This repository's main purpose is to hold and document modifications done to Clonezilla (Live/SE). These modifications were specifically targeted for our production needs. The motivation behind such changes were done so to speed up the process of rebooting a server, to fix broken basic GUI features, to add basic IT functions (server edition). Additionally, I've added a lot of scripts and basic C programs in beast/ which are used to automate many of our production needs for SSDs/HDDs & USBs.
The main purpose of rebuild.sh is to be able to use any filesystem.squashfs, wether it has been modified already or not and to ultimately produce the same consistent image each time, hence all the recopying of files. All files located in server/ and beast/ are files that have been in some way modified from the original filesystem.squashfs. I've also included the copying of symlinks as well. However all changes may not have been accounted for, those will be eventually dealt with.
The following is the synopsis:
rebuild.sh OPTION
OPTION:
--server, server - Rebuild for imaging servers
--server-chroot, server-chroot - Chroot into server's rootfs
--test-initrd, test-initrd - Test Clonezilla-Live initrd with qemu
--initrd, initrd - Rebuild initrd.img for Clonezilla-Live.initrd.img
You will need qemu installed in your system.
Much like the beast, I tried writing rebuild.sh and keeping all files that I've modified so that rebuild.sh can give you what I once made in a presistent manner. If you don't want to go throgh and make surethat all changes have been made from an original copy, then you can download my working copy here (resquashed on 9/16/2018). Although its more than likely this has changed by the time you download it, the changes won't be major from now on out. Make sure to rename it to filesystem.squashfs and that it resides in the server/ directory. To uncompress it, execute the following:
sudo unsquashfs filesystem.squashfs
- Installed: syncthing, gsmartcontrol, nut-client, scrot (backup to fbgrab), ftp-upload, inotify-tools, udisks2, crda
- Uninstall: vim-common, vim-runtime, vim-tiny
Set REGDOMAIN=US otherwise we get a very vague deauthentication by local choice (Reason: 3=DEAUTH_LEAVING)
Symlink to reflect new default wallpapers from svgs to pngs
Too long of a file. Hopefully I remebered to mention all lines edited. If not, sorry.
- Lines edited: 2516, 3539-3541, 3789-3791
- Can't remember if any other line was edited.
Remove unwanted text (Clonezilla Live 0.0.0-0 runs on RAM) from PXE menu when imaging units
- Lines edited: 802-804
Please don't tell me to press Enter to continue.
- Lines editied: 153-155, 173-175, 304-305, 318, & 335-336
All other firstboot* and Forcevideo-drbl-live don't matter, I figured.
- Lines edited: 32-32, automatically start the GUI, no need to ask us.
Changed HALT_REBOOT_OPT=""
to HALT_REBOOT_OPT="-f -n"
to force poweroff/reboot immediately without syncing via systemd.
File updated to reflect new custom wallpapers from originally svgs to pngs as seen in desktop-wallpaper/.
- Lines edited: 5-15, changed .svg to .png
Pretty self explanatory.
networks(5) is a powerful system daemon but it has limitations.
Unfortunately for our case, networks(5) isn't customizable enough for our
environment. So ifupdownsucks.sh was created
to manage the IP address of both Clonezilla servers in a live environment.
ifupdownsucks.sh does have to run on a infinite
loop while the OS is running as rebooting either one of the servers will
cause the IP address of the other one to drop. Additionally,
ifupdownsucks.sh only starts after eth0,
eth0:1, and dhcp are brought up otherwise ocs-live-netcfg
(or some other script in the latter) will configure eth1 as as the LAN
that faces the PXE clients.
- Line(s) edited: 4865-4866, 6596-6598, 6651-6653, 6932-6934, 7609-7911, no more
Press Enter
nonsense - Line 8819: Prevent set-netboot-1st-efi-nvram from running. reorders the boot order on most Dell firmware so that PXE (IPv4 & IPv6) are at the top.
This is used to blacklist kernel modules from loading. Usually these
modules are completely useless but may include those causing kernel panics
or other issues when loaded automatically by the kernel itself. You will
need to rebuild the initrd (./rebuild.sh initrd
) and the server
filesystem.squashfs (./rebuild.sh server
)
This file basically configures the ethernet that is facing the PXE clients. All lines mentioned automate the configuration with a static ip address.
