LinuxPowerUser.com

Server Administration

Enabling MySQL Logging on Archlinux

by on Mar.18, 2012, under Server Administration

This morning I was doing some troubleshooting on a PHP program that couldn’t seem to access the locally running MySQL database server. Upon searching for some logging to figure out what was going on, I came across the fact the MySQL as installed from the Arch repositories, doesn’t enable much along theses lines.

MySQL supports error logging to /var/lib/mysql directory by default. The file is usually in the form .err. This file shows mysqld startup errors and other basic troubleshooting information. I was looking for something a little more in depth, such as client connections, and SQL statement logging. Apparently this type of logging is referred to as general logging. After some experimentation, it appears that enabling this log requires a few simple system changes.

Enabling general logging for MySQL

The first step is to figure out where you want MySQL to store its general log. In our example, we will put it in the /var/log/mysql directory, in file called general.log. This directory and file must be created, and permissions set so that mysql can write to it. MySQL will not create this file on its own. So lets create the directory and file with the following commands:

sudo mkdir /var/log/mysql
sudo touch /var/log/mysql/general.log
sudo chown mysql:mysql -R /var/log/mysql

Then, in order tell MySQL to enable general logging, a couple of lines so be added to the /etc/mysql/my.cnf file in the [mysqld] section – see last two lines in the example my.cnf file below:

# The MySQL server
[mysqld]
port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
skip-external-locking
key_buffer_size = 16M
max_allowed_packet = 1M
table_open_cache = 64
sort_buffer_size = 512K
net_buffer_length = 8K
read_buffer_size = 256K
read_rnd_buffer_size = 512K
myisam_sort_buffer_size = 8M
general_log = 1
general_log_file = /var/log/mysql/general.log

That’s all it takes! Save the my.cnf file, and restart mysqld with:

/etc/rc.d/mysqld restart

You should now the general.log file in /var/log/mysql. An example might look like this (showing some client connections and select statements):

/usr/bin/mysqld, Version: 5.5.21-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /var/run/mysqld/mysqld.sock
Time Id Command Argument
120318 10:10:26 1 Connect UNKNOWN_USER@localhost as on
1 Quit
120318 10:10:39 2 Connect root@localhost on
2 Init DB webcalendar
2 Init DB webcalendar
2 Query SELECT COUNT( cal_value ) FROM webcal_config
2 Query SELECT cal_permissions FROM webcal_access_function
WHERE cal_login = 'admin'
2 Query SELECT cal_permissions FROM webcal_access_function
WHERE cal_login = '__default__'
2 Init DB webcalendar
2 Query SELECT cal_login, cal_lastname, cal_firstname, cal_is_admin, cal_email, cal_passwd FROM webcal_user ORDER BY cal_lastname, cal_firstname, cal_login

The above snip shows MySQL starting and an application hitting a database.

Configuring MySQL to log errors to the system log

That last thing I want to cover is getting MySQL to log to the system log, instead of its own log in /var/lib/mysql. I mentioned above that MySQL logs errors to /var/lib/mysql/.err. We will make a simple change to log those same messages to the system log, named to the daemon.log.

This one is pretty simple – add the following section to the /etc/mysql/my.cnf file:


[mysqld_safe]
syslog

And then restart MySQL with:

/etc/rc.d/mysqld restart

You should see messages in the daemon.log file that look something like this:

Mar 18 10:14:54 localhost mysqld_safe: Starting mysqld daemon with databases from /var/lib/mysql
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: The InnoDB memory heap is disabled
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: Mutexes and rw_locks use GCC atomic builtins
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: Compressed tables use zlib 1.2.6
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: Initializing buffer pool, size = 128.0M
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: Completed initialization of buffer pool
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: highest supported file format is Barracuda.
Mar 18 10:14:54 localhost mysqld: 120318 10:14:54 InnoDB: Waiting for the background threads to start
Mar 18 10:14:55 localhost mysqld: 120318 10:14:55 InnoDB: 1.1.8 started; log sequence number 2218816
Mar 18 10:14:55 localhost mysqld: 120318 10:14:55 [ERROR] /usr/bin/mysqld: Can't find file: './performance_schema/events_waits_current.frm' (errno: 13)

In summary, the above changes will allow you to “see” what MySQL is doing both in terms of the daemon itself, and the actual activity being processed by the database server. These changes could also work on other distros, but in particular ArchLinux by default enables only error logging to the MySQL directory only.

