168.10.1:/tftpboot/node_root/clonezilla-live/ ocs_server="192.168.10.1" ocs_live_run="clonezilla -l en_US.UTF-8 -p choose -k --skip-lite-menu"

  TEXT HELP
  Clonezilla Live runs on RAM
  ENDTEXT
  • As a result, you should have this screen when booting from clients :
DRBL BIOS boot screen

Backup and Restore

Now that the hardest part has been done we can proceed to backup or restore the clients images.

We will see here how to backup and restore a complete system.

Note : the restore option won't appear if you don't already have a backup image in the /home/partimag/ file share.

Backup

  • Choose device-image :
Clonezilla device-image menu
  • Choose Beginner :
Clonezilla choose the mode to run
  • Choose savedisk :
Clonezilla choose the mode to run
  • Give a name to the image :
Clonezilla Input a name for the saved image
  • Choose disk to backup :
Clonezilla disk to backup
  • Choose the compression option :
Clonezilla choose compression
  • Choose whether or not to check and repair the file system before saving :
Clonezilla choose to check filesystem
  • Choose whether or not to check the integrity of the image backup :
Clonezilla choose to check image
  • Choose whether or not to encrypt the image :
Clonezilla encrypt menu
  • Finaly press enter and type y to start backup :
Clonezilla start backup
  • Wait until the process is complete :
Clonezilla backup progress window

Restore

  • Choose device-image :
Clonezilla device-image menu
  • Choose Beginner mode :
Clonezilla choose the mode to run
  • Choose restoredisk :
Clonezilla choose to restore
  • Choose the image to restore from the list :
Clonezilla image to restore
  • Choose the target disk, ⚠️All data will be deleted⚠️:
Clonezilla choose target disk to restore
  • Choose whether or not to check the integrity of the image before to restoring it :
Clonezilla check image menu
  • Finaly press enter and type y to start restore :
Clonezilla restoring image
  • Wait until the process is complete :
Clonezilla restoring image

References

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

Contact :