How to install TrueOS from Restore from Life Preserver backup?


#1

I am running TrueOS on a Mac Mini, installed on a USB memory stick.
I use Life Preserver Replication to backup the whole tank pool on my office FreeBSD server.
If the USB memory stick fails I want to restore it from Restore from Life Preserver backup in the installation DVD. The Restore Wizard ask me only the Host Name, the User Name and the SSH Port and then fails.
How to do it ?

Thanks
Maurizio


#2

Instead of hostname, use the IP address of the back up machine.

Mine points to my FreeNAS mini.


#3

Thanks you RodMyers, I have used both name and IP address but the error remain.
Is Restore from Life Preserver backup useful only in FreeNAS ?


#4

That I’m not sure of… I doubt it. I would assume it works with any networked storage

Have you looked at the at the TrueOS handbook?


#5

Hi Maurizio

I’ve been trying to do the same (use LP with a ZFS FreeBSD (11) server) with no luck but it sounds like you’ve got further than me because at least you’ve got it to replicate, right?

Did you have to use the commandline version of LP for replicating or did the sysadm LP GUI client work for you? If you used the CLI, did you have to run it muliple times to replicate all needed datasets?

Are you using SSH keys? Please outline your process.

I’m sure Kris said he was working on LP recently but I’m not sure his changes have made it into the TrueOS repo yet?


#6

Yes I have read the Handbook and searched in this forum but with no luck.


#7

Hi danboid,

Yes I have successfully replicated it using Life Preserver.

Control Panel -> Life Preserver (GUI)
The log files are in the in /var/log/lpreserver directory.

Yes, but I don’t know if it is necessary.

Maurizio


#8

Hi Maurizio

Thanks for your reply!

Interesting that you got the LP GUI to work - that proves I’m going wrong somewhere but LP does need more feedback anyway. I’m not the only who has noted its lack of feedback.

Was there anything non-obvious you had to do under FreeBSD or TRueOS to get replication working, aside from configuring the ZFS permissions on the target dataset?

I had noticed /var/log/lpreserver but I don’t see anything in there, even when checking it immediately after trying (and failing) to replicate.


#9

Hi danboid,

On FreeBSD server I have create the dataset:

zfs create pool2tb/nobackup/macmini_trueos

In TrueOS I have used it:

The replication is done after the snapshot:

Note: in FreeBSD I have enabled ssh login for root.


#10

Hi Maurizio

Interesting - it seems you haven’t created the dataset (on FreeBSD) as detailed in the TrueOS handbook if thats the only command you ran to create the dataset. I should try again with a plain, default settings dataset as you have used.

That could be the cause of my probs, or the fact that I have disabled root login via SSH but I would think that is less likely the cause as that shouldn’t be needed or required as it is a security risk for boxes connected to the net.

“The replication is done after the snapshot:”

Is that not a typo? Surely you have to replicate before snapshots can be created?

Thanks


#11

Hi danboid,

Sorry but English is not my native language.
First a snapshot must be created and then the replication process can start.


#12

Hi Maurizio!

Your English is very good! I don’t have access to my TrueOS to test it right now but I think you’ve hit the nail on the head. I think I may have been misunderstanding how LP was supposed to operate. I was thinking the user had to create the first replication from the replication tab by clicking the ‘Start’ button after creating a target then you would be able to create snapshots but actually it sounds as if the replication tab only works AFTER the user has created at least one snapshot.

If this is the case, I’d like to suggest the TrueOS devs add a pop-up notification or have LP print a warning message somewhere the user will see it telling them they cannot start replication until at least one snapshot has been created. Also, it would seem that the replication target details are in the wrong tab. It sounds like the correct workfklow (after creating the dataset on the target server) is:

Input target replication server details
Create at least one snapshot. This should allow system restore via the TrueOS installers LP option, including all the snapshots and BE’s up to that point, I’d imagine?
Then, optionally, enable snapshot repliction.

If this is the intended workflow, it would seem to make more sense to either put the replication (target server) input form on the same tab as snapshots or give it its own tab. As it currently stands, the logical thing to push after inputting the server details is ‘Start’ but, actually you need to switch to the ‘Snapshots’ tab and use that before ‘Start’ is an option.

I bet I’m not the only person who has made this false assumption. I’ll update ther LP-related github ticket after I’ve tried it again, hopefully understanding it a bit better.

The images seem to be broken on the TrueOS handbook site currently.


#13

This is the key bit of missing info - keys and passwords. You say it doesn’t ask you for a (SSH) password. Thats a shame because I would like to use it with short (or no) passwords. If it uses SSH keys to authenticate, how do we load them (HTTP?) or integrate our keys into the USB installer?

Otherwise, how does LP restore authentication work? I’m presuming it is dependant upon SSH.


#14

Hello,

Just hoping to share my experience with Life Preserver replicating to a FreeNAS.