Up next – configuring syslog-ng as syslog server for network devices.

Leave a Comment :, , , , more...

Ubuntu Apache LAMP Server Quick Howto – Part 2 – SSL Websites

by on Mar.30, 2010, under Networking, Server Administration

Hi – Welcome back to the Ubuntu Apache LAMP Server Quick Howto.  This second part of the series will cover configuring SSL for use with Apache for securing website content.  SSL stands for Secure Sockets Layer, and is a method of providing transport layer encryption or TLS (transport layer security).  SSL typically uses X.509 digital certificates to perform authentication and encryption functions.   X.509 is based on public key infrastructure or PKI.  PKI is beyond the scope of this article (sounds like a good topic for a future article), but we will at least create a self-signed certificate for instructional purposes here.

SSL adds a few caveats to Apache configuration.  One of those is name based virtual hosting.  SSL does not allow the use of name based virtual hosts.  From the apache SSL/TLS Strong Encryption Guide:

“Why is it not possible to use Name-Based Virtual Hosting to identify different SSL virtual hosts?

Name-Based Virtual Hosting is a very popular method of identifying different virtual hosts. It allows you to use the same IP address and the same port number for many different sites. When people move on to SSL, it seems natural to assume that the same method can be used to have lots of different SSL virtual hosts on the same server.

It comes as rather a shock to learn that it is impossible.

The reason is that the SSL protocol is a separate layer which encapsulates the HTTP protocol. So the SSL session is a separate transaction, that takes place before the HTTP session has begun. The server receives an SSL request on IP address X and port Y (usually 443). Since the SSL request does not contain any Host: field, the server has no way to decide which SSL virtual host to use. Usually, it will just use the first one it finds, which matches the port and IP address specified”

My experience is that Apache will reject the configuration if you attempt to use named based virtual hosts with SSL.

So, with this in mind, if I have multiple “sites” to serve with SSL, I either use different IP addresses for each site, or I serve one site with multiple directories of content that can be referenced by http://<site fqdn>/directory.  For example, if I had a site called www.stuff.com and it used SSL, I would add content for different functions/site at https://www.stuff.com/systeminfo or http://www.stuff.com/shopping.

Anyway, so, how do we set up SSL?  First thing is to make sure its enabled on your LAMP server.  To turn on SSL use the following command:

sudo a2enmod ssl

followed by

sudo /etc/init.d/apache2 restart

Also – we should create a specific document root directory for the SSL Apache to use.  This way, if you have both SSL and non-SSL sites on the same server, not all the non-ssl sites will be published automatically by the SSL definition.

sudo mkdir /var/www-ssl

Creating a self signed certificate:

In order to use SSL with Apache you must have a certificate.  Here is how to make a self signed certificate.  Note:  Self Signed certs are fine for testing and lab servers, but are not recommended for production environments or internet facing servers.

First, you will need to create a private key file:

sudo openssl genrsa 1024 > host.key
sudo chmod 400 host.key

Next, you will need to create the certificate:

sudo openssl req -new -x509 -nodes -sha1 -days 365 -key host.key > host.cert

After hitting enter, you will be prompted for several pieces of information that will be encoded into the certificate.  Here is an example output:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Kansas
Locality Name (eg, city) []:Topeka
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Test.com
Organizational Unit Name (eg, section) []:IT
Common Name (eg, YOUR name) []:www.test.com
Email Address []:admin@test.com

Note, the Common Name should be the fully qualified domain name of your web server.  Your cert and key will be in the current directory, and will be called host.cert (cert) and host.key (key).  Both of these files will be needed for the next step.  As root or using sudo, copy the key file to the /etc/ssl/private directory on your LAMP server, and copy the cert file (host.cert) to the /etc/ssl/certs directory.