- Lines edited: 146-149, 151-154, 160-164, 171,174, 442-445, 462-473
check_img_in_pxe_cfg() from drbl-functions:999 eventually claims to be "Unable to find the image (local) label! Make sure the local label is labeled in /tftpboot/nbi_img/pxelinux.cfg/default! Program terminated"
So we added cp /opt/default $pxecfg_pd/pxelinux.cfg/default
on the beginning of start_ocs_srv() in ocs-srv-live:40
rc.local not only gets executed on the server live but also on the PXE clients (units to be images). So becareful of what you put in there. This file ultimately gets copied to /tftpboot/nbi_root
This script, unlike ifupdownsucks.sh, is meant
to be run literally as the filename states but only executing whatever
you want it once. So basically after all NICs have been configured and
dhcp is running. This is important because if ssh is invoked by rc.local
or systemctl before starting Clonezilla server (sudo ocs-srv-live -b start
)
ssh will not work. sudo ocs-srv-live -b start
invokes a drbl script
that regenerates ssh certificates and in doing so when ssh had already
done so causes ssh to fail.
Excluding syncthing-resume.service, both of these files had to be edited to work in a live environment. Since we're using a live environment the HDDs in the servers that contain all clonezilla images (mounted as /home/partmag) are responsible of holding all configurations files and the local database that syncthing uses to keep track of file and directories /home/partimag/{.config/syncthing/*, .stfolder, .stignore} So therefore -home was added to both of these files.
These files are copied to /opt and then are copied to /home/user/.config/xfce4/xfconf/xfce-perchannel-xml upon each boot as seen in rc.local Both are responsible of providing modified default settings to our needs for the ability of (a) to click on a USB mass storage device and automatically mount it, and (b) to set Thunar's default view as 'detailed list'.
Follow the steps below to update the Linux kernel. The linux Kernel is located in two locations. The first being in the live folder inside the USB drive that allows our servers to boot Clonezilla in secure mode. The second location is critical to our workflow and allows us to image computers without disabling secure boot. This copy of the Linux kernel is located inside of the squash filesystem that is uncompressed into RAM during boot
Note: We cannot use a custom compiled kernel. This is because we do not want to disable secure boot for each computer that we want to image and the only way to accomplish this is to use a signed kernel + bootloader. We can only do this if we download a signed copy of the kernel which isn't modifiable. Refer to this for more information regarding secure netboot.
- Download the latest Clonezilla Ubuntu AMD64 zip from https://clonezilla.org/downloads.php
- Unzip it:
unzip clonezilla-live-*.zip
cd clonezilla-live-*
Copy the following into server/secure-netboot:cp live/vmlinuz /path/to/DigitalVAR/server/secure-netboot
cp live/initrd.img /path/to/DigitalVAR/server/secure-netboot
Then unsquash filesystem.squashfs to get the signed shim and grubnet bootloadercd live
sudo unsquashfs filesystem.squashfs
Copy the following files and directory into server/secure-netboot:cp /path/to/clonezilla-live-*-*-amd64/live/squashfs-root/usr/lib/shim/shimx64.efi.signed.latest /path/to/DigitalVAR/server/secure-netboot/shimx64.efi
cp /path/to/clonezilla-live-*-*-amd64/live/squashfs-root/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed /path/to/DigitalVAR/server/secure-netboot/grubx64.efi
cp /path/to/clonezilla-live-*-*-amd64/EFI/boot/bootx64.efi /path/to/DigitalVAR/server/secure-netboot
cp /path/to/clonezilla-live-*-*-amd64/live/squashfs-root/usr/lib/grub/x86_64-efi /path/to/DigitalVAR/server/secure-netboot
Copy the firmware + device drivers folder into server/squashfs-root for filesystem.squashfsrm -rf /path/to/DigitalVAR/server/squashfs-root/lib/modules/old-v.w.x-y-z
rm -rf /path/to/DigitalVAR/server/squashfs-root/lib/firmware
cp squashfs-root/lib/firmware /path/to/DigitalVAR/server/squashfs-root/lib
cp squashfs-root/lib/modules/v.w.x-y-z /path/to/DigitalVAR/server/squashfs-root/lib/modules
- Rebuild the server filesystem.squashfs:
./rebuild.sh server
Copy the following into the Clonezilla USB boot drive:/path/to/latest/downloaded/clonezilla-zip/live/vmlinuz
-> /path/to/Clonezilla-USB/live/path/to/latest/downloaded/clonezilla-zip/live/initrd.img
-> /path/to/Clonezilla-USB/live/path/to/DigitalVAR/server/filesystem.squashfs
-> /path/to/Clonezilla-USB/live
Copy initrd.img, filesystem.squashfs, and vmlinuz to /path/to/CLONER SE/live