Cloning OPNsense to Another Disk on a Live System
As part of an ongoing project to consolidate my infrastructure, I am turning my physical OPNsense router into a virtual machine (I may elaborate on the reasons in another blog post). Before proceeding with the virtualization, it’s essential to create a clone of the existing system disk for backup or migration purposes. In this guide, we’ll walk through the steps to clone the running OPNsense system to another disk.
Pre-requisites
- OPNsense system using ZFS
- A second disk with equal or larger size (will be referred to as
ada1) - Basic understanding of FreeBSD disk utilities
Step 1: Identify the Current Disk and Filesystem
First, identify the current disk used by OPNsense. Typically, the root file system (/) is on ZFS.
Run the following command to view mounted filesystems:
root@router:~ # mount
zroot/ROOT/default on / (zfs, local, noatime, nfsv4acls)
devfs on /dev (devfs)
zroot/tmp on /tmp (zfs, local, noatime, nosuid, nfsv4acls)
zroot/usr/ports on /usr/ports (zfs, local, noatime, nosuid, nfsv4acls)
zroot/var/log on /var/log (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/var/crash on /var/crash (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/var/audit on /var/audit (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/usr/src on /usr/src (zfs, local, noatime, nfsv4acls)
zroot on /zroot (zfs, local, noatime, nfsv4acls)
zroot/var/tmp on /var/tmp (zfs, local, noatime, nosuid, nfsv4acls)
zroot/var/mail on /var/mail (zfs, local, nfsv4acls)
zroot/usr/home on /usr/home (zfs, local, noatime, nfsv4acls)
devfs on /var/dhcpd/dev (devfs)
devfs on /var/unbound/dev (devfs)
devfs on /var/unbound/dev (devfs)
/usr/local/lib/python3.9 on /var/unbound/usr/local/lib/python3.9 (nullfs, local, noatime, read-only, nfsv4acls)
As can be seen, there’s no mounted partitions other than the ZFS datasets, which makes it ideal for live migration.
Step 2: Backup Existing Partition Table
Back up the partition table of your existing disk (ada0 in this example) to a file.
gpart backup ada0 > ada0_partitions
Step 3: Prepare the Destination Disk
Before we clone the partition table to the new disk, make sure it’s empty or you’re willing to erase it.
gpart destroy -F ada1
Warning: This step will destroy all data on ada1.
Step 4: Clone the Partition Table
Use the backed-up partition table to set up identical partitions on the new disk (ada1).
gpart restore -F ada1 < ada0_partitions
Step 5: Optionally Resize Last Partition
If ada1 is larger than ada0, you can resize the last partition to utilize the extra space.
gpart resize -i 4 ada1
Step 6: Clone ZFS Pool
You can now add the new ZFS partition to your existing ZFS pool in a mirrored setup. This will initiate the resilvering process.
zpool attach zroot ada0p4 ada1p4
Use zpool status to monitor the resilvering process.
zpool status
Here’s an example output during resilvering:
root@router:~ # zpool status
pool: zroot
state: ONLINE
status: One or more devices is currently being resilvered. The pool will
continue to function, possibly in a degraded state.
action: Wait for the resilver to complete.
scan: resilver in progress since Sun Oct 1 23:04:57 2023
8.34G scanned at 41.3M/s, 4.95G issued at 24.5M/s, 8.35G total
5.10G resilvered, 59.24% done, 00:02:22 to go
config:
NAME STATE READ WRITE CKSUM
zroot ONLINE 0 0 0
mirror-0 ONLINE 0 0 0
ada0p4 ONLINE 0 0 0
ada1p4 ONLINE 0 0 0 (resilvering)
errors: No known data errors
Wait for the resilvering to complete before proceeding.
Step 7: Update Boot Code
Finally, you’ll need to install the boot code to the new disk.
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1
Conclusion
In summary, this guide walked you through the process of cloning your OPNsense system disk on a live system. By now, you’ve not only created a mirror of your existing disk but also gained an understanding of the benefits of ZFS. With this new disk, you’re ready to plug it into another server and continue your operations seamlessly. This method provides you with a robust backup strategy, ensuring minimal downtime in your quest to consolidate your infrastructure.
For further questions or issues, feel free to reach out.