Next go to the /etc/apache2/sites-available and edit the default-ssl file.  This file controls the default SSL virtual host configuration.  We will be modifying the following some the lines in the file.  As root, find the beginning stanza in the file (with your favorite editor) and it will look something like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
            ServerAdmin webmaster@localhost

            DocumentRoot /var/www
            <Directory />
                         Options FollowSymLinks
                         AllowOverride None
            </Directory>
            <Directory /var/www>
                        Options Indexes FollowSymLinks MultiViews
                        AllowOverride None
                        Order allow,deny
                        allow from all
            </Directory>

Change the webmaster@localhost to an email address of the person responsible for the server (this isn’t required, but is probably good practice).

Also, you should probably add a ServerName directive right after the ServerAdmin directive.  The ServerName directive should reflect the fully qualified domain name as the server.

The DocumentRoot directive should be changed to /var/www-ssl – the directory we made earlier.  Lastly, the Directory /var/www directive should be changed to Directory /var/www-ssl.

Here is the same code snip, modified for a server called www.test.com:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
           ServerAdmin admin@test.com
           ServerName www.test.com
           DocumentRoot /var/www-ssl
           <Directory />
                  Options FollowSymLinks
                  AllowOverride None
           </Directory>
           <Directory /var/www-ssl>
                  Options Indexes FollowSymLinks MultiViews
                  AllowOverride None
                  Order allow,deny
                  allow from all
           </Directory>

Next, lets find the following couple of lines:

SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

These lines tell Apache where to find the SSL certificate to use for the site.  We are going to replace these with the certificate and private key we created earlier.  We will change them to read:

SSLCertificateFile    /etc/ssl/certs/host.cert
SSLCertificateKeyFile /etc/ssl/private/host.key

Ok – make sure you save your default-ssl file with the changes we have detailed above.  After the file is saved, run the following command:

a2ensite default-ssl

followed by:

/etc/init.d/apache2 restart

Now, its time to test to see if you can connect to the server with SSL. You might want to create an index.html file at the /var/www-ssl directory first though. To do this simply create a file with “It works, SSL!” in it as root and save it to the /var/www-ssl directory with the name of index.html. Afterwards, open Firefox, and go to https://<server name or IP address>. You probably get a certificate error, since we created a self-signed cert for our tutorial. You should tell Firefox to trust the certificate. If all goes well, you should see: It works, SSL! at the top of the page.

If all went well, we should have a working Apache server with SSL. At this point, you can place content directly under /var/www-ssl or in folders under that directory. If you have some folders under the non-ssl Document root (normally /var/www) simply sim-linking those directories to /var/www-ssl will publish them via SSL as well.

So, what if it doesn’t work? Generally, this is the result of either SSL not being enabled, or an errror in your default-ssl file. Double check that you have enabled SSL with the a2enmod command, and make sure the default-ssl file is correct, and that it has been enabled with the a2ensite command. Also note, that when enabling SSL for the first time, make sure you restart Apache with the command:

/etc/init.d/apache2 restart

To make sure SSL support is enabled. You can check that Apache is listening for SSL connection by doing a

netstat -tan

and looking for an entry like this:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address     State
tcp        0      0 0.0.0.0:443             0.0.0.0:*           LISTEN

 

If that line is not present, then double check your configuration.

Next time we will focus on the Mysql portion of a LAMP server – look for it soon.

4 Comments :, , , , , more...

Ubuntu Apache LAMP Server Quick Howto – Part 1 – Apache Basics

by on Mar.15, 2010, under Networking, Server Administration

Linux web application servers typically use the Linux/Apache/Mysql/PHP stack. Linux being the OS, Apache the web server layer, Mysql provides the database, and PHP the dynamic HTML/Scripting language. Their is an amazing amount of LAMP based applications out there, so getting to know how to administer a LAMP server is a key skill set for running Linux Application servers.

This first article will focus on installing the LAMP stack on an Ubuntu machine, and administering the Apache web server.

There are a few of concepts I would like to cover first though. One of them seems to escape a lot of people in this space. This is a the concept of name based virtual hosts. Name based virtual hosting is the ability for a web server to serve content based on the URL of the incoming request. This is a method of allowing a single server to serve multiple websites content without needing multiple IP addresses. Essentially the server processes the URL request by matching it against a know set of virtual host definitions. When it matches a URL to a virtual host, it serves content from the directory structure assigned to that virtual host.

