Saturday, July 28, 2012

How to implement physical servers snapshots on Apple MAC OS X 10.X

Concept

Here is how it works:
  • Mac OS X physical snapshots can be configured with a single disk 
  • Partition your disk to have at least 2 partitions  "MASTER" and "CLONE"
  • Install clean MAC OS X on MASTER. This will become your  disk.
  • Include required packages (see Prerequisites, below)
  • Perfect the OS, install any software that you would like to have as part of the standard OS
  • Setup snapshot scripts and create the snapshot

Banner text

Banner will be displayed during the reimaging process to anyone who will be trying to connect to the system via SSH, CONSOLE or TELNET prior to the end of the snapshot recovery process. Touch /etc/banner_default
WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
 
       THE SYSTEM IS BOOTED TO AN ORIGINAL SNAPSHOT DISK
               SNAPSHOT RECOVERY IS IN PROGRESS
 
       TO PRESERVE INTEGRITY OF THE SYSTEM DO NOT LOGIN!

Enable banner for SSH

To enable banner for SSH, simply uncomment "Banner" in /etc/ssh/sshd_config
# no default banner path
Banner /etc/banner
NOTE: During the reimaging process /etc/banner_default will be renamed to /etc/banner

Scripts and entries

You will need to add scripts and append standard configuration files as part of this process. Feel free to customize as you wish. Append /etc/profile. Simple notification mechanism if a user is trying to login to the system during the snapshot restore. 
#…
PATH=$PATH:/usr/local/bin
export PATH
#…

#master (YOUR ORIGINAL SNAPSHOT DISK)
MASTER=”/dev/disk0s2”

if [ `/usr/sbin/bless --getBoot` == ${MASTER} ]; then
 clear
 cat /etc/banner_default
 while true
  do
   echo "Are you sure you still wish to login? (y or n) :\c"
   read CONFIRM
   case $CONFIRM in
     y|Y|YES|yes|Yes) break ;;
     n|N|no|NO|No)
     echo Aborting - you entered $CONFIRM
     exit
     ;;
    *) echo Please enter only y or n
   esac
  done
else
/bin/rm -f /etc/banner
fi

Create /usr/local/bin/restore_snapshot

Create file /usr/local/bin/restore_snapshot with execute permissions (500). This is the script that you will be executing to request snapshot restore.
#!/bin/sh
#master (YOUR ORIGINAL SNAPSHOT DISK)
MASTER=”/dev/disk0s2”
#clone  (YOUR TEST DISK)
CLONE=”/dev/disk0s3”

# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

if [ `/usr/sbin/bless --getBoot` == ${CLONE} ]
then
        echo "System is booted to the secondary disk"
        echo "Changing boot device priority to boot to the master disk for snapshot restore..."
        echo "INFO: Cancel by CRTL-C in 15 seconds..."
        sleep 15
        set -x
        /usr/sbin/bless --device ${MASTER} --setBoot
        set +x
        echo "Rebooting..."
        /sbin/reboot
else
        /usr/local/bin/resnapshot
fi

MAC OS X /usr/local/bin/resnapshot

Create /etc/rc.resnapshot (chmod 500). This script will be called during OS boot. It will check whether the snapshot restore must start after the reboot.
#!/bin/sh

#master (YOUR ORIGINAL SNAPSHOT DISK)
MASTER=”/dev/disk0s2”
#clone  (YOUR TEST DISK)
CLONE=”/dev/disk0s3”

# Make sure only root can run our script
if [ "$(id -u)" != "0" ]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

echo "INFO: You can still cancel by pressing CRTL-C within 15 seconds..."
sleep 15

if [ `/usr/sbin/bless --getBoot` == ${MASTER} ]
then
        echo "INFO: System is booted to the master image disk."
        echo "INFO: Placing banner."
        set -x
        cp /etc/banner_default /etc/banner
        set +x