If you are replicating over ssh, it requires using keys (at least I think that’s the only way that it can work). In the PC-BSD days, there was some sort of bootstrapping in life preserver where it would generate a no-password SSH key (if it didn’t exist), then ssh over to FreeNAS system as the specified user (asking for that user’s password) and add it to the authorized_keys. This SSH key was stored in /root/.ssh by default. I believe the old GUI also offered an option to export the private key to a USB drive. Then, when you were installing in a new system, you could insert this USB drive and use that key to make life preserver work. I actually did this and it worked great (in PC-BSD 10.3; it was broken when I tried it in TrueOS—shame on me for not reporting it).

I only know this because this boot strapping isn’t perfect. For example, I had configured my FreeNAS to only accept SSH keys and no passwords, so the script failed because I couldn’t log in as that user. But I was able to copy the public key over in the FreeNAS GUI.

If you are starting from scratch with Life Preserver. I’d recommend that you actually look at the information from the old version of Life Preserver for replicating to a FreeNAS. There’s actually a bunch of setup that needs to be done on the server you are replicating to. The basics are:

  1. Create a user on the server.
  2. Create a dataset on the server for storing the snapshots (don’t worry, LifePreserver will create it’s own datasets under that dataset). The user created above will need to own this dataset.
  3. Assign a bunch of attributes for replication (it’s in the link above).
  4. Add root’s public SSH key from your TrueOS machine to the authorized_keys of your created user.

There’s nothing special about the FreeNAS, other than you need to use its UI to do these things. A regular FreeBSD machine should be able to handle this.

Once those basics are done, you should be able to initialize the replication and start a replication of the snapshots. I’ve had much better luck doing this on the command line once I’ve configured things in the GUI. I often have another window looking at the logs.

That being said. Life preserver is not doing any magic per se. It’s just replicating ZFS snapshots and trying to put a more pleasant face on it. If you can do that without Life Preserver, it should be possible to do it with Life Preserver. For example, the last time when the restore didn’t work. I simply just did a regular install and replicated my home directory from it’s Life Preserver snapshot on the FreeNAS using standard ZFS send and receive. I did have the Advanced ZFS Book opened to the replication chapter the entire time though.

It’s disappointing that there’s not a way to automate the server-side setup of Life Preserver, as that’s frustrating to track down. I’m sure FreeNAS could have an “allow Life Preserver backups” option that would do this for you (kind of like what they do for Time Machine backups). Then you just have to have it advertise it’s existence (via Zeroconf) and have Life Preserver GUI pick that up and do the final bits of configuration. There are still issues with turning off password login on a FreeNAS, but that’s surmountable too. But I guess this would be a low priority thing based on the scope of FreeNAS, and likely some would take issue with it creating datasets and users automatically.

It does work pretty OK once you’ve got it set up though. Sometimes I need to re-initialize if a snapshot doesn’t transfer completely (usually because I turn off my laptop without realizing it’s backing up).

Hope this helps.


#15

Feels like I’m getting somewhere now. I had done points 1-3 in setting the server up but I didn’t do 4, which makes perfect sense - I must’ve missed that requirement.

From what maurizio and twschultz say, it sounds like the current TrueOS restore wizard is incomplete / unusable because it doesn’t offer a way to provide the public key, via USB or otherwise.


#16

Someone fixed the TrueOS site and images are viewable again so looking at Fig 11.6.2 on:

https://sysadm.us/handbook/client/sysadmclient.html#life-preserver

It seems two main things are missing before we can use LP SSH restore:

1 - The ability to load a public SSH key or enter a SSH password

2 - The ability to enter a dataset to restore from. I want to be able to backup multiple TrueOS installs to individual datasets on one FreeBSD (or FreeNAS) server.


#17

Hello everyone,

As @danboid pointed out, these screens are missing, but they were actually in the code! I did some investigation, and it seems that when the iSCSI method was removed from PC-BSD, there was a check left behind that branched the restore wizard based on iSCSI/SSH and it made the wizard jump over the whole SSH authentication stuff. This happened after PC-BSD 10.3 came out, which explains why restores worked back when I tried it in PC-BSD, but not when I tried it on my initial TrueOS install.

I’m kind of at a disadvantage here because I can’t roll a new installer image (don’t have the expertise, hardware, time, etc.), but I’m submitting the pull request and I hope it is at least considered. The real commit is the last one in the request. I was a bit foolhardy and put multiple changes in one branch, but I can’t be bothered to split them up.

I’m not sure if there is a bug report related to this, but it could be worth attaching the push request to it.

If it is accepted, people can at least try to run a restore. Personally, I think a restore install could be part of the QA for the release. This seems to have been broken for the entirety of TrueOS. A QA check takes time, but the restore could be small and I suspect some people care about this. For example, once the GELI stuff is re-enabled, and you have a months of happy TrueOS stuff in your home directory), why not just restore that from life preserver when you encrypt that disk :slight_smile:?


#18

Thanks for that twschultz!

I have added a link to your pull request to my compilation of LP questions and requests ticket:

https://github.com/trueos/trueos-core/issues/1434


#19

Great! Seems the patch has been excepted. That means that perhaps the next installer image will have the fixes. I have a machine I want to experiment on it with.

There still is some rough edges in this, (i.e., the UI for exporting the key is still missing), but at least the functionality should work.