The other concept is fully qualified domain names. A fully qualified domain name or FQDN is a hostname containing the host and the domain, including the top level domain suffix. Common top level domains (TLDs) are .gov, .com, .org etc. So an example of a FQDN would be: www.linuxpoweruser.com. The www is the host, and linuxpoweruser.com is the domain, so www.linuxpoweruser.com indicates the host called www in the domain linuxpoweruser.com.

The last concept is how what part of a URL is handled by the domain name system (DNS). DNS is responsible for resolving the part of a URL that is between the http:// and the next / in a URL. If there are no following /’s in a URL than DNS processes all of the URL after the http://. I am a DNS administrator for a large retailer and I am constantly asked to add an entry to add a redirect in DNS to allow, for instance, a URL called http://www.test.com to redirect to http://www.retest.com/test/test.html. Since DNS only handles the “www.test.com” or “www.retest.com” everything after the / in the destination, ie /test/test.html is not handled by DNS, and therefore DNS cannot do this sort of redirection. In this case, I can modify DNS to do a redirect for www.test.com to go to the name www.retest.com (or its corresponding server IP address) but its up to the virtual hosting definition or, a bit of redirect html code to handle the rest. Ok, enough said about that.

First, in order to install the LAMP stack on an Ubuntu system, we need to make sure we install the associated packages:

sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server php5-gd phpmyadmin

There are some commands that are very useful to control Apache features and served content. The first set of commands will control the availability of Apache features. For instance, you might want to enable home directory public_html serving, which is the ability to serve content from a users public_html folder in their home directory. Content is then accessed at the web browser by going to http://server ip/~username. To do this, use the a2enmod command:

sudo a2enmod userdir && sudo /etc/init.d/apache2 restart

Other apache modules can be enabled with this a2enmod command. Here is an example that covers server side includes (we will cover server side includes in a later article):


sudo a2mod include && sudo /etc/init.d/apache2 restart

The default document root is /var/www (you need superuser privileges to write in this directory), any files in this directory that are world readable will be accessible by entering the following in a web browser:


http://server ip or name/filename

Anything in a subdirectory below /var/www will appear by appending the directory name to the url. For example, if there is a directory with content at /var/www/mywebsite, it would be accessible with the following url:

http://server/mywebsite/filename where server is the name or IP of your apache server.

New sites can be added by creating site definition files in the /etc/apache2/sites-available directory. Files in this directory are essentially apache configuration files that can be read in or included when apache starts up. This is useful for adding new websites via virtual host definitions, or enabling SSL for your sites.
Edit a new configuration file for the new site :

gksudo gedit /etc/apache2/sites-available/<filename>

Here is an example of a site definition file for adding a directory phpsysinfo as a virtual host on the server, accessible via the sysinfo.rtwsecurenet.com url.

<Directory “/var/www/phpsysinfo”>

# Possible values for the Options directive are “None”, “All”,
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.

#-Indexes disables directory browsing +Includes turns on SSI

Options -Indexes FollowSymLinks +Includes

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
AllowOverride All

# Controls who can get stuff from this server.
Order allow,deny
Allow from all

#add this to allow for different default page names

DirectoryIndex index.html index.shtml index.php

</Directory>

<VirtualHost *:80>

ServerName sysinfo.rtwsecurenet.com
DocumentRoot /var/www/phpsysinfo

</VirtualHost>

Note :80 in VirtualHost statement – needed if running combination of ssl and non-ssl sites. We will break down the components of this file later.

To enable the new site use the a2ensite command:

sudo a2ensite <sitename> && sudo /etc/init.d/apache2 restart

Later, if you would like to disable that site, you can use the a2dissite command to remove the site:

sudo a2dissite <sitename> && sudo /etc/init.d/apache2 restart

Note, that if the site content is at /var/www or a directory below it, you do not have to create a site file.  The site file is only used to include other directories other than what is below /var/www or to create virtual hosts for making content available at a specific host name.

So what is happening with this a2ensite/a2dissite commands?  Essentially, a2ensite makes symbolic links in the /etc/apache2/sites-enabled/ directory for the appropriate file/site being enabled (from the /etc/apache2/sites-available directory).  The a2dissite command simply deletes the symbolic links.

