There can be use cases where you want to get a block level copy of your servers drives either for backup/archival purposes, or maybe you need it for forensic analysis. For both use cases, how can you perform a block level copy of your drives when you don’t have enough storage space on your server to store it?
This is where dd and ssh come into play. You can perform a block level copy of your disks using dd, and then use ssh inline to transfer it over to your remote workstation.
Things to keep in mind, when you perform a dd copy, it will copy the full disk over, this includes both used and unused space. So if you have 2 drives, one is a 1.5T drive, and the other in a 500G drive, you will need a total of 2T of space on your workstation, or where ever the images are being copied to.
In a perfect world, the drives should be unmounted, or if you are copying over the / partition, the server should be in rescue mode. However, dd can be performed live if you like as long as your not concerned about dynamic data like your databases being corrupted on the destination image.
The first step here is to determine which partitions you want to copy over. You find this by checking df on the server:
[root@web01 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup-lv_root
14G 1.4G 12G 11% /
tmpfs 939M 0 939M 0% /dev/shm
/dev/sda1 477M 99M 353M 22% /boot
/dev/sdb1 2.0G 3.1M 1.9G 1% /mnt
In this example, I want to copy both my / partition, and my /mnt drive.
The commands are meant to be run on the destination server or workstation where you will be storing these images. Do not try to run these on the origin server!
[root@workstation ~]# ssh [email protected] "dd if=/dev/mapper/VolGroup-lv_root " | dd of=192.168.1.100-VolGroup-lv_root.img [root@workstation ~]# ssh [email protected] "dd if=/dev/sdb1 " | dd of=192.168.1.100-sdb1.img
Depending on how large the drives are, and what your network latency is like, this could take a very long time to complete.
Once the process is completed, your can verify the image by mounting the image on your destination server by using a loop back image:
[root@workstation ~]# mkdir -p /mnt/server/disk1 [root@workstation ~]# mkdir -p /mnt/server/disk2 [root@workstation ~]# mount -o loop 192.168.1.100-VolGroup-lv_root.img /mnt/server/disk1 [root@workstation ~]# mount -o loop 192.168.1.100-sdb1.img /mnt/server/disk2 [root@workstation ~]# ls /mnt/server/disk1 [root@workstation ~]# ls /mnt/server/disk2
And once you confirmed the disk image looks good, unmount the loop back device by running:
[root@workstation ~]# umount /mnt/server/disk1 [root@workstation ~]# umount /mnt/server/disk2