        echo "INFO: Restoring snapshot. The system will reboot automatically, if successful."
        echo "INFO: Please wait..."
        echo "INFO: Placing FirstReboot into startup"
        /bin/mkdir -p /Library/StartupItems/FirstBoot
        echo "INFO: Creating FirstReboot script"
        /usr/bin/touch /Library/StartupItems/FirstBoot/FirstBoot
        echo "INFO: Changing Permissions on FirstReboot script"
        /bin/chmod +x /Library/StartupItems/FirstBoot/FirstBoot
        echo "INFO: Populating on FirstReboot script"
        echo "/bin/rm -rf /Library/StartupItems/FirstBoot" > /Library/StartupItems/FirstBoot/FirstBoot
        echo "/sbin/reboot" >> /Library/StartupItems/FirstBoot/FirstBoot
 /usr/sbin/asr -h 2>&1 | grep '\-\-erase'
if [ $? –eq 0 ]; then
        ASRCMD=”/usr/sbin/asr -source ${MASTER} -target ${CLONE} --erase --updatebless –noprompt”
  else
        ASRCMD=”/usr/sbin/asr -source ${MASTER} -target ${CLONE} -erase -updatebless –noprompt”
fi

echo $ASRCMD
set -x
${ASRCMD}

        if [ $? -eq 0 ]; then
                echo "INFO: Restore succeeded! Setting boot to clone..."
                /usr/sbin/bless --device ${CLONE} --setBoot
                /usr/sbin/bless --getBoot
                echo "INFO: Removing Local FirstReboot directory"
                /bin/rm -rf /Library/StartupItems/FirstBoot
                echo "Rebooting Now..."
                /sbin/reboot
        else
                echo "INFO: Snapshot restore failed. Aborting..."
                exit 1
        fi
else
        echo "INFO: System is booted to the clone. Exiting..."
        set -x
        /bin/rm -f /etc/banner
        /usr/sbin/diskutil unmount ${MASTER}
        set +x
fi

Mac OS X job scheduling

defaults write /Library/LaunchDaemons/com.globalitadmins.resnapshot Label com.symantec.resnapshot
defaults write /Library/LaunchDaemons/com.globalitadmins.resnapshot ProgramArguments -array "/usr/local/bin/resnapshot" 
defaults write /Library/LaunchDaemons/com.globalitadmins.resnapshot RunAtLoad -bool true

Create first snapshot

To initiate the first cloning process, simply execute:

/usr/local/bin/restore_snapshot
Mac OS X Restore Snapshot Sample Output
mini106-4:bin root# restore_snapshot 
INFO: You can still cancel by pressing CRTL-C within 15 seconds...
INFO: System is booted to the master image disk.
INFO: Placing banner.
+ cp /etc/banner_default /etc/banner
+ set +x
INFO: Restoring snapshot. The system will reboot automatically, if successful.
INFO: Please wait...
INFO: Placing FirstReboot into startup
INFO: Creating FirstReboot script
INFO: Changing Permissions on FirstReboot script
INFO: Populating on FirstReboot script
+ /usr/sbin/asr -source /dev/disk0s2 -target /dev/disk0s3 --erase --updatebless --noprompt
        Validating target...done
        Validating source...done
        Erasing target device /dev/disk0s3...done
        Validating sizes...done
        Copying    ....10....20....30....40....50....60....70....80....90....100
+ '[' 0 -eq 0 ']'
+ echo 'INFO: Restore succeeded! Setting boot to clone...'
INFO: Restore succeeded! Setting boot to clone...
+ /usr/sbin/bless --device /dev/disk0s3 --setBoot
+ /usr/sbin/bless --getBoot
/dev/disk0s3
+ echo 'INFO: Removing Local FirstReboot directory'
INFO: Removing Local FirstReboot directory
+ /bin/rm -rf /Library/StartupItems/FirstBoot
+ echo 'Rebooting Now...'
Rebooting Now...
+ /sbin/reboot
And you are all set!

Important commands

#CURRENT BOOT DISK: bless –getBoot
#ALL DISKS PARTITIONS: diskutil list

#PARTITION WITH GUI: USE DISKUTILITY  
#MOUNT MASTER WHEN BOOTED ON TEST:
#diskutil mount /dev/disk0s2
#UNMOUNT MASTER WHEN BOOTED ON TEST:
#diskutil unmount /dev/disk0s2

Helpful links

Posted by Dr. J at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)