Beware of some web applications that install themselves outside of the normal /var/www and /etc/apache2/sites-available directory structures. An example comes to mind: phpmyadmin. Phpmyadmin is a php based tool for administering Mysql servers. Phpmyadmin on ubuntu does not install in the /var/www folder. Instead it installs in /usr/share/phpmyadmin. It also stores configuration in /etc/phpmyadmin. In the /etc/phpmyadmin folder there is an apache.conf file. This file is executed when Apache is started, and it includes the /usr/share/phpmyadmin directory in the web servers directory structure, so that it appears at http://servername/phpmyadmin, as if it was a directory under /var/www. How does it do this? Another directory, /etc/apache2/conf.d includes symlinks to files to be included in the apache configuration. Its actually very similar to sites-enabled/available. In /etc/apache2/conf.d/ there is a phpmyadmin.conf that is symlinked to /etc/phpmyadmin/apache.conf. These symlinks are created by apt during package installation.

So, in short we have covered installing the LAMP stack, and controlling Apache’s configuration for serving content. In the next article, we will cover creating Secure Sockets Layer (SSL) websites using apache.

2 Comments :, , , , more...

SSH Tunnelling (aka Poor Man’s VPN)

by on Jan.29, 2010, under Networking, Server Administration

Tunnelling of TCP traffic can be performed from the ssh command on Linux or with Putty on Windows, and can be thought of as a poor man’s VPN.  A VPN is a virtual private network, or a method of using a public network such as the internet to  securely transmit data via an encrypted “tunnel”.

VNC is a method of gaining access to a remote GUI on Linux and Windows machines.  VNC is typically considered insecure and not recommended for use on the open internet.  With an SSH tunnel, this doesn’t have to be an issue, as ssh provides security to an otherwise insecure protocol.

Here is an example of how to use VNC over an SSH tunnel:

Start VNC server on a Linux host ssh server to only listen to Loopback interface:

vncserver :1 -localhost

On client machine, start ssh with the following command line:

ssh -L 5901:localhost:5901 <server ip> [-l <login>]

The to access VNC via the SSH tunnel, use the following command on the client machine:

vncviewer localhost:1

What happens?

The ssh process on the client sets up a TCP port redirection on the loopback interface of port 5901, to the loopback interface on the server machine on TCP port 5901.  The vncviewer command connects to the the redirected port on the local loopback interface, which then gets directed over the tunnel to the server machine’s loopback on port 5901, where the vncserver is listening.

This will allow vnc protocol to be securely tunnelled across the SSH connection.

The previous examples showed connecting to services running on the ssh server itself.  Its also possible to use the SSH server to redirect traffic to other machines on the network behind it.

Sometimes we might have to access a Windows Machine behind an a linux SSH server that is connected to the internet (such as linux system performing firewalling for a home network). We can use SSH tunnelling to connect to Windows Remote Desktop as well. (I know this is a linux blog, but most of us out there still have to deal with Windows from time to time)

The following example assumes the following network layout:

Client PC –> Internet–>SSH Server on Firewall–>Private Network–> Windows XP
(188.18.199.11)                                                                                                        (192.168.0.11)
(ssh server can be behind firewall as long as its accessible from Internet)

1. Make sure Windows XP host is running RDP

2. On client PC, start SSH with tunnelling as follows: 4000:192.168.0.11:3389

On Putty this tunnel definition looks like this (click add after completing the boxes):

Which is exactly like the ssh command on Linux:

ssh -L 4000:192.168.0.11:3389 <server> -l <userid>

To connect to the RDP service on the internal Windows XP system, from a client Windows system connected to the internet via the ssh connection:

Use Remote Desktop Connection application that comes with XP, but use this as the address to connect to:

Like the previous example, this causes the program to connect to port # 4000 on the local loopback interface, which then is redirected to the 192.168.0.11 machine on port number 3389 at the other end of the ssh tunnel.  Port # 4000 is used to avoid conflicting with port #3389 on the client as it could have its own RDP server running.

Any TCP based communications can be tunnelled this way over ssh, creating a secure connection for any unsecure protocol. This is also a mechanism for bypassing firewall rules.  As long as the SSH server traffic is allowed (TCP port 22).  It can be used to gain access to other ports that might not be allowed by a local firewall, simply by using a remote ssh server as a proxy for other traffic.

1 Comment :, , , , , more...

Disk and Partition Imaging using dd

by on Jan.26, 2010, under Hardware/Disk Management, Server Administration

Linux provides an abundance of advanced command line tools to manage and modify just about anything on your system.  Today we will explore the use of dd, the primary tool on linux for creating and restoring disk images, among other things.

The dd (diskdump) on Linux can be used to backup an entire disk or partition to an image file. Several caveats apply to this method:

  1. The disk in question can not be in use by an operating system
  2. A destination medium or network resource must be present that is large enough to hold the image.

To backup a disk using dd, the following procedure can be used.

  1. Boot the computer with the disk in question from a Linux Live CD, such as Ubuntu or Knoppix
  2. Mount a destination disk (such as a usb disk drive or nfs mount)
  3. Run dd command to backup disk
  4. Note the size of the disk partition if partitioning a new device is necessary when restoring the image

Here is an example session, to back up a single partition (sda1) containing a Windows XP installation to a USB hard disk mounted at /mnt/sdb1:

As a root user, do the following:

Mount USB disk drive

# mount -t ext3 /dev/sdb1 /mnt/sdb1

Run dd command (piping output through gzip to save space):

# dd if=/dev/sda1 conv=sync,noerror bs=64k | gzip -c > /mnt/sdb1/windowsxp-c.img.gz

Definition of the dd command parameters:

“if=/dev/sda1” is the input file for the dd command, in this case, its linux device sda1
“conv=sync,noerror instructs dd that if it can’t read a block due to an error then it should at least write something to its output of the correct length.

Even if your Hard disk exhibits no errors, dd will read every single block, including any which the OS avoids because it has marked them as bad.

“bs=64k” is the block size of 64 kilobytes. Using a large block size speeds up the copy process. The output of this is then passed to gzip for compression and storage in a file on the destination device.

Noting Partition configuration:

Using the command fdisk -l /dev/<device> where <device> is the device node of the disk being backed up, make note of the number of blocks used to create the partition:

# fdisk -l /dev/sda


Disk /dev/sda: 959.9 GB, 959966085120 bytes
255 heads, 63 sectors/track, 116709 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x2e2d2e2d


Device Boot Start  End   Blocks     Id System
/dev/sda1*      1  15298 122881153+ 7  HPFS/NTFS
/dev/sda2   15299  51771 292969372+ 83 Linux
/dev/sda3   51772  52767   8000370  82 Linux swap / Solaris
/dev/sda4   52768 116709 513614115  83 Linux

The destination disk should have a partition defined identical to the source partition, total number of blocks is the important parameter here.

The partition geometry information can be backed up the the USB hard disk with the following command:

# fdisk -l /dev/sda > /mnt/sdb1/sda_fdisk.txt

Restoring a dd image to a disk/partition

The steps are similar to the backup process:

  1. Boot computer with destination disk from a Linux Live CD
  2. Partition the destination disk, if needed
  3. Mount the source media (usb disk or nfs mount)
  4. Use gunzip and dd to restore image to disk or partition

Here is an example session, to restore the image taken with the above steps:

As a root user, do the following:

Mount image source (USB hard disk at /dev/sdb1)

# mount -t ext3 /dev/sdb1 /mnt/sdb1

Partition destination disk:

# fdisk /dev/<device node in question>; in our case, sda.

<create partition if needed>

Restore image (destination partition is /dev/sda1)

# gunzip -c /mnt/sdb1/windowsxp-c.img.gz | dd of=/dev/sda1 conv=sync,noerror bs=64k

Note: On a fast machine, ie C2Q 6600, and 3ware RAID disk array, a 120GB image takes 25 minutes to create.

In order to have a bootable system, some other configuration may be needed such as restoring a boot block. Check out the next post for details on boot sector management with dd.

A excellent guide on using fdisk for disk partitioning can be found here.

Leave a Comment :, , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...